Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   roll around ads kann ich nicht entfernen (https://www.trojaner-board.de/164269-roll-around-ads-entfernen.html)

helgasee 21.02.2015 11:09
roll around ads kann ich nicht entfernen
 
Liste der Anhänge anzeigen (Anzahl: 3)
Hallo,
ich hab mir anscheinend Roll Around eingefangen überall tauchen Adds powerd by Roll Around auf. Mal sind sie großformatig an der Seite, mal kleiner mitten in einer Seite, die ich aufrufe. Wenn ich auf einen Link klicke, dann kommt nicht die angeforderte Seite, sondern unten links kann ich sehen: „warten auf ask.com“, „warten auf rollaround“ und noch etliches mehr.
Das Programm selbst habe ich bereits entfernt, das Problem taucht jedoch weiterhin auf.
Das Programm mit dem ich mir das vermutlich eingefangen hab ist ein Audio Converter.
Mit Kasperky Internet security habe ich einen gründlichen Check machen lassen und da kam keine Fehlermeldung. ich weiß allerdings nicht, wo die log Datei von dem Programm zu finden ist.:headbang:
Ich hatte mir dann malwarebytes runtergeladen und im abgesicherten modus ohne Netzwerkanbindung scannen lassen. Es hat Dateien gefunden und in Quarantäne geschickt. Aber beim Neustart ist das Problem unverändert da. Ich habe es inzwischen wieder deinstalliert.
Ich habe die verschiedenen Scans ausgeführt, nur das GMER-19357 gibt eine Fehlermeldung aus. Ich habe mal screenshots von der Detailmeldung gemacht.
Der PC hat beim runterfahren jetzt zweimal einen blue-screen gezeigt, mit ungefähr der Botschaft, damit der PC nicht beschädigt wird.
Hoffentlich könnt Ihr mir weiterhelfen, danke schon mal,
Helga :glaskugel:

schrauber 21.02.2015 12:42
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

helgasee 21.02.2015 13:21
hier meine Versuche
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:05 on 20/02/2015 (Helga Seemannn)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by Helga Seemannn (administrator) on HELGA on 20-02-2015 22:17:50
Running from C:\Users\Helga Seemannn\Desktop
Loaded Profiles: Helga Seemannn (Available profiles: Helga Seemannn & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\LiveBoost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Windows\SysWOW64\ieconfig_1und1_svc.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Stefan Moka) C:\Launcher31B19\Launcher.exe
(Lamantine Software a.s.) C:\Program Files (x86)\Sticky Password\stpass.exe
(VoipConnect) C:\Program Files (x86)\VoipConnect.com\VoipConnect\VoipConnect.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
() C:\Program Files (x86)\FastStone Capture\FSCapture.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe
(Lamantine Software a.s.) C:\Program Files (x86)\Sticky Password\spNMHost.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmprph.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(PortableApps.com) C:\Program Files (x86\FirefoxPortable\FirefoxPortable.exe
(Mozilla Corporation) C:\Program Files (x86\FirefoxPortable\App\Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86\FirefoxPortable\App\Firefox\plugin-container.exe
(Mozilla Corporation) C:\Program Files (x86\FirefoxPortable\App\Firefox\plugin-container.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-23] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [981888 2011-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-08-10] (TOSHIBA Corporation)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel(R) Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13657304 2000-01-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1360600 2000-01-01] (Realtek Semiconductor)
HKLM\...\Run: [BatteryManager] => C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE [285608 2011-09-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-05] (TOSHIBA)
HKLM-x32\...\Run: [TOSDCR] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5768992 2015-02-02] (IObit)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKLM\...\Policies\Explorer: [NoStrCmpLogical] 1
HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\...\Run: [Quickstart - Toolbar] => C:\Launcher31B19\Launcher.exe [260096 2008-04-01] (Stefan Moka)
HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\...\Run: [Hoffnung fuer heute] => C:\Program Files (x86)\ComBib\Hoffnung fuer heute\Hoffnung fuer heute.exe [2568192 2013-12-02] (combib)
HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\...\Run: [StickyPassword] => C:\Program Files (x86)\Sticky Password\stpass.exe [14310200 2014-09-24] (Lamantine Software a.s.)
HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\...\Run: [*LABAL*] => [X]
HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\...\Run: [VoipConnect] => C:\Program Files (x86)\VoipConnect.com\VoipConnect\VoipConnect.exe [23048288 2014-12-04] (VoipConnect)
HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\...\Run: [GoogleChromeAutoLaunch_E7AB2F37F5105CE78BDE76BDD71ECAE2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-17] (Google Inc.)
HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\...\MountPoints2: {36a673d3-440c-11e1-9818-e8e0b7c24e51} - Z:\PLAY.EXE "playlist.m3u"
HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\...\MountPoints2: {87eacf44-34f2-11e4-a923-88532e872b06} - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\...\MountPoints2: {9070629d-8389-11e4-ade2-88532e872b06} - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\...\MountPoints2: {9c908bea-387e-11e3-82ff-88532e872b06} - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\...\MountPoints2: {a8087f76-3e5c-11e4-a961-88532e872b06} - D:\AutoRun.exe
HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\...\MountPoints2: {a8087fa9-3e5c-11e4-a961-88532e872b06} - D:\AutoRun.exe
HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION!
HKU\S-1-5-18\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2427680 2014-12-10] (IObit)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\Helga Seemannn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastStone Capture.lnk
ShortcutTarget: FastStone Capture.lnk -> C:\Program Files (x86)\FastStone Capture\FSCapture.exe ()
Startup: C:\Users\Helga Seemannn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hoffnung  fuer heute.LNK
ShortcutTarget: Hoffnung  fuer heute.LNK -> C:\Program Files (x86)\ComBib\Hoffnung fuer heute\Hoffnung fuer heute.exe (combib)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Helga Seemannn\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Helga Seemannn\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Helga Seemannn\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Helga Seemannn\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Helga Seemannn\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Helga Seemannn\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Helga Seemannn\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.1und1.de/links/home
HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.1und1.de/links/home
HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/
hxxp://www.google.com/
hxxp://www.google.com/
hxxp://www.google.com/
hxxp://www.google.com/
hxxp://www.google.com/
hxxp://www.google.com/
hxxp://www.google.com/
hxxp://www.google.com/
hxxp://www.google.com/
hxxp://www.google.com/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM -> {99D331A2-3627-4636-B765-B46E28C10000} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {99D331A2-3627-4636-B765-B46E28C10000} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
SearchScopes: HKU\.DEFAULT -> DefaultScope {99D331A2-3627-4636-B765-B46E28C10000} URL =
SearchScopes: HKU\.DEFAULT -> {98A5C124-441A-4B57-9A25-7616F52C705E} URL = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}
SearchScopes: HKU\.DEFAULT -> {99D331A2-3627-4636-B765-B46E28C10000} URL =
SearchScopes: HKU\S-1-5-21-4063226719-3667356119-3298405193-1001 -> DefaultScope {BA8305C6-E5BD-4C89-8B52-89AAECF54711} URL = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}
SearchScopes: HKU\S-1-5-21-4063226719-3667356119-3298405193-1001 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=GLSV5&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=89067676-F894-48A5-9D78-0B6D65CD42C4&apn_sauid=8B8F88AF-3947-407E-946E-0008E87E379E
SearchScopes: HKU\S-1-5-21-4063226719-3667356119-3298405193-1001 -> {710D5225-9A3C-4F7E-AA5B-C1EC23D3F7D9} URL = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
SearchScopes: HKU\S-1-5-21-4063226719-3667356119-3298405193-1001 -> {7F575E42-1497-48B5-9B8B-879ADA474669} URL = hxxp://websearch.search-results.com/redirect?client=ie&tb=STC-SRS&o=41648033&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=96&apn_dtid=YYYYYYYYDE&apn_uid=920B2299-09F2-40A1-9B00-F87FE2AD22C8&apn_sauid=67BCB2C2-DE30-47D8-B81A-7AABF677BDF4&
SearchScopes: HKU\S-1-5-21-4063226719-3667356119-3298405193-1001 -> {8CC54E51-4A40-4324-BC62-E4BD4DD7BB6A} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=402027&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4063226719-3667356119-3298405193-1001 -> {99D331A2-3627-4636-B765-B46E28C10000} URL =
SearchScopes: HKU\S-1-5-21-4063226719-3667356119-3298405193-1001 -> {BA8305C6-E5BD-4C89-8B52-89AAECF54711} URL = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}
SearchScopes: HKU\S-1-5-21-4063226719-3667356119-3298405193-1001 -> {D7F9BFA8-EF0F-42A3-B22A-3E5690EEE526} URL = hxxp://go.web.de/suchbox/google?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4063226719-3667356119-3298405193-1001 -> {F5207CDB-088F-4996-B238-122B8E910E75} URL = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: 1&&1 Internet AG Browser Configuration by mquadr.at -> {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} -> C:\Windows\SysWow64\ieconfig_1und1.dll (mquadr.at software engineering und consulting GmbH)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=402027&ilc=12&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_35 -> C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0-git-20120328-0404 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4063226719-3667356119-3298405193-1001: @stickypassword.com/Sticky Password -> C:\Program Files (x86)\Sticky Password\npspAutofill.dll (Lamantine Software a.s.)
FF user.js: detected! => C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Users\Helga Seemannn\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\searchplugins\webde-suche.xml
FF Extension: Ads Removal - C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\Extensions\adremoveext@adremoveext.net [2014-11-26]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\Extensions\iobitascsurfingprotection@iobit.com [2015-01-03]
FF Extension: 7eb3f69125b44a8590389e57e2bcd537 - C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\Extensions\{7eb3f691-25b4-4a85-9038-9e57e2bcd537} [2014-11-01]
FF Extension: DictionarySearch - C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\Extensions\{a0faa0a4-f1a7-4098-9a74-21efc3a92372} [2013-06-30]
FF Extension: FDD8ECF0451A414D8C8F7B7F78B0ECD3 - C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\Extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3} [2014-11-01]
FF Extension: Adblock Plus - C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-06]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-09]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-09-01]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-09-01]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-09-01]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-09-01]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-09-01]
FF HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\...\Thunderbird\Extensions: [{54affe52-8223-453b-be1e-2fe2e250045c}] - C:\Users\Helga Seemannn\AppData\Roaming\Lamantine\Sticky Password\spAutofill
FF Extension: Sticky Password Autofill Engine - C:\Users\Helga Seemannn\AppData\Roaming\Lamantine\Sticky Password\spAutofill [2014-03-20]
FF Extension: No Name - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com [2013-02-13]
FF Extension: No Name - C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\extensions\EWBNO58637124@CLP39222015.com [Not Found]
FF Extension: No Name - C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\extensions\ascsurfingprotection@iobit.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
FF Extension: No Name - C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com [Not Found]
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=AV01
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=AV01"
CHR Profile: C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-11]
CHR Extension: (Google Drive) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-08]
CHR Extension: (WOT) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-07-26]
CHR Extension: (YouTube) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-11]
CHR Extension: (Adblock Plus) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-12]
CHR Extension: (Google Search) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-11]
CHR Extension: (Kaspersky Protection) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-09-01]
CHR Extension: (Avira SafeSearch) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglgfnfolcgijipffhlhbbnefdcbjbml [2014-08-08]
CHR Extension: (Trusted Shops-Erweiterung für Google Chrome) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcpnemckonbbmnoakbjgjkgokkbaeo [2014-08-06]
CHR Extension: (SiteAdvisor) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-07-26]
CHR Extension: (Sticky Password Autofill Engine) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggepjhbdgijjkbelnggboeoehacbphed [2014-07-26]
CHR Extension: (WEB.DE MailCheck) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2015-02-19]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2014-10-26]
CHR Extension: (Keepa.com - Price Tracker) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2014-07-26]
CHR Extension: (Google Wallet) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-11]
CHR Extension: (Jewels HD) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\opmonmpnlegnelddekgpmmhileohhpma [2014-07-26]
CHR Extension: (Evernote Web Clipper) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-07-26]
CHR Extension: (Gmail) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-11]
CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - No Path
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - No Path
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2012-08-25]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-08-04] (Nero AG)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [344864 2015-01-27] (IObit)
S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4700872 2014-08-12] (iolo technologies, LLC)
R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [184320 2011-07-07] (Intel Corporation) [File not signed]
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-09] (Intel Corporation)
S2 KMService; C:\windows\SysWOW64\srvany.exe [8192 2013-05-12] () [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()
S4 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-09-04] (Nitro PDF Software)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 serviceIEConfig; C:\Windows\SysWOW64\ieconfig_1und1_svc.exe [1053848 2014-05-31] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1419576 2014-12-05] (Motorola Solutions, Inc.)
R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [34840 2013-08-29] (Connectify)
R1 ElRawDisk; C:\windows\system32\drivers\ElRawDsk.sys [30752 2013-12-03] (EldoS Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R1 HBtnKey; C:\Windows\System32\DRIVERS\wstbtndb.sys [9856 2007-09-14] (Lenovo)
R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-29] (REALiX(tm))
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-10-09] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-10-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2014-04-15] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11532704 2015-02-09] (Intel Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R1 RawDisk3; C:\windows\system32\drivers\rawdsk3.sys [32912 2014-07-13] (EldoS Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R3 subvgaproduct64; C:\Windows\System32\DRIVERS\subvga64.sys [5120 2014-12-29] (Windows (R) Win 7 DDK provider)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-11-10] ()
S3 cpuz134; \??\C:\Users\HELGAS~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
U3 DfSdkS; No ImagePath
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
U3 JavaQuickStarterService; No ImagePath
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-20 22:17 - 2015-02-20 22:18 - 00041968 _____ () C:\Users\Helga Seemannn\Desktop\FRST.txt
2015-02-20 22:13 - 2015-02-20 22:17 - 00000000 ____D () C:\FRST
2015-02-20 22:05 - 2015-02-20 22:05 - 00000490 _____ () C:\Users\Helga Seemannn\Desktop\defogger_disable.log
2015-02-20 22:05 - 2015-02-20 22:05 - 00000000 _____ () C:\Users\Helga Seemannn\defogger_reenable
2015-02-20 22:02 - 2015-02-20 22:02 - 00380416 _____ () C:\Users\Helga Seemannn\Desktop\Gmer-19357.exe
2015-02-20 22:00 - 2015-02-20 22:00 - 02086912 _____ (Farbar) C:\Users\Helga Seemannn\Desktop\FRST64.exe
2015-02-20 21:59 - 2015-02-20 21:59 - 00050477 _____ () C:\Users\Helga Seemannn\Desktop\Defogger.exe
2015-02-20 20:53 - 2015-02-20 21:16 - 00105050 _____ () C:\windows\PFRO.log
2015-02-20 20:50 - 2015-02-20 21:16 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-20 20:49 - 2015-02-20 20:49 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-20 20:49 - 2015-02-20 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-20 20:49 - 2015-02-20 20:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-20 20:49 - 2015-02-20 20:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-20 20:49 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-02-20 20:49 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-02-20 20:49 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-02-20 20:42 - 2015-02-20 20:42 - 00001694 _____ () C:\Users\Helga Seemannn\Documents\cc_20150220_204152.reg
2015-02-20 20:30 - 2015-02-20 21:16 - 00000168 _____ () C:\windows\setupact.log
2015-02-20 20:30 - 2015-02-20 20:30 - 00000000 _____ () C:\windows\setuperr.log
2015-02-20 19:58 - 2015-02-20 19:58 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\windows\system32\Drivers\stflt.sys
2015-02-20 19:22 - 2015-02-20 19:22 - 00002790 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2015-02-20 19:22 - 2015-02-20 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-20 19:20 - 2015-02-20 19:21 - 04196968 _____ (Piriform Ltd) C:\Users\Helga Seemannn\Downloads\ccsetup502_slim.exe
2015-02-20 10:36 - 2015-02-20 10:36 - 00000933 _____ () C:\Users\Helga Seemannn\Desktop\bihler.xlsx - Verknüpfung.lnk
2015-02-18 22:29 - 2015-02-18 22:29 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-02-18 22:29 - 2015-02-18 22:29 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-02-18 22:29 - 2015-02-18 22:29 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll
2015-02-18 22:29 - 2015-02-18 22:29 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-02-18 19:42 - 2015-02-18 19:44 - 114510910 _____ () C:\Users\Helga Seemannn\Downloads\70518367.arf
2015-02-18 17:42 - 2015-02-18 17:43 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-02-18 17:42 - 2015-02-18 17:42 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Roaming\RHEng
2015-02-18 17:42 - 2015-02-18 17:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-02-18 17:40 - 2015-02-18 17:45 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Roaming\DVDVideoSoft
2015-02-18 17:27 - 2015-02-18 17:27 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Local\CDex
2015-02-18 17:27 - 2015-02-18 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDex
2015-02-18 17:26 - 2015-02-18 17:27 - 00000000 ____D () C:\Program Files (x86)\CDex
2015-02-18 07:20 - 2015-02-18 07:20 - 00000000 ____D () C:\Users\Helga Seemannn\Documents\Neuer Ordner
2015-02-15 09:03 - 2015-02-15 09:03 - 00000000 ____D () C:\Users\Helga Seemannn\Documents\20150215-After School Hour - Asia Pacific (1867144457)
2015-02-12 20:25 - 2015-02-12 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2015-02-12 07:25 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-02-12 07:25 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-12 07:25 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-02-12 07:25 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-02-11 12:35 - 2015-02-20 21:17 - 00002860 _____ () C:\windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM)
2015-02-11 07:06 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-02-11 07:06 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-02-11 07:06 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-11 07:06 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-02-11 07:06 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-02-11 07:06 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-02-11 07:06 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-11 07:06 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-11 07:06 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-02-11 07:06 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-02-11 07:06 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-02-11 07:06 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-02-11 07:06 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-02-11 07:06 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-02-11 07:06 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-02-11 07:06 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-02-11 07:06 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-02-11 07:06 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-02-11 07:06 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-11 07:06 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 07:06 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-02-11 07:06 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-02-11 07:06 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-11 07:06 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-02-11 07:06 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-02-11 07:06 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-02-11 07:06 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-02-11 07:06 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-02-11 07:06 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-02-11 07:06 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-02-11 07:06 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-02-11 07:06 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-02-11 07:06 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-11 07:06 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-02-11 07:06 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-11 07:06 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-02-11 07:06 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-02-11 07:06 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-11 07:06 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 07:06 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-02-11 07:06 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-02-11 07:06 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-02-11 07:06 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-11 07:06 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-02-11 07:06 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-02-11 07:06 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-02-11 07:06 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-02-11 07:06 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-11 07:06 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-02-11 07:06 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-02-11 07:06 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-02-11 07:06 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-02-11 07:06 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-02-11 07:06 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-02-11 07:06 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-02-11 07:06 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-02-11 07:06 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-02-11 07:06 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-02-11 07:06 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-02-11 07:06 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-02-11 07:06 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-02-11 07:06 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-02-11 07:06 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-02-11 07:06 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-02-11 07:06 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-02-11 07:06 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-02-11 07:05 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-11 07:05 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-02-11 07:05 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-11 07:05 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-02-11 07:05 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-02-11 07:05 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-02-11 07:05 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-02-11 07:05 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-02-11 07:05 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-11 07:05 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-02-11 07:05 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-11 07:05 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-02-11 07:05 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-02-11 07:05 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-02-11 07:05 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-02-11 07:05 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-02-11 07:05 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-02-11 07:05 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-11 07:05 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-11 07:05 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-02-11 07:05 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-02-11 07:05 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-02-11 07:05 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-02-11 07:05 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-02-11 07:05 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-02-11 07:05 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-11 07:05 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-02-11 07:05 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-02-11 07:05 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-02-11 07:05 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-11 07:05 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2015-02-11 07:05 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-11 07:05 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-02-11 07:04 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-02-09 07:22 - 2015-02-09 07:22 - 11532704 _____ (Intel Corporation) C:\windows\system32\Drivers\NETwsw01.sys
2015-02-09 07:21 - 2015-02-09 07:21 - 00942080 _____ () C:\windows\system32\AmRdrIco.icl
2015-02-09 07:21 - 2015-02-09 07:21 - 00108312 _____ (Alcor Micro, Corp.) C:\windows\system32\Drivers\AmUStor.sys
2015-02-09 07:21 - 2015-02-09 07:21 - 00021784 _____ (Alcor Micro, Corp.) C:\windows\system32\AmUStor.dll
2015-02-05 07:57 - 2015-02-05 07:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3
2015-02-05 07:57 - 2014-06-04 15:17 - 00021184 _____ (IObit) C:\windows\system32\Drivers\SmartDefragDriver.sys
2015-02-05 07:56 - 2015-02-05 07:56 - 15971616 _____ (IObit) C:\Users\Helga Seemannn\Downloads\iobituninstaller.exe
2015-02-05 07:56 - 2015-02-05 07:56 - 00001263 _____ () C:\Users\Helga Seemannn\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2015-02-05 07:56 - 2015-02-05 07:56 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\IObit
2015-02-04 07:50 - 2015-02-04 07:50 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-01-31 15:09 - 2015-01-31 15:10 - 31053672 _____ (Microsoft Corporation) C:\Users\Helga Seemannn\Downloads\wlsetup-idcrl.exe
2015-01-31 13:15 - 2015-01-31 13:15 - 27633070 _____ () C:\Users\Helga Seemannn\Downloads\32pfl9603d_10_philips_deu.zip
2015-01-30 18:59 - 2015-01-30 19:27 - 10485760 _____ () C:\vgaexte.dat
2015-01-30 18:34 - 2015-01-30 18:35 - 00000000 ____D () C:\Program Files (x86)\EZCast
2015-01-30 18:34 - 2015-01-30 18:34 - 00000930 _____ () C:\Users\Public\Desktop\EZCast.lnk
2015-01-30 18:34 - 2015-01-30 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZCast
2015-01-30 18:31 - 2015-01-30 18:33 - 34949040 _____ () C:\Users\Helga Seemannn\Desktop\EZCast_Win.exe
2015-01-28 17:24 - 2015-01-28 17:29 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Roaming\VoipConnect
2015-01-28 17:24 - 2015-01-28 17:24 - 00001238 _____ () C:\Users\Helga Seemannn\Desktop\VoipConnect.lnk
2015-01-28 17:24 - 2015-01-28 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoipConnect
2015-01-28 17:24 - 2015-01-28 17:24 - 00000000 ____D () C:\Program Files (x86)\VoipConnect.com
2015-01-27 13:46 - 2015-01-27 13:46 - 00001082 _____ () C:\Users\Helga Seemannn\Desktop\cleanseworkout3.avi - Verknüpfung.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-20 22:11 - 2012-07-22 05:37 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-20 22:05 - 2012-01-20 17:24 - 00000000 ____D () C:\Users\Helga Seemannn
2015-02-20 22:04 - 2012-02-07 07:32 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-20 21:46 - 2012-01-22 09:12 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Roaming\Mozilla
2015-02-20 21:38 - 2013-06-14 21:23 - 01182792 _____ () C:\windows\WindowsUpdate.log
2015-02-20 21:32 - 2014-09-01 11:40 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-20 21:24 - 2009-07-14 05:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-20 21:24 - 2009-07-14 05:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-20 21:16 - 2013-06-22 07:18 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Local\HTC MediaHub
2015-02-20 21:16 - 2012-02-07 07:32 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-20 21:16 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-20 21:15 - 2014-12-14 22:39 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Roaming\IHlpr
2015-02-20 20:36 - 2011-02-11 09:21 - 13731182 _____ () C:\windows\system32\perfh007.dat
2015-02-20 20:36 - 2011-02-11 09:21 - 04372234 _____ () C:\windows\system32\perfc007.dat
2015-02-20 20:36 - 2009-07-14 06:13 - 00006268 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-20 20:06 - 2013-12-26 10:56 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Roaming\XYplorer
2015-02-20 19:22 - 2013-01-09 06:56 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-20 19:22 - 2012-09-26 06:39 - 00000000 __SHD () C:\Users\Helga Seemannn\UserData
2015-02-20 19:10 - 2012-03-07 17:29 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Local\ClipX
2015-02-20 17:39 - 2014-11-21 07:21 - 00002904 _____ () C:\windows\System32\Tasks\Uninstaller_SkipUac_Helga_Seemannn
2015-02-20 14:07 - 2012-03-12 20:36 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Roaming\Simple Sudoku
2015-02-20 13:53 - 2010-07-23 10:12 - 00000000 ____D () C:\Users\Public\Documents\ernährungsmanager
2015-02-20 06:49 - 2014-03-20 08:44 - 00000000 ___SD () C:\Users\Helga Seemannn\Documents\Sticky Passwords
2015-02-18 22:45 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\tracing
2015-02-18 18:12 - 2013-07-22 20:49 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Roaming\vlc
2015-02-18 17:27 - 2013-04-20 17:50 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-18 07:26 - 2013-06-22 07:18 - 00000000 ____D () C:\Users\Helga Seemannn\Documents\HTC
2015-02-17 07:21 - 2011-10-16 21:31 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-15 19:10 - 2014-02-11 15:10 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-12 20:26 - 2014-02-11 15:08 - 00000000 ____D () C:\ProgramData\IObit
2015-02-12 09:05 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2015-02-11 12:35 - 2014-11-21 07:19 - 00003220 _____ () C:\windows\System32\Tasks\Driver Booster Scan
2015-02-11 12:35 - 2014-11-21 07:19 - 00003164 _____ () C:\windows\System32\Tasks\Driver Booster Update
2015-02-11 12:35 - 2014-11-21 07:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
2015-02-11 12:31 - 2009-07-14 05:45 - 00450576 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-11 08:53 - 2012-03-14 21:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 08:18 - 2009-07-14 03:34 - 00000668 _____ () C:\windows\win.ini
2015-02-11 08:16 - 2013-07-21 12:44 - 00000000 ____D () C:\windows\system32\MRT
2015-02-11 08:02 - 2012-01-20 18:58 - 116773704 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-02-11 06:57 - 2014-03-26 06:58 - 00002872 _____ () C:\windows\System32\Tasks\Driver Booster SkipUAC (Helga Seemannn)
2015-02-06 08:11 - 2012-07-22 05:37 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-02-06 08:11 - 2012-04-04 18:46 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 08:11 - 2012-01-22 14:17 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 07:59 - 2012-02-07 07:32 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 07:59 - 2012-02-07 07:32 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 07:57 - 2014-02-11 15:08 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Roaming\IObit
2015-02-05 07:57 - 2014-02-11 15:08 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-02-04 19:37 - 2011-10-19 20:43 - 00000000 ____D () C:\Users\Helga Seemannn\Documents\My Kindle Content
2015-02-04 16:26 - 2012-01-27 16:25 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Roaming\BayWotch4
2015-02-04 07:50 - 2013-04-07 21:56 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Local\Amazon
2015-02-02 09:55 - 2013-01-05 22:59 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-31 20:15 - 2009-07-14 06:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2015-01-30 19:21 - 2011-10-04 19:35 - 00000000 ____D () C:\Users\Helga Seemannn\.thinkbuzan
2015-01-30 18:37 - 2012-04-17 16:40 - 00000000 ____D () C:\ProgramData\ThinkBuzan
2015-01-30 18:37 - 2012-04-17 16:40 - 00000000 ____D () C:\ProgramData\JSoft
2015-01-30 18:37 - 2012-01-22 09:32 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Roaming\Nitro PDF
2015-01-27 20:37 - 2012-01-20 22:07 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Roaming\Skype
2015-01-27 16:52 - 2012-01-20 17:37 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Roaming\Toshiba
2015-01-27 13:01 - 2013-10-11 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

