Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Omega Plus + Adware CrossID und Search Protect (https://www.trojaner-board.de/156608-omega-plus-adware-crossid-search-protect.html)

pramox 18.07.2014 19:41
Omega Plus + Adware CrossID und Search Protect
 
Hallo zusammen,

ich habe mir eine Freeware zum zusammenfassen von MP4 Dateien runtergeladen, nun habe ich das AddOn Omega Plus auf dem Rechner, wenn ich versuche dies über die Systemsteuerung --> Programme zu deinstallieren, bleibt es bei 100% stehen und nichts passiert.

Norton macht ständig Warnmeldungen pber Adware CrossID und Search Protect, behebt diese, aber beim Restart kommt immer wieder das selbe. Was kann ich tun?

Habe Win Vista auf einem Laptop.


Vielen Dank vorab
Pramox

M-K-D-B 18.07.2014 19:43
:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Danke für deine Mitarbeit!





Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


pramox 18.07.2014 20:10
Hier die gewünschten Infos
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01
Ran by PramoxLaptop (administrator) on PRAMOXLAPTOP-PC on 18-07-2014 21:07:08
Running from C:\Users\PramoxLaptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNVAKYZP
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
() C:\Program Files\SupTab\HpUI.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\SupTab\Loader32.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.4.0.13\n360.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(AlcorMicro Co., Ltd.) C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
() C:\Windows\PLFSetI.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\trolatunt\updatetrolatunt.exe
(Realtek Semiconductor Corp.) C:\Users\PramoxLaptop\AppData\Local\Temp\RtkBtMnt.exe
() C:\Program Files\trolatunt\bin\utiltrolatunt.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHLE.EXE
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHLE.EXE
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHLE.EXE
(Marx Softwareentwicklung - www.software4u.de) C:\Program Files\Software4u\iDevice Manager\Software4u.IDMLauncher.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\AcerVCM.exe
() C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
() C:\Program Files\trolatunt\bin\trolatunt.PurBrowse.exe
() C:\Program Files\trolatunt\bin\trolatunt.BrowserAdapter.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.4.0.13\n360.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(RPA Technology) C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Skytech Co., Ltd.) C:\Users\PramoxLaptop\AppData\Roaming\omiga-plus\UninstallManager.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [13605408 2009-02-10] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] => C:\Windows\system32\NvMcTray.dll [92704 2009-02-10] (NVIDIA Corporation)
HKLM\...\Run: [AmIcoSinglun] => C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [237568 2008-10-24] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6957600 2009-03-11] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2013-11-24] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1410344 2008-12-05] (Synaptics, Inc.)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [870920 2009-02-24] (Dritek System Inc.)
HKLM\...\Run: [BackupManagerTray] => C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [249600 2009-03-20] (NewTech Infosystems, Inc.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe [715296 2009-03-11] (Acer Incorporated)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-14] (DivX, LLC)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [ProductReg] => C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2008-11-17] (Acer)
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHLE.EXE [249440 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [EPLTarget\P0000000000000002] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHLE.EXE [249440 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [EPLTarget\P0000000000000003] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHLE.EXE [249440 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [iPhone PC Suite] => C:\Program Files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe /start
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [iDevice Manager Launcher] => C:\Program Files\Software4u\iDevice Manager\Software4u.IDMLauncher.exe [139216 2014-03-15] (Marx Softwareentwicklung - www.software4u.de)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Air Mouse.lnk
ShortcutTarget: Air Mouse.lnk -> C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe ()
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360\Engine\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360\Engine\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360\Engine\21.4.0.13\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1113&m=aspire_7738
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1405699677&from=smt&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309UD2416D2416
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1405699677&from=smt&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309UD2416D2416
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1405699677&from=smt&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309UD2416D2416&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1405699677&from=smt&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309UD2416D2416&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1405699677&from=smt&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309UD2416D2416
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1405699677&from=smt&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309UD2416D2416&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\PramoxLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\et5cxbr7.default-1405707576517
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 - C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @staging.google.com/globalUpdate Update;version=4 - C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\PramoxLaptop\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\omiga-plus.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: PHD-V1.4 - C:\Users\PramoxLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\et5cxbr7.default-1405707576517\Extensions\508d4e2f-a469-421d-a294-135dbb84fe1b@f7b17943-cc9e-4d4a-b223-0bd1e7cfc871.com [2014-07-18]
FF Extension: trolatunt - C:\Users\PramoxLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\et5cxbr7.default-1405707576517\Extensions\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}.xpi [2014-07-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-11-29]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-01-22]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-07-18]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\PramoxLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\75anjfqn.default-1395248793998\extensions\faststartff@gmail.com
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1405699677&from=smt&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309UD2416D2416

Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR StartupUrls: "hxxp://www.google.de/"
CHR Extension: (Google Docs) - C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-13]
CHR Extension: (Google Drive) - C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-13]
CHR Extension: (YouTube) - C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-13]
CHR Extension: (Google Search) - C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-13]
CHR Extension: (Google Wallet) - C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-13]
CHR Extension: (Quick start) - C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-07-18]
CHR Extension: (Gmail) - C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-13]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\21.4.0.13\Exts\Chrome.crx [2014-07-13]
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-07-18]
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1405699677&from=smt&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309UD2416D2416

========================== Services (Whitelisted) =================

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4161512 2013-12-04] (Emsisoft GmbH)
R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3526136 2013-08-27] (devolo AG)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [666144 2009-03-11] (Acer Incorporated)
S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-07-18] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-07-18] (globalUpdate) [File not signed]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [3427208 2014-07-18] (Cherished Technololgy LIMITED)
R2 N360; C:\Program Files\Norton 360\Engine\21.4.0.13\N360.exe [265040 2014-06-27] (Symantec Corporation)
S2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [44800 2009-03-20] (NewTech Infosystems, Inc.)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.)
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [237568 2008-11-27] (Acer Incorporated) [File not signed]
R2 Update trolatunt; C:\Program Files\trolatunt\updatetrolatunt.exe [321824 2014-07-18] ()
R2 Util trolatunt; C:\Program Files\trolatunt\bin\utiltrolatunt.exe [321824 2014-07-18] ()
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [535936 2014-07-18] (Fuyu LIMITED)