==================== Files in the root of some directories =======

2012-01-23 15:56 - 2012-09-29 11:37 - 0000377 _____ () C:\Users\Helga Seemannn\AppData\Roaming\burnaware.ini
2012-03-16 19:55 - 2013-03-14 08:30 - 0001955 _____ () C:\Users\Helga Seemannn\AppData\Roaming\SAS7_000.DAT
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Helga Seemannn\AppData\Roaming\TIUQO
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Helga Seemannn\AppData\Roaming\TNNS
2013-09-27 09:09 - 2013-09-27 09:09 - 0000094 _____ () C:\Users\Helga Seemannn\AppData\Roaming\WB.CFG
2013-09-27 09:09 - 2013-09-27 09:09 - 0000005 _____ () C:\Users\Helga Seemannn\AppData\Roaming\WBPU-TTL.DAT
2012-01-26 22:14 - 2013-08-18 13:37 - 0018944 _____ () C:\Users\Helga Seemannn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-01-23 18:52 - 2012-01-23 18:52 - 0000058 _____ () C:\Users\Helga Seemannn\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2012-01-24 10:58 - 2012-01-24 10:58 - 0002247 _____ () C:\Users\Helga Seemannn\AppData\Local\FastClean.20120124.105811.txt
2012-08-25 10:12 - 2012-08-25 10:12 - 0002269 _____ () C:\Users\Helga Seemannn\AppData\Local\FastClean.20120825.111256.txt
2012-12-15 08:20 - 2012-12-15 08:20 - 0000036 _____ () C:\Users\Helga Seemannn\AppData\Local\housecall.guid.cache
2012-01-21 12:46 - 2012-06-06 09:01 - 0007598 _____ () C:\Users\Helga Seemannn\AppData\Local\resmon.resmoncfg
2013-05-15 07:25 - 2013-05-15 07:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-01-22 13:21 - 2012-01-30 08:02 - 0000219 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2003-10-06 09:21 - 2003-10-06 09:21 - 0000000 ____H () C:\ProgramData\sdpsenv.dat

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-4063226719-3667356119-3298405193-1001\$1b7793d22153c422cd8c65aa394de24d

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$1b7793d22153c422cd8c65aa394de24d

Files to move or delete:
====================
C:\ProgramData\sdpsenv.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-13 12:21

==================== End Of Log ============================
--- --- ---




Die Bilder wollen nicht so eingefügt werden. Als ich es probiert habe, wurde hier alles gelöscht und es erschien eine neue Seite mit dieser Url :
file:///C:/Users/Helga%20Seemannn/Desktop/gmer-1-2015-02-21_081133.png. Aber das nützt ja nichts, kannst es ja nicht ansehen.

Ich hab noch probiert, die Dateien in Word zu kopieren und von dort copy/paste zu machen, ist aber auch nichts geworden.

Danke, dass du dir meine Sachen ansiehst,
Helga

schrauber 21.02.2015 14:29
Addition.txt von FRST fehlt noch :)

helgasee 21.02.2015 17:55
Sorry
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2015 01
Ran by Helga Seemannn at 2015-02-20 22:18:30
Running from C:\Users\Helga Seemannn\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\...\uTorrent) (Version: 3.4.2.33254 - BitTorrent Inc.)
1und1 Internet Explorer Add-On (x32 Version: 1.0 - 1&1 Internet AG) Hidden
ACDSee Pro 5 (HKLM-x32\...\{35E0BA9D-3AFE-402A-99CA-D94FE1E73D18}) (Version: 5.2.157 - ACD Systems International Inc.)
ACDSee Pro 6 (HKLM\...\{CAF674E0-808C-4CF4-8868-A755EBABA228}) (Version: 6.0.171 - ACD Systems International Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.0.3 - IObit)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.4 - Sereby Corporation)
Amazon Kindle (HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\...\Amazon Kindle) (Version:  - Amazon)
Any Video Converter 5.7.6 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Ashampoo GetBack Photo v.1.0.1 (HKLM-x32\...\{C92AB6F1-2490-D7C3-A45D-23F3C33ECFA5}_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2009873646.48.56.4139450 - Audible, Inc.)
Babylon (HKLM-x32\...\Babylon) (Version:  - Babylon)
BayWotch Update v4.2.24 (HKLM-x32\...\baywotch4_is1) (Version:  - Elmar Denkmann)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Biblical Hebrew (SIL) (HKLM\...\{C4852924-8548-4FA6-A822-5B3840C5E0E7}) (Version: 1.0.3.40 - Tiro Typeworks)
Birkenbihl Sprachen (x32 Version: 255 - Bizzons eMarketing GmbH) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.13(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre 64bit (HKLM\...\{A810DA38-3908-48E1-9536-38B5678ABD52}) (Version: 2.0.0 - Kovid Goyal)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MG5200 series Benutzerregistrierung (HKLM-x32\...\Canon MG5200 series Benutzerregistrierung) (Version:  - )
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
CCFinder (HKLM-x32\...\CCFinderAppId_is1) (Version: 2013 - Abelssoft)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5143 - CDBurnerXP)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.77.0.2015 - Georgy Berdyshev)
CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version:  - )
Chicken Invaders 3 - Revenge of the Yolk (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco WebEx Meeting Center for Firefox or Chrome (HKLM-x32\...\{A058E0F5-3976-4B4F-9879-556E4413B04B}) (Version: 8.23.2500 - Cisco WebEx LLC)
Cisco WebEx Meetings (HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
ClipX (HKLM-x32\...\ClipX) (Version:  - )
Content Manager 2 (HKLM-x32\...\Content Manager 2) (Version: 3.18.0.342250 - NNG Llc.)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Desk Drive Version 2.1 (HKLM-x32\...\{0F5A5DCE-66CB-43A7-AFB4-F9751168264A}_is1) (Version: 2.1 - Mike Ward)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DirectX 9.0c Extra Files (x86, x64) (HKLM\...\{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1) (Version: 1.10.06.0 - Sereby Corporation)
DocScan Pro version 2012 b654 (HKLM-x32\...\SolarSys DocScan Pro OCR_is1) (Version:  - )
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Driver Booster 2.1 (HKLM-x32\...\Driver Booster_is1) (Version: 2.1 - IObit)
Dropbox (HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Exact Audio Copy 1.0beta4 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta4 - Andre Wiethoff)
EZCast (HKLM-x32\...\{74CECDD9-4B8E-4AE3-9571-8070A17F3C34}) (Version: 1.2.0.1 - Actions-Micro)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FireJump 1.0.1.8 (HKLM-x32\...\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1) (Version: 1.0.1.8 - FireJump.net)
FolderVisualizer (HKLM-x32\...\FolderVisualizer_is1) (Version: 2013 - Abelssoft)
Free Audio Converter version 5.0.56.128 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.56.128 - DVDVideoSoft Ltd.)
Free Video Converter V 3.2 (HKLM-x32\...\Free Video Converter_is1) (Version: 3.2.0.0 - Koyote Soft)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GoogleClean (HKLM-x32\...\{4281435C-AD1D-4C8A-B9C0-3961C08EF142}_is1) (Version: 4.0.112 - Abelssoft)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.06) (Version: 9.06 - Artifex Software Inc.)
GU Nährwert-Berechnung (HKLM-x32\...\GU Nährwert-Berechnung 1.7) (Version:  - )
Hoffnung für heute (HKLM-x32\...\{8DA19AD3-B535-4CEC-BAFE-4ED4F3249162}) (Version: 3.3.1 - )
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.14.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.37.2 - HTC)
iMindMap 6 (HKLM-x32\...\{2EC189E4-7065-4F57-B4E6-21D061CFF23B}) (Version: 6.0.288 - ThinkBuzan)
Iminent (x32 Version: 5.29.41.0 - Iminent) Hidden <==== ATTENTION
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Identity Protection Technology 1.2.18.0 (HKLM-x32\...\{9602841E-ECE2-1019-AAEE-906A4DE25D6B}) (Version: 1.2.18.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.5 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3190 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\{6E579724-82F9-454C-A98E-39DDDAB167FF}) (Version: 1.0.0.1008 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
IObit Malware Fighter 3 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 3.0 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.2.6.1 - IObit)
iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 14.0.1 - iolo technologies, LLC)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kalender-Excel-8.10 (HKLM-x32\...\Kalender-Excel-8.10_is1) (Version: 8.10 - MSDatec)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Kyodai Mahjongg (HKLM-x32\...\Kyodai Mahjongg_is1) (Version:  - Rene-Gilles Deberdt)
Langenscheidt Vokabeltrainer 6.0 Englisch (HKLM-x32\...\{733B66AD-B771-4FA6-8DBF-765B820CC0EB}) (Version: 6.0.0 - Langenscheidt)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyKeyFinder (HKLM-x32\...\MyKeyFinder_is1) (Version: 2014 - Abelssoft)
Naviextras Toolbox Prerequesities (HKLM-x32\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)
Network Recording Player (HKLM-x32\...\{4FF911E5-4932-4257-BB35-31BF1CD9C28C}) (Version: 29.6.0.58 - Cisco WebEx LLC)
Nitro Pro 7 (HKLM\...\{EEF9C83C-5D22-4BB8-8453-0F4F5F2328D2}) (Version: 7.5.0.29 - Nitro PDF Software)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
OpenOffice 4.1.0 Language Pack (German) (HKLM-x32\...\{ED7A9584-1F78-4CB0-B3E7-C30E6B7B02FE}) (Version: 4.10.9764 - Apache Software Foundation)
Orchideenverwaltung 2.0.0 (HKLM-x32\...\Orchideenverwaltung) (Version: 2.0.0 - Ricci Zepmeusel)
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Pausenkatzen Screensaver (HKLM-x32\...\Pausenkatzen Screensaver) (Version:  - )
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.47 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.36.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
RICOH Media Driver v2.15.17.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.15.17.02 - RICOH)
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Scribus 1.4.3 (64bit) (HKLM\...\Scribus 1.4.3) (Version: 1.4.3 - The Scribus Team)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Simple Sudoku 4.2 (HKLM-x32\...\Simple Sudoku_is1) (Version:  - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.3 - IObit)
Software Informer 1.1 (HKLM-x32\...\Software Informer_is1) (Version:  - Informer Technologies, Inc.)
StarMoney (x32 Version: 3.0.0.124 - StarFinanz) Hidden
Sticky Password 7.0.7.69 (HKLM-x32\...\Sticky Password_is1) (Version: 7.0 - Lamantine Software)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.18051 - TeamViewer)
Tinypic 3.18 (HKLM-x32\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.18 - E. Fiedler)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.03 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.11.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA Security Assist (HKLM-x32\...\{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}) (Version: 2.0.9 - TOSHIBA)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.9 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.9.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.29 - TOSHIBA Corporation)
TOSHIBA Wireless Display Monitor (HKLM-x32\...\{617773AE-ADBA-4479-BB04-65FE7758B35C}) (Version: 1.0.1 - TOSHIBA CORPORATION)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION)
TOSHIBA Wireless Manager (HKLM-x32\...\{6A631D31-1FD6-46B5-9337-3485C3CBB002}) (Version: 7.0.2.0 - TOSHIBA Corporation)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.3000.132 - TuneUp Software) Hidden
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}) (Version: 11.0.0 - Nuance Communications Inc.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VoipConnect (HKLM-x32\...\VoipConnect_is1) (Version: 4.14 build 760 - Finarea S.A. Switzerland)
Vokabeltrainer-Update 6.0.16 (HKLM-x32\...\{518F8DB2-65BA-40F7-B843-1F11F8F1B124}) (Version: 6.0.16 - Langenscheidt)
Wedding Dash 2 - Rings Around the World (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden
Windows 7 Upgrade Advisor (HKLM-x32\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )
XYplorer 13.40 (HKLM-x32\...\XYplorer) (Version: 13.40 - Donald Lessau)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4063226719-3667356119-3298405193-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Helga Seemannn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4063226719-3667356119-3298405193-1001_Classes\CLSID\{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}\InprocServer32 -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtExt.dll (TOSHIBA)
CustomCLSID: HKU\S-1-5-21-4063226719-3667356119-3298405193-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Helga Seemannn\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4063226719-3667356119-3298405193-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Helga Seemannn\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4063226719-3667356119-3298405193-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Helga Seemannn\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4063226719-3667356119-3298405193-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Helga Seemannn\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points  =========================

20-02-2015 20:37:10 Revo Uninstaller Pro's restore point - Spyware Terminator 2012

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2013-03-10 19:01 - 00001160 ____N C:\windows\system32\Drivers\etc\hosts
127.0.0.1 google-analytics.com
127.0.0.1 TuneUp Utilities 2013 | Speed Up and Optimize Your PC
127.0.0.1 TuneUp Utilities 2013 | Speed Up and Optimize Your PC
127.0.0.1 TuneUp Utilities 2013 - Shop
127.0.0.1 www.registertuneup.com
127.0.0.1 download.tune-up.de
127.0.0.1 download.tune-up.com
127.0.0.1 secure.tune-up.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0339E8E2-622B-46A3-BBF7-ABB0128D8132} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {0543624C-959F-44FE-AC6C-6012A8606607} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {0BA88A14-956E-4C35-BE25-BD7AF3066072} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {17CAC312-B0C5-4565-B68C-A33CEE254980} - System32\Tasks\Driver Booster SkipUAC (SYSTEM) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-01-07] (IObit)
Task: {25CA25EA-F772-47F4-9BB7-A83ED8479DA2} - System32\Tasks\Helga Seemannn Local Autobackup 5 4 => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBCore.exe
Task: {3125ABE9-6788-4BE9-9B76-A9F1B8E9C146} - System32\Tasks\Helga Seemannn NBAgent 5 4 => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
Task: {40CF05DB-51C4-49AA-A883-7404DA63DA48} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {477ECDF3-BF50-4F64-99E0-4F1DB00204B8} - System32\Tasks\130617 => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBCore.exe <==== ATTENTION
Task: {601E706D-0871-4133-86A3-FA51C6B8502A} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => C:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {6ABCA756-5705-44D0-B94B-35B93B51BA6F} - System32\Tasks\TOSHIBA Wireless Display Monitor => C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe [2010-12-26] (TOSHIBA CORPORATION)
Task: {752060D5-84CF-4F76-B91C-464C85583F6D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {7691D517-5BE2-4CF1-BDAB-6F0AA24A3083} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {77C9A764-3133-4D26-9EBA-79E817E492C2} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe
Task: {784DD483-2FA8-4125-8288-E9A132C7F95E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {7B38EB52-2A16-4DB3-899D-C6E92A4F74C6} - System32\Tasks\Uninstaller_SkipUac_Helga_Seemannn => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-02-05] (IObit)
Task: {86D61E0B-95A2-4246-8C43-0979BD8F2358} - System32\Tasks\Driver Booster SkipUAC (Helga Seemannn) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-01-07] (IObit)
Task: {8CE7E6CD-0850-44C1-BD42-724EDC03545A} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {90B3B169-EE4E-41E5-8485-661E9F2CFDEE} - System32\Tasks\ScanSoft Background Update => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25] (Nuance Communications, Inc.)
Task: {9AF84A73-75E8-4A5E-A73F-80C7AB3D9586} - System32\Tasks\Helga Seemannn => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBCore.exe
Task: {A3FD788E-6A23-4B7A-ABB3-4AC61DA58E9B} - System32\Tasks\d auf f => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBCore.exe
Task: {A5AA4A9A-5DF9-4B9E-9BA3-0F309B95C4C3} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {B36242F5-CB45-48D5-8B91-EECDFB6D0243} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2014-12-09] (IObit)
Task: {B366F3D6-E662-4F39-9191-895B7E62D720} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {C360CD86-FF7E-48FD-953A-1CBA4F109341} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {D0362807-23BB-41B5-8F01-10D9C34804B8} - System32\Tasks\{28B5E167-33D9-4B82-9D2F-24496A2F78B8} => C:\Program Files (x86)\Positive Habits Application\Habits.exe
Task: {DC8184FB-0F45-44B7-960C-BD18A6CA4E81} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {E2DD32FC-FD94-49E1-8877-EB22FB566F1B} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {E4F23931-CE2D-404E-A71E-8B45791E4FC5} - System32\Tasks\ASC8_SkipUac_Helga Seemannn => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2014-12-10] (IObit)
Task: {F1D98C35-E091-49DB-B9EE-D1301E49E15B} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2014-12-17] (IObit)
Task: {F407E3F3-39FF-43FC-B36F-37C5E67A2C64} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2014-08-13] (iolo technologies, LLC)
Task: {F9A731BC-D526-4D6E-91D4-3D35241F1FA4} - System32\Tasks\Opera scheduled Autoupdate 1418592731 => C:\Program Files (x86)\Opera\launcher.exe
Task: {FDF91388-6394-4700-AC2E-7B433E364EC2} - \AnVir Task Manager No Task File <==== ATTENTION
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2011-06-01 02:32 - 2011-06-01 02:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-09-04 21:40 - 2012-09-04 21:40 - 00108040 _____ () C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NPShellExtension64.dll
2014-05-31 16:15 - 2014-05-31 16:15 - 01053848 _____ () C:\Windows\SysWOW64\ieconfig_1und1_svc.exe
2014-12-18 15:10 - 2014-12-18 15:10 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2011-06-01 02:32 - 2011-06-01 02:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-08-31 21:13 - 2011-08-31 21:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2007-02-12 20:51 - 2007-02-12 20:51 - 01111552 _____ () C:\Program Files (x86)\FastStone Capture\FSCapture.exe
2015-01-21 03:06 - 2015-01-21 03:06 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2011-06-09 21:09 - 2011-06-09 21:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2011-02-18 10:03 - 2011-02-18 10:03 - 00242528 _____ () C:\Program Files\Microsoft Office\Office14\IEAWSDC.DLL
2015-01-03 10:20 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\sqlite3.dll
2014-11-24 07:08 - 2015-01-09 18:46 - 00517408 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\sqlite3.dll
2014-03-06 14:00 - 2014-03-06 14:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2014-08-06 12:40 - 2014-08-06 12:40 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-12-18 15:08 - 2014-12-18 15:08 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-08-06 12:41 - 2014-08-06 12:41 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-08-06 12:41 - 2014-08-06 12:41 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-08-06 12:42 - 2014-08-06 12:42 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-08-06 12:44 - 2014-08-06 12:44 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-08-06 12:46 - 2014-08-06 12:46 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-02-20 06:51 - 2015-02-17 23:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-20 06:51 - 2015-02-17 23:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-20 06:51 - 2015-02-17 23:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
2014-11-24 07:08 - 2015-01-09 18:46 - 00182048 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2014-11-24 07:08 - 2015-01-09 18:46 - 00145184 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
2015-02-20 21:46 - 2015-02-20 21:46 - 00029696 _____ () C:\Users\Helga Seemannn\AppData\Local\Temp\nsb9197.tmp\registry.dll
2015-02-20 21:46 - 2015-02-20 21:46 - 00008704 _____ () C:\Users\Helga Seemannn\AppData\Local\Temp\nsb9197.tmp\newadvsplash.dll
2015-02-20 21:46 - 2015-02-20 21:46 - 00011264 _____ () C:\Users\Helga Seemannn\AppData\Local\Temp\nsb9197.tmp\System.dll
2014-09-24 06:09 - 2014-12-12 08:29 - 03758192 _____ () C:\Program Files (x86\FirefoxPortable\App\firefox\mozjs.dll
2014-04-20 00:42 - 2014-04-20 00:42 - 00468672 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-04-20 00:42 - 2014-10-09 06:14 - 00642344 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
2015-01-14 14:17 - 2015-01-14 14:17 - 03347056 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2015-01-14 14:17 - 2015-01-14 14:17 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2015-01-14 14:17 - 2015-01-14 14:17 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2015-02-20 06:51 - 2015-02-17 23:44 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\sdpsenv.dat:naughtypirates
AlternateDataStreams: C:\ProgramData\TEMP:07BF512B
AlternateDataStreams: C:\ProgramData\TEMP:7FFED16F
AlternateDataStreams: C:\ProgramData\TEMP:DF462FF6
AlternateDataStreams: C:\Users\Helga Seemannn\Downloads\unsubscribe  get healthy and fit.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\64517561.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\80929766.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\64517561.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\80929766.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-4063226719-3667356119-3298405193-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-4063226719-3667356119-3298405193-501 - Limited - Enabled)
Helga Seemannn (S-1-5-21-4063226719-3667356119-3298405193-1001 - Administrator - Enabled) => C:\Users\Helga Seemannn
HomeGroupUser$ (S-1-5-21-4063226719-3667356119-3298405193-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/20/2015 09:16:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/20/2015 08:55:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/20/2015 08:40:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/20/2015 08:37:04 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {19ca04be-eb0e-4ae1-af4b-014d8cf73ac8}

Error: (02/20/2015 08:36:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (02/20/2015 08:36:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (02/20/2015 08:36:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (02/20/2015 08:30:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/20/2015 08:09:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/20/2015 07:18:59 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.


System errors:
=============
Error: (02/20/2015 09:19:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:
%%2

Error: (02/20/2015 09:16:53 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (02/20/2015 09:16:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Wireless PAN DHCP Server" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/20/2015 09:16:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Media Center Extender-Dienst" ist vom Dienst "SSDP-Suche" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (02/20/2015 09:15:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (02/20/2015 08:55:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (02/20/2015 08:54:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (02/20/2015 08:54:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (02/20/2015 08:54:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (02/20/2015 08:54:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068


Microsoft Office Sessions:
=========================
Error: (02/20/2015 09:16:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/20/2015 08:55:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/20/2015 08:40:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/20/2015 08:37:04 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {19ca04be-eb0e-4ae1-af4b-014d8cf73ac8}

Error: (02/20/2015 08:36:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (02/20/2015 08:36:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (02/20/2015 08:36:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (02/20/2015 08:30:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/20/2015 08:09:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/20/2015 07:18:59 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000


CodeIntegrity Errors:
===================================
  Date: 2013-11-10 17:28:42.518
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\risdxc64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-10 17:28:42.440
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\risdxc64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-10 17:10:35.534
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\risdxc64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-10 17:10:35.456
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\risdxc64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-10 17:07:36.159
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\risdxc64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-10 17:07:36.081
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\risdxc64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-10 16:27:26.861
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\risdxc64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-10 16:27:26.783
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\risdxc64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-10 07:25:16.440
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\risdxc64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-10 07:25:16.378
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\risdxc64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2467M CPU @ 1.60GHz
Percentage of memory in use: 68%
Total physical RAM: 3996.55 MB
Available physical RAM: 1266.12 MB
Total Pagefile: 7991.28 MB
Available Pagefile: 4128.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Helga_1) (Fixed) (Total:96.94 GB) (Free:13.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Bilder_1) (Removable) (Total:59.54 GB) (Free:9.21 GB) exFAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 119.2 GB) (Disk ID: 4B1DF3B9)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=96.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8 GB) - (Type=84)
Partition 4: (Not Active) - (Size=12.8 GB) - (Type=17)

========================================================
Disk: 1 (Size: 59.6 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

schrauber 22.02.2015 08:59
Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Iminent


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

helgasee 23.02.2015 05:08
Iminent erscheint nicht bei den zu deinstallierenden Dateien. Ich habe Revo Uninstaller Pro 3.1.2 auf dem Rechner.