==================== Drivers (Whitelisted) ====================

S3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [57944 2013-08-24] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [14432 2013-03-28] (Emsisoft GmbH)
R1 BHDrvx86; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140703.001\BHDrvx86.sys [1101616 2014-05-10] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1504000.00D\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)
S3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-06-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [109872 2014-06-11] (Symantec Corporation)
R2 FPSensor; C:\Windows\System32\Drivers\FPSensor.sys [26928 2008-12-24] (Egis)
R3 hidshim; C:\Windows\System32\DRIVERS\hidshim.sys [5632 2008-10-08] (Windows (R) Codename Longhorn DDK provider)
R1 IDSVix86; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140717.001\IDSvix86.sys [395992 2014-03-29] (Symantec Corporation)
R3 NAVENG; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140718.002\NAVENG.SYS [93272 2014-05-14] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140718.002\NAVEX15.SYS [1612376 2014-05-14] (Symantec Corporation)
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2013-08-21] (CACE Technologies) [File not signed]
R3 nuvotonhidgeneric; C:\Windows\System32\DRIVERS\nuvotonhidgeneric.sys [22528 2008-10-08] (Nuvoton Technology Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360\1504000.00D\SRTSP.SYS [664280 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1504000.00D\SRTSPX.SYS [32344 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1504000.00D\SYMDS.SYS [367704 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1504000.00D\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-01-22] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1504000.00D\Ironx86.SYS [206936 2013-09-27] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\1504000.00D\SYMTDIV.SYS [384728 2014-02-18] (Symantec Corporation)
R1 {0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gt; C:\Windows\System32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gt.sys [55224 2014-07-17] (StdLib)
S2 int15; \??\c:\Windows\system32\drivers\int15.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Netaapl; system32\DRIVERS\netaapl.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSBXP.SYS [49408 2013-09-06] (Seiko Epson Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-18 20:59 - 2014-07-18 21:01 - 2216022023 _____ () C:\Users\PramoxLaptop\Desktop\Ausgabe123.mp4
2014-07-18 20:49 - 2014-07-18 21:07 - 00000000 ____D () C:\FRST
2014-07-18 20:36 - 2014-07-18 20:36 - 00000000 ____D () C:\Users\PramoxLaptop\Documents\Symantec
2014-07-18 19:52 - 2014-07-17 19:24 - 00055224 _____ (StdLib) C:\Windows\system32\Drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gt.sys
2014-07-18 18:22 - 2014-07-18 18:23 - 147978989 _____ () C:\Users\PramoxLaptop\Desktop\Video #1_temp.avi
2014-07-18 18:16 - 2014-07-18 20:31 - 00001412 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-5_user.job
2014-07-18 18:16 - 2014-07-18 20:31 - 00001396 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-5.job
2014-07-18 18:16 - 2014-07-18 20:27 - 00000000 ____D () C:\Program Files\trolatunt
2014-07-18 18:15 - 2014-07-18 20:31 - 00002198 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-4.job
2014-07-18 18:15 - 2014-07-18 20:31 - 00001500 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-1.job
2014-07-18 18:15 - 2014-07-18 20:31 - 00001324 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-2.job
2014-07-18 18:14 - 2014-07-18 20:36 - 00001442 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-7.job
2014-07-18 18:14 - 2014-07-18 20:31 - 00003446 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-11.job
2014-07-18 18:14 - 2014-07-18 20:31 - 00002420 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-3.job
2014-07-18 18:14 - 2014-07-18 20:31 - 00001502 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-6.job
2014-07-18 18:14 - 2014-07-18 20:31 - 00000888 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-07-18 18:14 - 2014-07-18 18:19 - 00000892 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-07-18 18:14 - 2014-07-18 18:16 - 00000000 ____D () C:\Program Files\PHD-V1.4
2014-07-18 18:14 - 2014-07-18 18:14 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\globalUpdate
2014-07-18 18:14 - 2014-07-18 18:14 - 00000000 ____D () C:\Program Files\globalUpdate
2014-07-18 18:12 - 2014-07-18 18:13 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-07-18 18:12 - 2014-07-18 18:13 - 00000000 ____D () C:\Program Files\SupTab
2014-07-18 18:12 - 2014-07-18 18:12 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-07-18 18:11 - 2014-07-18 19:52 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\omiga-plus
2014-07-18 18:07 - 2014-07-18 18:07 - 00000906 _____ () C:\Users\PramoxLaptop\Desktop\MP4Joiner.lnk
2014-07-18 18:07 - 2014-07-18 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4Joiner
2014-07-18 18:06 - 2014-07-18 18:07 - 00000000 ____D () C:\Program Files\MP4Joiner
2014-07-18 18:05 - 2014-07-18 18:06 - 08088746 _____ ( ) C:\Users\PramoxLaptop\Downloads\MP4Joiner-2.1.2-win32.exe
2014-07-18 18:00 - 2014-07-18 18:01 - 183005218 _____ () C:\Users\PramoxLaptop\Desktop\VTS_01_5.mp4
2014-07-18 17:55 - 2014-07-18 18:00 - 1106370325 _____ () C:\Users\PramoxLaptop\Desktop\VTS_01_4.mp4
2014-07-18 17:51 - 2014-07-18 17:55 - 1108808452 _____ () C:\Users\PramoxLaptop\Desktop\VTS_01_3.mp4
2014-07-18 17:45 - 2014-07-18 17:51 - 1108652294 _____ () C:\Users\PramoxLaptop\Desktop\VTS_01_2.mp4
2014-07-18 17:40 - 2014-07-18 20:49 - 1108265856 _____ () C:\Users\PramoxLaptop\Desktop\VTS_01_1.mp4
2014-07-16 20:25 - 2014-07-16 20:25 - 00002056 _____ () C:\Users\Public\Desktop\Free MP4 Video Converter.lnk
2014-07-16 20:21 - 2014-07-16 20:22 - 32691984 _____ (DVDVideoSoft Ltd. ) C:\Users\PramoxLaptop\Downloads\FreeMP4VideoConverter.exe
2014-07-16 20:19 - 2014-07-16 20:23 - 00000000 ____D () C:\ProgramData\Freemake
2014-07-16 20:19 - 2014-07-16 20:19 - 00000000 ____D () C:\Users\PramoxLaptop\Documents\Freemake
2014-07-16 20:18 - 2014-07-16 20:22 - 00000000 ____D () C:\Program Files\Freemake
2014-07-16 20:17 - 2014-07-16 20:17 - 01268264 _____ (Ellora Assets Corporation ) C:\Users\PramoxLaptop\Downloads\FreemakeVideoConverterSetup.exe
2014-07-16 20:02 - 2014-07-16 20:02 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\HandBrake
2014-07-16 19:59 - 2014-07-16 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-07-16 19:59 - 2014-07-16 20:25 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-07-16 19:59 - 2014-07-16 20:24 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-07-16 19:59 - 2014-07-16 20:00 - 00002056 _____ () C:\Users\Public\Desktop\Free DVD Video Converter.lnk
2014-07-16 19:59 - 2014-07-16 19:59 - 00001036 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-07-16 19:58 - 2014-07-16 20:25 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\DVDVideoSoft
2014-07-15 20:48 - 2014-07-15 20:48 - 37146304 _____ (DVDVideoSoft Ltd. ) C:\Users\PramoxLaptop\Downloads\FreeDVDVideoConverter-2.0.20.623.exe
2014-07-15 19:36 - 2014-07-15 19:36 - 00001668 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-15 19:36 - 2014-07-15 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-15 19:36 - 2012-08-21 13:01 - 00026840 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-07-15 19:35 - 2014-07-15 19:36 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-15 19:35 - 2014-07-15 19:36 - 00000000 ____D () C:\Program Files\iTunes
2014-07-15 19:35 - 2014-07-15 19:35 - 00000000 ____D () C:\Program Files\iPod
2014-07-15 19:34 - 2014-07-15 19:34 - 00001830 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-07-15 19:34 - 2014-07-15 19:34 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-07-15 19:30 - 2014-07-15 19:35 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-15 19:27 - 2014-07-15 19:28 - 111992144 _____ (Apple Inc.) C:\Users\PramoxLaptop\Downloads\iTunesSetup(1).exe
2014-07-14 19:22 - 2014-07-14 19:22 - 00002019 _____ () C:\Users\PramoxLaptop\Desktop\iDevice Manager.lnk
2014-07-14 19:22 - 2014-07-14 19:22 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\Software4u
2014-07-14 19:22 - 2014-07-14 19:22 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\IsolatedStorage
2014-07-14 19:22 - 2014-07-14 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDevice Manager
2014-07-14 19:22 - 2014-07-14 19:22 - 00000000 ____D () C:\Program Files\Software4u
2014-07-14 19:19 - 2014-07-14 19:19 - 04101456 _____ (Marx Softwareentwicklung ) C:\Users\PramoxLaptop\Downloads\IDMSetup34.exe
2014-07-14 19:19 - 2014-07-14 19:19 - 00000000 ____D () C:\Users\PramoxLaptop\Documents\91 Mobile
2014-07-14 19:18 - 2014-07-14 19:18 - 00000000 ____D () C:\Program Files\NetDragon
2014-07-14 19:06 - 2014-07-14 19:07 - 00961360 _____ (Chip Digital GmbH) C:\Users\PramoxLaptop\Downloads\SharePod - CHIP-Installer.exe
2014-07-14 18:22 - 2014-07-14 18:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl_01009.Wdf
2014-07-14 17:36 - 2014-07-14 17:43 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\WindSolutions
2014-07-14 17:36 - 2014-07-14 17:37 - 00000000 ____D () C:\ProgramData\WindSolutions
2014-07-14 17:35 - 2014-07-14 17:36 - 05102256 _____ (WindSolutions) C:\Users\PramoxLaptop\Downloads\Install_CopyTransControlCenter.exe
2014-07-13 12:30 - 2014-06-07 02:19 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-13 12:29 - 2014-06-07 02:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-13 12:29 - 2014-06-07 01:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-13 12:29 - 2014-06-07 01:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-13 12:29 - 2014-06-07 01:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-13 12:29 - 2014-06-07 01:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-13 12:29 - 2014-06-07 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-13 12:29 - 2014-06-07 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-13 12:29 - 2014-06-07 00:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-13 12:29 - 2014-06-07 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-13 12:29 - 2014-06-07 00:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-13 12:29 - 2014-06-07 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-13 12:29 - 2014-06-07 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-13 12:29 - 2014-06-07 00:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-13 12:29 - 2014-06-07 00:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-13 12:29 - 2014-06-07 00:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-13 12:29 - 2014-06-07 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-13 12:29 - 2014-06-07 00:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-13 12:29 - 2014-06-07 00:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-13 12:29 - 2014-06-07 00:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-13 12:29 - 2014-06-07 00:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-13 12:29 - 2014-06-07 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-13 12:29 - 2014-06-06 10:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-13 12:29 - 2014-05-30 08:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 16:29 - 2014-07-09 16:29 - 01058200 _____ (Adobe) C:\Users\PramoxLaptop\Downloads\install_flashplayer14x32au_mssd_aaa_aih.exe
2014-07-03 18:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-03 18:39 - 2014-07-03 18:39 - 01346519 _____ () C:\Users\PramoxLaptop\Downloads\adwcleaner_3.214.exe
2014-07-03 17:07 - 2014-07-04 13:50 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\dvdcss
2014-07-03 12:32 - 2014-07-03 13:11 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\pangu
2014-07-03 12:29 - 2014-07-03 12:30 - 35956160 _____ () C:\Users\PramoxLaptop\Downloads\Pangu_v1.1.exe
2014-07-02 20:30 - 2014-07-02 20:30 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\AirMouse
2014-07-02 20:30 - 2014-07-02 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Air Mouse
2014-07-02 20:30 - 2014-07-02 20:30 - 00000000 ____D () C:\Program Files\Air Mouse
2014-07-02 20:29 - 2014-07-02 20:29 - 08378272 _____ (RPA Tech, Inc ) C:\Users\PramoxLaptop\Downloads\setup2.7.0.exe
2014-07-02 20:29 - 2014-07-02 20:29 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\Downloaded Installations
2014-07-02 16:56 - 2014-07-02 16:56 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\Adobe
2014-06-29 05:29 - 2014-06-29 05:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-07-18 21:07 - 2014-07-18 20:49 - 00000000 ____D () C:\FRST
2014-07-18 21:06 - 2014-06-08 13:26 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\vlc
2014-07-18 21:01 - 2014-07-18 20:59 - 2216022023 _____ () C:\Users\PramoxLaptop\Desktop\Ausgabe123.mp4
2014-07-18 20:49 - 2014-07-18 17:40 - 1108265856 _____ () C:\Users\PramoxLaptop\Desktop\VTS_01_1.mp4
2014-07-18 20:47 - 2013-11-29 21:46 - 00098588 _____ () C:\ProgramData\nvModes.001
2014-07-18 20:36 - 2014-07-18 20:36 - 00000000 ____D () C:\Users\PramoxLaptop\Documents\Symantec
2014-07-18 20:36 - 2014-07-18 18:14 - 00001442 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-7.job
2014-07-18 20:35 - 2013-11-24 14:46 - 01893094 _____ () C:\Windows\WindowsUpdate.log
2014-07-18 20:32 - 2006-11-02 12:23 - 00000246 _____ () C:\Windows\win.ini
2014-07-18 20:31 - 2014-07-18 18:16 - 00001412 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-5_user.job
2014-07-18 20:31 - 2014-07-18 18:16 - 00001396 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-5.job
2014-07-18 20:31 - 2014-07-18 18:15 - 00002198 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-4.job
2014-07-18 20:31 - 2014-07-18 18:15 - 00001500 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-1.job
2014-07-18 20:31 - 2014-07-18 18:15 - 00001324 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-2.job
2014-07-18 20:31 - 2014-07-18 18:14 - 00003446 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-11.job
2014-07-18 20:31 - 2014-07-18 18:14 - 00002420 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-3.job
2014-07-18 20:31 - 2014-07-18 18:14 - 00001502 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-6.job
2014-07-18 20:31 - 2014-07-18 18:14 - 00000888 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-07-18 20:31 - 2014-05-14 14:55 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-18 20:31 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-18 20:31 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-18 20:31 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-18 20:29 - 2006-11-02 15:01 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-18 20:27 - 2014-07-18 18:16 - 00000000 ____D () C:\Program Files\trolatunt
2014-07-18 20:18 - 2014-03-06 20:09 - 00000604 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1096382573-999743387-1970358641-1000.job
2014-07-18 20:12 - 2014-05-14 14:55 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-18 19:52 - 2014-07-18 18:11 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\omiga-plus
2014-07-18 18:23 - 2014-07-18 18:22 - 147978989 _____ () C:\Users\PramoxLaptop\Desktop\Video #1_temp.avi
2014-07-18 18:19 - 2014-07-18 18:14 - 00000892 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-07-18 18:19 - 2008-01-21 04:47 - 00874406 _____ () C:\Windows\PFRO.log
2014-07-18 18:16 - 2014-07-18 18:14 - 00000000 ____D () C:\Program Files\PHD-V1.4
2014-07-18 18:14 - 2014-07-18 18:14 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\globalUpdate
2014-07-18 18:14 - 2014-07-18 18:14 - 00000000 ____D () C:\Program Files\globalUpdate
2014-07-18 18:13 - 2014-07-18 18:12 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-07-18 18:13 - 2014-07-18 18:12 - 00000000 ____D () C:\Program Files\SupTab
2014-07-18 18:12 - 2014-07-18 18:12 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-07-18 18:11 - 2014-05-14 14:55 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-18 18:11 - 2013-11-29 20:30 - 00098588 _____ () C:\ProgramData\nvModes.dat
2014-07-18 18:11 - 2013-11-24 17:31 - 00001068 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-18 18:11 - 2013-11-24 14:58 - 00001141 _____ () C:\Users\PramoxLaptop\Desktop\Internet Explorer.lnk
2014-07-18 18:10 - 2013-11-24 17:31 - 00001080 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-18 18:07 - 2014-07-18 18:07 - 00000906 _____ () C:\Users\PramoxLaptop\Desktop\MP4Joiner.lnk
2014-07-18 18:07 - 2014-07-18 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4Joiner
2014-07-18 18:07 - 2014-07-18 18:06 - 00000000 ____D () C:\Program Files\MP4Joiner
2014-07-18 18:06 - 2014-07-18 18:05 - 08088746 _____ ( ) C:\Users\PramoxLaptop\Downloads\MP4Joiner-2.1.2-win32.exe
2014-07-18 18:01 - 2014-07-18 18:00 - 183005218 _____ () C:\Users\PramoxLaptop\Desktop\VTS_01_5.mp4
2014-07-18 18:00 - 2014-07-18 17:55 - 1106370325 _____ () C:\Users\PramoxLaptop\Desktop\VTS_01_4.mp4
2014-07-18 17:55 - 2014-07-18 17:51 - 1108808452 _____ () C:\Users\PramoxLaptop\Desktop\VTS_01_3.mp4
2014-07-18 17:51 - 2014-07-18 17:45 - 1108652294 _____ () C:\Users\PramoxLaptop\Desktop\VTS_01_2.mp4
2014-07-18 17:30 - 2014-05-14 14:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-17 19:24 - 2014-07-18 19:52 - 00055224 _____ (StdLib) C:\Windows\system32\Drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gt.sys
2014-07-16 22:17 - 2013-11-30 17:04 - 00162816 _____ () C:\Users\PramoxLaptop\Desktop\Ebay Auswertung.xls
2014-07-16 20:25 - 2014-07-16 20:25 - 00002056 _____ () C:\Users\Public\Desktop\Free MP4 Video Converter.lnk
2014-07-16 20:25 - 2014-07-16 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-07-16 20:25 - 2014-07-16 19:59 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-07-16 20:25 - 2014-07-16 19:58 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\DVDVideoSoft
2014-07-16 20:24 - 2014-07-16 19:59 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-07-16 20:23 - 2014-07-16 20:19 - 00000000 ____D () C:\ProgramData\Freemake
2014-07-16 20:22 - 2014-07-16 20:21 - 32691984 _____ (DVDVideoSoft Ltd. ) C:\Users\PramoxLaptop\Downloads\FreeMP4VideoConverter.exe
2014-07-16 20:22 - 2014-07-16 20:18 - 00000000 ____D () C:\Program Files\Freemake
2014-07-16 20:19 - 2014-07-16 20:19 - 00000000 ____D () C:\Users\PramoxLaptop\Documents\Freemake
2014-07-16 20:17 - 2014-07-16 20:17 - 01268264 _____ (Ellora Assets Corporation ) C:\Users\PramoxLaptop\Downloads\FreemakeVideoConverterSetup.exe
2014-07-16 20:03 - 2014-01-15 19:17 - 00006656 _____ () C:\Users\PramoxLaptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-16 20:02 - 2014-07-16 20:02 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\HandBrake
2014-07-16 20:00 - 2014-07-16 19:59 - 00002056 _____ () C:\Users\Public\Desktop\Free DVD Video Converter.lnk
2014-07-16 19:59 - 2014-07-16 19:59 - 00001036 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-07-16 19:55 - 2014-03-12 16:24 - 00000000 ____D () C:\Users\PramoxLaptop\Desktop\Iphone
2014-07-16 06:55 - 2014-01-22 19:08 - 00002063 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-07-16 06:55 - 2014-01-22 19:07 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-07-16 06:55 - 2014-01-22 19:07 - 00000000 ____D () C:\Windows\system32\Drivers\N360
2014-07-15 20:48 - 2014-07-15 20:48 - 37146304 _____ (DVDVideoSoft Ltd. ) C:\Users\PramoxLaptop\Downloads\FreeDVDVideoConverter-2.0.20.623.exe
2014-07-15 19:36 - 2014-07-15 19:36 - 00001668 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-15 19:36 - 2014-07-15 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-15 19:36 - 2014-07-15 19:35 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-15 19:36 - 2014-07-15 19:35 - 00000000 ____D () C:\Program Files\iTunes
2014-07-15 19:35 - 2014-07-15 19:35 - 00000000 ____D () C:\Program Files\iPod
2014-07-15 19:35 - 2014-07-15 19:30 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-15 19:35 - 2014-03-12 16:31 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-07-15 19:34 - 2014-07-15 19:34 - 00001830 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-07-15 19:34 - 2014-07-15 19:34 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-07-15 19:33 - 2013-11-24 14:55 - 00000000 ____D () C:\Users\PramoxLaptop
2014-07-15 19:30 - 2014-03-12 16:26 - 00000000 ____D () C:\ProgramData\Apple
2014-07-15 19:28 - 2014-07-15 19:27 - 111992144 _____ (Apple Inc.) C:\Users\PramoxLaptop\Downloads\iTunesSetup(1).exe
2014-07-15 19:18 - 2006-11-02 14:52 - 00124092 _____ () C:\Windows\setupact.log
2014-07-14 19:30 - 2009-02-11 22:16 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-07-14 19:22 - 2014-07-14 19:22 - 00002019 _____ () C:\Users\PramoxLaptop\Desktop\iDevice Manager.lnk
2014-07-14 19:22 - 2014-07-14 19:22 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\Software4u
2014-07-14 19:22 - 2014-07-14 19:22 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\IsolatedStorage
2014-07-14 19:22 - 2014-07-14 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDevice Manager
2014-07-14 19:22 - 2014-07-14 19:22 - 00000000 ____D () C:\Program Files\Software4u
2014-07-14 19:20 - 2014-04-07 18:21 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\CrashDumps
2014-07-14 19:19 - 2014-07-14 19:19 - 04101456 _____ (Marx Softwareentwicklung ) C:\Users\PramoxLaptop\Downloads\IDMSetup34.exe
2014-07-14 19:19 - 2014-07-14 19:19 - 00000000 ____D () C:\Users\PramoxLaptop\Documents\91 Mobile
2014-07-14 19:18 - 2014-07-14 19:18 - 00000000 ____D () C:\Program Files\NetDragon
2014-07-14 19:07 - 2014-07-14 19:06 - 00961360 _____ (Chip Digital GmbH) C:\Users\PramoxLaptop\Downloads\SharePod - CHIP-Installer.exe
2014-07-14 18:22 - 2014-07-14 18:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl_01009.Wdf
2014-07-14 17:43 - 2014-07-14 17:36 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\WindSolutions
2014-07-14 17:37 - 2014-07-14 17:36 - 00000000 ____D () C:\ProgramData\WindSolutions
2014-07-14 17:36 - 2014-07-14 17:35 - 05102256 _____ (WindSolutions) C:\Users\PramoxLaptop\Downloads\Install_CopyTransControlCenter.exe
2014-07-13 12:55 - 2006-11-02 14:47 - 00308232 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-13 12:52 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-13 12:50 - 2013-11-30 14:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-13 12:46 - 2006-11-02 12:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-09 17:44 - 2013-12-08 14:33 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-09 17:44 - 2013-12-08 14:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 16:29 - 2014-07-09 16:29 - 01058200 _____ (Adobe) C:\Users\PramoxLaptop\Downloads\install_flashplayer14x32au_mssd_aaa_aih.exe
2014-07-06 14:31 - 2014-01-16 21:04 - 00000000 ____D () C:\Users\PramoxLaptop\Desktop\Pramox
2014-07-06 14:28 - 2014-05-29 17:36 - 00000653 _____ () C:\Users\PramoxLaptop\Desktop\Websites.txt
2014-07-04 13:50 - 2014-07-03 17:07 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\dvdcss
2014-07-03 18:45 - 2014-01-22 18:40 - 00000000 ____D () C:\AdwCleaner
2014-07-03 18:39 - 2014-07-03 18:39 - 01346519 _____ () C:\Users\PramoxLaptop\Downloads\adwcleaner_3.214.exe
2014-07-03 16:27 - 2014-06-14 08:41 - 00017920 _____ () C:\Users\PramoxLaptop\Desktop\Urlaub 2014.xls
2014-07-03 13:58 - 2014-01-16 21:04 - 00000000 ____D () C:\Users\PramoxLaptop\Desktop\Nina
2014-07-03 13:11 - 2014-07-03 12:32 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\pangu
2014-07-03 12:30 - 2014-07-03 12:29 - 35956160 _____ () C:\Users\PramoxLaptop\Downloads\Pangu_v1.1.exe
2014-07-02 20:30 - 2014-07-02 20:30 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\AirMouse
2014-07-02 20:30 - 2014-07-02 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Air Mouse
2014-07-02 20:30 - 2014-07-02 20:30 - 00000000 ____D () C:\Program Files\Air Mouse
2014-07-02 20:29 - 2014-07-02 20:29 - 08378272 _____ (RPA Tech, Inc ) C:\Users\PramoxLaptop\Downloads\setup2.7.0.exe
2014-07-02 20:29 - 2014-07-02 20:29 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\Downloaded Installations
2014-07-02 16:56 - 2014-07-02 16:56 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\Adobe
2014-07-01 17:10 - 2013-11-24 17:26 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-29 10:43 - 2014-03-12 16:32 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\Apple Computer
2014-06-29 05:29 - 2014-06-29 05:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\PramoxLaptop\AppData\Local\Temp\FreemakeVideoConverter_4.1.4.3.exe
C:\Users\PramoxLaptop\AppData\Local\Temp\OptimizerPro.exe
C:\Users\PramoxLaptop\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\PramoxLaptop\AppData\Local\Temp\setup.exe
C:\Users\PramoxLaptop\AppData\Local\Temp\smt_omiga-plus_20140717.exe
C:\Users\PramoxLaptop\AppData\Local\Temp\trolatuntSetup.exe
C:\Users\PramoxLaptop\AppData\Local\Temp\_isD431.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-18 20:38