Code:
ComboFix 15-02-16.01 - Helga Seemannn 22.02.2015  16:41:36.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3997.1392 [GMT 1:00]
ausgeführt von:: c:\users\Helga Seemannn\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Probit Software\Easy Speed PC
c:\program files (x86)\Probit Software\Easy Speed PC\EasySpeedPC.exe
c:\programdata\ntuser.pol
c:\programdata\Roaming
c:\users\Helga Seemannn\AppData\Local\assembly\tmp
c:\users\Helga Seemannn\WINDOWS
c:\windows\SysWOW64mfc45.dll
c:\windows\wininit.ini
c:\windows\XSxS
.
Infizierte Kopie von c:\windows\SysWow64\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe wurde wiederhergestellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2015-01-22 bis 2015-02-22  ))))))))))))))))))))))))))))))
.
.
2015-02-22 16:40 . 2015-02-22 16:40        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-02-22 16:40 . 2015-02-22 16:40        --------        d-----w-        c:\users\Administrator\AppData\Local\temp
2015-02-20 21:13 . 2015-02-20 21:19        --------        d-----w-        C:\FRST
2015-02-20 19:49 . 2015-02-20 19:49        --------        d-----w-        c:\programdata\Malwarebytes
2015-02-20 18:58 . 2015-02-20 18:58        51496        ----a-w-        c:\windows\system32\drivers\stflt.sys
2015-02-20 06:00 . 2015-01-29 09:07        11910896        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{0AB831CA-B01E-47DD-ACBF-08826E3E3CB7}\mpengine.dll
2015-02-18 21:29 . 2015-02-18 21:29        950272        ----a-w-        c:\windows\system32\perftrack.dll
2015-02-18 21:29 . 2015-02-18 21:29        91136        ----a-w-        c:\windows\system32\wdi.dll
2015-02-18 21:29 . 2015-02-18 21:29        76800        ----a-w-        c:\windows\SysWow64\wdi.dll
2015-02-18 21:29 . 2015-02-18 21:29        29696        ----a-w-        c:\windows\system32\powertracker.dll
2015-02-18 16:42 . 2015-02-18 16:43        --------        d-----w-        c:\program files (x86)\DVDVideoSoft
2015-02-18 16:42 . 2015-02-18 16:42        --------        d-----w-        c:\program files (x86)\Common Files\DVDVideoSoft
2015-02-18 16:42 . 2015-02-18 16:42        --------        d-----w-        c:\users\Helga Seemannn\AppData\Roaming\RHEng
2015-02-18 16:40 . 2015-02-18 16:45        --------        d-----w-        c:\users\Helga Seemannn\AppData\Roaming\DVDVideoSoft
2015-02-18 16:27 . 2015-02-18 16:27        --------        d-----w-        c:\users\Helga Seemannn\AppData\Local\CDex
2015-02-18 16:26 . 2015-02-18 16:27        --------        d-----w-        c:\program files (x86)\CDex
2015-02-12 06:25 . 2015-01-23 04:41        6041600        ----a-w-        c:\windows\system32\jscript9.dll
2015-02-12 06:25 . 2015-01-23 03:43        620032        ----a-w-        c:\windows\SysWow64\jscript9diag.dll
2015-02-12 06:25 . 2015-01-23 03:17        4300800        ----a-w-        c:\windows\SysWow64\jscript9.dll
2015-02-12 06:25 . 2015-01-23 04:42        814080        ----a-w-        c:\windows\system32\jscript9diag.dll
2015-02-11 06:05 . 2015-01-13 03:10        1424384        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2015-02-11 06:04 . 2015-01-09 02:03        3201536        ----a-w-        c:\windows\system32\win32k.sys
2015-02-09 06:22 . 2015-02-09 06:22        11532704        ----a-w-        c:\windows\system32\drivers\NETwsw01.sys
2015-02-09 06:21 . 2015-02-09 06:21        942080        ----a-w-        c:\windows\system32\AmRdrIco.icl
2015-02-09 06:21 . 2015-02-09 06:21        21784        ----a-w-        c:\windows\system32\AmUStor.dll
2015-02-09 06:21 . 2015-02-09 06:21        108312        ----a-w-        c:\windows\system32\drivers\AmUStor.sys
2015-02-05 06:57 . 2014-06-04 14:17        21184        ----a-w-        c:\windows\system32\drivers\SmartDefragDriver.sys
2015-01-30 17:34 . 2015-01-30 17:35        --------        d-----w-        c:\program files (x86)\EZCast
2015-01-28 16:24 . 2015-01-28 16:29        --------        d-----w-        c:\users\Helga Seemannn\AppData\Roaming\VoipConnect
2015-01-28 16:24 . 2015-01-28 16:24        --------        d-----w-        c:\program files (x86)\VoipConnect.com
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-11 07:02 . 2012-01-20 17:58        116773704        ----a-w-        c:\windows\system32\MRT.exe
2015-02-06 07:11 . 2012-04-04 17:46        701616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-06 07:11 . 2012-01-22 13:17        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-29 09:20 . 2014-12-29 09:20        26528        ----a-w-        c:\windows\SysWow64\drivers\HWiNFO64A.SYS
2014-12-29 07:22 . 2014-12-29 07:22        5120        ----a-w-        c:\windows\system32\drivers\subvga64.sys
2014-12-29 07:22 . 2014-12-29 07:22        15872        ----a-w-        c:\windows\system32\subvgadisp64.dll
2014-12-22 23:41 . 2010-11-21 03:27        298120        ------w-        c:\windows\system32\MpSigStub.exe
2014-12-19 03:06 . 2015-01-14 06:23        210432        ----a-w-        c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-14 06:23        141312        ----a-w-        c:\windows\system32\drivers\mrxdav.sys
2014-12-11 17:47 . 2015-01-14 06:23        87040        ----a-w-        c:\windows\system32\TSWbPrxy.exe
2014-12-06 04:17 . 2015-01-14 06:23        303616        ----a-w-        c:\windows\system32\nlasvc.dll
2014-12-06 03:50 . 2015-01-14 06:23        52224        ----a-w-        c:\windows\SysWow64\nlaapi.dll
2014-12-06 03:50 . 2015-01-14 06:23        156672        ----a-w-        c:\windows\SysWow64\ncsi.dll
2014-12-05 06:04 . 2014-12-05 06:04        515568        ----a-w-        c:\windows\system32\igfxsrvc.exe
2014-12-05 06:04 . 2014-12-05 06:04        439296        ----a-w-        c:\windows\system32\igfxrrus.lrc
2014-12-05 06:04 . 2014-12-05 06:04        439296        ----a-w-        c:\windows\system32\igfxrrom.lrc
2014-12-05 06:04 . 2014-12-05 06:04        438784        ----a-w-        c:\windows\system32\igfxrsky.lrc
2014-12-05 06:04 . 2014-12-05 06:04        438784        ----a-w-        c:\windows\system32\igfxrptg.lrc
2014-12-05 06:04 . 2014-12-05 06:04        438784        ----a-w-        c:\windows\system32\igfxrplk.lrc
2014-12-05 06:04 . 2014-12-05 06:04        438784        ----a-w-        c:\windows\system32\igfxrnld.lrc
2014-12-05 06:04 . 2014-12-05 06:04        437760        ----a-w-        c:\windows\system32\igfxrtrk.lrc
2014-12-05 06:04 . 2014-12-05 06:04        437760        ----a-w-        c:\windows\system32\igfxrsve.lrc
2014-12-05 06:04 . 2014-12-05 06:04        437760        ----a-w-        c:\windows\system32\igfxrslv.lrc
2014-12-05 06:04 . 2014-12-05 06:04        437760        ----a-w-        c:\windows\system32\igfxrptb.lrc
2014-12-05 06:04 . 2014-12-05 06:04        437760        ----a-w-        c:\windows\system32\igfxrnor.lrc
2014-12-05 06:04 . 2014-12-05 06:04        437248        ----a-w-        c:\windows\system32\igfxrtha.lrc
2014-12-05 06:04 . 2014-12-05 06:04        410624        ----a-w-        c:\windows\system32\igfxTMM.dll
2014-12-05 06:04 . 2014-12-05 06:04        279024        ----a-w-        c:\windows\SysWow64\IntelCpHeciSvc.exe
2014-12-05 06:04 . 2014-12-05 06:04        172016        ----a-w-        c:\windows\system32\igfxtray.exe
2014-12-05 06:04 . 2014-12-05 06:04        116224        ----a-w-        c:\windows\system32\igfxCoIn_v3517.dll
2014-12-05 06:04 . 2014-12-05 06:04        431104        ----a-w-        c:\windows\system32\igfxrkor.lrc
2014-12-05 06:04 . 2011-08-31 20:21        64000        ----a-w-        c:\windows\system32\igfxsrvc.dll
2014-12-05 06:04 . 2014-12-05 06:04        9728        ----a-w-        c:\windows\system32\IGFXDEVLib.dll
2014-12-05 06:04 . 2014-12-05 06:04        442880        ----a-w-        c:\windows\system32\igfxdev.dll
2014-12-05 06:04 . 2014-12-05 06:04        442352        ----a-w-        c:\windows\system32\igfxpers.exe
2014-12-05 06:04 . 2014-12-05 06:04        440320        ----a-w-        c:\windows\system32\igfxrell.lrc
2014-12-05 06:04 . 2014-12-05 06:04        439808        ----a-w-        c:\windows\system32\igfxrfra.lrc
2014-12-05 06:04 . 2014-12-05 06:04        439808        ----a-w-        c:\windows\system32\igfxresn.lrc
2014-12-05 06:04 . 2014-12-05 06:04        438784        ----a-w-        c:\windows\system32\igfxrita.lrc
2014-12-05 06:04 . 2014-12-05 06:04        438784        ----a-w-        c:\windows\system32\igfxrhrv.lrc
2014-12-05 06:04 . 2014-12-05 06:04        438784        ----a-w-        c:\windows\system32\igfxrdeu.lrc
2014-12-05 06:04 . 2014-12-05 06:04        438272        ----a-w-        c:\windows\system32\igfxrhun.lrc
2014-12-05 06:04 . 2014-12-05 06:04        438272        ----a-w-        c:\windows\system32\igfxrfin.lrc
2014-12-05 06:04 . 2014-12-05 06:04        438272        ----a-w-        c:\windows\system32\igfxrcsy.lrc
2014-12-05 06:04 . 2014-12-05 06:04        437248        ----a-w-        c:\windows\system32\igfxrdan.lrc
2014-12-05 06:04 . 2014-12-05 06:04        435712        ----a-w-        c:\windows\system32\igfxrheb.lrc
2014-12-05 06:04 . 2014-12-05 06:04        435712        ----a-w-        c:\windows\system32\igfxrara.lrc
2014-12-05 06:04 . 2014-12-05 06:04        432128        ----a-w-        c:\windows\system32\igfxrjpn.lrc
2014-12-05 06:04 . 2014-12-05 06:04        429056        ----a-w-        c:\windows\system32\igfxrcht.lrc
2014-12-05 06:04 . 2014-12-05 06:04        428544        ----a-w-        c:\windows\system32\igfxrchs.lrc
2014-12-05 06:04 . 2014-12-05 06:04        384512        ----a-w-        c:\windows\system32\igfxpph.dll
2014-12-05 06:04 . 2014-12-05 06:04        330752        ----a-w-        c:\windows\SysWow64\igfxdv32.dll
2014-12-05 06:04 . 2014-12-05 06:04        286208        ----a-w-        c:\windows\system32\igfxrenu.lrc
2014-12-05 06:04 . 2014-12-05 06:04        254960        ----a-w-        c:\windows\system32\igfxext.exe
2014-12-05 06:04 . 2014-12-05 06:04        142336        ----a-w-        c:\windows\system32\igfxdo.dll
2014-12-05 06:04 . 2014-12-05 06:04        126976        ----a-w-        c:\windows\system32\igfxcpl.cpl
2014-12-05 06:04 . 2014-12-05 06:04        12617728        ----a-w-        c:\windows\system32\igdumd64.dll
2014-12-05 06:04 . 2013-06-27 06:07        11049984        ----a-w-        c:\windows\SysWow64\igdumd32.dll
2014-12-05 06:04 . 2013-06-27 06:06        9007616        ----a-w-        c:\windows\system32\igfxress.dll
2014-12-05 06:04 . 2011-08-31 20:21        28672        ----a-w-        c:\windows\system32\igfxexps.dll
2014-12-05 06:04 . 2011-08-31 20:16        25088        ----a-w-        c:\windows\SysWow64\igfxexps32.dll
2014-12-05 06:04 . 2014-12-05 06:04        5363520        ----a-w-        c:\windows\system32\drivers\igdkmd64.sys
2014-12-05 06:04 . 2014-12-05 06:04        99328        ----a-w-        c:\windows\system32\igdde64.dll
2014-12-05 06:04 . 2014-12-05 06:04        78848        ----a-w-        c:\windows\SysWow64\igdde32.dll
2014-12-05 06:04 . 2014-12-05 06:04        12859392        ----a-w-        c:\windows\system32\igd10umd64.dll
2014-12-05 06:04 . 2014-12-05 06:04        11176448        ----a-w-        c:\windows\SysWow64\igd10umd32.dll
2014-12-05 06:04 . 2014-12-05 06:04        13031424        ----a-w-        c:\windows\system32\ig4icd64.dll
2014-12-05 06:04 . 2014-12-05 06:04        10812928        ----a-w-        c:\windows\SysWow64\ig4icd32.dll
2014-12-05 06:04 . 2014-12-05 06:04        5904880        ----a-w-        c:\windows\system32\GfxUI.exe
2014-12-05 06:04 . 2014-12-05 06:04        399856        ----a-w-        c:\windows\system32\hkcmd.exe
2014-12-05 06:04 . 2014-12-05 06:04        185840        ----a-w-        c:\windows\system32\difx64.exe
2014-12-05 06:04 . 2014-12-05 06:04        175104        ----a-w-        c:\windows\system32\gfxSrvc.dll
2014-12-05 06:04 . 2012-12-14 01:42        110592        ----a-w-        c:\windows\system32\hccutils.dll
2014-12-05 06:04 . 2014-12-05 06:04        101888        ----a-w-        c:\windows\system32\drivers\risdxc64.sys
2014-12-05 06:03 . 2014-12-05 06:03        69088        ----a-w-        c:\windows\system32\drivers\iBtFltCoex.sys
2014-12-05 06:03 . 2014-12-05 06:03        1721216        ----a-w-        c:\windows\system32\WdfCoInstaller01009.dll
2014-12-05 06:03 . 2014-12-05 06:03        1419576        ----a-w-        c:\windows\system32\drivers\btmhsf.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}]
2014-06-11 14:20        464720        ----a-w-        c:\program files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        131248        ----a-w-        c:\users\Helga Seemannn\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        131248        ----a-w-        c:\users\Helga Seemannn\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        131248        ----a-w-        c:\users\Helga Seemannn\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Quickstart - Toolbar"="c:\launcher31b19\Launcher.exe" [2008-04-01 260096]
"Hoffnung fuer heute"="c:\program files (x86)\ComBib\Hoffnung fuer heute\Hoffnung fuer heute.exe" [2013-12-02 2568192]
"StickyPassword"="c:\program files (x86)\Sticky Password\stpass.exe" [2014-09-24 14310200]
"VoipConnect"="c:\program files (x86)\VoipConnect.com\VoipConnect\VoipConnect.exe" [2014-12-04 23048288]
"GoogleChromeAutoLaunch_E7AB2F37F5105CE78BDE76BDD71ECAE2"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2015-02-17 843592]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-01-20 7404312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TSleepSrv"="c:\program files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe" [2010-06-05 252792]
"TOSDCR"="c:\program files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-08-28 169296]
"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2015-02-02 5768992]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 8"="c:\program files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" [2014-12-10 2427680]
.
c:\users\Helga Seemannn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FastStone Capture.lnk - c:\program files (x86)\FastStone Capture\FSCapture.exe -Silent [2007-2-12 1111552]
Hoffnung  fuer heute.LNK - c:\program files (x86)\ComBib\Hoffnung fuer heute\Hoffnung fuer heute.exe cbAutoStart [2013-12-2 2568192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2011-5-10 2750376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "c:\programdata\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 cpuz134;cpuz134;c:\users\HELGAS~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\HELGAS~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R4 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R4 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R4 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R4 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [x]
R4 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
R4 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 cnnctfy3;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy3.sys;c:\windows\SYSNATIVE\DRIVERS\cnnctfy3.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 RawDisk3;RawDisk3;c:\windows\system32\drivers\rawdsk3.sys;c:\windows\SYSNATIVE\drivers\rawdsk3.sys [x]
S2 AdvancedSystemCareService8;Advanced SystemCare Service 8;c:\program files (x86)\IObit\Advanced SystemCare 8\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [x]
S2 AVP15.0.0;Kaspersky Anti-Virus Service 15.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [x]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [x]
S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [x]
S2 irstrtsv;Intel(R) Rapid Start Technology Service;c:\windows\system32\irstrtsv.exe;c:\windows\SYSNATIVE\irstrtsv.exe [x]
S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys;c:\windows\SYSNATIVE\DRIVERS\PDFsFilter.sys [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdxc64.sys [x]
S2 serviceIEConfig;IEConfig 1und1 Edition;c:\windows\SysWOW64\ieconfig_1und1_svc.exe;c:\windows\SysWOW64\ieconfig_1und1_svc.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 irstrtdv;Intel(R) Rapid Start Technology Driver;c:\windows\system32\DRIVERS\irstrtdv.sys;c:\windows\SYSNATIVE\DRIVERS\irstrtdv.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 subvgaproduct64;subvgaproduct64;c:\windows\system32\DRIVERS\subvga64.sys;c:\windows\SYSNATIVE\DRIVERS\subvga64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-20 05:50        1084744        ----a-w-        c:\program files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-02-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 07:11]
.
2015-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-07 05:46]
.
2015-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-07 05:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2015-02-05 06:56        2471744        ----a-w-        c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        164016        ----a-w-        c:\users\Helga Seemannn\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        164016        ----a-w-        c:\users\Helga Seemannn\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        164016        ----a-w-        c:\users\Helga Seemannn\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        164016        ----a-w-        c:\users\Helga Seemannn\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-01-15 15:59        776520        ----a-w-        c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-01-15 15:59        776520        ----a-w-        c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-01-15 15:59        776520        ----a-w-        c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-01-15 15:59        776520        ----a-w-        c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-01-15 15:59        776520        ----a-w-        c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2011-09-23 590256]
"TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2011-08-03 981888]
"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2011-08-10 712096]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-06-01 1935120]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2726728]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2000-01-01 13657304]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2000-01-01 1360600]
"BatteryManager"="c:\program files\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE" [2011-09-23 285608]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-09 710560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-12-05 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-12-05 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-12-05 442352]
.
------- Zusätzlicher Suchlauf -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://go.1und1.de/links/home
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://go.1und1.de/suchbox/1und1suche?su=%s
IE: Alles mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: An OneNote s&enden - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Auswahl mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: Videos mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Zu Anti-Banner hinzufügen - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-*LABAL* - (no file)
SafeBoot-64517561.sys
SafeBoot-80929766.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\serviceIEConfig]
"ImagePath"="c:\windows\SysWOW64\ieconfig_1und1_svc.exe /startedbyscm:016FE01B-40E31F2D-serviceIEConfig"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,
  0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70
"{2E250B90-0E7A-42A3-9D65-E39F9F227FA4}"=hex:51,66,7a,6c,4c,1d,38,12,fe,08,36,
  2a,48,40,cd,07,e2,73,a0,df,9a,7c,3b,b0
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
  76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
  94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
  aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
  b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
  b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
  df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
  2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}"=hex:51,66,7a,6c,4c,1d,38,12,b0,b9,4d,
  f6,7d,c9,e9,34,32,65,fa,b1,a8,8e,f9,ca
"{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}"=hex:51,66,7a,6c,4c,1d,38,12,1e,23,4f,
  b7,75,5e,cb,37,82,24,5f,7b,46,57,96,f5
"{73455575-E40C-433C-9784-C78DC7761455}"=hex:51,66,7a,6c,4c,1d,38,12,48,7b,67,
  5a,0b,87,63,3e,bb,bf,b5,e0,f7,05,61,79
"{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}"=hex:51,66,7a,6c,4c,1d,38,12,4e,e2,46,
  7c,a0,8c,e0,31,bd,b1,2e,9a,cb,cc,8a,63
"{310CA7B9-D56B-499A-B786-D9648270585E}"=hex:51,66,7a,6c,4c,1d,38,12,84,89,2e,
  18,6c,b6,c5,34,9b,bd,ab,09,b2,03,2d,72
"{D48FF4B4-E68F-47D1-8E25-81A0F0EEB341}"=hex:51,66,7a,6c,4c,1d,38,12,da,f7,9c,
  d0,bd,a8,bf,02,f1,33,c2,e0,f5,b0,f7,55
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:06,6f,ba,aa,3b,26,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d2,61,0f,cf,c8,1d,f5,4b,98,9d,b7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d2,61,0f,cf,c8,1d,f5,4b,98,9d,b7,\
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.032"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.abr"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
@Denied: (2) (LocalSystem)
"Progid"="VLC.amr"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.ani"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.arw"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.bay"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.bmp"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.bwf"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.cel"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.cr2"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.crw"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.cs1"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.cur"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.dcr"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.dcx"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DIB\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.dib"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.djv"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.djvu"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.dng"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.emf"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.eps"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.erf"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.fff"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.flc"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.fli"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.gif"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.hdr"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.icl"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.icn"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ICO\UserChoice]
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ico"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.iff"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.iw4"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.j2c"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.j2k"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.jbr"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JFIF\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.jfif"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.jif"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.jp2"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.jpc"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPE\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.jpe"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPEG\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.jpeg"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPG\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.jpg"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.jpk"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.jpx"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice]
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.kar"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.kdc"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.m15"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.m1a"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.m2a"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.m75"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.mef"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.mos"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.mpv"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.mrw"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.nef"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.nrw"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.orf"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.pbr"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.pct"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.pcx"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.pef"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.pic"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pics"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.pict"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PNG\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.png"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.psd"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.psp"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.pspbrush"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.pspimage"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice]
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
@Denied: (2) (LocalSystem)
"Progid"="VLC.qcp"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.qtpf"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.raf"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ras"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.raw"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.rle"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.rw2"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.rwl"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.sfil"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.smf"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice]
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.smi"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice]
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.smil"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.sml"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.sr2"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.srf"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.srw"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.swa"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.tga"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.thm"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TIF\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.tif"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TIFF\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.tiff"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.ttc"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.ttf"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ulw"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.v60po"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.v60pp"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.v60ppf"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.vfw"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.wbm"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.wbmp"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.wmf"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.xif"
.
[HKEY_USERS\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4063226719-3667356119-3298405193-1001)
"Progid"="ACDSee Pro 6.xmp"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\irstrtsv.exe
c:\program files (x86)\iolo\System Mechanic\LiveBoost.exe
c:\program files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
c:\program files (x86)\TOSHIBA\widimon\widimon.exe
c:\program files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-02-22  17:44:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-02-22 16:44
.
Vor Suchlauf: 28 Verzeichnis(se), 17.594.920.960 Bytes frei
Nach Suchlauf: 35 Verzeichnis(se), 18.894.512.128 Bytes frei
.
- - End Of File - - 68640400299BD6F49D2BFB0C855D8586
5B5E648D12FCADC244C1EC30318E1EB9
Hallo Schrauber,
die Onlinesuche ist wieder möglich.
Aber wenn ich bei einem Shop bin, kommen immer noch diese vielen Anzeigen "Top SchnAppchen" oder mitten in der Seite kleinere Anzeigen. Ich habe mal einen Rechtsklick bei beiden gemacht und "Element untersuchen" angeklickt und habe es kopiert.
Code:
<div class="fo-deals-header fo-header fo-close-xyz sgsefvhuedc" data-bind="html: strings['deals_header']">Top-Schnäppchen</div>
Code:
<div id="fo-right-ribbon" data-bind="css: 'ribbonContainer' + ribbonSize, style: { 'top': ribbonPosition.top + 'px', 'left' : ribbonPosition.left + 'px', 'width' : ribbonDimensions.width + 'px', 'height' : ribbonDimensions.height + 'px' }" class="ribbonContainerMedium" style="top: 144px; left: 723.5px; width: 71px; height: 243px;">
        <span class="sld-nvgt fo-close-xyz ribbonWidthMedium" id="sld-next" data-bind="click: showDisplayWindow, css: 'ribbonWidth' + ribbonSize">
            <!--ko text: strings['more']-->More<!--/ko-->
        </span>

            <div id="optout" data-bind="with: $parent" style="height: 1px;width: 260px;">
                <span id="sld-container-destroy" class="sld-cross fa fa-times-circle-o" data-bind="click: hide"></span>
                <!--<span id="sld-container-settings" class="sld-cog fa fa-cog" title="Settings"></span>-->
            </div>
            <div id="sld-slider_wrapper" class="fo-close-xyz">
                <ul id="sld-image_slider" class="fo-close-xyz">
                    <!-- ko foreach: { data: offersModel.offers }-->
                    <li class="fo-close-xyz ribbonWidthMedium ribbonHeightMedium" data-bind="css: 'ribbonWidth' + $parent.ribbonSize + ' ribbonHeight' + $parent.ribbonSize, event: { click: onClick, mouseover: zoomIntoOffer, mouseleave: zoomOutOfOffer }">
                        <div class="fobestprice" data-bind="visible: offer.ribbon.length">
                            <div class="fobestpriceinner"><!--ko text: $parent.strings['deals_header2']-->Beste<!--/ko--></div>
                        </div>
                        <div class="img fo-close-xyz ribbonImageMedium" data-bind="style: {backgroundImage: 'url(\'' + offer.thumb + '\')'}, css: 'ribbonImage' + $parent.ribbonSize" style="background-image: url(hxxp://api-img.billiger.de/a/10227/268010034_L.jpg);"></div>
                        <div class="sld-price fo-close-xyz ribbonPriceMedium" data-bind="css: 'ribbonPrice' + $parent.ribbonSize, html : offer.price">€10.98</div>
                        <div id="sld-zoom-inner" data-bind="css: 'ribbonZoom' + $parent.ribbonSize, slideVisible: zoomVisible, attr: { title: offer.title }" class="ribbonZoomMedium" style="display: none;" title="EMCUR Nasendusche und Nasenspülsalz 10 Beutel (530605)Bewährtes Hausmittel: Nasendusche bei Erkältungen und HeuschnupfenEinfach und besonders effektiv: Die Nasendusche von Emcur ist bei Schnup...">
                            <div class="sld-corner fo-close-xyz"></div>
                            <div class="sld-zoom-wrapper fo-close-xyz">
                                <div class="fo-close-xyz">
                                    <img data-bind="css: 'fo-offer-img', attr: { src : offer.thumb }" class="fo-offer-img" src="hxxp://api-img.billiger.de/a/10227/268010034_L.jpg">

                                    <div class="sld-zoom-desc  fo-close-xyz">
                                        <div class="sld-zoom-price fo-close-xyz" data-bind="html: offer.price">€10.98</div>
                                        <div class="sld-zoom-merchant-name fo-close-xyz" data-bind="html: offer.merchantText">windeln.de</div>
                                        <div class="sld-zoom-title fo-close-xyz" data-bind="html: offer.title">EMCUR Nasendusche und Nasenspülsalz 10 Beutel (530605)Bewährtes Hausmittel: Nasendusche bei Erkältungen und HeuschnupfenEinfach und besonders effektiv: Die Nasendusche von Emcur ist bei Schnup...</div>
                                        <div class="sld-zoom-visit fo-close-xyz" data-bind="text: $parent.strings['visit_store']">Jetzt kaufen</div>
                                    </div>
                                    <i id="sld-zoom-destroy" class="sld-zoom-cross fa fa-times-circle-o" data-bind="click: hideZoom"></i>
                                </div>
                            </div>
                            <div id="sld-zoom-out" class="fo-close-xyz"></div>
                        </div>
                    </li>
                   