==================== End Of Log ============================
--- --- ---



und
FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-07-2014 01
Ran by PramoxLaptop at 2014-07-18 21:07:58
Running from C:\Users\PramoxLaptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNVAKYZP
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

7-Zip 9.22beta (HKLM\...\7-Zip) (Version:  - )
AC3Filter 2.6.0b (HKLM\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Acer Backup Manager (HKLM\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 1.0.0.50 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.79.326 (HKLM\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.79.326 - Chicony Electronics Co.,Ltd.)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.00.3005 - Acer Incorporated)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer PowerSmart Manager (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.01.3006 - Acer Incorporated)
Acer Product Registration (HKLM\...\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}) (Version: 3.0.0.10 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\Acer Screensaver) (Version:  - Acer)
Acer VCM (HKLM\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.00.3004 - Acer Incorporated)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
AmIcoSingLun (HKLM\...\InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}) (Version: 1.2.117.1 - Alcor Micro Co., Ltd.)
AmIcoSingLun (Version: 1.2.117.1 - Alcor Micro Co., Ltd.) Hidden
Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Backup Manager Basic (Version: 1.0.0.50 - NewTech Infosystems) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{9AF0B106-56F1-461B-A270-95BC1682E282}) (Version: 11.34.02 - Broadcom Corporation)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
devolo dLAN Cockpit (HKLM\...\dlancockpit) (Version: 4.1.3.0 - devolo AG)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.100 - DivX, LLC)
Druckerdeinstallation für EPSON SX235 Series (HKLM\...\EPSON SX235 Series) (Version:  - SEIKO EPSON Corporation)
Emsisoft Anti-Malware (HKLM\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 8.1 - Emsisoft GmbH)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Config V4 (HKLM\...\{08013FB5-DF8B-4D29-9B5E-B3DE88EBA6CA}) (Version: 4.4.1 - SEIKO EPSON CORPORATION)
Free DVD Video Converter version 2.0.20.623 (HKLM\...\Free DVD Video Converter_is1) (Version: 2.0.20.623 - DVDVideoSoft Ltd.)
Free MP4 Video Converter version 5.0.44.623 (HKLM\...\Free MP4 Video Converter_is1) (Version: 5.0.44.623 - DVDVideoSoft Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 6.3.0.1468 (HKCU\...\GoToMeeting) (Version: 6.3.0.1468 - CitrixOnline)
iDevice Manager (HKLM\...\FE5AE7DC-7B01-4263-A94C-B4526C276550_is1) (Version: 3.4.0.0 - Marx Software)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{0A37EE62-9A58-420D-90CC-4E52153112EE}) (Version: 11.3.0.54 - Apple Inc.)
Launch Manager (HKLM\...\LManager) (Version: 2.0.01 - Acer Inc.)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{91E30407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Mouse Server (HKLM\...\{895FE43E-71C2-4FEA-94EF-B88D111495FC}) (Version: 2.7.0 - RPA Tech, Inc)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MP4Joiner v2.1.2 (HKLM\...\MP4Joiner_is1) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton 360 (HKLM\...\N360) (Version: 21.4.0.13 - Symantec Corporation)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.616 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.616 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6509 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.2.6509 - NewTech Infosystems) Hidden
Nuvoton EC Generic HID Driver (HKLM\...\{302E9B7B-2B6A-4C29-9A02-9F2110649779}) (Version: 7.80.5000 - Nuvoton Technology Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
omiga-plus uninstall (HKLM\...\omiga-plus uninstall) (Version:  - omiga-plus)
PDF24 Creator 6.3.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PHD-V1.4 (HKLM\...\PHD-V1.4) (Version: 1.34.7.1 - PHD)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5807 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.1.0.0 - Synaptics)
trolatunt (HKLM\...\trolatunt) (Version: 2014.07.18.160707 - trolatunt) <==== ATTENTION
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WindowsMangerProtect20.0.0.502 (HKLM\...\WindowsMangerProtect) (Version: 20.0.0.502 - WindowsProtect LIMITED)

==================== Restore Points  =========================

08-05-2014 21:24:37 Removed EpsonNet Config V4
08-05-2014 21:26:44 Installed EpsonNet Config V4
12-05-2014 09:27:38 Geplanter Prüfpunkt
13-05-2014 13:04:16 Geplanter Prüfpunkt
14-05-2014 12:07:01 Geplanter Prüfpunkt
16-05-2014 05:09:40 Windows Update
22-05-2014 20:36:40 Gerätetreiber-Paketinstallation: EPSON Drucker
24-05-2014 21:05:13 Geplanter Prüfpunkt
26-05-2014 10:54:31 Geplanter Prüfpunkt
13-06-2014 07:27:37 Windows Update
29-06-2014 04:08:43 Geplanter Prüfpunkt
02-07-2014 17:37:07 Geplanter Prüfpunkt
02-07-2014 18:30:00 Installed Mobile Mouse Server.
13-07-2014 10:44:40 Windows Update
14-07-2014 17:07:13 ??? 91 PC Suite for iPhone
14-07-2014 17:17:55 ??? 91 PC Suite for iPhone
14-07-2014 17:29:56 ??? 91 PC Suite for iPhone
15-07-2014 17:09:27 Removed iTunes
15-07-2014 17:13:36 Removed Apple Application Support
15-07-2014 17:14:59 Removed Apple Mobile Device Support
15-07-2014 17:19:15 Removed Apple Software Update
15-07-2014 17:32:11 Gerätetreiber-Paketinstallation: Apple, Inc. USB-Controller
15-07-2014 17:33:16 Gerätetreiber-Paketinstallation: Apple Netzwerkadapter
15-07-2014 17:34:27 Installed iTunes
16-07-2014 17:46:20 Windows Update

==================== Hosts content: ==========================

2006-11-02 12:23 - 2014-03-12 19:12 - 00000763 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
::1            localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {014387AD-70C9-4FAF-8D90-6AB7A3C7C8B4} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {07BB548C-C299-488D-BB20-6AF1662E2688} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-14] (Google Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {22A3279F-E17F-4CF4-9D50-59E919756BF7} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-07-18] (globalUpdate) <==== ATTENTION
Task: {23595F99-7FD0-4996-BDD8-64952584CE9C} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3A036A2B-F67B-4B36-BCB0-0B16F67722E8} - System32\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-6 => C:\Program Files\PHD-V1.4\PHD-V1.4-novainstaller.exe [2014-07-18] (PHD)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3EF60081-D08A-4C4E-82AD-6223E405811F} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {5A7D1ADD-D0A1-4CB2-915B-92DE99B0986C} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\21.4.0.13\WSCStub.exe [2014-06-27] (Symantec Corporation)
Task: {5D2988A8-7417-4F2C-B67F-1139C2BE677F} - System32\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-11 => C:\Program Files\PHD-V1.4\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-11.exe [2014-07-18] (PHD)
Task: {7C6B35B5-4D1F-4FBA-9170-460EBE595467} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {9B1091E8-5AF9-4125-AC97-20BBE0BACD0B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-14] (Google Inc.)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {B6419A9F-34BE-4E37-932D-8C1689BC550C} - System32\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-5_user => C:\Program Files\PHD-V1.4\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-5.exe [2014-07-18] (PHD)
Task: {B8A8A437-E3AF-4FDE-987A-245E4C8EC8C3} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-07-18] (globalUpdate) <==== ATTENTION
Task: {C9A9E64A-A75D-443E-A914-E49E8CB4557F} - System32\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-5 => C:\Program Files\PHD-V1.4\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-5.exe [2014-07-18] (PHD)
Task: {CAD4AC81-B983-469A-9E0C-3F206DF0C8A5} - System32\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-1 => C:\Program Files\PHD-V1.4\PHD-V1.4-codedownloader.exe [2014-07-18] (PHD)
Task: {D536E162-18C6-4752-9338-48B1FC17AD2D} - System32\Tasks\G2MUpdateTask-S-1-5-21-1096382573-999743387-1970358641-1000 => C:\Users\PramoxLaptop\AppData\Local\Citrix\GoToMeeting\1468\g2mupdate.exe [2014-07-15] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {D72A8D9A-AB18-4C9F-A94B-11D9AB6915DC} - System32\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-2 => C:\Program Files\PHD-V1.4\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-2.exe [2014-07-18] (PHD)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F102BFB1-5CA6-4EF3-8CC7-F2ACDFB66945} - System32\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-4 => C:\Program Files\PHD-V1.4\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-4.exe [2014-07-18] (PHD)
Task: {F12B5211-3ACB-43A8-A108-6E11A238BAB6} - System32\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-7 => C:\Program Files\PHD-V1.4\PHD-V1.4-nova.exe [2014-07-18] (PHD)
Task: {FA6BD5BE-CC57-43FE-826E-C9A67CF648E7} - System32\Tasks\Acer\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-02-05] (Acer)
Task: {FA8B1672-557D-4875-8C51-FC26CB4CFEC3} - System32\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-3 => C:\Program Files\PHD-V1.4\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-3.exe [2014-07-18] (PHD)
Task: C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-1.job => C:\Program Files\PHD-V1.4\PHD-V1.4-codedownloader.exe
Task: C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-11.job => C:\Program Files\PHD-V1.4\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-11.exe
Task: C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-2.job => C:\Program Files\PHD-V1.4\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-2.exe
Task: C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-3.job => C:\Program Files\PHD-V1.4\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-3.exe
Task: C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-4.job => C:\Program Files\PHD-V1.4\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-4.exe
Task: C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-5.job => C:\Program Files\PHD-V1.4\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-5.exe
Task: C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-5_user.job => C:\Program Files\PHD-V1.4\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-5.exe
Task: C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-6.job => C:\Program Files\PHD-V1.4\PHD-V1.4-novainstaller.exe
Task: C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-7.job => C:\Program Files\PHD-V1.4\PHD-V1.4-nova.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1096382573-999743387-1970358641-1000.job => C:\Users\PramoxLaptop\AppData\Local\Citrix\GoToMeeting\1468\g2mupdate.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-17 17:29 - 2014-07-18 18:12 - 00093576 _____ () C:\Program Files\SupTab\WindowsSupportDll32.dll
2014-07-17 17:29 - 2014-07-18 18:12 - 00732040 _____ () C:\Program Files\SupTab\HpUI.exe
2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-16 11:16 - 2014-07-16 11:16 - 00064000 _____ () C:\Program Files\SupTab\Loader32.exe
2013-11-24 15:08 - 2013-11-24 15:07 - 00200704 _____ () C:\Windows\PLFSetI.exe
2014-07-18 18:08 - 2014-07-18 18:08 - 00321824 _____ () C:\Program Files\trolatunt\updatetrolatunt.exe
2014-07-18 19:46 - 2014-07-18 19:46 - 00321824 _____ () C:\Program Files\trolatunt\bin\utiltrolatunt.exe
2013-11-24 23:31 - 2003-06-07 23:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2012-09-23 20:44 - 2012-09-23 20:44 - 01600512 _____ () C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
2011-06-14 14:19 - 2011-06-14 14:19 - 00025600 _____ () C:\Program Files\Air Mouse\Air Mouse\BonjourService.dll
2014-07-18 19:52 - 2014-07-17 19:24 - 00239392 _____ () C:\Program Files\trolatunt\bin\trolatunt.PurBrowse.exe
2014-07-18 19:52 - 2014-07-18 15:58 - 00096544 _____ () C:\Program Files\trolatunt\bin\trolatunt.BrowserAdapter.exe
2014-06-29 05:29 - 2014-06-29 05:29 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-06-12 06:37 - 2014-06-12 06:37 - 03022960 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2014-06-12 06:37 - 2014-06-12 06:37 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2014-06-12 06:37 - 2014-06-12 06:37 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/18/2014 08:32:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/18/2014 08:32:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/18/2014 08:32:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/18/2014 08:31:50 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/18/2014 08:01:38 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\PRAMOXLAPTOP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\75ANJFQN.DEFAULT-1395248793998\SAFEBROWSING-TO_DELETE> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (07/18/2014 08:01:38 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\PRAMOXLAPTOP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\75ANJFQN.DEFAULT-1395248793998\SAFEBROWSING-BACKUP> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (07/18/2014 08:01:30 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\PRAMOXLAPTOP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\75ANJFQN.DEFAULT-1395248793998\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (07/18/2014 08:01:30 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\PRAMOXLAPTOP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\75ANJFQN.DEFAULT-1395248793998\SAFEBROWSING> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (07/18/2014 07:57:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/18/2014 07:56:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (07/18/2014 08:32:55 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/18/2014 08:32:51 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (07/18/2014 08:32:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NTI IScheduleSvc%%14001

Error: (07/18/2014 08:32:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: int15%%2

Error: (07/18/2014 08:32:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (07/18/2014 07:57:24 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (07/18/2014 07:57:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NTI IScheduleSvc%%14001

Error: (07/18/2014 07:57:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: int15%%2

Error: (07/18/2014 07:57:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (07/18/2014 07:57:20 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (07/18/2014 08:32:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/18/2014 08:32:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManager.exe

Error: (07/18/2014 08:32:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

Error: (07/18/2014 08:31:50 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

Error: (07/18/2014 08:01:38 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\PRAMOXLAPTOP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\75ANJFQN.DEFAULT-1395248793998\SAFEBROWSING-TO_DELETE

Error: (07/18/2014 08:01:38 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\PRAMOXLAPTOP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\75ANJFQN.DEFAULT-1395248793998\SAFEBROWSING-BACKUP

Error: (07/18/2014 08:01:30 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\PRAMOXLAPTOP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\75ANJFQN.DEFAULT-1395248793998\SAFEBROWSING

Error: (07/18/2014 08:01:30 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\PRAMOXLAPTOP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\75ANJFQN.DEFAULT-1395248793998\SAFEBROWSING