                    <li class="fo-close-xyz ribbonWidthMedium ribbonHeightMedium" data-bind="css: 'ribbonWidth' + $parent.ribbonSize + ' ribbonHeight' + $parent.ribbonSize, event: { click: onClick, mouseover: zoomIntoOffer, mouseleave: zoomOutOfOffer }">
                        <div class="fobestprice" data-bind="visible: offer.ribbon.length" style="display: none;">
                            <div class="fobestpriceinner"><!--ko text: $parent.strings['deals_header2']-->Beste<!--/ko--></div>
                        </div>
                        <div class="img fo-close-xyz ribbonImageMedium" data-bind="style: {backgroundImage: 'url(\'' + offer.thumb + '\')'}, css: 'ribbonImage' + $parent.ribbonSize" style="background-image: url(hxxp://i41.twenga.com/4/tp/97/85/6127168054060559785.png);"></div>
                        <div class="sld-price fo-close-xyz ribbonPriceMedium" data-bind="css: 'ribbonPrice' + $parent.ribbonSize, html : offer.price">€34.78</div>
                        <div id="sld-zoom-inner" data-bind="css: 'ribbonZoom' + $parent.ribbonSize, slideVisible: zoomVisible, attr: { title: offer.title }" class="ribbonZoomMedium" style="display: none;" title="4BB2 Little Girl Schwimmanzug UV50+Der Little Girl Schwimmanzug bietet Ihrem Kind mit UV50+ besonders hohen Schutz vor schädlichen UVA- und UVB-Strahlen, bewahrt es vor Hautausschlag und eign...">
                            <div class="sld-corner fo-close-xyz"></div>
                            <div class="sld-zoom-wrapper fo-close-xyz">
                                <div class="fo-close-xyz">
                                    <img data-bind="css: 'fo-offer-img', attr: { src : offer.thumb }" class="fo-offer-img" src="hxxp://i41.twenga.com/4/tp/97/85/6127168054060559785.png">

                                    <div class="sld-zoom-desc  fo-close-xyz">
                                        <div class="sld-zoom-price fo-close-xyz" data-bind="html: offer.price">€34.78</div>
                                        <div class="sld-zoom-merchant-name fo-close-xyz" data-bind="html: offer.merchantText">windeln.de</div>
                                        <div class="sld-zoom-title fo-close-xyz" data-bind="html: offer.title">4BB2 Little Girl Schwimmanzug UV50+Der Little Girl Schwimmanzug bietet Ihrem Kind mit UV50+ besonders hohen Schutz vor schädlichen UVA- und UVB-Strahlen, bewahrt es vor Hautausschlag und eign...</div>
                                        <div class="sld-zoom-visit fo-close-xyz" data-bind="text: $parent.strings['visit_store']">Jetzt kaufen</div>
                                    </div>
                                    <i id="sld-zoom-destroy" class="sld-zoom-cross fa fa-times-circle-o" data-bind="click: hideZoom"></i>
                                </div>
                            </div>
                            <div id="sld-zoom-out" class="fo-close-xyz"></div>
                        </div>
                    </li>
                   
                    <li class="fo-close-xyz ribbonWidthMedium ribbonHeightMedium" data-bind="css: 'ribbonWidth' + $parent.ribbonSize + ' ribbonHeight' + $parent.ribbonSize, event: { click: onClick, mouseover: zoomIntoOffer, mouseleave: zoomOutOfOffer }">
                        <div class="fobestprice" data-bind="visible: offer.ribbon.length" style="display: none;">
                            <div class="fobestpriceinner"><!--ko text: $parent.strings['deals_header2']-->Beste<!--/ko--></div>
                        </div>
                        <div class="img fo-close-xyz ribbonImageMedium" data-bind="style: {backgroundImage: 'url(\'' + offer.thumb + '\')'}, css: 'ribbonImage' + $parent.ribbonSize" style="background-image: url(hxxp://i41.twenga.com/4/tp/49/53/2266790068113404953.png);"></div>
                        <div class="sld-price fo-close-xyz ribbonPriceMedium" data-bind="css: 'ribbonPrice' + $parent.ribbonSize, html : offer.price">€61.88</div>
                        <div id="sld-zoom-inner" data-bind="css: 'ribbonZoom' + $parent.ribbonSize, slideVisible: zoomVisible, attr: { title: offer.title }" class="ribbonZoomMedium" style="display: none;" title="Lässig Glam Backpack ContrastAus besonders leichtem und strapazierfähigem Polyester hergestellt, bieten die Rucksäcke im geschmackvollen Freizeitlook den bewährten Komfort einer Wickeltasche">
                            <div class="sld-corner fo-close-xyz"></div>
                            <div class="sld-zoom-wrapper fo-close-xyz">
                                <div class="fo-close-xyz">
                                    <img data-bind="css: 'fo-offer-img', attr: { src : offer.thumb }" class="fo-offer-img" src="hxxp://i41.twenga.com/4/tp/49/53/2266790068113404953.png">

                                    <div class="sld-zoom-desc  fo-close-xyz">
                                        <div class="sld-zoom-price fo-close-xyz" data-bind="html: offer.price">€61.88</div>
                                        <div class="sld-zoom-merchant-name fo-close-xyz" data-bind="html: offer.merchantText">windeln.de</div>
                                        <div class="sld-zoom-title fo-close-xyz" data-bind="html: offer.title">Lässig Glam Backpack ContrastAus besonders leichtem und strapazierfähigem Polyester hergestellt, bieten die Rucksäcke im geschmackvollen Freizeitlook den bewährten Komfort einer Wickeltasche</div>
                                        <div class="sld-zoom-visit fo-close-xyz" data-bind="text: $parent.strings['visit_store']">Jetzt kaufen</div>
                                    </div>
                                    <i id="sld-zoom-destroy" class="sld-zoom-cross fa fa-times-circle-o" data-bind="click: hideZoom"></i>
                                </div>
                            </div>
                            <div id="sld-zoom-out" class="fo-close-xyz"></div>
                        </div>
                    </li>
                    <!-- /ko -->
                </ul>
            </div>
            <span class="sld-name ribbonWidthMedium" data-bind="css: 'ribbonWidth' + ribbonSize"><!--ko text: strings['attribution1']-->UnterstÃŒtzt von<!--/ko--><a data-bind="text: $parent.providerName, attr: { href: $parent.providerLink }" href="hxxp://www.rollaround.net">Roll Around</a></span>
            <span class="sld-brought ribbonWidthMedium" data-bind="text: $parent.extraAttribution, visible: $parent.extraAttribution, css: 'ribbonWidth' + ribbonSize" style="display: none;"></span>
        </div>
Wie kann ich diese blöden Anzeigen wegkriegen???
Gruß
Helga

Weiterleitung auf unerwünschte Seiten ist wieder aktiv

schrauber 23.02.2015 16:52
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

helgasee 24.02.2015 07:41
JRT.exe öffnet sich als .bat Datei im Editor. Da kann ich nachlesen, was sie tun soll, aber wie kriege ich sie dazu, das auch zu machen.
Ein Tastendruck bewirkt nur eine Verändertung in der .bat datei.
Danke für Hilfe,
Helga

schrauber 24.02.2015 16:57
Lass JRT weg :)

helgasee 24.02.2015 19:18
Hier die Logs

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 24.02.2015
Scan Time: 18:44:42
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.24.05
Rootkit Database: v2015.02.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Helga Seemannn

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 418454
Time Elapsed: 12 min, 13 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
Code:
# AdwCleaner v4.111 - Bericht erstellt 24/02/2015 um 18:32:13
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-02-18.3 [Lokal]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Helga Seemannn - HELGA
# Gestarted von : C:\Users\Helga Seemannn\Downloads\adwcleaner_4.111.exe
# Option : Suchlauf

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v


-\\ Google Chrome v40.0.2214.115

[C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://www.wayfair.de/keyword.php?keyword={searchTerms}&ust=&command=dosearch&new_keyword_search=true
[C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}

-\\ Opera v0.0.0.0

*************************

AdwCleaner[R0].txt - [72433 Bytes] - [01/09/2014 06:55:12]
AdwCleaner[R1].txt - [2346 Bytes] - [23/02/2015 17:40:37]
AdwCleaner[R2].txt - [1807 Bytes] - [24/02/2015 18:26:01]
AdwCleaner[R3].txt - [1262 Bytes] - [24/02/2015 18:32:13]
AdwCleaner[S0].txt - [71608 Bytes] - [01/09/2014 07:20:07]
AdwCleaner[S1].txt - [2783 Bytes] - [23/02/2015 17:45:38]
AdwCleaner[S2].txt - [1868 Bytes] - [24/02/2015 18:28:19]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1499 Bytes] ##########

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2015
Ran by Helga Seemannn (administrator) on HELGA on 24-02-2015 18:58:53
Running from C:\Users\Helga Seemannn\Downloads
Loaded Profiles: Helga Seemannn (Available profiles: Helga Seemannn & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\LiveBoost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Stefan Moka) C:\Launcher31B19\Launcher.exe
() C:\Windows\SysWOW64\ieconfig_1und1_svc.exe
(Lamantine Software a.s.) C:\Program Files (x86)\Sticky Password\stpass.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
() C:\Program Files (x86)\FastStone Capture\FSCapture.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
() C:\Program Files\ClipX\clipx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-23] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [981888 2011-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-08-10] (TOSHIBA Corporation)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel(R) Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13657304 2000-01-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1360600 2000-01-01] (Realtek Semiconductor)
HKLM\...\Run: [BatteryManager] => C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE [285608 2011-09-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-05] (TOSHIBA)
HKLM-x32\...\Run: [TOSDCR] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5768992 2015-02-02] (IObit)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoStrCmpLogical] 1
HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\...\Run: [Quickstart - Toolbar] => C:\Launcher31B19\Launcher.exe [260096 2008-04-01] (Stefan Moka)
HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\...\Run: [Hoffnung fuer heute] => C:\Program Files (x86)\ComBib\Hoffnung fuer heute\Hoffnung fuer heute.exe [2568192 2013-12-02] (combib)
HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\...\Run: [StickyPassword] => C:\Program Files (x86)\Sticky Password\stpass.exe [14310200 2014-09-24] (Lamantine Software a.s.)
HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\...\Run: [GoogleChromeAutoLaunch_E7AB2F37F5105CE78BDE76BDD71ECAE2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-17] (Google Inc.)
HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2427680 2014-12-10] (IObit)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\Helga Seemannn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastStone Capture.lnk
ShortcutTarget: FastStone Capture.lnk -> C:\Program Files (x86)\FastStone Capture\FSCapture.exe ()
Startup: C:\Users\Helga Seemannn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hoffnung  fuer heute.LNK
ShortcutTarget: Hoffnung  fuer heute.LNK -> C:\Program Files (x86)\ComBib\Hoffnung fuer heute\Hoffnung fuer heute.exe (combib)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Helga Seemannn\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Helga Seemannn\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Helga Seemannn\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Helga Seemannn\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Helga Seemannn\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Helga Seemannn\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Helga Seemannn\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.1und1.de/links/home
HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {99D331A2-3627-4636-B765-B46E28C10000} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
SearchScopes: HKLM-x32 -> {99D331A2-3627-4636-B765-B46E28C10000} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4063226719-3667356119-3298405193-1001 -> DefaultScope {BA8305C6-E5BD-4C89-8B52-89AAECF54711} URL = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}
SearchScopes: HKU\S-1-5-21-4063226719-3667356119-3298405193-1001 -> {710D5225-9A3C-4F7E-AA5B-C1EC23D3F7D9} URL = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
SearchScopes: HKU\S-1-5-21-4063226719-3667356119-3298405193-1001 -> {8CC54E51-4A40-4324-BC62-E4BD4DD7BB6A} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=402027&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4063226719-3667356119-3298405193-1001 -> {99D331A2-3627-4636-B765-B46E28C10000} URL =
SearchScopes: HKU\S-1-5-21-4063226719-3667356119-3298405193-1001 -> {BA8305C6-E5BD-4C89-8B52-89AAECF54711} URL = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}
SearchScopes: HKU\S-1-5-21-4063226719-3667356119-3298405193-1001 -> {D7F9BFA8-EF0F-42A3-B22A-3E5690EEE526} URL = hxxp://go.web.de/suchbox/google?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4063226719-3667356119-3298405193-1001 -> {F5207CDB-088F-4996-B238-122B8E910E75} URL = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: 1&&1 Internet AG Browser Configuration by mquadr.at -> {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} -> C:\Windows\SysWow64\ieconfig_1und1.dll (mquadr.at software engineering und consulting GmbH)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Winsock: Catalog5 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

FireFox:
========
FF ProfilePath: C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=402027&ilc=12&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_35 -> C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0-git-20120328-0404 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4063226719-3667356119-3298405193-1001: @stickypassword.com/Sticky Password -> C:\Program Files (x86)\Sticky Password\npspAutofill.dll (Lamantine Software a.s.)
FF Plugin ProgramFiles/Appdata: C:\Users\Helga Seemannn\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\searchplugins\webde-suche.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\Extensions\iobitascsurfingprotection@iobit.com [2015-01-03]
FF Extension: 7eb3f69125b44a8590389e57e2bcd537 - C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\Extensions\{7eb3f691-25b4-4a85-9038-9e57e2bcd537} [2014-11-01]
FF Extension: DictionarySearch - C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\Extensions\{a0faa0a4-f1a7-4098-9a74-21efc3a92372} [2013-06-30]
FF Extension: FDD8ECF0451A414D8C8F7B7F78B0ECD3 - C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\Extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3} [2014-11-01]
FF Extension: Adblock Plus - C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-06]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-09]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-09-01]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-09-01]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-09-01]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-09-01]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-09-01]
FF HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\...\Thunderbird\Extensions: [{54affe52-8223-453b-be1e-2fe2e250045c}] - C:\Users\Helga Seemannn\AppData\Roaming\Lamantine\Sticky Password\spAutofill
FF Extension: Sticky Password Autofill Engine - C:\Users\Helga Seemannn\AppData\Roaming\Lamantine\Sticky Password\spAutofill [2014-03-20]
FF Extension: No Name - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com [Not Found]
FF Extension: No Name - C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\extensions\EWBNO58637124@CLP39222015.com [Not Found]
FF Extension: No Name - C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\extensions\ascsurfingprotection@iobit.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
FF Extension: No Name - C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com [Not Found]
FF Extension: No Name - C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\extensions\adremoveext@adremoveext.net [Not Found]
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=AV01
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=AV01"
CHR Profile: C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-11]
CHR Extension: (Google Drive) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-08]
CHR Extension: (WOT) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-07-26]
CHR Extension: (YouTube) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-11]
CHR Extension: (Adblock Plus) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-12]
CHR Extension: (Google Search) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-11]
CHR Extension: (Kaspersky Protection) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-09-01]
CHR Extension: (Avira SafeSearch) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglgfnfolcgijipffhlhbbnefdcbjbml [2014-08-08]
CHR Extension: (Trusted Shops-Erweiterung für Google Chrome) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcpnemckonbbmnoakbjgjkgokkbaeo [2014-08-06]
CHR Extension: (SiteAdvisor) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-07-26]
CHR Extension: (Sticky Password Autofill Engine) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggepjhbdgijjkbelnggboeoehacbphed [2014-07-26]
CHR Extension: (WEB.DE MailCheck) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2015-02-19]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2014-10-26]
CHR Extension: (Keepa.com - Price Tracker) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2014-07-26]
CHR Extension: (Google Wallet) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-11]
CHR Extension: (Jewels HD) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\opmonmpnlegnelddekgpmmhileohhpma [2014-07-26]
CHR Extension: (Evernote Web Clipper) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-07-26]
CHR Extension: (Gmail) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-11]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2012-08-25]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-08-04] (Nero AG)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [344864 2015-01-27] (IObit)
S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4700872 2014-08-12] (iolo technologies, LLC)
R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [184320 2011-07-07] (Intel Corporation) [File not signed]
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-09] (Intel Corporation)
S2 KMService; C:\windows\SysWOW64\srvany.exe [8192 2013-05-12] () [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()
S4 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-09-04] (Nitro PDF Software)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 serviceIEConfig; C:\Windows\SysWOW64\ieconfig_1und1_svc.exe [1053848 2014-05-31] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1419576 2014-12-05] (Motorola Solutions, Inc.)
R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [34840 2013-08-29] (Connectify)
R1 ElRawDisk; C:\windows\system32\drivers\ElRawDsk.sys [30752 2013-12-03] (EldoS Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R1 HBtnKey; C:\Windows\System32\DRIVERS\wstbtndb.sys [9856 2007-09-14] (Lenovo)
R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-29] (REALiX(tm))
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-10-09] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-10-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2014-04-15] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11532704 2015-02-09] (Intel Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R1 RawDisk3; C:\windows\system32\drivers\rawdsk3.sys [32912 2014-07-13] (EldoS Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R3 subvgaproduct64; C:\Windows\System32\DRIVERS\subvga64.sys [5120 2014-12-29] (Windows (R) Win 7 DDK provider)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-11-10] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\HELGAS~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
U3 DfSdkS; No ImagePath
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
U3 JavaQuickStarterService; No ImagePath
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-24 18:01 - 2015-02-24 18:58 - 00036734 _____ () C:\Users\Helga Seemannn\Downloads\FRST.txt
2015-02-24 18:01 - 2015-02-24 18:02 - 00050248 _____ () C:\Users\Helga Seemannn\Downloads\Addition.txt
2015-02-24 18:00 - 2015-02-24 18:00 - 00000000 ____D () C:\Users\Helga Seemannn\Downloads\FRST-OlderVersion
2015-02-23 17:58 - 2015-02-23 17:59 - 01388274 _____ (Thisisu) C:\Users\Helga Seemannn\Downloads\JRT.exe
2015-02-23 10:11 - 2015-02-23 17:48 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\38CC34B5.sys
2015-02-23 06:28 - 2015-02-23 06:28 - 02126848 _____ () C:\Users\Helga Seemannn\Downloads\adwcleaner_4.111.exe
2015-02-23 05:41 - 2015-02-24 18:29 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-23 05:41 - 2015-02-23 05:41 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-23 05:41 - 2015-02-23 05:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-23 05:41 - 2015-02-23 05:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-23 05:41 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-02-23 05:41 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-02-23 05:41 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-02-22 17:44 - 2015-02-22 17:44 - 00068185 _____ () C:\ComboFix.txt
2015-02-22 16:39 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2015-02-22 16:39 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2015-02-22 16:39 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-02-22 16:39 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-02-22 16:39 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-02-22 16:39 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2015-02-22 16:39 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2015-02-22 16:39 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2015-02-22 16:36 - 2015-02-22 17:44 - 00000000 ____D () C:\Qoobox
2015-02-22 16:36 - 2015-02-22 17:42 - 00000000 ____D () C:\windows\erdnt
2015-02-22 16:29 - 2015-02-22 16:30 - 05611903 ____R (Swearware) C:\Users\Helga Seemannn\Downloads\ComboFix.exe
2015-02-22 09:04 - 2015-02-22 09:04 - 00000000 ____D () C:\Users\Helga Seemannn\Documents\20150222-After School Hour - Asia Pacific (2080687244)
2015-02-22 07:37 - 2015-02-23 17:28 - 00003820 _____ () C:\windows\PFRO.log
2015-02-21 10:10 - 2015-02-24 18:29 - 00001064 _____ () C:\windows\setupact.log
2015-02-21 10:10 - 2015-02-21 10:10 - 00000000 _____ () C:\windows\setuperr.log
2015-02-20 22:13 - 2015-02-24 18:58 - 00000000 ____D () C:\FRST
2015-02-20 22:05 - 2015-02-20 22:05 - 00000000 _____ () C:\Users\Helga Seemannn\defogger_reenable
2015-02-20 22:02 - 2015-02-20 22:02 - 00380416 _____ () C:\Users\Helga Seemannn\Downloads\Gmer-19357.exe
2015-02-20 22:00 - 2015-02-24 18:00 - 02087424 _____ (Farbar) C:\Users\Helga Seemannn\Downloads\FRST64.exe
2015-02-20 21:59 - 2015-02-20 21:59 - 00050477 _____ () C:\Users\Helga Seemannn\Downloads\Defogger.exe
2015-02-20 20:49 - 2015-02-20 20:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-20 20:42 - 2015-02-20 20:42 - 00001694 _____ () C:\Users\Helga Seemannn\Documents\cc_20150220_204152.reg
2015-02-20 19:58 - 2015-02-20 19:58 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\windows\system32\Drivers\stflt.sys
2015-02-20 19:22 - 2015-02-20 19:22 - 00002790 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2015-02-20 19:22 - 2015-02-20 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-20 19:20 - 2015-02-20 19:21 - 04196968 _____ (Piriform Ltd) C:\Users\Helga Seemannn\Downloads\ccsetup502_slim.exe
2015-02-20 10:36 - 2015-02-20 10:36 - 00000933 _____ () C:\Users\Helga Seemannn\Desktop\bihler.xlsx - Verknüpfung.lnk
2015-02-18 22:29 - 2015-02-18 22:29 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-02-18 22:29 - 2015-02-18 22:29 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-02-18 22:29 - 2015-02-18 22:29 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll
2015-02-18 22:29 - 2015-02-18 22:29 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-02-18 19:42 - 2015-02-18 19:44 - 114510910 _____ () C:\Users\Helga Seemannn\Downloads\70518367.arf
2015-02-18 17:42 - 2015-02-18 17:43 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-02-18 17:42 - 2015-02-18 17:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-02-18 17:40 - 2015-02-18 17:45 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Roaming\DVDVideoSoft
2015-02-18 17:27 - 2015-02-18 17:27 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Local\CDex
2015-02-18 17:27 - 2015-02-18 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDex
2015-02-18 17:26 - 2015-02-18 17:27 - 00000000 ____D () C:\Program Files (x86)\CDex
2015-02-18 07:20 - 2015-02-18 07:20 - 00000000 ____D () C:\Users\Helga Seemannn\Documents\Neuer Ordner
2015-02-15 09:03 - 2015-02-15 09:03 - 00000000 ____D () C:\Users\Helga Seemannn\Documents\20150215-After School Hour - Asia Pacific (1867144457)
2015-02-12 20:25 - 2015-02-12 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2015-02-12 07:25 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-02-12 07:25 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-12 07:25 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-02-12 07:25 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-02-11 12:35 - 2015-02-24 18:30 - 00002860 _____ () C:\windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM)
2015-02-11 07:06 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-02-11 07:06 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-02-11 07:06 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-11 07:06 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-02-11 07:06 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-02-11 07:06 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-02-11 07:06 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-11 07:06 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-11 07:06 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-02-11 07:06 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-02-11 07:06 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-02-11 07:06 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-02-11 07:06 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-02-11 07:06 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-02-11 07:06 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-02-11 07:06 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-02-11 07:06 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-02-11 07:06 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-02-11 07:06 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-11 07:06 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 07:06 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-02-11 07:06 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-02-11 07:06 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-11 07:06 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-02-11 07:06 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-02-11 07:06 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-02-11 07:06 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-02-11 07:06 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-02-11 07:06 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-02-11 07:06 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-02-11 07:06 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-02-11 07:06 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-02-11 07:06 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-11 07:06 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-02-11 07:06 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-11 07:06 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-02-11 07:06 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-02-11 07:06 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-11 07:06 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 07:06 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-02-11 07:06 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-02-11 07:06 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-02-11 07:06 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-11 07:06 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-02-11 07:06 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-02-11 07:06 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-02-11 07:06 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-02-11 07:06 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-11 07:06 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-02-11 07:06 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-02-11 07:06 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-02-11 07:06 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-02-11 07:06 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-02-11 07:06 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-02-11 07:06 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-02-11 07:06 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-02-11 07:06 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-02-11 07:06 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-02-11 07:06 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-02-11 07:06 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-02-11 07:06 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-02-11 07:06 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-02-11 07:06 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-02-11 07:06 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-02-11 07:06 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-02-11 07:06 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-02-11 07:05 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-11 07:05 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-02-11 07:05 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-11 07:05 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-02-11 07:05 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-02-11 07:05 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-02-11 07:05 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-02-11 07:05 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-02-11 07:05 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-11 07:05 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-02-11 07:05 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-11 07:05 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-02-11 07:05 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-02-11 07:05 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-02-11 07:05 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-02-11 07:05 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-02-11 07:05 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-02-11 07:05 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-11 07:05 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-11 07:05 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-02-11 07:05 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-02-11 07:05 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-02-11 07:05 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-02-11 07:05 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-02-11 07:05 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-02-11 07:05 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-11 07:05 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-02-11 07:05 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-02-11 07:05 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-02-11 07:05 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-11 07:05 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2015-02-11 07:05 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-11 07:05 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-02-11 07:04 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-02-09 07:22 - 2015-02-09 07:22 - 11532704 _____ (Intel Corporation) C:\windows\system32\Drivers\NETwsw01.sys
2015-02-09 07:21 - 2015-02-09 07:21 - 00942080 _____ () C:\windows\system32\AmRdrIco.icl
2015-02-09 07:21 - 2015-02-09 07:21 - 00108312 _____ (Alcor Micro, Corp.) C:\windows\system32\Drivers\AmUStor.sys
2015-02-09 07:21 - 2015-02-09 07:21 - 00021784 _____ (Alcor Micro, Corp.) C:\windows\system32\AmUStor.dll
2015-02-05 07:57 - 2015-02-05 07:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3
2015-02-05 07:57 - 2014-06-04 15:17 - 00021184 _____ (IObit) C:\windows\system32\Drivers\SmartDefragDriver.sys
2015-02-05 07:56 - 2015-02-05 07:56 - 15971616 _____ (IObit) C:\Users\Helga Seemannn\Downloads\iobituninstaller.exe
2015-02-05 07:56 - 2015-02-05 07:56 - 00001263 _____ () C:\Users\Helga Seemannn\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2015-02-05 07:56 - 2015-02-05 07:56 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\IObit
2015-02-04 07:50 - 2015-02-04 07:50 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-01-31 15:09 - 2015-01-31 15:10 - 31053672 _____ (Microsoft Corporation) C:\Users\Helga Seemannn\Downloads\wlsetup-idcrl.exe
2015-01-31 13:15 - 2015-01-31 13:15 - 27633070 _____ () C:\Users\Helga Seemannn\Downloads\32pfl9603d_10_philips_deu.zip
2015-01-30 18:59 - 2015-01-30 19:27 - 10485760 _____ () C:\vgaexte.dat
2015-01-30 18:34 - 2015-01-30 18:35 - 00000000 ____D () C:\Program Files (x86)\EZCast
2015-01-30 18:34 - 2015-01-30 18:34 - 00000930 _____ () C:\Users\Public\Desktop\EZCast.lnk
2015-01-30 18:34 - 2015-01-30 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZCast
2015-01-30 18:31 - 2015-01-30 18:33 - 34949040 _____ () C:\Users\Helga Seemannn\Downloads\EZCast_Win.exe
2015-01-28 17:24 - 2015-01-28 17:29 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Roaming\VoipConnect
2015-01-28 17:24 - 2015-01-28 17:24 - 00001238 _____ () C:\Users\Helga Seemannn\Desktop\VoipConnect.lnk
2015-01-28 17:24 - 2015-01-28 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoipConnect
2015-01-28 17:24 - 2015-01-28 17:24 - 00000000 ____D () C:\Program Files (x86)\VoipConnect.com