Error: (07/18/2014 07:57:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/18/2014 07:56:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe


CodeIntegrity Errors:
===================================
  Date: 2014-07-18 21:07:35.546
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-18 21:07:35.421
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-18 21:07:35.281
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-18 21:07:35.094
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-18 21:07:20.336
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140703.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-18 21:07:20.211
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140703.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-18 21:07:20.040
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140703.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-18 21:07:19.852
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140703.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-18 20:50:52.939
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-18 20:50:52.773
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 54%
Total physical RAM: 3065.89 MB
Available physical RAM: 1398.22 MB
Total Pagefile: 6336.81 MB
Available Pagefile: 4264.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1889.61 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:452.99 GB) (Free:303.72 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (LOGICAL VOLUME IDENTIFIER) (CDROM) (Total:4.16 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 6F050EC2)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=453 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=12)

==================== End Of Log ============================
--- --- ---

M-K-D-B 18.07.2014 20:32
Zitat:
Running from C:\Users\PramoxLaptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNVAKYZP
Leider hast du meine Anleitung nicht richtig befolgt:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.

pramox 20.07.2014 10:29
Sorry, hier nun vom Desktop gestartet.
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:19-07-2014
Ran by PramoxLaptop (administrator) on PRAMOXLAPTOP-PC on 20-07-2014 11:24:08
Running from C:\Users\PramoxLaptop\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(PHD) C:\Program Files\PHD-V1.4\PHD-V1.4-nova.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.4.0.13\n360.exe
(AlcorMicro Co., Ltd.) C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
() C:\Program Files\trolatunt\updatetrolatunt.exe
() C:\Windows\PLFSetI.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor Corp.) C:\Users\PramoxLaptop\AppData\Local\Temp\RtkBtMnt.exe
() C:\Program Files\trolatunt\bin\utiltrolatunt.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.4.0.13\n360.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
() C:\Program Files\SupTab\HpUI.exe
() C:\Program Files\SupTab\Loader32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHLE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHLE.EXE
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHLE.EXE
(Marx Softwareentwicklung - Ringtones for iPhone, Registry cleanup, Office configuration ? Software4u) C:\Program Files\Software4u\iDevice Manager\Software4u.IDMLauncher.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\AcerVCM.exe
() C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
() C:\Program Files\trolatunt\bin\trolatunt.PurBrowse.exe
() C:\Program Files\trolatunt\bin\trolatunt.BrowserAdapter.exe


==================== Registry (Whitelisted) ==================

HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [ProductReg] => C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2008-11-17] (Acer)
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHLE.EXE [249440 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [EPLTarget\P0000000000000002] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHLE.EXE [249440 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [EPLTarget\P0000000000000003] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHLE.EXE [249440 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [iPhone PC Suite] => C:\Program Files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe /start
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [iDevice Manager Launcher] => C:\Program Files\Software4u\iDevice Manager\Software4u.IDMLauncher.exe [139216 2014-03-15] (Marx Softwareentwicklung - Ringtones for iPhone, Registry cleanup, Office configuration ? Software4u)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Air Mouse.lnk
ShortcutTarget: Air Mouse.lnk -> C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe ()
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360\Engine\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360\Engine\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360\Engine\21.4.0.13\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bing
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer | explore beyond limits
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = OMIGA PLUS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = OMIGA PLUS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1405699677&from=smt&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309UD2416D2416&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1405699677&from=smt&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309UD2416D2416&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe OMIGA PLUS
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1405699677&from=smt&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309UD2416D2416&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\PramoxLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\et5cxbr7.default-1405707576517
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 - C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @staging.google.com/globalUpdate Update;version=4 - C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\PramoxLaptop\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\omiga-plus.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: PHD-V1.4 - C:\Users\PramoxLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\et5cxbr7.default-1405707576517\Extensions\508d4e2f-a469-421d-a294-135dbb84fe1b@f7b17943-cc9e-4d4a-b223-0bd1e7cfc871.com [2014-07-18]
FF Extension: trolatunt - C:\Users\PramoxLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\et5cxbr7.default-1405707576517\Extensions\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}.xpi [2014-07-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-11-29]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-01-22]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-07-20]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\PramoxLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\75anjfqn.default-1395248793998\extensions\faststartff@gmail.com
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe OMIGA PLUS

Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR StartupUrls: "hxxp://www.google.de/"
CHR Extension: (Google Docs) - C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-13]
CHR Extension: (Google Drive) - C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-13]
CHR Extension: (YouTube) - C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-13]
CHR Extension: (Google Search) - C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-13]
CHR Extension: (Google Wallet) - C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-13]
CHR Extension: (Quick start) - C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-07-18]
CHR Extension: (Gmail) - C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-13]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\21.4.0.13\Exts\Chrome.crx [2014-07-13]
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-07-18]

========================== Services (Whitelisted) =================

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4161512 2013-12-04] (Emsisoft GmbH)
R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3526136 2013-08-27] (devolo AG)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [666144 2009-03-11] (Acer Incorporated)
S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-07-18] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-07-18] (globalUpdate) [File not signed]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [3427208 2014-07-18] (Cherished Technololgy LIMITED)
R2 N360; C:\Program Files\Norton 360\Engine\21.4.0.13\N360.exe [265040 2014-06-27] (Symantec Corporation)
S2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [44800 2009-03-20] (NewTech Infosystems, Inc.)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.)
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [237568 2008-11-27] (Acer Incorporated) [File not signed]
R2 Update trolatunt; C:\Program Files\trolatunt\updatetrolatunt.exe [321824 2014-07-18] ()
R2 Util trolatunt; C:\Program Files\trolatunt\bin\utiltrolatunt.exe [321824 2014-07-18] ()
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [535936 2014-07-18] (Fuyu LIMITED)