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-24 18:36 - 2009-07-14 05:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-24 18:36 - 2009-07-14 05:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-24 18:33 - 2014-09-01 06:51 - 00000000 ____D () C:\AdwCleaner
2015-02-24 18:32 - 2013-06-14 21:23 - 01547296 _____ () C:\windows\WindowsUpdate.log
2015-02-24 18:29 - 2014-09-01 11:40 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-24 18:29 - 2013-06-22 07:18 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Local\HTC MediaHub
2015-02-24 18:29 - 2012-02-07 07:32 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-24 18:29 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-24 18:11 - 2012-07-22 05:37 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-24 18:04 - 2012-02-07 07:32 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-24 18:00 - 2013-12-26 10:56 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Roaming\XYplorer
2015-02-24 08:53 - 2014-05-12 11:34 - 00000000 _____ () C:\Users\Helga Seemannn\Documents\Nuance Image Printer Writer Port
2015-02-23 20:06 - 2012-03-12 20:36 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Roaming\Simple Sudoku
2015-02-23 04:52 - 2014-02-11 15:10 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-22 17:56 - 2012-03-07 17:29 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Local\ClipX
2015-02-22 17:44 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-02-22 17:41 - 2009-07-14 03:34 - 00000248 _____ () C:\windows\system.ini
2015-02-22 17:39 - 2012-01-20 17:24 - 00000000 ____D () C:\Users\Helga Seemannn
2015-02-22 09:49 - 2011-02-11 09:21 - 13791070 _____ () C:\windows\system32\perfh007.dat
2015-02-22 09:49 - 2011-02-11 09:21 - 04391898 _____ () C:\windows\system32\perfc007.dat
2015-02-22 09:49 - 2009-07-14 06:13 - 00006268 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-21 08:15 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2015-02-21 07:28 - 2009-07-14 06:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-02-20 21:46 - 2012-01-22 09:12 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Roaming\Mozilla
2015-02-20 19:22 - 2013-01-09 06:56 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-20 19:22 - 2012-09-26 06:39 - 00000000 __SHD () C:\Users\Helga Seemannn\UserData
2015-02-20 17:39 - 2014-11-21 07:21 - 00002904 _____ () C:\windows\System32\Tasks\Uninstaller_SkipUac_Helga_Seemannn
2015-02-20 13:53 - 2010-07-23 10:12 - 00000000 ____D () C:\Users\Public\Documents\ernährungsmanager
2015-02-20 06:49 - 2014-03-20 08:44 - 00000000 ___SD () C:\Users\Helga Seemannn\Documents\Sticky Passwords
2015-02-18 22:45 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\tracing
2015-02-18 18:12 - 2013-07-22 20:49 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Roaming\vlc
2015-02-18 17:27 - 2013-04-20 17:50 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-18 07:26 - 2013-06-22 07:18 - 00000000 ____D () C:\Users\Helga Seemannn\Documents\HTC
2015-02-17 07:21 - 2011-10-16 21:31 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-12 20:26 - 2014-02-11 15:08 - 00000000 ____D () C:\ProgramData\IObit
2015-02-12 09:05 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2015-02-11 12:35 - 2014-11-21 07:19 - 00003220 _____ () C:\windows\System32\Tasks\Driver Booster Scan
2015-02-11 12:35 - 2014-11-21 07:19 - 00003164 _____ () C:\windows\System32\Tasks\Driver Booster Update
2015-02-11 12:35 - 2014-11-21 07:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
2015-02-11 12:31 - 2009-07-14 05:45 - 00450576 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-11 08:53 - 2012-03-14 21:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 08:18 - 2009-07-14 03:34 - 00000668 _____ () C:\windows\win.ini
2015-02-11 08:16 - 2013-07-21 12:44 - 00000000 ____D () C:\windows\system32\MRT
2015-02-11 08:02 - 2012-01-20 18:58 - 116773704 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-02-11 06:57 - 2014-03-26 06:58 - 00002872 _____ () C:\windows\System32\Tasks\Driver Booster SkipUAC (Helga Seemannn)
2015-02-06 08:11 - 2012-07-22 05:37 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-02-06 08:11 - 2012-04-04 18:46 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 08:11 - 2012-01-22 14:17 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 07:59 - 2012-02-07 07:32 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 07:59 - 2012-02-07 07:32 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 07:57 - 2014-02-11 15:08 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Roaming\IObit
2015-02-05 07:57 - 2014-02-11 15:08 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-02-04 19:37 - 2011-10-19 20:43 - 00000000 ____D () C:\Users\Helga Seemannn\Documents\My Kindle Content
2015-02-04 16:26 - 2012-01-27 16:25 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Roaming\BayWotch4
2015-02-04 07:50 - 2013-04-07 21:56 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Local\Amazon
2015-02-02 09:55 - 2013-01-05 22:59 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-31 20:15 - 2009-07-14 06:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2015-01-30 19:21 - 2011-10-04 19:35 - 00000000 ____D () C:\Users\Helga Seemannn\.thinkbuzan
2015-01-30 18:37 - 2012-04-17 16:40 - 00000000 ____D () C:\ProgramData\ThinkBuzan
2015-01-30 18:37 - 2012-04-17 16:40 - 00000000 ____D () C:\ProgramData\JSoft
2015-01-30 18:37 - 2012-01-22 09:32 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Roaming\Nitro PDF
2015-01-27 20:37 - 2012-01-20 22:07 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Roaming\Skype
2015-01-27 16:52 - 2012-01-20 17:37 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Roaming\Toshiba
2015-01-27 13:01 - 2013-10-11 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

==================== Files in the root of some directories =======

2012-01-23 15:56 - 2012-09-29 11:37 - 0000377 _____ () C:\Users\Helga Seemannn\AppData\Roaming\burnaware.ini
2012-03-16 19:55 - 2013-03-14 08:30 - 0001955 _____ () C:\Users\Helga Seemannn\AppData\Roaming\SAS7_000.DAT
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Helga Seemannn\AppData\Roaming\TIUQO
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Helga Seemannn\AppData\Roaming\TNNS
2013-09-27 09:09 - 2013-09-27 09:09 - 0000094 _____ () C:\Users\Helga Seemannn\AppData\Roaming\WB.CFG
2013-09-27 09:09 - 2013-09-27 09:09 - 0000005 _____ () C:\Users\Helga Seemannn\AppData\Roaming\WBPU-TTL.DAT
2012-01-26 22:14 - 2013-08-18 13:37 - 0018944 _____ () C:\Users\Helga Seemannn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-01-23 18:52 - 2012-01-23 18:52 - 0000058 _____ () C:\Users\Helga Seemannn\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2012-01-24 10:58 - 2012-01-24 10:58 - 0002247 _____ () C:\Users\Helga Seemannn\AppData\Local\FastClean.20120124.105811.txt
2012-08-25 10:12 - 2012-08-25 10:12 - 0002269 _____ () C:\Users\Helga Seemannn\AppData\Local\FastClean.20120825.111256.txt
2012-12-15 08:20 - 2012-12-15 08:20 - 0000036 _____ () C:\Users\Helga Seemannn\AppData\Local\housecall.guid.cache
2012-01-21 12:46 - 2012-06-06 09:01 - 0007598 _____ () C:\Users\Helga Seemannn\AppData\Local\resmon.resmoncfg
2013-05-15 07:25 - 2013-05-15 07:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-01-22 13:21 - 2012-01-30 08:02 - 0000219 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2003-10-06 09:21 - 2003-10-06 09:21 - 0000000 ____H () C:\ProgramData\sdpsenv.dat

Files to move or delete:
====================
C:\ProgramData\sdpsenv.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-23 07:10

==================== End Of Log ============================
--- --- ---


Roll around ist aber immer noch aktiv und verdeckt mit den diversen Anzeigen meine Surfergebnisse, die ich ansehen will. :heulen:

was kann man noch machen?
Helga

schrauber 25.02.2015 07:13
in welchem Browser?

helgasee 25.02.2015 07:44
in Chrome
hier die url, die erscheint, wenn ich eine neue Seite aufrufe (mit Rückwärts komme ich dann doch dahin, wohin ich will) Diese kam eben, als ich den Link von der Email hierher benutzte.

Code:
hxxp://offers.bycontext.com/scjs/tb/ctxjs/index.php?kw2=www.trojaner-board.de&affid=1259&subaff_id=4030012&intformat=roll&nextpage=http%3A%2F%2Fwww.trojaner-board.de%2F164269-roll-around-ads-entfernen-2.html%23post1432514&ch=763&sbrand=Roll%20Around&folder=v4.16.2&typrd=ctx&cu=30187&country=DE&original_country=DE

schrauber 25.02.2015 17:19
Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de





ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

helgasee 26.02.2015 08:18
Hallo Schrauber,
gestern abend habe ich alle Ergebnisse gepostet und jetzt finde ich nichts hier. Keine Ahnung, wo die gelandet sind. ESET hat 8 items in Quarantäne geschickt und ich habe das Programm deinstalliert und alles gelöscht.
Mein frisch installiertes Chrome arbeitet einwandfrei!!! :singsing:
Ich kopiere noch mal FRST von gestern abend.