==================== Drivers (Whitelisted) ====================

S3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [57944 2013-08-24] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [14432 2013-03-28] (Emsisoft GmbH)
R1 BHDrvx86; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140703.001\BHDrvx86.sys [1101616 2014-05-10] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1504000.00D\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)
S3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-06-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [109872 2014-06-11] (Symantec Corporation)
R2 FPSensor; C:\Windows\System32\Drivers\FPSensor.sys [26928 2008-12-24] (Egis)
R3 hidshim; C:\Windows\System32\DRIVERS\hidshim.sys [5632 2008-10-08] (Windows (R) Codename Longhorn DDK provider)
R1 IDSVix86; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140717.001\IDSvix86.sys [395992 2014-03-29] (Symantec Corporation)
R3 NAVENG; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140718.009\NAVENG.SYS [93272 2014-05-14] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140718.009\NAVEX15.SYS [1612376 2014-05-14] (Symantec Corporation)
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2013-08-21] (CACE Technologies) [File not signed]
R3 nuvotonhidgeneric; C:\Windows\System32\DRIVERS\nuvotonhidgeneric.sys [22528 2008-10-08] (Nuvoton Technology Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360\1504000.00D\SRTSP.SYS [664280 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1504000.00D\SRTSPX.SYS [32344 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1504000.00D\SYMDS.SYS [367704 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1504000.00D\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-01-22] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1504000.00D\Ironx86.SYS [206936 2013-09-27] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\1504000.00D\SYMTDIV.SYS [384728 2014-02-18] (Symantec Corporation)
R1 {0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gt; C:\Windows\System32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gt.sys [55224 2014-07-17] (StdLib)
S2 int15; \??\c:\Windows\system32\drivers\int15.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Netaapl; system32\DRIVERS\netaapl.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSBXP.SYS [49408 2013-09-06] (Seiko Epson Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-20 11:24 - 2014-07-20 11:24 - 00019278 _____ () C:\Users\PramoxLaptop\Desktop\FRST.txt
2014-07-20 11:20 - 2014-07-20 11:20 - 01079808 _____ (Farbar) C:\Users\PramoxLaptop\Desktop\FRST.exe
2014-07-18 21:36 - 2014-07-18 21:41 - 318325712 _____ () C:\Users\PramoxLaptop\Desktop\WM 2014 - Siegesfeier Berlin 1 von 2.mp4
2014-07-18 20:49 - 2014-07-20 11:24 - 00000000 ____D () C:\FRST
2014-07-18 20:36 - 2014-07-18 20:36 - 00000000 ____D () C:\Users\PramoxLaptop\Documents\Symantec
2014-07-18 19:52 - 2014-07-17 19:24 - 00055224 _____ (StdLib) C:\Windows\system32\Drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gt.sys
2014-07-18 18:16 - 2014-07-20 11:23 - 00001412 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-5_user.job
2014-07-18 18:16 - 2014-07-20 11:23 - 00001396 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-5.job
2014-07-18 18:16 - 2014-07-18 23:03 - 00000000 ____D () C:\Program Files\trolatunt
2014-07-18 18:15 - 2014-07-20 11:23 - 00002198 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-4.job
2014-07-18 18:15 - 2014-07-20 11:23 - 00001500 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-1.job
2014-07-18 18:15 - 2014-07-20 11:23 - 00001324 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-2.job
2014-07-18 18:14 - 2014-07-20 11:23 - 00003446 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-11.job
2014-07-18 18:14 - 2014-07-20 11:23 - 00002420 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-3.job
2014-07-18 18:14 - 2014-07-20 11:23 - 00001502 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-6.job
2014-07-18 18:14 - 2014-07-20 11:23 - 00001442 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-7.job
2014-07-18 18:14 - 2014-07-20 11:23 - 00000888 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-07-18 18:14 - 2014-07-19 00:19 - 00000892 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-07-18 18:14 - 2014-07-18 18:16 - 00000000 ____D () C:\Program Files\PHD-V1.4
2014-07-18 18:14 - 2014-07-18 18:14 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\globalUpdate
2014-07-18 18:14 - 2014-07-18 18:14 - 00000000 ____D () C:\Program Files\globalUpdate
2014-07-18 18:12 - 2014-07-18 23:03 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-07-18 18:12 - 2014-07-18 23:03 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-07-18 18:12 - 2014-07-18 23:03 - 00000000 ____D () C:\Program Files\SupTab
2014-07-18 18:11 - 2014-07-18 19:52 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\omiga-plus
2014-07-18 18:07 - 2014-07-18 18:07 - 00000906 _____ () C:\Users\PramoxLaptop\Desktop\MP4Joiner.lnk
2014-07-18 18:07 - 2014-07-18 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4Joiner
2014-07-18 18:06 - 2014-07-18 18:07 - 00000000 ____D () C:\Program Files\MP4Joiner
2014-07-18 18:05 - 2014-07-18 18:06 - 08088746 _____ ( ) C:\Users\PramoxLaptop\Downloads\MP4Joiner-2.1.2-win32.exe
2014-07-16 20:25 - 2014-07-16 20:25 - 00002056 _____ () C:\Users\Public\Desktop\Free MP4 Video Converter.lnk
2014-07-16 20:21 - 2014-07-16 20:22 - 32691984 _____ (DVDVideoSoft Ltd. ) C:\Users\PramoxLaptop\Downloads\FreeMP4VideoConverter.exe
2014-07-16 20:19 - 2014-07-16 20:23 - 00000000 ____D () C:\ProgramData\Freemake
2014-07-16 20:19 - 2014-07-16 20:19 - 00000000 ____D () C:\Users\PramoxLaptop\Documents\Freemake
2014-07-16 20:18 - 2014-07-16 20:22 - 00000000 ____D () C:\Program Files\Freemake
2014-07-16 20:17 - 2014-07-16 20:17 - 01268264 _____ (Ellora Assets Corporation ) C:\Users\PramoxLaptop\Downloads\FreemakeVideoConverterSetup.exe
2014-07-16 20:02 - 2014-07-16 20:02 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\HandBrake
2014-07-16 19:59 - 2014-07-16 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-07-16 19:59 - 2014-07-16 20:25 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-07-16 19:59 - 2014-07-16 20:24 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-07-16 19:59 - 2014-07-16 20:00 - 00002056 _____ () C:\Users\Public\Desktop\Free DVD Video Converter.lnk
2014-07-16 19:59 - 2014-07-16 19:59 - 00001036 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-07-16 19:58 - 2014-07-16 20:25 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\DVDVideoSoft
2014-07-15 20:48 - 2014-07-15 20:48 - 37146304 _____ (DVDVideoSoft Ltd. ) C:\Users\PramoxLaptop\Downloads\FreeDVDVideoConverter-2.0.20.623.exe
2014-07-15 19:36 - 2014-07-15 19:36 - 00001668 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-15 19:36 - 2014-07-15 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-15 19:36 - 2012-08-21 13:01 - 00026840 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-07-15 19:35 - 2014-07-15 19:36 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-15 19:35 - 2014-07-15 19:36 - 00000000 ____D () C:\Program Files\iTunes
2014-07-15 19:35 - 2014-07-15 19:35 - 00000000 ____D () C:\Program Files\iPod
2014-07-15 19:34 - 2014-07-15 19:34 - 00001830 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-07-15 19:34 - 2014-07-15 19:34 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-07-15 19:30 - 2014-07-15 19:35 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-15 19:27 - 2014-07-15 19:28 - 111992144 _____ (Apple Inc.) C:\Users\PramoxLaptop\Downloads\iTunesSetup(1).exe
2014-07-14 19:22 - 2014-07-14 19:22 - 00002019 _____ () C:\Users\PramoxLaptop\Desktop\iDevice Manager.lnk
2014-07-14 19:22 - 2014-07-14 19:22 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\Software4u
2014-07-14 19:22 - 2014-07-14 19:22 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\IsolatedStorage
2014-07-14 19:22 - 2014-07-14 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDevice Manager
2014-07-14 19:22 - 2014-07-14 19:22 - 00000000 ____D () C:\Program Files\Software4u
2014-07-14 19:19 - 2014-07-14 19:19 - 04101456 _____ (Marx Softwareentwicklung ) C:\Users\PramoxLaptop\Downloads\IDMSetup34.exe
2014-07-14 19:19 - 2014-07-14 19:19 - 00000000 ____D () C:\Users\PramoxLaptop\Documents\91 Mobile
2014-07-14 19:18 - 2014-07-14 19:18 - 00000000 ____D () C:\Program Files\NetDragon
2014-07-14 19:06 - 2014-07-14 19:07 - 00961360 _____ (Chip Digital GmbH) C:\Users\PramoxLaptop\Downloads\SharePod - CHIP-Installer.exe
2014-07-14 18:22 - 2014-07-14 18:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl_01009.Wdf
2014-07-14 17:36 - 2014-07-14 17:43 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\WindSolutions
2014-07-14 17:36 - 2014-07-14 17:37 - 00000000 ____D () C:\ProgramData\WindSolutions
2014-07-14 17:35 - 2014-07-14 17:36 - 05102256 _____ (WindSolutions) C:\Users\PramoxLaptop\Downloads\Install_CopyTransControlCenter.exe
2014-07-13 12:30 - 2014-06-07 02:19 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-13 12:29 - 2014-06-07 02:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-13 12:29 - 2014-06-07 01:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-13 12:29 - 2014-06-07 01:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-13 12:29 - 2014-06-07 01:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-13 12:29 - 2014-06-07 01:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-13 12:29 - 2014-06-07 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-13 12:29 - 2014-06-07 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-13 12:29 - 2014-06-07 00:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-13 12:29 - 2014-06-07 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-13 12:29 - 2014-06-07 00:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-13 12:29 - 2014-06-07 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-13 12:29 - 2014-06-07 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-13 12:29 - 2014-06-07 00:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-13 12:29 - 2014-06-07 00:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-13 12:29 - 2014-06-07 00:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-13 12:29 - 2014-06-07 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-13 12:29 - 2014-06-07 00:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-13 12:29 - 2014-06-07 00:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-13 12:29 - 2014-06-07 00:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-13 12:29 - 2014-06-07 00:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-13 12:29 - 2014-06-07 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-13 12:29 - 2014-06-06 10:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-13 12:29 - 2014-05-30 08:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 16:29 - 2014-07-09 16:29 - 01058200 _____ (Adobe) C:\Users\PramoxLaptop\Downloads\install_flashplayer14x32au_mssd_aaa_aih.exe
2014-07-03 18:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-03 18:39 - 2014-07-03 18:39 - 01346519 _____ () C:\Users\PramoxLaptop\Downloads\adwcleaner_3.214.exe
2014-07-03 17:07 - 2014-07-04 13:50 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\dvdcss
2014-07-03 12:32 - 2014-07-03 13:11 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\pangu
2014-07-03 12:29 - 2014-07-03 12:30 - 35956160 _____ () C:\Users\PramoxLaptop\Downloads\Pangu_v1.1.exe
2014-07-02 20:30 - 2014-07-02 20:30 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\AirMouse
2014-07-02 20:30 - 2014-07-02 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Air Mouse
2014-07-02 20:30 - 2014-07-02 20:30 - 00000000 ____D () C:\Program Files\Air Mouse
2014-07-02 20:29 - 2014-07-02 20:29 - 08378272 _____ (RPA Tech, Inc ) C:\Users\PramoxLaptop\Downloads\setup2.7.0.exe
2014-07-02 20:29 - 2014-07-02 20:29 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\Downloaded Installations
2014-07-02 16:56 - 2014-07-02 16:56 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\Adobe
2014-06-29 05:29 - 2014-07-18 23:03 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-07-20 11:26 - 2014-07-20 11:24 - 00019278 _____ () C:\Users\PramoxLaptop\Desktop\FRST.txt
2014-07-20 11:24 - 2014-07-18 20:49 - 00000000 ____D () C:\FRST
2014-07-20 11:23 - 2014-07-18 18:16 - 00001412 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-5_user.job
2014-07-20 11:23 - 2014-07-18 18:16 - 00001396 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-5.job
2014-07-20 11:23 - 2014-07-18 18:15 - 00002198 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-4.job
2014-07-20 11:23 - 2014-07-18 18:15 - 00001500 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-1.job
2014-07-20 11:23 - 2014-07-18 18:15 - 00001324 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-2.job
2014-07-20 11:23 - 2014-07-18 18:14 - 00003446 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-11.job
2014-07-20 11:23 - 2014-07-18 18:14 - 00002420 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-3.job
2014-07-20 11:23 - 2014-07-18 18:14 - 00001502 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-6.job
2014-07-20 11:23 - 2014-07-18 18:14 - 00001442 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-7.job
2014-07-20 11:23 - 2014-07-18 18:14 - 00000888 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-07-20 11:23 - 2014-05-14 14:55 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-20 11:23 - 2013-11-29 21:46 - 00098588 _____ () C:\ProgramData\nvModes.001
2014-07-20 11:23 - 2013-11-29 20:30 - 00098588 _____ () C:\ProgramData\nvModes.dat
2014-07-20 11:23 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-20 11:23 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-20 11:23 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-20 11:23 - 2006-11-02 12:23 - 00000246 _____ () C:\Windows\win.ini
2014-07-20 11:21 - 2006-11-02 15:01 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-20 11:20 - 2014-07-20 11:20 - 01079808 _____ (Farbar) C:\Users\PramoxLaptop\Desktop\FRST.exe
2014-07-20 11:19 - 2014-06-08 13:26 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\vlc
2014-07-20 11:18 - 2014-03-06 20:09 - 00000604 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1096382573-999743387-1970358641-1000.job
2014-07-19 00:19 - 2014-07-18 18:14 - 00000892 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-07-19 00:19 - 2013-11-24 14:46 - 01895043 _____ () C:\Windows\WindowsUpdate.log
2014-07-19 00:12 - 2014-05-14 14:55 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-18 23:30 - 2014-05-14 14:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-18 23:03 - 2014-07-18 18:16 - 00000000 ____D () C:\Program Files\trolatunt
2014-07-18 23:03 - 2014-07-18 18:12 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-07-18 23:03 - 2014-07-18 18:12 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-07-18 23:03 - 2014-07-18 18:12 - 00000000 ____D () C:\Program Files\SupTab
2014-07-18 23:03 - 2014-06-29 05:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-18 22:58 - 2014-05-14 14:55 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-18 21:41 - 2014-07-18 21:36 - 318325712 _____ () C:\Users\PramoxLaptop\Desktop\WM 2014 - Siegesfeier Berlin 1 von 2.mp4
2014-07-18 20:36 - 2014-07-18 20:36 - 00000000 ____D () C:\Users\PramoxLaptop\Documents\Symantec
2014-07-18 19:52 - 2014-07-18 18:11 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\omiga-plus
2014-07-18 18:19 - 2008-01-21 04:47 - 00874406 _____ () C:\Windows\PFRO.log
2014-07-18 18:16 - 2014-07-18 18:14 - 00000000 ____D () C:\Program Files\PHD-V1.4
2014-07-18 18:14 - 2014-07-18 18:14 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\globalUpdate
2014-07-18 18:14 - 2014-07-18 18:14 - 00000000 ____D () C:\Program Files\globalUpdate
2014-07-18 18:11 - 2013-11-24 17:31 - 00001068 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-18 18:11 - 2013-11-24 14:58 - 00001141 _____ () C:\Users\PramoxLaptop\Desktop\Internet Explorer.lnk
2014-07-18 18:10 - 2013-11-24 17:31 - 00001080 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-18 18:07 - 2014-07-18 18:07 - 00000906 _____ () C:\Users\PramoxLaptop\Desktop\MP4Joiner.lnk
2014-07-18 18:07 - 2014-07-18 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4Joiner
2014-07-18 18:07 - 2014-07-18 18:06 - 00000000 ____D () C:\Program Files\MP4Joiner
2014-07-18 18:06 - 2014-07-18 18:05 - 08088746 _____ ( ) C:\Users\PramoxLaptop\Downloads\MP4Joiner-2.1.2-win32.exe
2014-07-17 19:24 - 2014-07-18 19:52 - 00055224 _____ (StdLib) C:\Windows\system32\Drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gt.sys
2014-07-16 22:17 - 2013-11-30 17:04 - 00162816 _____ () C:\Users\PramoxLaptop\Desktop\Ebay Auswertung.xls
2014-07-16 20:25 - 2014-07-16 20:25 - 00002056 _____ () C:\Users\Public\Desktop\Free MP4 Video Converter.lnk
2014-07-16 20:25 - 2014-07-16 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-07-16 20:25 - 2014-07-16 19:59 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-07-16 20:25 - 2014-07-16 19:58 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\DVDVideoSoft
2014-07-16 20:24 - 2014-07-16 19:59 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-07-16 20:23 - 2014-07-16 20:19 - 00000000 ____D () C:\ProgramData\Freemake
2014-07-16 20:22 - 2014-07-16 20:21 - 32691984 _____ (DVDVideoSoft Ltd. ) C:\Users\PramoxLaptop\Downloads\FreeMP4VideoConverter.exe
2014-07-16 20:22 - 2014-07-16 20:18 - 00000000 ____D () C:\Program Files\Freemake
2014-07-16 20:19 - 2014-07-16 20:19 - 00000000 ____D () C:\Users\PramoxLaptop\Documents\Freemake
2014-07-16 20:17 - 2014-07-16 20:17 - 01268264 _____ (Ellora Assets Corporation ) C:\Users\PramoxLaptop\Downloads\FreemakeVideoConverterSetup.exe
2014-07-16 20:03 - 2014-01-15 19:17 - 00006656 _____ () C:\Users\PramoxLaptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-16 20:02 - 2014-07-16 20:02 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\HandBrake
2014-07-16 20:00 - 2014-07-16 19:59 - 00002056 _____ () C:\Users\Public\Desktop\Free DVD Video Converter.lnk
2014-07-16 19:59 - 2014-07-16 19:59 - 00001036 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-07-16 19:55 - 2014-03-12 16:24 - 00000000 ____D () C:\Users\PramoxLaptop\Desktop\Iphone
2014-07-16 06:55 - 2014-01-22 19:08 - 00002063 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-07-16 06:55 - 2014-01-22 19:07 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-07-16 06:55 - 2014-01-22 19:07 - 00000000 ____D () C:\Windows\system32\Drivers\N360
2014-07-15 20:48 - 2014-07-15 20:48 - 37146304 _____ (DVDVideoSoft Ltd. ) C:\Users\PramoxLaptop\Downloads\FreeDVDVideoConverter-2.0.20.623.exe
2014-07-15 19:36 - 2014-07-15 19:36 - 00001668 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-15 19:36 - 2014-07-15 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-15 19:36 - 2014-07-15 19:35 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-15 19:36 - 2014-07-15 19:35 - 00000000 ____D () C:\Program Files\iTunes
2014-07-15 19:35 - 2014-07-15 19:35 - 00000000 ____D () C:\Program Files\iPod
2014-07-15 19:35 - 2014-07-15 19:30 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-15 19:35 - 2014-03-12 16:31 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-07-15 19:34 - 2014-07-15 19:34 - 00001830 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-07-15 19:34 - 2014-07-15 19:34 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-07-15 19:33 - 2013-11-24 14:55 - 00000000 ____D () C:\Users\PramoxLaptop
2014-07-15 19:30 - 2014-03-12 16:26 - 00000000 ____D () C:\ProgramData\Apple
2014-07-15 19:28 - 2014-07-15 19:27 - 111992144 _____ (Apple Inc.) C:\Users\PramoxLaptop\Downloads\iTunesSetup(1).exe
2014-07-15 19:18 - 2006-11-02 14:52 - 00124092 _____ () C:\Windows\setupact.log
2014-07-14 19:30 - 2009-02-11 22:16 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-07-14 19:22 - 2014-07-14 19:22 - 00002019 _____ () C:\Users\PramoxLaptop\Desktop\iDevice Manager.lnk
2014-07-14 19:22 - 2014-07-14 19:22 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\Software4u
2014-07-14 19:22 - 2014-07-14 19:22 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\IsolatedStorage
2014-07-14 19:22 - 2014-07-14 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDevice Manager
2014-07-14 19:22 - 2014-07-14 19:22 - 00000000 ____D () C:\Program Files\Software4u
2014-07-14 19:20 - 2014-04-07 18:21 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\CrashDumps
2014-07-14 19:19 - 2014-07-14 19:19 - 04101456 _____ (Marx Softwareentwicklung ) C:\Users\PramoxLaptop\Downloads\IDMSetup34.exe
2014-07-14 19:19 - 2014-07-14 19:19 - 00000000 ____D () C:\Users\PramoxLaptop\Documents\91 Mobile
2014-07-14 19:18 - 2014-07-14 19:18 - 00000000 ____D () C:\Program Files\NetDragon
2014-07-14 19:07 - 2014-07-14 19:06 - 00961360 _____ (Chip Digital GmbH) C:\Users\PramoxLaptop\Downloads\SharePod - CHIP-Installer.exe
2014-07-14 18:22 - 2014-07-14 18:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl_01009.Wdf
2014-07-14 17:43 - 2014-07-14 17:36 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\WindSolutions
2014-07-14 17:37 - 2014-07-14 17:36 - 00000000 ____D () C:\ProgramData\WindSolutions
2014-07-14 17:36 - 2014-07-14 17:35 - 05102256 _____ (WindSolutions) C:\Users\PramoxLaptop\Downloads\Install_CopyTransControlCenter.exe
2014-07-13 12:55 - 2006-11-02 14:47 - 00308232 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-13 12:52 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-13 12:50 - 2013-11-30 14:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-13 12:46 - 2006-11-02 12:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-09 17:44 - 2013-12-08 14:33 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-09 17:44 - 2013-12-08 14:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 16:29 - 2014-07-09 16:29 - 01058200 _____ (Adobe) C:\Users\PramoxLaptop\Downloads\install_flashplayer14x32au_mssd_aaa_aih.exe
2014-07-06 14:31 - 2014-01-16 21:04 - 00000000 ____D () C:\Users\PramoxLaptop\Desktop\Pramox
2014-07-06 14:28 - 2014-05-29 17:36 - 00000653 _____ () C:\Users\PramoxLaptop\Desktop\Websites.txt
2014-07-04 13:50 - 2014-07-03 17:07 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\dvdcss
2014-07-03 18:45 - 2014-01-22 18:40 - 00000000 ____D () C:\AdwCleaner
2014-07-03 18:39 - 2014-07-03 18:39 - 01346519 _____ () C:\Users\PramoxLaptop\Downloads\adwcleaner_3.214.exe
2014-07-03 16:27 - 2014-06-14 08:41 - 00017920 _____ () C:\Users\PramoxLaptop\Desktop\Urlaub 2014.xls
2014-07-03 13:58 - 2014-01-16 21:04 - 00000000 ____D () C:\Users\PramoxLaptop\Desktop\Nina
2014-07-03 13:11 - 2014-07-03 12:32 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\pangu
2014-07-03 12:30 - 2014-07-03 12:29 - 35956160 _____ () C:\Users\PramoxLaptop\Downloads\Pangu_v1.1.exe
2014-07-02 20:30 - 2014-07-02 20:30 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\AirMouse
2014-07-02 20:30 - 2014-07-02 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Air Mouse
2014-07-02 20:30 - 2014-07-02 20:30 - 00000000 ____D () C:\Program Files\Air Mouse
2014-07-02 20:29 - 2014-07-02 20:29 - 08378272 _____ (RPA Tech, Inc ) C:\Users\PramoxLaptop\Downloads\setup2.7.0.exe
2014-07-02 20:29 - 2014-07-02 20:29 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\Downloaded Installations
2014-07-02 16:56 - 2014-07-02 16:56 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\Adobe
2014-07-01 17:10 - 2013-11-24 17:26 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-29 10:43 - 2014-03-12 16:32 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\Apple Computer

Some content of TEMP:
====================
C:\Users\PramoxLaptop\AppData\Local\Temp\FreemakeVideoConverter_4.1.4.3.exe
C:\Users\PramoxLaptop\AppData\Local\Temp\OptimizerPro.exe
C:\Users\PramoxLaptop\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\PramoxLaptop\AppData\Local\Temp\setup.exe
C:\Users\PramoxLaptop\AppData\Local\Temp\smt_omiga-plus_20140717.exe
C:\Users\PramoxLaptop\AppData\Local\Temp\trolatuntSetup.exe
C:\Users\PramoxLaptop\AppData\Local\Temp\_isD431.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-18 20:38

==================== End Of Log ============================
--- --- ---

--- --- ---


Die zweite Datei wurde leider nicht erstellt, was soll ich hier machen?

pramox 20.07.2014 10:35
Ich habe noch einen Scan gemacht und entgegen der eigentlichen Anweisung die Checkbox "Addition.txt" angeklickt, hier kam nun folgendes raus:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:19-07-2014
Ran by PramoxLaptop (administrator) on PRAMOXLAPTOP-PC on 20-07-2014 11:29:32
Running from C:\Users\PramoxLaptop\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.4.0.13\n360.exe
(AlcorMicro Co., Ltd.) C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
() C:\Program Files\trolatunt\updatetrolatunt.exe
() C:\Windows\PLFSetI.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor Corp.) C:\Users\PramoxLaptop\AppData\Local\Temp\RtkBtMnt.exe
() C:\Program Files\trolatunt\bin\utiltrolatunt.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.4.0.13\n360.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
() C:\Program Files\SupTab\HpUI.exe
() C:\Program Files\SupTab\Loader32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHLE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHLE.EXE
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHLE.EXE
(Marx Softwareentwicklung - Ringtones for iPhone, Registry cleanup, Office configuration ? Software4u) C:\Program Files\Software4u\iDevice Manager\Software4u.IDMLauncher.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\AcerVCM.exe
() C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
() C:\Program Files\trolatunt\bin\trolatunt.PurBrowse.exe
() C:\Program Files\trolatunt\bin\trolatunt.BrowserAdapter.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(RPA Technology) C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [ProductReg] => C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2008-11-17] (Acer)
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHLE.EXE [249440 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [EPLTarget\P0000000000000002] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHLE.EXE [249440 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [EPLTarget\P0000000000000003] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHLE.EXE [249440 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [iPhone PC Suite] => C:\Program Files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe /start
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [iDevice Manager Launcher] => C:\Program Files\Software4u\iDevice Manager\Software4u.IDMLauncher.exe [139216 2014-03-15] (Marx Softwareentwicklung - Ringtones for iPhone, Registry cleanup, Office configuration ? Software4u)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Air Mouse.lnk
ShortcutTarget: Air Mouse.lnk -> C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe ()
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360\Engine\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360\Engine\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360\Engine\21.4.0.13\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bing
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer | explore beyond limits
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = OMIGA PLUS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = OMIGA PLUS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1405699677&from=smt&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309UD2416D2416&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1405699677&from=smt&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309UD2416D2416&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe OMIGA PLUS
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1405699677&from=smt&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309UD2416D2416&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\PramoxLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\et5cxbr7.default-1405707576517
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 - C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @staging.google.com/globalUpdate Update;version=4 - C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\PramoxLaptop\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\omiga-plus.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: PHD-V1.4 - C:\Users\PramoxLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\et5cxbr7.default-1405707576517\Extensions\508d4e2f-a469-421d-a294-135dbb84fe1b@f7b17943-cc9e-4d4a-b223-0bd1e7cfc871.com [2014-07-18]
FF Extension: trolatunt - C:\Users\PramoxLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\et5cxbr7.default-1405707576517\Extensions\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}.xpi [2014-07-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-11-29]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-01-22]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-07-20]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\PramoxLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\75anjfqn.default-1395248793998\extensions\faststartff@gmail.com
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe OMIGA PLUS

Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR StartupUrls: "hxxp://www.google.de/"
CHR Extension: (Google Docs) - C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-13]
CHR Extension: (Google Drive) - C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-13]
CHR Extension: (YouTube) - C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-13]
CHR Extension: (Google Search) - C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-13]
CHR Extension: (Google Wallet) - C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-13]
CHR Extension: (Quick start) - C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-07-18]
CHR Extension: (Gmail) - C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-13]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\21.4.0.13\Exts\Chrome.crx [2014-07-13]
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-07-18]

========================== Services (Whitelisted) =================

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4161512 2013-12-04] (Emsisoft GmbH)
R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3526136 2013-08-27] (devolo AG)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [666144 2009-03-11] (Acer Incorporated)
S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-07-18] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-07-18] (globalUpdate) [File not signed]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [3427208 2014-07-18] (Cherished Technololgy LIMITED)
R2 N360; C:\Program Files\Norton 360\Engine\21.4.0.13\N360.exe [265040 2014-06-27] (Symantec Corporation)
S2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [44800 2009-03-20] (NewTech Infosystems, Inc.)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.)
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [237568 2008-11-27] (Acer Incorporated) [File not signed]
R2 Update trolatunt; C:\Program Files\trolatunt\updatetrolatunt.exe [321824 2014-07-18] ()
R2 Util trolatunt; C:\Program Files\trolatunt\bin\utiltrolatunt.exe [321824 2014-07-18] ()
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [535936 2014-07-18] (Fuyu LIMITED)