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by Helga Seemannn (administrator) on HELGA on 25-02-2015 20:55:55
Running from C:\Users\Helga Seemannn\Downloads
Loaded Profiles: Helga Seemannn (Available profiles: Helga Seemannn & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Stefan Moka) C:\Launcher31B19\Launcher.exe
(Lamantine Software a.s.) C:\Program Files (x86)\Sticky Password\stpass.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
() C:\Program Files (x86)\FastStone Capture\FSCapture.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Windows\SysWOW64\ieconfig_1und1_svc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
() C:\Program Files\ClipX\clipx.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe
(Lamantine Software a.s.) C:\Program Files (x86)\Sticky Password\spNMHost.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-23] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [981888 2011-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-08-10] (TOSHIBA Corporation)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel(R) Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13657304 2000-01-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1360600 2000-01-01] (Realtek Semiconductor)
HKLM\...\Run: [BatteryManager] => C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE [285608 2011-09-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-05] (TOSHIBA)
HKLM-x32\...\Run: [TOSDCR] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM-x32\...\RunOnce: [iolo WebUpdate Reboot] => [X]
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoStrCmpLogical] 1
HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\...\Run: [Quickstart - Toolbar] => C:\Launcher31B19\Launcher.exe [260096 2008-04-01] (Stefan Moka)
HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\...\Run: [Hoffnung fuer heute] => C:\Program Files (x86)\ComBib\Hoffnung fuer heute\Hoffnung fuer heute.exe [2568192 2013-12-02] (combib)
HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\...\Run: [StickyPassword] => C:\Program Files (x86)\Sticky Password\stpass.exe [14310200 2014-09-24] (Lamantine Software a.s.)
HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2427680 2014-12-10] (IObit)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\Helga Seemannn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastStone Capture.lnk
ShortcutTarget: FastStone Capture.lnk -> C:\Program Files (x86)\FastStone Capture\FSCapture.exe ()
Startup: C:\Users\Helga Seemannn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hoffnung  fuer heute.LNK
ShortcutTarget: Hoffnung  fuer heute.LNK -> C:\Program Files (x86)\ComBib\Hoffnung fuer heute\Hoffnung fuer heute.exe (combib)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Helga Seemannn\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Helga Seemannn\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Helga Seemannn\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Helga Seemannn\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Helga Seemannn\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Helga Seemannn\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Helga Seemannn\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.1und1.de/links/home
HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {99D331A2-3627-4636-B765-B46E28C10000} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
SearchScopes: HKLM-x32 -> {99D331A2-3627-4636-B765-B46E28C10000} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4063226719-3667356119-3298405193-1001 -> DefaultScope {BA8305C6-E5BD-4C89-8B52-89AAECF54711} URL = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}
SearchScopes: HKU\S-1-5-21-4063226719-3667356119-3298405193-1001 -> {710D5225-9A3C-4F7E-AA5B-C1EC23D3F7D9} URL = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
SearchScopes: HKU\S-1-5-21-4063226719-3667356119-3298405193-1001 -> {8CC54E51-4A40-4324-BC62-E4BD4DD7BB6A} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=402027&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4063226719-3667356119-3298405193-1001 -> {99D331A2-3627-4636-B765-B46E28C10000} URL =
SearchScopes: HKU\S-1-5-21-4063226719-3667356119-3298405193-1001 -> {BA8305C6-E5BD-4C89-8B52-89AAECF54711} URL = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}
SearchScopes: HKU\S-1-5-21-4063226719-3667356119-3298405193-1001 -> {D7F9BFA8-EF0F-42A3-B22A-3E5690EEE526} URL = hxxp://go.web.de/suchbox/google?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4063226719-3667356119-3298405193-1001 -> {F5207CDB-088F-4996-B238-122B8E910E75} URL = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: 1&&1 Internet AG Browser Configuration by mquadr.at -> {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} -> C:\Windows\SysWow64\ieconfig_1und1.dll (mquadr.at software engineering und consulting GmbH)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Winsock: Catalog5 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=402027&ilc=12&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_35 -> C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0-git-20120328-0404 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4063226719-3667356119-3298405193-1001: @stickypassword.com/Sticky Password -> C:\Program Files (x86)\Sticky Password\npspAutofill.dll (Lamantine Software a.s.)
FF Plugin ProgramFiles/Appdata: C:\Users\Helga Seemannn\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\searchplugins\webde-suche.xml
FF Extension: 7eb3f69125b44a8590389e57e2bcd537 - C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\Extensions\{7eb3f691-25b4-4a85-9038-9e57e2bcd537} [2014-11-01]
FF Extension: DictionarySearch - C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\Extensions\{a0faa0a4-f1a7-4098-9a74-21efc3a92372} [2013-06-30]
FF Extension: FDD8ECF0451A414D8C8F7B7F78B0ECD3 - C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\Extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3} [2014-11-01]
FF Extension: Adblock Plus - C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-06]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-09]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-09-01]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-09-01]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-09-01]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-09-01]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-09-01]
FF HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\...\Thunderbird\Extensions: [{54affe52-8223-453b-be1e-2fe2e250045c}] - C:\Users\Helga Seemannn\AppData\Roaming\Lamantine\Sticky Password\spAutofill
FF Extension: Sticky Password Autofill Engine - C:\Users\Helga Seemannn\AppData\Roaming\Lamantine\Sticky Password\spAutofill [2014-03-20]
FF Extension: No Name - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com [Not Found]
FF Extension: No Name - C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\extensions\EWBNO58637124@CLP39222015.com [Not Found]
FF Extension: No Name - C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\extensions\ascsurfingprotection@iobit.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
FF Extension: No Name - C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com [Not Found]
FF Extension: No Name - C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\extensions\iobitascsurfingprotection@iobit.com [Not Found]
FF Extension: No Name - C:\Users\Helga Seemannn\AppData\Roaming\Mozilla\Firefox\Profiles\90rc9n7r.default\extensions\adremoveext@adremoveext.net [Not Found]
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=AV01
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=AV01"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-25]
CHR Extension: (Google Drive) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-25]
CHR Extension: (YouTube) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-25]
CHR Extension: (Adblock Plus) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-25]
CHR Extension: (Google Search) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-25]
CHR Extension: (Kaspersky Protection) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-02-25]
CHR Extension: (Trusted Shops-Erweiterung für Google Chrome) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcpnemckonbbmnoakbjgjkgokkbaeo [2015-02-25]
CHR Extension: (SiteAdvisor) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-02-25]
CHR Extension: (Sticky Password Autofill Engine) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggepjhbdgijjkbelnggboeoehacbphed [2015-02-25]
CHR Extension: (WEB.DE MailCheck) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2015-02-25]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-02-25]
CHR Extension: (Keepa.com - Price Tracker) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2015-02-25]
CHR Extension: (Google Wallet) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-25]
CHR Extension: (Jewels HD) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\opmonmpnlegnelddekgpmmhileohhpma [2015-02-25]
CHR Extension: (Gmail) - C:\Users\Helga Seemannn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-25]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2012-08-25]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-08-04] (Nero AG)
S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [184320 2011-07-07] (Intel Corporation) [File not signed]
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-09] (Intel Corporation)
S2 KMService; C:\windows\SysWOW64\srvany.exe [8192 2013-05-12] () [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()
S4 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-09-04] (Nitro PDF Software)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 serviceIEConfig; C:\Windows\SysWOW64\ieconfig_1und1_svc.exe [1053848 2014-05-31] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1419576 2014-12-05] (Motorola Solutions, Inc.)
R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [34840 2013-08-29] (Connectify)
R1 ElRawDisk; C:\windows\system32\drivers\ElRawDsk.sys [30752 2013-12-03] (EldoS Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R1 HBtnKey; C:\Windows\System32\DRIVERS\wstbtndb.sys [9856 2007-09-14] (Lenovo)
R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-29] (REALiX(tm))
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-10-09] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-10-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2014-04-15] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11532704 2015-02-09] (Intel Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R1 RawDisk3; C:\windows\system32\drivers\rawdsk3.sys [32912 2014-07-13] (EldoS Corporation)
R3 subvgaproduct64; C:\Windows\System32\DRIVERS\subvga64.sys [5120 2014-12-29] (Windows (R) Win 7 DDK provider)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-11-10] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\HELGAS~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
U3 DfSdkS; No ImagePath
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
U3 JavaQuickStarterService; No ImagePath
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-25 20:55 - 2015-02-25 20:56 - 00036682 _____ () C:\Users\Helga Seemannn\Downloads\FRST.txt
2015-02-25 20:47 - 2015-02-25 20:47 - 00852594 _____ () C:\Users\Helga Seemannn\Desktop\SecurityCheck.exe
2015-02-25 19:11 - 2015-02-25 19:12 - 02347384 _____ (ESET) C:\Users\Helga Seemannn\Downloads\esetsmartinstaller_deu.exe
2015-02-25 18:38 - 2015-02-25 18:38 - 00002258 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-25 18:38 - 2015-02-25 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-25 18:35 - 2015-02-25 20:40 - 00001126 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-25 18:35 - 2015-02-25 18:40 - 00001122 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-25 18:35 - 2015-02-25 18:35 - 00004122 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-25 18:35 - 2015-02-25 18:35 - 00003870 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-25 18:35 - 2015-02-25 18:35 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Local\Deployment
2015-02-25 08:00 - 2015-01-09 00:44 - 00419936 _____ () C:\windows\SysWOW64\locale.nls
2015-02-25 08:00 - 2015-01-09 00:43 - 00419936 _____ () C:\windows\system32\locale.nls
2015-02-24 18:00 - 2015-02-25 18:59 - 00000000 ____D () C:\Users\Helga Seemannn\Downloads\FRST-OlderVersion
2015-02-23 10:11 - 2015-02-23 17:48 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\38CC34B5.sys
2015-02-23 06:28 - 2015-02-23 06:28 - 02126848 _____ () C:\Users\Helga Seemannn\Downloads\adwcleaner_4.111.exe
2015-02-23 05:41 - 2015-02-25 18:42 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-23 05:41 - 2015-02-23 05:41 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-23 05:41 - 2015-02-23 05:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-23 05:41 - 2015-02-23 05:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-23 05:41 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-02-23 05:41 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-02-23 05:41 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-02-22 17:44 - 2015-02-22 17:44 - 00068185 _____ () C:\ComboFix.txt
2015-02-22 16:39 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2015-02-22 16:39 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2015-02-22 16:39 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-02-22 16:39 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-02-22 16:39 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-02-22 16:39 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2015-02-22 16:39 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2015-02-22 16:39 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2015-02-22 16:36 - 2015-02-22 17:44 - 00000000 ____D () C:\Qoobox
2015-02-22 16:36 - 2015-02-22 17:42 - 00000000 ____D () C:\windows\erdnt
2015-02-22 16:29 - 2015-02-22 16:30 - 05611903 ____R (Swearware) C:\Users\Helga Seemannn\Downloads\ComboFix.exe
2015-02-22 09:04 - 2015-02-22 09:04 - 00000000 ____D () C:\Users\Helga Seemannn\Documents\20150222-After School Hour - Asia Pacific (2080687244)
2015-02-22 07:37 - 2015-02-23 17:28 - 00003820 _____ () C:\windows\PFRO.log
2015-02-21 10:10 - 2015-02-25 17:41 - 00001456 _____ () C:\windows\setupact.log
2015-02-21 10:10 - 2015-02-21 10:10 - 00000000 _____ () C:\windows\setuperr.log
2015-02-20 22:13 - 2015-02-25 20:55 - 00000000 ____D () C:\FRST
2015-02-20 22:05 - 2015-02-20 22:05 - 00000000 _____ () C:\Users\Helga Seemannn\defogger_reenable
2015-02-20 22:02 - 2015-02-20 22:02 - 00380416 _____ () C:\Users\Helga Seemannn\Downloads\Gmer-19357.exe
2015-02-20 22:00 - 2015-02-25 18:59 - 02087936 _____ (Farbar) C:\Users\Helga Seemannn\Downloads\FRST64.exe
2015-02-20 21:59 - 2015-02-20 21:59 - 00050477 _____ () C:\Users\Helga Seemannn\Downloads\Defogger.exe
2015-02-20 20:49 - 2015-02-20 20:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-20 20:42 - 2015-02-20 20:42 - 00001694 _____ () C:\Users\Helga Seemannn\Documents\cc_20150220_204152.reg
2015-02-20 19:58 - 2015-02-20 19:58 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\windows\system32\Drivers\stflt.sys
2015-02-20 19:22 - 2015-02-20 19:22 - 00002790 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2015-02-20 19:22 - 2015-02-20 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-20 19:20 - 2015-02-20 19:21 - 04196968 _____ (Piriform Ltd) C:\Users\Helga Seemannn\Downloads\ccsetup502_slim.exe
2015-02-20 10:36 - 2015-02-20 10:36 - 00000933 _____ () C:\Users\Helga Seemannn\Desktop\bihler.xlsx - Verknüpfung.lnk
2015-02-18 22:29 - 2015-02-18 22:29 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-02-18 22:29 - 2015-02-18 22:29 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-02-18 22:29 - 2015-02-18 22:29 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll
2015-02-18 22:29 - 2015-02-18 22:29 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-02-18 19:42 - 2015-02-18 19:44 - 114510910 _____ () C:\Users\Helga Seemannn\Downloads\70518367.arf
2015-02-18 07:20 - 2015-02-18 07:20 - 00000000 ____D () C:\Users\Helga Seemannn\Documents\Neuer Ordner
2015-02-15 09:03 - 2015-02-15 09:03 - 00000000 ____D () C:\Users\Helga Seemannn\Documents\20150215-After School Hour - Asia Pacific (1867144457)
2015-02-12 07:25 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-02-12 07:25 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-12 07:25 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-02-12 07:25 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-02-11 12:35 - 2015-02-25 17:43 - 00002860 _____ () C:\windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM)
2015-02-11 07:06 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-02-11 07:06 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-02-11 07:06 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-11 07:06 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-02-11 07:06 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-02-11 07:06 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-02-11 07:06 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-11 07:06 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-11 07:06 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-02-11 07:06 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-02-11 07:06 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-02-11 07:06 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-02-11 07:06 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-02-11 07:06 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-02-11 07:06 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-02-11 07:06 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-02-11 07:06 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-02-11 07:06 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-02-11 07:06 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-11 07:06 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 07:06 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-02-11 07:06 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-02-11 07:06 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-11 07:06 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-02-11 07:06 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-02-11 07:06 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-02-11 07:06 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-02-11 07:06 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-02-11 07:06 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-02-11 07:06 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-02-11 07:06 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-02-11 07:06 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-02-11 07:06 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-11 07:06 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-02-11 07:06 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-11 07:06 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-02-11 07:06 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-02-11 07:06 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-11 07:06 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 07:06 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-02-11 07:06 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-02-11 07:06 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-02-11 07:06 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-11 07:06 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-02-11 07:06 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-02-11 07:06 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-02-11 07:06 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-02-11 07:06 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-11 07:06 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-02-11 07:06 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-02-11 07:06 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-02-11 07:06 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-02-11 07:06 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-02-11 07:06 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-02-11 07:06 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-02-11 07:06 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-02-11 07:06 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-02-11 07:06 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-02-11 07:06 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-02-11 07:06 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-02-11 07:06 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-02-11 07:06 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-02-11 07:06 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-02-11 07:06 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-02-11 07:06 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-02-11 07:06 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-02-11 07:05 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-11 07:05 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-02-11 07:05 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-11 07:05 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-02-11 07:05 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-02-11 07:05 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-02-11 07:05 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-02-11 07:05 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-02-11 07:05 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-11 07:05 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-02-11 07:05 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-11 07:05 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-02-11 07:05 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-02-11 07:05 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-02-11 07:05 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-02-11 07:05 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-02-11 07:05 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-02-11 07:05 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-11 07:05 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-11 07:05 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-02-11 07:05 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-02-11 07:05 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-02-11 07:05 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-02-11 07:05 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-02-11 07:05 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-02-11 07:05 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-11 07:05 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-02-11 07:05 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-02-11 07:05 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-02-11 07:05 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-11 07:05 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2015-02-11 07:05 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-11 07:05 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-02-11 07:04 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-02-09 07:22 - 2015-02-09 07:22 - 11532704 _____ (Intel Corporation) C:\windows\system32\Drivers\NETwsw01.sys
2015-02-09 07:21 - 2015-02-09 07:21 - 00942080 _____ () C:\windows\system32\AmRdrIco.icl
2015-02-09 07:21 - 2015-02-09 07:21 - 00108312 _____ (Alcor Micro, Corp.) C:\windows\system32\Drivers\AmUStor.sys
2015-02-09 07:21 - 2015-02-09 07:21 - 00021784 _____ (Alcor Micro, Corp.) C:\windows\system32\AmUStor.dll
2015-02-05 07:56 - 2015-02-05 07:56 - 15971616 _____ (IObit) C:\Users\Helga Seemannn\Downloads\iobituninstaller.exe
2015-02-05 07:56 - 2015-02-05 07:56 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\IObit
2015-02-04 07:50 - 2015-02-04 07:50 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-01-31 15:09 - 2015-01-31 15:10 - 31053672 _____ (Microsoft Corporation) C:\Users\Helga Seemannn\Downloads\wlsetup-idcrl.exe
2015-01-31 13:15 - 2015-01-31 13:15 - 27633070 _____ () C:\Users\Helga Seemannn\Downloads\32pfl9603d_10_philips_deu.zip
2015-01-30 18:59 - 2015-01-30 19:27 - 10485760 _____ () C:\vgaexte.dat
2015-01-30 18:34 - 2015-01-30 18:35 - 00000000 ____D () C:\Program Files (x86)\EZCast
2015-01-30 18:34 - 2015-01-30 18:34 - 00000930 _____ () C:\Users\Public\Desktop\EZCast.lnk
2015-01-30 18:34 - 2015-01-30 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZCast
2015-01-30 18:31 - 2015-01-30 18:33 - 34949040 _____ () C:\Users\Helga Seemannn\Downloads\EZCast_Win.exe
2015-01-28 17:24 - 2015-01-28 17:29 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Roaming\VoipConnect
2015-01-28 17:24 - 2015-01-28 17:24 - 00001238 _____ () C:\Users\Helga Seemannn\Desktop\VoipConnect.lnk
2015-01-28 17:24 - 2015-01-28 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoipConnect
2015-01-28 17:24 - 2015-01-28 17:24 - 00000000 ____D () C:\Program Files (x86)\VoipConnect.com

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-25 20:31 - 2014-09-01 11:40 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-25 20:31 - 2013-06-14 21:23 - 01646135 _____ () C:\windows\WindowsUpdate.log
2015-02-25 20:11 - 2012-07-22 05:37 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-25 18:38 - 2012-01-20 17:40 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Local\Google
2015-02-25 18:38 - 2011-10-16 21:40 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-25 18:35 - 2012-01-23 20:42 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Local\Apps\2.0
2015-02-25 18:24 - 2014-02-11 15:08 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-02-25 18:21 - 2014-02-11 15:08 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Roaming\IObit
2015-02-25 18:17 - 2014-02-06 15:10 - 00000000 ____D () C:\Program Files (x86)\iolo
2015-02-25 18:16 - 2014-02-06 15:32 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Roaming\iolo
2015-02-25 18:16 - 2014-02-06 15:10 - 00000000 ____D () C:\ProgramData\iolo
2015-02-25 18:15 - 2014-02-11 15:08 - 00000000 ____D () C:\ProgramData\IObit
2015-02-25 18:10 - 2013-01-05 21:56 - 00000000 ____D () C:\Program Files (x86)\Canon
2015-02-25 17:59 - 2012-09-26 13:10 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Local\Abelssoft
2015-02-25 17:49 - 2009-07-14 05:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-25 17:49 - 2009-07-14 05:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-25 17:42 - 2013-06-22 07:18 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Local\HTC MediaHub
2015-02-25 17:41 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-25 07:38 - 2012-01-22 09:12 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Roaming\Mozilla
2015-02-25 07:01 - 2014-03-20 08:44 - 00000000 ___SD () C:\Users\Helga Seemannn\Documents\Sticky Passwords
2015-02-24 18:33 - 2014-09-01 06:51 - 00000000 ____D () C:\AdwCleaner
2015-02-24 18:00 - 2013-12-26 10:56 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Roaming\XYplorer
2015-02-24 08:53 - 2014-05-12 11:34 - 00000000 _____ () C:\Users\Helga Seemannn\Documents\Nuance Image Printer Writer Port
2015-02-23 20:06 - 2012-03-12 20:36 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Roaming\Simple Sudoku
2015-02-23 04:52 - 2014-02-11 15:10 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-22 17:56 - 2012-03-07 17:29 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Local\ClipX
2015-02-22 17:44 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-02-22 17:41 - 2009-07-14 03:34 - 00000248 _____ () C:\windows\system.ini
2015-02-22 17:39 - 2012-01-20 17:24 - 00000000 ____D () C:\Users\Helga Seemannn
2015-02-22 09:49 - 2011-02-11 09:21 - 13791070 _____ () C:\windows\system32\perfh007.dat
2015-02-22 09:49 - 2011-02-11 09:21 - 04391898 _____ () C:\windows\system32\perfc007.dat
2015-02-22 09:49 - 2009-07-14 06:13 - 00006268 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-21 08:15 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2015-02-21 07:28 - 2009-07-14 06:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-02-20 19:22 - 2013-01-09 06:56 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-20 19:22 - 2012-09-26 06:39 - 00000000 __SHD () C:\Users\Helga Seemannn\UserData
2015-02-20 13:53 - 2010-07-23 10:12 - 00000000 ____D () C:\Users\Public\Documents\ernährungsmanager
2015-02-18 22:45 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\tracing
2015-02-18 18:12 - 2013-07-22 20:49 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Roaming\vlc
2015-02-18 17:27 - 2013-04-20 17:50 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-18 07:26 - 2013-06-22 07:18 - 00000000 ____D () C:\Users\Helga Seemannn\Documents\HTC
2015-02-17 07:21 - 2011-10-16 21:31 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-12 09:05 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2015-02-11 12:35 - 2014-11-21 07:19 - 00003220 _____ () C:\windows\System32\Tasks\Driver Booster Scan
2015-02-11 12:35 - 2014-11-21 07:19 - 00003164 _____ () C:\windows\System32\Tasks\Driver Booster Update
2015-02-11 12:35 - 2014-11-21 07:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
2015-02-11 12:31 - 2009-07-14 05:45 - 00450576 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-11 08:53 - 2012-03-14 21:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 08:18 - 2009-07-14 03:34 - 00000668 _____ () C:\windows\win.ini
2015-02-11 08:16 - 2013-07-21 12:44 - 00000000 ____D () C:\windows\system32\MRT
2015-02-11 08:02 - 2012-01-20 18:58 - 116773704 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-02-11 06:57 - 2014-03-26 06:58 - 00002872 _____ () C:\windows\System32\Tasks\Driver Booster SkipUAC (Helga Seemannn)
2015-02-06 08:11 - 2012-07-22 05:37 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-02-06 08:11 - 2012-04-04 18:46 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 08:11 - 2012-01-22 14:17 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 19:37 - 2011-10-19 20:43 - 00000000 ____D () C:\Users\Helga Seemannn\Documents\My Kindle Content
2015-02-04 16:26 - 2012-01-27 16:25 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Roaming\BayWotch4
2015-02-04 07:50 - 2013-04-07 21:56 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Local\Amazon
2015-02-02 09:55 - 2013-01-05 22:59 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-31 20:15 - 2009-07-14 06:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2015-01-30 19:21 - 2011-10-04 19:35 - 00000000 ____D () C:\Users\Helga Seemannn\.thinkbuzan
2015-01-30 18:37 - 2012-04-17 16:40 - 00000000 ____D () C:\ProgramData\ThinkBuzan
2015-01-30 18:37 - 2012-04-17 16:40 - 00000000 ____D () C:\ProgramData\JSoft
2015-01-30 18:37 - 2012-01-22 09:32 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Roaming\Nitro PDF
2015-01-27 20:37 - 2012-01-20 22:07 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Roaming\Skype
2015-01-27 16:52 - 2012-01-20 17:37 - 00000000 ____D () C:\Users\Helga Seemannn\AppData\Roaming\Toshiba

==================== Files in the root of some directories =======

2012-01-23 15:56 - 2012-09-29 11:37 - 0000377 _____ () C:\Users\Helga Seemannn\AppData\Roaming\burnaware.ini
2012-03-16 19:55 - 2013-03-14 08:30 - 0001955 _____ () C:\Users\Helga Seemannn\AppData\Roaming\SAS7_000.DAT
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Helga Seemannn\AppData\Roaming\TIUQO
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Helga Seemannn\AppData\Roaming\TNNS
2013-09-27 09:09 - 2013-09-27 09:09 - 0000094 _____ () C:\Users\Helga Seemannn\AppData\Roaming\WB.CFG
2013-09-27 09:09 - 2013-09-27 09:09 - 0000005 _____ () C:\Users\Helga Seemannn\AppData\Roaming\WBPU-TTL.DAT
2012-01-26 22:14 - 2013-08-18 13:37 - 0018944 _____ () C:\Users\Helga Seemannn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-01-23 18:52 - 2012-01-23 18:52 - 0000058 _____ () C:\Users\Helga Seemannn\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2012-01-24 10:58 - 2012-01-24 10:58 - 0002247 _____ () C:\Users\Helga Seemannn\AppData\Local\FastClean.20120124.105811.txt
2012-08-25 10:12 - 2012-08-25 10:12 - 0002269 _____ () C:\Users\Helga Seemannn\AppData\Local\FastClean.20120825.111256.txt
2012-12-15 08:20 - 2012-12-15 08:20 - 0000036 _____ () C:\Users\Helga Seemannn\AppData\Local\housecall.guid.cache
2012-01-21 12:46 - 2012-06-06 09:01 - 0007598 _____ () C:\Users\Helga Seemannn\AppData\Local\resmon.resmoncfg
2013-05-15 07:25 - 2013-05-15 07:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-01-22 13:21 - 2012-01-30 08:02 - 0000219 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2003-10-06 09:21 - 2003-10-06 09:21 - 0000000 ____H () C:\ProgramData\sdpsenv.dat

Files to move or delete:
====================
C:\ProgramData\sdpsenv.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-23 07:10

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2015 01
Ran by Helga Seemannn at 2015-02-25 20:56:32
Running from C:\Users\Helga Seemannn\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\...\uTorrent) (Version: 3.4.2.33254 - BitTorrent Inc.)
1und1 Internet Explorer Add-On (x32 Version: 1.0 - 1&1 Internet AG) Hidden
ACDSee Pro 5 (HKLM-x32\...\{35E0BA9D-3AFE-402A-99CA-D94FE1E73D18}) (Version: 5.2.157 - ACD Systems International Inc.)
ACDSee Pro 6 (HKLM\...\{CAF674E0-808C-4CF4-8868-A755EBABA228}) (Version: 6.0.171 - ACD Systems International Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.0.3 - IObit)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.4 - Sereby Corporation)
Amazon Kindle (HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\...\Amazon Kindle) (Version:  - Amazon)
Any Video Converter 5.7.6 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Ashampoo GetBack Photo v.1.0.1 (HKLM-x32\...\{C92AB6F1-2490-D7C3-A45D-23F3C33ECFA5}_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2009873646.48.56.4139450 - Audible, Inc.)
BayWotch Update v4.2.24 (HKLM-x32\...\baywotch4_is1) (Version:  - Elmar Denkmann)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Biblical Hebrew (SIL) (HKLM\...\{C4852924-8548-4FA6-A822-5B3840C5E0E7}) (Version: 1.0.3.40 - Tiro Typeworks)
Birkenbihl Sprachen (x32 Version: 255 - Bizzons eMarketing GmbH) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.13(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre 64bit (HKLM\...\{A810DA38-3908-48E1-9536-38B5678ABD52}) (Version: 2.0.0 - Kovid Goyal)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MG5200 series Benutzerregistrierung (HKLM-x32\...\Canon MG5200 series Benutzerregistrierung) (Version:  - )
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
CCFinder (HKLM-x32\...\CCFinderAppId_is1) (Version: 2013 - Abelssoft)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5143 - CDBurnerXP)
Chicken Invaders 3 - Revenge of the Yolk (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco WebEx Meeting Center for Firefox or Chrome (HKLM-x32\...\{A058E0F5-3976-4B4F-9879-556E4413B04B}) (Version: 8.23.2500 - Cisco WebEx LLC)
Cisco WebEx Meetings (HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
ClipX (HKLM-x32\...\ClipX) (Version:  - )
Content Manager 2 (HKLM-x32\...\Content Manager 2) (Version: 3.18.0.342250 - NNG Llc.)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Desk Drive Version 2.1 (HKLM-x32\...\{0F5A5DCE-66CB-43A7-AFB4-F9751168264A}_is1) (Version: 2.1 - Mike Ward)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DirectX 9.0c Extra Files (x86, x64) (HKLM\...\{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1) (Version: 1.10.06.0 - Sereby Corporation)
DocScan Pro version 2012 b654 (HKLM-x32\...\SolarSys DocScan Pro OCR_is1) (Version:  - )
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Driver Booster 2.1 (HKLM-x32\...\Driver Booster_is1) (Version: 2.1 - IObit)
Dropbox (HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Exact Audio Copy 1.0beta4 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta4 - Andre Wiethoff)
EZCast (HKLM-x32\...\{74CECDD9-4B8E-4AE3-9571-8070A17F3C34}) (Version: 1.2.0.1 - Actions-Micro)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FolderVisualizer (HKLM-x32\...\FolderVisualizer_is1) (Version: 2013 - Abelssoft)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.06) (Version: 9.06 - Artifex Software Inc.)
GU Nährwert-Berechnung (HKLM-x32\...\GU Nährwert-Berechnung 1.7) (Version:  - )
Hoffnung für heute (HKLM-x32\...\{8DA19AD3-B535-4CEC-BAFE-4ED4F3249162}) (Version: 3.3.1 - )
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.14.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.37.2 - HTC)
iMindMap 6 (HKLM-x32\...\{2EC189E4-7065-4F57-B4E6-21D061CFF23B}) (Version: 6.0.288 - ThinkBuzan)
Iminent (x32 Version: 5.29.41.0 - Iminent) Hidden <==== ATTENTION
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Identity Protection Technology 1.2.18.0 (HKLM-x32\...\{9602841E-ECE2-1019-AAEE-906A4DE25D6B}) (Version: 1.2.18.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.5 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3190 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\{6E579724-82F9-454C-A98E-39DDDAB167FF}) (Version: 1.0.0.1008 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kalender-Excel-8.10 (HKLM-x32\...\Kalender-Excel-8.10_is1) (Version: 8.10 - MSDatec)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Kyodai Mahjongg (HKLM-x32\...\Kyodai Mahjongg_is1) (Version:  - Rene-Gilles Deberdt)
Langenscheidt Vokabeltrainer 6.0 Englisch (HKLM-x32\...\{733B66AD-B771-4FA6-8DBF-765B820CC0EB}) (Version: 6.0.0 - Langenscheidt)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyKeyFinder (HKLM-x32\...\MyKeyFinder_is1) (Version: 2014 - Abelssoft)
Naviextras Toolbox Prerequesities (HKLM-x32\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)
Network Recording Player (HKLM-x32\...\{4FF911E5-4932-4257-BB35-31BF1CD9C28C}) (Version: 29.6.0.58 - Cisco WebEx LLC)
Nitro Pro 7 (HKLM\...\{EEF9C83C-5D22-4BB8-8453-0F4F5F2328D2}) (Version: 7.5.0.29 - Nitro PDF Software)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
OpenOffice 4.1.0 Language Pack (German) (HKLM-x32\...\{ED7A9584-1F78-4CB0-B3E7-C30E6B7B02FE}) (Version: 4.10.9764 - Apache Software Foundation)
Orchideenverwaltung 2.0.0 (HKLM-x32\...\Orchideenverwaltung) (Version: 2.0.0 - Ricci Zepmeusel)
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Pausenkatzen Screensaver (HKLM-x32\...\Pausenkatzen Screensaver) (Version:  - )
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.47 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.36.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
RICOH Media Driver v2.15.17.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.15.17.02 - RICOH)
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Scribus 1.4.3 (64bit) (HKLM\...\Scribus 1.4.3) (Version: 1.4.3 - The Scribus Team)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Simple Sudoku 4.2 (HKLM-x32\...\Simple Sudoku_is1) (Version:  - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Software Informer 1.1 (HKLM-x32\...\Software Informer_is1) (Version:  - Informer Technologies, Inc.)
StarMoney (x32 Version: 3.0.0.124 - StarFinanz) Hidden
Sticky Password 7.0.7.69 (HKLM-x32\...\Sticky Password_is1) (Version: 7.0 - Lamantine Software)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.18051 - TeamViewer)
Tinypic 3.18 (HKLM-x32\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.18 - E. Fiedler)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.03 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.11.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA Security Assist (HKLM-x32\...\{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}) (Version: 2.0.9 - TOSHIBA)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.9 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.9.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.29 - TOSHIBA Corporation)
TOSHIBA Wireless Display Monitor (HKLM-x32\...\{617773AE-ADBA-4479-BB04-65FE7758B35C}) (Version: 1.0.1 - TOSHIBA CORPORATION)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION)
TOSHIBA Wireless Manager (HKLM-x32\...\{6A631D31-1FD6-46B5-9337-3485C3CBB002}) (Version: 7.0.2.0 - TOSHIBA Corporation)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.3000.132 - TuneUp Software) Hidden
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}) (Version: 11.0.0 - Nuance Communications Inc.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VoipConnect (HKLM-x32\...\VoipConnect_is1) (Version: 4.14 build 760 - Finarea S.A. Switzerland)
Vokabeltrainer-Update 6.0.16 (HKLM-x32\...\{518F8DB2-65BA-40F7-B843-1F11F8F1B124}) (Version: 6.0.16 - Langenscheidt)
Wedding Dash 2 - Rings Around the World (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden
Windows 7 Upgrade Advisor (HKLM-x32\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )
XYplorer 13.40 (HKLM-x32\...\XYplorer) (Version: 13.40 - Donald Lessau)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4063226719-3667356119-3298405193-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Helga Seemannn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4063226719-3667356119-3298405193-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Helga Seemannn\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4063226719-3667356119-3298405193-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Helga Seemannn\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4063226719-3667356119-3298405193-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Helga Seemannn\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4063226719-3667356119-3298405193-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Helga Seemannn\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points  =========================

25-02-2015 17:48:33 Removed Google Earth Plug-in.
25-02-2015 17:49:54 Removed Google Drive
25-02-2015 18:07:21 Revo Uninstaller Pro's restore point - CDex - Open Source Digital Audio CD Extractor
25-02-2015 18:12:02 Revo Uninstaller Pro's restore point - IObit Malware Fighter 3

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-02-22 17:41 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0339E8E2-622B-46A3-BBF7-ABB0128D8132} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {0BA88A14-956E-4C35-BE25-BD7AF3066072} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {17CAC312-B0C5-4565-B68C-A33CEE254980} - System32\Tasks\Driver Booster SkipUAC (SYSTEM) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-01-07] (IObit)
Task: {25CA25EA-F772-47F4-9BB7-A83ED8479DA2} - System32\Tasks\Helga Seemannn Local Autobackup 5 4 => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBCore.exe
Task: {3125ABE9-6788-4BE9-9B76-A9F1B8E9C146} - System32\Tasks\Helga Seemannn NBAgent 5 4 => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
Task: {32C5FF35-9665-44FA-91FF-3BF81FEDE86F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-25] (Google Inc.)
Task: {40CF05DB-51C4-49AA-A883-7404DA63DA48} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {477ECDF3-BF50-4F64-99E0-4F1DB00204B8} - System32\Tasks\130617 => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBCore.exe <==== ATTENTION
Task: {601E706D-0871-4133-86A3-FA51C6B8502A} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => C:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {6ABCA756-5705-44D0-B94B-35B93B51BA6F} - System32\Tasks\TOSHIBA Wireless Display Monitor => C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe [2010-12-26] (TOSHIBA CORPORATION)
Task: {752060D5-84CF-4F76-B91C-464C85583F6D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {77C9A764-3133-4D26-9EBA-79E817E492C2} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe
Task: {784DD483-2FA8-4125-8288-E9A132C7F95E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {86D61E0B-95A2-4246-8C43-0979BD8F2358} - System32\Tasks\Driver Booster SkipUAC (Helga Seemannn) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-01-07] (IObit)
Task: {8CE7E6CD-0850-44C1-BD42-724EDC03545A} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {90B3B169-EE4E-41E5-8485-661E9F2CFDEE} - System32\Tasks\ScanSoft Background Update => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25] (Nuance Communications, Inc.)
Task: {9AF84A73-75E8-4A5E-A73F-80C7AB3D9586} - System32\Tasks\Helga Seemannn => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBCore.exe
Task: {A3FD788E-6A23-4B7A-ABB3-4AC61DA58E9B} - System32\Tasks\d auf f => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBCore.exe
Task: {A5AA4A9A-5DF9-4B9E-9BA3-0F309B95C4C3} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {B36242F5-CB45-48D5-8B91-EECDFB6D0243} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2014-12-09] (IObit)
Task: {B366F3D6-E662-4F39-9191-895B7E62D720} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {C360CD86-FF7E-48FD-953A-1CBA4F109341} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {D0362807-23BB-41B5-8F01-10D9C34804B8} - System32\Tasks\{28B5E167-33D9-4B82-9D2F-24496A2F78B8} => C:\Program Files (x86)\Positive Habits Application\Habits.exe
Task: {DC8184FB-0F45-44B7-960C-BD18A6CA4E81} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {E0E15F2D-77C4-4FF7-BD8C-03FD6C943C26} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-25] (Google Inc.)
Task: {E2DD32FC-FD94-49E1-8877-EB22FB566F1B} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {E4F23931-CE2D-404E-A71E-8B45791E4FC5} - System32\Tasks\ASC8_SkipUac_Helga Seemannn => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2014-12-10] (IObit)
Task: {F1D98C35-E091-49DB-B9EE-D1301E49E15B} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2014-12-17] (IObit)
Task: {F9A731BC-D526-4D6E-91D4-3D35241F1FA4} - System32\Tasks\Opera scheduled Autoupdate 1418592731 => C:\Program Files (x86)\Opera\launcher.exe
Task: {FDF91388-6394-4700-AC2E-7B433E364EC2} - \AnVir Task Manager No Task File <==== ATTENTION
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2011-06-01 02:32 - 2011-06-01 02:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-12-18 15:10 - 2014-12-18 15:10 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2011-06-01 02:32 - 2011-06-01 02:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-08-31 21:13 - 2011-08-31 21:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2007-02-12 20:51 - 2007-02-12 20:51 - 01111552 _____ () C:\Program Files (x86)\FastStone Capture\FSCapture.exe
2014-05-31 16:15 - 2014-05-31 16:15 - 01053848 _____ () C:\Windows\SysWOW64\ieconfig_1und1_svc.exe
2015-01-21 03:06 - 2015-01-21 03:06 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2011-06-09 21:09 - 2011-06-09 21:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2008-07-28 03:01 - 2008-07-28 03:01 - 00423424 _____ () C:\Program Files\ClipX\clipx.exe
2015-01-03 10:20 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\sqlite3.dll
2014-03-06 14:00 - 2014-03-06 14:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2014-08-06 12:40 - 2014-08-06 12:40 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-12-18 15:08 - 2014-12-18 15:08 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-08-06 12:41 - 2014-08-06 12:41 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-08-06 12:41 - 2014-08-06 12:41 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-08-06 12:42 - 2014-08-06 12:42 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-08-06 12:44 - 2014-08-06 12:44 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-08-06 12:46 - 2014-08-06 12:46 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-02-25 18:38 - 2015-02-17 23:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-25 18:38 - 2015-02-17 23:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-25 18:38 - 2015-02-17 23:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\sdpsenv.dat:naughtypirates
AlternateDataStreams: C:\ProgramData\TEMP:07BF512B
AlternateDataStreams: C:\ProgramData\TEMP:7FFED16F
AlternateDataStreams: C:\ProgramData\TEMP:DF462FF6
AlternateDataStreams: C:\Users\Helga Seemannn\Downloads\unsubscribe  get healthy and fit.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4063226719-3667356119-3298405193-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: VoipConnect => "C:\Program Files (x86)\VoipConnect.com\VoipConnect\VoipConnect.exe" -nosplash -minimized

==================== Accounts: =============================

Administrator (S-1-5-21-4063226719-3667356119-3298405193-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-4063226719-3667356119-3298405193-501 - Limited - Enabled)
Helga Seemannn (S-1-5-21-4063226719-3667356119-3298405193-1001 - Administrator - Enabled) => C:\Users\Helga Seemannn
HomeGroupUser$ (S-1-5-21-4063226719-3667356119-3298405193-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/25/2015 08:54:19 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/25/2015 08:29:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/25/2015 07:13:31 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/25/2015 07:13:19 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/25/2015 05:45:34 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {3b0d0686-94b5-4fb1-b95a-52dafc859cf5}

Error: (02/25/2015 05:42:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2015 04:04:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2015 01:20:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2015 08:51:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2015 08:02:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/25/2015 06:16:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iolo System Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/25/2015 05:45:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:
%%2

Error: (02/25/2015 05:42:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Wireless PAN DHCP Server" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/25/2015 05:42:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (02/25/2015 05:42:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Media Center Extender-Dienst" ist vom Dienst "SSDP-Suche" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (02/25/2015 04:06:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:
%%2

Error: (02/25/2015 04:04:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Wireless PAN DHCP Server" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/25/2015 04:04:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (02/25/2015 04:03:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Media Center Extender-Dienst" ist vom Dienst "SSDP-Suche" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (02/25/2015 01:22:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:
%%2


Microsoft Office Sessions:
=========================
Error: (02/25/2015 08:54:19 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Helga Seemannn\Downloads\esetsmartinstaller_deu.exe

Error: (02/25/2015 08:29:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (02/25/2015 07:13:31 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Helga Seemannn\Downloads\esetsmartinstaller_deu.exe

Error: (02/25/2015 07:13:19 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Helga Seemannn\Downloads\esetsmartinstaller_deu.exe

Error: (02/25/2015 05:45:34 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {3b0d0686-94b5-4fb1-b95a-52dafc859cf5}

Error: (02/25/2015 05:42:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2015 04:04:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2015 01:20:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2015 08:51:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2015 08:02:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2015-02-22 17:39:57.274
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-22 17:39:57.211
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-10 17:28:42.518
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\risdxc64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-10 17:28:42.440
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\risdxc64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-10 17:10:35.534
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\risdxc64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-10 17:10:35.456
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\risdxc64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-10 17:07:36.159
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\risdxc64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-10 17:07:36.081
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\risdxc64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-10 16:27:26.861
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\risdxc64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-10 16:27:26.783
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\risdxc64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2467M CPU @ 1.60GHz
Percentage of memory in use: 69%
Total physical RAM: 3996.55 MB
Available physical RAM: 1221.2 MB
Total Pagefile: 7991.28 MB
Available Pagefile: 4696.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Helga_1) (Fixed) (Total:96.94 GB) (Free:17.87 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Bilder_1) (Removable) (Total:59.54 GB) (Free:7.84 GB) exFAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 119.2 GB) (Disk ID: 4B1DF3B9)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=96.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8 GB) - (Type=84)
Partition 4: (Not Active) - (Size=12.8 GB) - (Type=17)

========================================================
Disk: 1 (Size: 59.6 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
Schon mal ganz, ganz herzlichen Dank dir.
Helga


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:47 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27