==================== Drivers (Whitelisted) ====================

S3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [57944 2013-08-24] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [14432 2013-03-28] (Emsisoft GmbH)
R1 BHDrvx86; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140703.001\BHDrvx86.sys [1101616 2014-05-10] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1504000.00D\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)
S3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-06-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [109872 2014-06-11] (Symantec Corporation)
R2 FPSensor; C:\Windows\System32\Drivers\FPSensor.sys [26928 2008-12-24] (Egis)
R3 hidshim; C:\Windows\System32\DRIVERS\hidshim.sys [5632 2008-10-08] (Windows (R) Codename Longhorn DDK provider)
R1 IDSVix86; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140717.001\IDSvix86.sys [395992 2014-03-29] (Symantec Corporation)
R3 NAVENG; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140718.009\NAVENG.SYS [93272 2014-05-14] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140718.009\NAVEX15.SYS [1612376 2014-05-14] (Symantec Corporation)
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2013-08-21] (CACE Technologies) [File not signed]
R3 nuvotonhidgeneric; C:\Windows\System32\DRIVERS\nuvotonhidgeneric.sys [22528 2008-10-08] (Nuvoton Technology Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360\1504000.00D\SRTSP.SYS [664280 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1504000.00D\SRTSPX.SYS [32344 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1504000.00D\SYMDS.SYS [367704 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1504000.00D\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-01-22] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1504000.00D\Ironx86.SYS [206936 2013-09-27] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\1504000.00D\SYMTDIV.SYS [384728 2014-02-18] (Symantec Corporation)
R1 {0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gt; C:\Windows\System32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gt.sys [55224 2014-07-17] (StdLib)
S2 int15; \??\c:\Windows\system32\drivers\int15.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Netaapl; system32\DRIVERS\netaapl.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSBXP.SYS [49408 2013-09-06] (Seiko Epson Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-20 11:24 - 2014-07-20 11:30 - 00019804 _____ () C:\Users\PramoxLaptop\Desktop\FRST.txt
2014-07-20 11:20 - 2014-07-20 11:20 - 01079808 _____ (Farbar) C:\Users\PramoxLaptop\Desktop\FRST.exe
2014-07-18 21:36 - 2014-07-18 21:41 - 318325712 _____ () C:\Users\PramoxLaptop\Desktop\WM 2014 - Siegesfeier Berlin 1 von 2.mp4
2014-07-18 20:49 - 2014-07-20 11:29 - 00000000 ____D () C:\FRST
2014-07-18 20:36 - 2014-07-18 20:36 - 00000000 ____D () C:\Users\PramoxLaptop\Documents\Symantec
2014-07-18 19:52 - 2014-07-17 19:24 - 00055224 _____ (StdLib) C:\Windows\system32\Drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gt.sys
2014-07-18 18:16 - 2014-07-20 11:23 - 00001412 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-5_user.job
2014-07-18 18:16 - 2014-07-20 11:23 - 00001396 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-5.job
2014-07-18 18:16 - 2014-07-18 23:03 - 00000000 ____D () C:\Program Files\trolatunt
2014-07-18 18:15 - 2014-07-20 11:23 - 00002198 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-4.job
2014-07-18 18:15 - 2014-07-20 11:23 - 00001500 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-1.job
2014-07-18 18:15 - 2014-07-20 11:23 - 00001324 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-2.job
2014-07-18 18:14 - 2014-07-20 11:28 - 00001442 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-7.job
2014-07-18 18:14 - 2014-07-20 11:23 - 00003446 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-11.job
2014-07-18 18:14 - 2014-07-20 11:23 - 00002420 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-3.job
2014-07-18 18:14 - 2014-07-20 11:23 - 00001502 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-6.job
2014-07-18 18:14 - 2014-07-20 11:23 - 00000888 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-07-18 18:14 - 2014-07-19 00:19 - 00000892 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-07-18 18:14 - 2014-07-18 18:16 - 00000000 ____D () C:\Program Files\PHD-V1.4
2014-07-18 18:14 - 2014-07-18 18:14 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\globalUpdate
2014-07-18 18:14 - 2014-07-18 18:14 - 00000000 ____D () C:\Program Files\globalUpdate
2014-07-18 18:12 - 2014-07-18 23:03 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-07-18 18:12 - 2014-07-18 23:03 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-07-18 18:12 - 2014-07-18 23:03 - 00000000 ____D () C:\Program Files\SupTab
2014-07-18 18:11 - 2014-07-18 19:52 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\omiga-plus
2014-07-18 18:07 - 2014-07-18 18:07 - 00000906 _____ () C:\Users\PramoxLaptop\Desktop\MP4Joiner.lnk
2014-07-18 18:07 - 2014-07-18 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4Joiner
2014-07-18 18:06 - 2014-07-18 18:07 - 00000000 ____D () C:\Program Files\MP4Joiner
2014-07-18 18:05 - 2014-07-18 18:06 - 08088746 _____ ( ) C:\Users\PramoxLaptop\Downloads\MP4Joiner-2.1.2-win32.exe
2014-07-16 20:25 - 2014-07-16 20:25 - 00002056 _____ () C:\Users\Public\Desktop\Free MP4 Video Converter.lnk
2014-07-16 20:21 - 2014-07-16 20:22 - 32691984 _____ (DVDVideoSoft Ltd. ) C:\Users\PramoxLaptop\Downloads\FreeMP4VideoConverter.exe
2014-07-16 20:19 - 2014-07-16 20:23 - 00000000 ____D () C:\ProgramData\Freemake
2014-07-16 20:19 - 2014-07-16 20:19 - 00000000 ____D () C:\Users\PramoxLaptop\Documents\Freemake
2014-07-16 20:18 - 2014-07-16 20:22 - 00000000 ____D () C:\Program Files\Freemake
2014-07-16 20:17 - 2014-07-16 20:17 - 01268264 _____ (Ellora Assets Corporation ) C:\Users\PramoxLaptop\Downloads\FreemakeVideoConverterSetup.exe
2014-07-16 20:02 - 2014-07-16 20:02 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\HandBrake
2014-07-16 19:59 - 2014-07-16 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-07-16 19:59 - 2014-07-16 20:25 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-07-16 19:59 - 2014-07-16 20:24 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-07-16 19:59 - 2014-07-16 20:00 - 00002056 _____ () C:\Users\Public\Desktop\Free DVD Video Converter.lnk
2014-07-16 19:59 - 2014-07-16 19:59 - 00001036 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-07-16 19:58 - 2014-07-16 20:25 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\DVDVideoSoft
2014-07-15 20:48 - 2014-07-15 20:48 - 37146304 _____ (DVDVideoSoft Ltd. ) C:\Users\PramoxLaptop\Downloads\FreeDVDVideoConverter-2.0.20.623.exe
2014-07-15 19:36 - 2014-07-15 19:36 - 00001668 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-15 19:36 - 2014-07-15 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-15 19:36 - 2012-08-21 13:01 - 00026840 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-07-15 19:35 - 2014-07-15 19:36 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-15 19:35 - 2014-07-15 19:36 - 00000000 ____D () C:\Program Files\iTunes
2014-07-15 19:35 - 2014-07-15 19:35 - 00000000 ____D () C:\Program Files\iPod
2014-07-15 19:34 - 2014-07-15 19:34 - 00001830 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-07-15 19:34 - 2014-07-15 19:34 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-07-15 19:30 - 2014-07-15 19:35 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-15 19:27 - 2014-07-15 19:28 - 111992144 _____ (Apple Inc.) C:\Users\PramoxLaptop\Downloads\iTunesSetup(1).exe
2014-07-14 19:22 - 2014-07-14 19:22 - 00002019 _____ () C:\Users\PramoxLaptop\Desktop\iDevice Manager.lnk
2014-07-14 19:22 - 2014-07-14 19:22 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\Software4u
2014-07-14 19:22 - 2014-07-14 19:22 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\IsolatedStorage
2014-07-14 19:22 - 2014-07-14 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDevice Manager
2014-07-14 19:22 - 2014-07-14 19:22 - 00000000 ____D () C:\Program Files\Software4u
2014-07-14 19:19 - 2014-07-14 19:19 - 04101456 _____ (Marx Softwareentwicklung ) C:\Users\PramoxLaptop\Downloads\IDMSetup34.exe
2014-07-14 19:19 - 2014-07-14 19:19 - 00000000 ____D () C:\Users\PramoxLaptop\Documents\91 Mobile
2014-07-14 19:18 - 2014-07-14 19:18 - 00000000 ____D () C:\Program Files\NetDragon
2014-07-14 19:06 - 2014-07-14 19:07 - 00961360 _____ (Chip Digital GmbH) C:\Users\PramoxLaptop\Downloads\SharePod - CHIP-Installer.exe
2014-07-14 18:22 - 2014-07-14 18:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl_01009.Wdf
2014-07-14 17:36 - 2014-07-14 17:43 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\WindSolutions
2014-07-14 17:36 - 2014-07-14 17:37 - 00000000 ____D () C:\ProgramData\WindSolutions
2014-07-14 17:35 - 2014-07-14 17:36 - 05102256 _____ (WindSolutions) C:\Users\PramoxLaptop\Downloads\Install_CopyTransControlCenter.exe
2014-07-13 12:30 - 2014-06-07 02:19 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-13 12:29 - 2014-06-07 02:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-13 12:29 - 2014-06-07 01:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-13 12:29 - 2014-06-07 01:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-13 12:29 - 2014-06-07 01:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-13 12:29 - 2014-06-07 01:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-13 12:29 - 2014-06-07 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-13 12:29 - 2014-06-07 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-13 12:29 - 2014-06-07 00:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-13 12:29 - 2014-06-07 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-13 12:29 - 2014-06-07 00:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-13 12:29 - 2014-06-07 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-13 12:29 - 2014-06-07 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-13 12:29 - 2014-06-07 00:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-13 12:29 - 2014-06-07 00:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-13 12:29 - 2014-06-07 00:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-13 12:29 - 2014-06-07 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-13 12:29 - 2014-06-07 00:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-13 12:29 - 2014-06-07 00:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-13 12:29 - 2014-06-07 00:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-13 12:29 - 2014-06-07 00:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-13 12:29 - 2014-06-07 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-13 12:29 - 2014-06-06 10:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-13 12:29 - 2014-05-30 08:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 16:29 - 2014-07-09 16:29 - 01058200 _____ (Adobe) C:\Users\PramoxLaptop\Downloads\install_flashplayer14x32au_mssd_aaa_aih.exe
2014-07-03 18:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-03 18:39 - 2014-07-03 18:39 - 01346519 _____ () C:\Users\PramoxLaptop\Downloads\adwcleaner_3.214.exe
2014-07-03 17:07 - 2014-07-04 13:50 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\dvdcss
2014-07-03 12:32 - 2014-07-03 13:11 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\pangu
2014-07-03 12:29 - 2014-07-03 12:30 - 35956160 _____ () C:\Users\PramoxLaptop\Downloads\Pangu_v1.1.exe
2014-07-02 20:30 - 2014-07-02 20:30 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\AirMouse
2014-07-02 20:30 - 2014-07-02 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Air Mouse
2014-07-02 20:30 - 2014-07-02 20:30 - 00000000 ____D () C:\Program Files\Air Mouse
2014-07-02 20:29 - 2014-07-02 20:29 - 08378272 _____ (RPA Tech, Inc ) C:\Users\PramoxLaptop\Downloads\setup2.7.0.exe
2014-07-02 20:29 - 2014-07-02 20:29 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\Downloaded Installations
2014-07-02 16:56 - 2014-07-02 16:56 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\Adobe
2014-06-29 05:29 - 2014-07-18 23:03 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-07-20 11:30 - 2014-07-20 11:24 - 00019804 _____ () C:\Users\PramoxLaptop\Desktop\FRST.txt
2014-07-20 11:30 - 2014-05-14 14:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-20 11:30 - 2013-11-24 14:46 - 01909935 _____ () C:\Windows\WindowsUpdate.log
2014-07-20 11:29 - 2014-07-18 20:49 - 00000000 ____D () C:\FRST
2014-07-20 11:28 - 2014-07-18 18:14 - 00001442 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-7.job
2014-07-20 11:23 - 2014-07-18 18:16 - 00001412 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-5_user.job
2014-07-20 11:23 - 2014-07-18 18:16 - 00001396 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-5.job
2014-07-20 11:23 - 2014-07-18 18:15 - 00002198 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-4.job
2014-07-20 11:23 - 2014-07-18 18:15 - 00001500 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-1.job
2014-07-20 11:23 - 2014-07-18 18:15 - 00001324 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-2.job
2014-07-20 11:23 - 2014-07-18 18:14 - 00003446 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-11.job
2014-07-20 11:23 - 2014-07-18 18:14 - 00002420 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-3.job
2014-07-20 11:23 - 2014-07-18 18:14 - 00001502 _____ () C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-6.job
2014-07-20 11:23 - 2014-07-18 18:14 - 00000888 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-07-20 11:23 - 2014-05-14 14:55 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-20 11:23 - 2013-11-29 21:46 - 00098588 _____ () C:\ProgramData\nvModes.001
2014-07-20 11:23 - 2013-11-29 20:30 - 00098588 _____ () C:\ProgramData\nvModes.dat
2014-07-20 11:23 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-20 11:23 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-20 11:23 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-20 11:23 - 2006-11-02 12:23 - 00000246 _____ () C:\Windows\win.ini
2014-07-20 11:21 - 2006-11-02 15:01 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-20 11:20 - 2014-07-20 11:20 - 01079808 _____ (Farbar) C:\Users\PramoxLaptop\Desktop\FRST.exe
2014-07-20 11:19 - 2014-06-08 13:26 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\vlc
2014-07-20 11:18 - 2014-03-06 20:09 - 00000604 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1096382573-999743387-1970358641-1000.job
2014-07-19 00:19 - 2014-07-18 18:14 - 00000892 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-07-19 00:12 - 2014-05-14 14:55 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-18 23:03 - 2014-07-18 18:16 - 00000000 ____D () C:\Program Files\trolatunt
2014-07-18 23:03 - 2014-07-18 18:12 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-07-18 23:03 - 2014-07-18 18:12 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-07-18 23:03 - 2014-07-18 18:12 - 00000000 ____D () C:\Program Files\SupTab
2014-07-18 23:03 - 2014-06-29 05:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-18 22:58 - 2014-05-14 14:55 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-18 21:41 - 2014-07-18 21:36 - 318325712 _____ () C:\Users\PramoxLaptop\Desktop\WM 2014 - Siegesfeier Berlin 1 von 2.mp4
2014-07-18 20:36 - 2014-07-18 20:36 - 00000000 ____D () C:\Users\PramoxLaptop\Documents\Symantec
2014-07-18 19:52 - 2014-07-18 18:11 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\omiga-plus
2014-07-18 18:19 - 2008-01-21 04:47 - 00874406 _____ () C:\Windows\PFRO.log
2014-07-18 18:16 - 2014-07-18 18:14 - 00000000 ____D () C:\Program Files\PHD-V1.4
2014-07-18 18:14 - 2014-07-18 18:14 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\globalUpdate
2014-07-18 18:14 - 2014-07-18 18:14 - 00000000 ____D () C:\Program Files\globalUpdate
2014-07-18 18:11 - 2013-11-24 17:31 - 00001068 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-18 18:11 - 2013-11-24 14:58 - 00001141 _____ () C:\Users\PramoxLaptop\Desktop\Internet Explorer.lnk
2014-07-18 18:10 - 2013-11-24 17:31 - 00001080 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-18 18:07 - 2014-07-18 18:07 - 00000906 _____ () C:\Users\PramoxLaptop\Desktop\MP4Joiner.lnk
2014-07-18 18:07 - 2014-07-18 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4Joiner
2014-07-18 18:07 - 2014-07-18 18:06 - 00000000 ____D () C:\Program Files\MP4Joiner
2014-07-18 18:06 - 2014-07-18 18:05 - 08088746 _____ ( ) C:\Users\PramoxLaptop\Downloads\MP4Joiner-2.1.2-win32.exe
2014-07-17 19:24 - 2014-07-18 19:52 - 00055224 _____ (StdLib) C:\Windows\system32\Drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gt.sys
2014-07-16 22:17 - 2013-11-30 17:04 - 00162816 _____ () C:\Users\PramoxLaptop\Desktop\Ebay Auswertung.xls
2014-07-16 20:25 - 2014-07-16 20:25 - 00002056 _____ () C:\Users\Public\Desktop\Free MP4 Video Converter.lnk
2014-07-16 20:25 - 2014-07-16 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-07-16 20:25 - 2014-07-16 19:59 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-07-16 20:25 - 2014-07-16 19:58 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\DVDVideoSoft
2014-07-16 20:24 - 2014-07-16 19:59 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-07-16 20:23 - 2014-07-16 20:19 - 00000000 ____D () C:\ProgramData\Freemake
2014-07-16 20:22 - 2014-07-16 20:21 - 32691984 _____ (DVDVideoSoft Ltd. ) C:\Users\PramoxLaptop\Downloads\FreeMP4VideoConverter.exe
2014-07-16 20:22 - 2014-07-16 20:18 - 00000000 ____D () C:\Program Files\Freemake
2014-07-16 20:19 - 2014-07-16 20:19 - 00000000 ____D () C:\Users\PramoxLaptop\Documents\Freemake
2014-07-16 20:17 - 2014-07-16 20:17 - 01268264 _____ (Ellora Assets Corporation ) C:\Users\PramoxLaptop\Downloads\FreemakeVideoConverterSetup.exe
2014-07-16 20:03 - 2014-01-15 19:17 - 00006656 _____ () C:\Users\PramoxLaptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-16 20:02 - 2014-07-16 20:02 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\HandBrake
2014-07-16 20:00 - 2014-07-16 19:59 - 00002056 _____ () C:\Users\Public\Desktop\Free DVD Video Converter.lnk
2014-07-16 19:59 - 2014-07-16 19:59 - 00001036 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-07-16 19:55 - 2014-03-12 16:24 - 00000000 ____D () C:\Users\PramoxLaptop\Desktop\Iphone
2014-07-16 06:55 - 2014-01-22 19:08 - 00002063 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-07-16 06:55 - 2014-01-22 19:07 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-07-16 06:55 - 2014-01-22 19:07 - 00000000 ____D () C:\Windows\system32\Drivers\N360
2014-07-15 20:48 - 2014-07-15 20:48 - 37146304 _____ (DVDVideoSoft Ltd. ) C:\Users\PramoxLaptop\Downloads\FreeDVDVideoConverter-2.0.20.623.exe
2014-07-15 19:36 - 2014-07-15 19:36 - 00001668 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-15 19:36 - 2014-07-15 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-15 19:36 - 2014-07-15 19:35 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-15 19:36 - 2014-07-15 19:35 - 00000000 ____D () C:\Program Files\iTunes
2014-07-15 19:35 - 2014-07-15 19:35 - 00000000 ____D () C:\Program Files\iPod
2014-07-15 19:35 - 2014-07-15 19:30 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-15 19:35 - 2014-03-12 16:31 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-07-15 19:34 - 2014-07-15 19:34 - 00001830 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-07-15 19:34 - 2014-07-15 19:34 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-07-15 19:33 - 2013-11-24 14:55 - 00000000 ____D () C:\Users\PramoxLaptop
2014-07-15 19:30 - 2014-03-12 16:26 - 00000000 ____D () C:\ProgramData\Apple
2014-07-15 19:28 - 2014-07-15 19:27 - 111992144 _____ (Apple Inc.) C:\Users\PramoxLaptop\Downloads\iTunesSetup(1).exe
2014-07-15 19:18 - 2006-11-02 14:52 - 00124092 _____ () C:\Windows\setupact.log
2014-07-14 19:30 - 2009-02-11 22:16 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-07-14 19:22 - 2014-07-14 19:22 - 00002019 _____ () C:\Users\PramoxLaptop\Desktop\iDevice Manager.lnk
2014-07-14 19:22 - 2014-07-14 19:22 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\Software4u
2014-07-14 19:22 - 2014-07-14 19:22 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\IsolatedStorage
2014-07-14 19:22 - 2014-07-14 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDevice Manager
2014-07-14 19:22 - 2014-07-14 19:22 - 00000000 ____D () C:\Program Files\Software4u
2014-07-14 19:20 - 2014-04-07 18:21 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\CrashDumps
2014-07-14 19:19 - 2014-07-14 19:19 - 04101456 _____ (Marx Softwareentwicklung ) C:\Users\PramoxLaptop\Downloads\IDMSetup34.exe
2014-07-14 19:19 - 2014-07-14 19:19 - 00000000 ____D () C:\Users\PramoxLaptop\Documents\91 Mobile
2014-07-14 19:18 - 2014-07-14 19:18 - 00000000 ____D () C:\Program Files\NetDragon
2014-07-14 19:07 - 2014-07-14 19:06 - 00961360 _____ (Chip Digital GmbH) C:\Users\PramoxLaptop\Downloads\SharePod - CHIP-Installer.exe
2014-07-14 18:22 - 2014-07-14 18:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl_01009.Wdf
2014-07-14 17:43 - 2014-07-14 17:36 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\WindSolutions
2014-07-14 17:37 - 2014-07-14 17:36 - 00000000 ____D () C:\ProgramData\WindSolutions
2014-07-14 17:36 - 2014-07-14 17:35 - 05102256 _____ (WindSolutions) C:\Users\PramoxLaptop\Downloads\Install_CopyTransControlCenter.exe
2014-07-13 12:55 - 2006-11-02 14:47 - 00308232 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-13 12:52 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-13 12:50 - 2013-11-30 14:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-13 12:46 - 2006-11-02 12:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-09 17:44 - 2013-12-08 14:33 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-09 17:44 - 2013-12-08 14:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 16:29 - 2014-07-09 16:29 - 01058200 _____ (Adobe) C:\Users\PramoxLaptop\Downloads\install_flashplayer14x32au_mssd_aaa_aih.exe
2014-07-06 14:31 - 2014-01-16 21:04 - 00000000 ____D () C:\Users\PramoxLaptop\Desktop\Pramox
2014-07-06 14:28 - 2014-05-29 17:36 - 00000653 _____ () C:\Users\PramoxLaptop\Desktop\Websites.txt
2014-07-04 13:50 - 2014-07-03 17:07 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\dvdcss
2014-07-03 18:45 - 2014-01-22 18:40 - 00000000 ____D () C:\AdwCleaner
2014-07-03 18:39 - 2014-07-03 18:39 - 01346519 _____ () C:\Users\PramoxLaptop\Downloads\adwcleaner_3.214.exe
2014-07-03 16:27 - 2014-06-14 08:41 - 00017920 _____ () C:\Users\PramoxLaptop\Desktop\Urlaub 2014.xls
2014-07-03 13:58 - 2014-01-16 21:04 - 00000000 ____D () C:\Users\PramoxLaptop\Desktop\Nina
2014-07-03 13:11 - 2014-07-03 12:32 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\pangu
2014-07-03 12:30 - 2014-07-03 12:29 - 35956160 _____ () C:\Users\PramoxLaptop\Downloads\Pangu_v1.1.exe
2014-07-02 20:30 - 2014-07-02 20:30 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\AirMouse
2014-07-02 20:30 - 2014-07-02 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Air Mouse
2014-07-02 20:30 - 2014-07-02 20:30 - 00000000 ____D () C:\Program Files\Air Mouse
2014-07-02 20:29 - 2014-07-02 20:29 - 08378272 _____ (RPA Tech, Inc ) C:\Users\PramoxLaptop\Downloads\setup2.7.0.exe
2014-07-02 20:29 - 2014-07-02 20:29 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\Downloaded Installations
2014-07-02 16:56 - 2014-07-02 16:56 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\Adobe
2014-07-01 17:10 - 2013-11-24 17:26 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-29 10:43 - 2014-03-12 16:32 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\Apple Computer

Some content of TEMP:
====================
C:\Users\PramoxLaptop\AppData\Local\Temp\FreemakeVideoConverter_4.1.4.3.exe
C:\Users\PramoxLaptop\AppData\Local\Temp\OptimizerPro.exe
C:\Users\PramoxLaptop\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\PramoxLaptop\AppData\Local\Temp\setup.exe
C:\Users\PramoxLaptop\AppData\Local\Temp\smt_omiga-plus_20140717.exe
C:\Users\PramoxLaptop\AppData\Local\Temp\trolatuntSetup.exe
C:\Users\PramoxLaptop\AppData\Local\Temp\_isD431.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-20 11:29

==================== End Of Log ============================
--- --- ---
FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:19-07-2014
Ran by PramoxLaptop at 2014-07-20 11:31:03
Running from C:\Users\PramoxLaptop\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

7-Zip 9.22beta (HKLM\...\7-Zip) (Version:  - )
AC3Filter 2.6.0b (HKLM\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Acer Backup Manager (HKLM\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 1.0.0.50 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.79.326 (HKLM\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.79.326 - Chicony Electronics Co.,Ltd.)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.00.3005 - Acer Incorporated)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer PowerSmart Manager (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.01.3006 - Acer Incorporated)
Acer Product Registration (HKLM\...\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}) (Version: 3.0.0.10 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\Acer Screensaver) (Version:  - Acer)
Acer VCM (HKLM\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.00.3004 - Acer Incorporated)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
AmIcoSingLun (HKLM\...\InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}) (Version: 1.2.117.1 - Alcor Micro Co., Ltd.)
AmIcoSingLun (Version: 1.2.117.1 - Alcor Micro Co., Ltd.) Hidden
Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Backup Manager Basic (Version: 1.0.0.50 - NewTech Infosystems) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{9AF0B106-56F1-461B-A270-95BC1682E282}) (Version: 11.34.02 - Broadcom Corporation)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
devolo dLAN Cockpit (HKLM\...\dlancockpit) (Version: 4.1.3.0 - devolo AG)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.100 - DivX, LLC)
Druckerdeinstallation für EPSON SX235 Series (HKLM\...\EPSON SX235 Series) (Version:  - SEIKO EPSON Corporation)
Emsisoft Anti-Malware (HKLM\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 8.1 - Emsisoft GmbH)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Config V4 (HKLM\...\{08013FB5-DF8B-4D29-9B5E-B3DE88EBA6CA}) (Version: 4.4.1 - SEIKO EPSON CORPORATION)
Free DVD Video Converter version 2.0.20.623 (HKLM\...\Free DVD Video Converter_is1) (Version: 2.0.20.623 - DVDVideoSoft Ltd.)
Free MP4 Video Converter version 5.0.44.623 (HKLM\...\Free MP4 Video Converter_is1) (Version: 5.0.44.623 - DVDVideoSoft Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 6.3.0.1468 (HKCU\...\GoToMeeting) (Version: 6.3.0.1468 - CitrixOnline)
iDevice Manager (HKLM\...\FE5AE7DC-7B01-4263-A94C-B4526C276550_is1) (Version: 3.4.0.0 - Marx Software)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{0A37EE62-9A58-420D-90CC-4E52153112EE}) (Version: 11.3.0.54 - Apple Inc.)
Launch Manager (HKLM\...\LManager) (Version: 2.0.01 - Acer Inc.)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{91E30407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Mouse Server (HKLM\...\{895FE43E-71C2-4FEA-94EF-B88D111495FC}) (Version: 2.7.0 - RPA Tech, Inc)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MP4Joiner v2.1.2 (HKLM\...\MP4Joiner_is1) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton 360 (HKLM\...\N360) (Version: 21.4.0.13 - Symantec Corporation)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.616 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.616 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6509 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.2.6509 - NewTech Infosystems) Hidden
Nuvoton EC Generic HID Driver (HKLM\...\{302E9B7B-2B6A-4C29-9A02-9F2110649779}) (Version: 7.80.5000 - Nuvoton Technology Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
omiga-plus uninstall (HKLM\...\omiga-plus uninstall) (Version:  - omiga-plus)
PDF24 Creator 6.3.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PHD-V1.4 (HKLM\...\PHD-V1.4) (Version: 1.34.7.1 - PHD)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5807 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.1.0.0 - Synaptics)
trolatunt (HKLM\...\trolatunt) (Version: 2014.07.18.160707 - trolatunt) <==== ATTENTION
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WindowsMangerProtect20.0.0.502 (HKLM\...\WindowsMangerProtect) (Version: 20.0.0.502 - WindowsProtect LIMITED)

==================== Restore Points  =========================

12-05-2014 09:27:38 Geplanter Prüfpunkt
13-05-2014 13:04:16 Geplanter Prüfpunkt
14-05-2014 12:07:01 Geplanter Prüfpunkt
16-05-2014 05:09:40 Windows Update
22-05-2014 20:36:40 Gerätetreiber-Paketinstallation: EPSON Drucker
24-05-2014 21:05:13 Geplanter Prüfpunkt
26-05-2014 10:54:31 Geplanter Prüfpunkt
13-06-2014 07:27:37 Windows Update
29-06-2014 04:08:43 Geplanter Prüfpunkt
02-07-2014 17:37:07 Geplanter Prüfpunkt
02-07-2014 18:30:00 Installed Mobile Mouse Server.
13-07-2014 10:44:40 Windows Update
14-07-2014 17:07:13 ??? 91 PC Suite for iPhone
14-07-2014 17:17:55 ??? 91 PC Suite for iPhone
14-07-2014 17:29:56 ??? 91 PC Suite for iPhone
15-07-2014 17:09:27 Removed iTunes
15-07-2014 17:13:36 Removed Apple Application Support
15-07-2014 17:14:59 Removed Apple Mobile Device Support
15-07-2014 17:19:15 Removed Apple Software Update
15-07-2014 17:32:11 Gerätetreiber-Paketinstallation: Apple, Inc. USB-Controller
15-07-2014 17:33:16 Gerätetreiber-Paketinstallation: Apple Netzwerkadapter
15-07-2014 17:34:27 Installed iTunes
16-07-2014 17:46:20 Windows Update
18-07-2014 22:02:41 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2006-11-02 12:23 - 2014-03-12 19:12 - 00000763 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
::1            localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {014387AD-70C9-4FAF-8D90-6AB7A3C7C8B4} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {07BB548C-C299-488D-BB20-6AF1662E2688} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-14] (Google Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {22A3279F-E17F-4CF4-9D50-59E919756BF7} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-07-18] (globalUpdate) <==== ATTENTION
Task: {23595F99-7FD0-4996-BDD8-64952584CE9C} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3A036A2B-F67B-4B36-BCB0-0B16F67722E8} - System32\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-6 => C:\Program Files\PHD-V1.4\PHD-V1.4-novainstaller.exe [2014-07-18] (PHD)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3EF60081-D08A-4C4E-82AD-6223E405811F} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {5A7D1ADD-D0A1-4CB2-915B-92DE99B0986C} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\21.4.0.13\WSCStub.exe [2014-06-27] (Symantec Corporation)
Task: {5D2988A8-7417-4F2C-B67F-1139C2BE677F} - System32\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-11 => C:\Program Files\PHD-V1.4\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-11.exe [2014-07-18] (PHD)
Task: {7C6B35B5-4D1F-4FBA-9170-460EBE595467} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {9B1091E8-5AF9-4125-AC97-20BBE0BACD0B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-14] (Google Inc.)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {B6419A9F-34BE-4E37-932D-8C1689BC550C} - System32\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-5_user => C:\Program Files\PHD-V1.4\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-5.exe [2014-07-18] (PHD)
Task: {B8A8A437-E3AF-4FDE-987A-245E4C8EC8C3} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-07-18] (globalUpdate) <==== ATTENTION
Task: {C9A9E64A-A75D-443E-A914-E49E8CB4557F} - System32\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-5 => C:\Program Files\PHD-V1.4\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-5.exe [2014-07-18] (PHD)
Task: {CAD4AC81-B983-469A-9E0C-3F206DF0C8A5} - System32\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-1 => C:\Program Files\PHD-V1.4\PHD-V1.4-codedownloader.exe [2014-07-18] (PHD)
Task: {D536E162-18C6-4752-9338-48B1FC17AD2D} - System32\Tasks\G2MUpdateTask-S-1-5-21-1096382573-999743387-1970358641-1000 => C:\Users\PramoxLaptop\AppData\Local\Citrix\GoToMeeting\1468\g2mupdate.exe [2014-07-15] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {D72A8D9A-AB18-4C9F-A94B-11D9AB6915DC} - System32\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-2 => C:\Program Files\PHD-V1.4\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-2.exe [2014-07-18] (PHD)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F102BFB1-5CA6-4EF3-8CC7-F2ACDFB66945} - System32\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-4 => C:\Program Files\PHD-V1.4\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-4.exe [2014-07-18] (PHD)
Task: {F12B5211-3ACB-43A8-A108-6E11A238BAB6} - System32\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-7 => C:\Program Files\PHD-V1.4\PHD-V1.4-nova.exe [2014-07-18] (PHD)
Task: {FA6BD5BE-CC57-43FE-826E-C9A67CF648E7} - System32\Tasks\Acer\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-02-05] (Acer)
Task: {FA8B1672-557D-4875-8C51-FC26CB4CFEC3} - System32\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-3 => C:\Program Files\PHD-V1.4\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-3.exe [2014-07-18] (PHD)
Task: C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-1.job => C:\Program Files\PHD-V1.4\PHD-V1.4-codedownloader.exe
Task: C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-11.job => C:\Program Files\PHD-V1.4\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-11.exe
Task: C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-2.job => C:\Program Files\PHD-V1.4\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-2.exe
Task: C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-3.job => C:\Program Files\PHD-V1.4\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-3.exe
Task: C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-4.job => C:\Program Files\PHD-V1.4\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-4.exe
Task: C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-5.job => C:\Program Files\PHD-V1.4\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-5.exe
Task: C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-5_user.job => C:\Program Files\PHD-V1.4\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-5.exe
Task: C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-6.job => C:\Program Files\PHD-V1.4\PHD-V1.4-novainstaller.exe
Task: C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-7.job => C:\Program Files\PHD-V1.4\PHD-V1.4-nova.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1096382573-999743387-1970358641-1000.job => C:\Users\PramoxLaptop\AppData\Local\Citrix\GoToMeeting\1468\g2mupdate.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-17 17:29 - 2014-07-18 18:12 - 00093576 _____ () C:\Program Files\SupTab\WindowsSupportDll32.dll
2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-18 18:08 - 2014-07-18 18:08 - 00321824 _____ () C:\Program Files\trolatunt\updatetrolatunt.exe
2013-11-24 15:08 - 2013-11-24 15:07 - 00200704 _____ () C:\Windows\PLFSetI.exe
2014-07-18 19:46 - 2014-07-18 19:46 - 00321824 _____ () C:\Program Files\trolatunt\bin\utiltrolatunt.exe
2013-11-24 23:31 - 2003-06-07 23:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2014-07-17 17:29 - 2014-07-18 18:12 - 00732040 _____ () C:\Program Files\SupTab\HpUI.exe
2014-07-16 11:16 - 2014-07-16 11:16 - 00064000 _____ () C:\Program Files\SupTab\Loader32.exe
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2012-09-23 20:44 - 2012-09-23 20:44 - 01600512 _____ () C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
2011-06-14 14:19 - 2011-06-14 14:19 - 00025600 _____ () C:\Program Files\Air Mouse\Air Mouse\BonjourService.dll
2014-07-18 19:52 - 2014-07-17 19:24 - 00239392 _____ () C:\Program Files\trolatunt\bin\trolatunt.PurBrowse.exe
2014-07-18 19:52 - 2014-07-18 15:58 - 00096544 _____ () C:\Program Files\trolatunt\bin\trolatunt.BrowserAdapter.exe
2014-06-12 06:37 - 2014-06-12 06:37 - 03022960 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2014-06-12 06:37 - 2014-06-12 06:37 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2014-06-12 06:37 - 2014-06-12 06:37 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-06-29 05:29 - 2014-06-29 05:29 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-07-09 17:44 - 2014-07-09 17:44 - 17029808 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/20/2014 11:23:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2014 11:23:26 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/20/2014 11:23:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/20/2014 11:17:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2014 11:16:56 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/20/2014 11:16:31 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/18/2014 08:32:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/18/2014 08:32:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/18/2014 08:32:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/18/2014 08:31:50 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (07/20/2014 11:24:13 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (07/20/2014 11:24:11 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/20/2014 11:23:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NTI IScheduleSvc%%14001

Error: (07/20/2014 11:23:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: int15%%2

Error: (07/20/2014 11:23:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (07/20/2014 11:17:32 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (07/20/2014 11:17:29 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/20/2014 11:17:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NTI IScheduleSvc%%14001

Error: (07/20/2014 11:17:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: int15%%2

Error: (07/20/2014 11:17:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058


Microsoft Office Sessions:
=========================
Error: (07/20/2014 11:23:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2014 11:23:26 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

Error: (07/20/2014 11:23:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

Error: (07/20/2014 11:17:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2014 11:16:56 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

Error: (07/20/2014 11:16:31 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

Error: (07/18/2014 08:32:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/18/2014 08:32:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManager.exe

Error: (07/18/2014 08:32:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

Error: (07/18/2014 08:31:50 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe


CodeIntegrity Errors:
===================================
  Date: 2014-07-20 11:30:35.347
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-20 11:30:35.199
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-20 11:30:35.034
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-20 11:30:34.870
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-20 11:29:51.544
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140703.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-20 11:29:51.364
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140703.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-20 11:29:51.195
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140703.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-20 11:29:50.925
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140703.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-18 21:07:35.546
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-18 21:07:35.421
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 57%
Total physical RAM: 3065.89 MB
Available physical RAM: 1295.75 MB
Total Pagefile: 6336.81 MB
Available Pagefile: 4098.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.74 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:452.99 GB) (Free:296.48 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (LOGICAL VOLUME IDENTIFIER) (CDROM) (Total:4.16 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 6F050EC2)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=453 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=12)

==================== End Of Log ============================
--- --- ---

M-K-D-B 20.07.2014 12:17
Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 3
Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann.
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.
  • Starte Zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
  • Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
    Code:
    iedefaults;
    resetIEproxy;
    FFdefaults;
    CHRdefaults;
    emptyclsid;
    autoclean;
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich Notepad mit der Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:\ .
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken).





Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die Logdatei von Zoek,
  • die beiden neuen Logdateien von FRST.

pramox 20.07.2014 17:24
OK hier die geforderten Daten:AdwCleaner Logfile:
Code:
# AdwCleaner v3.216 - Bericht erstellt am 20/07/2014 um 16:16:12
# Aktualisiert 17/07/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : PramoxLaptop - PRAMOXLAPTOP-PC
# Gestartet von : C:\Users\PramoxLaptop\Desktop\adwcleaner_3.216.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : globalUpdate
[#] Dienst Gelöscht : globalUpdatem
Dienst Gelöscht : IePluginServices
[#] Dienst Gelöscht : Update trolatunt
[#] Dienst Gelöscht : Util trolatunt

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\IePluginServices
Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\Program Files\globalUpdate
Ordner Gelöscht : C:\Program Files\software4u
Ordner Gelöscht : C:\Program Files\SupTab
[!] Ordner Gelöscht : C:\Program Files\trolatunt
Ordner Gelöscht : C:\Users\PramoxLaptop\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\PRAMOX~1\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\PramoxLaptop\AppData\Roaming\omiga-plus
Ordner Gelöscht : C:\Users\PramoxLaptop\AppData\Roaming\software4u
Ordner Gelöscht : C:\Users\PramoxLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\et5cxbr7.default-1405707576517\Extensions\508d4e2f-a469-421d-a294-135dbb84fe1b@f7b17943-cc9e-4d4a-b223-0bd1e7cfc871.com
Ordner Gelöscht : C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Datei Gelöscht : C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
Datei Gelöscht : C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
Datei Gelöscht : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
Datei Gelöscht : C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
Datei Gelöscht : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
Datei Gelöscht : C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-1.job
Datei Gelöscht : C:\Windows\System32\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-1
Datei Gelöscht : C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-11.job
Datei Gelöscht : C:\Windows\System32\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-11
Datei Gelöscht : C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-2.job
Datei Gelöscht : C:\Windows\System32\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-2
Datei Gelöscht : C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-3.job
Datei Gelöscht : C:\Windows\System32\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-3
Datei Gelöscht : C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-4.job
Datei Gelöscht : C:\Windows\System32\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-4
Datei Gelöscht : C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-5.job
Datei Gelöscht : C:\Windows\System32\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-5
Datei Gelöscht : C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-5_user.job
Datei Gelöscht : C:\Windows\System32\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-5_user
Datei Gelöscht : C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-6.job
Datei Gelöscht : C:\Windows\System32\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-6
Datei Gelöscht : C:\Windows\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-7.job
Datei Gelöscht : C:\Windows\System32\Tasks\052297c7-31ae-41f2-a2c1-eef8b85ad9f9-7

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\PramoxLaptop\Desktop\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\PramoxLaptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\PramoxLaptop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser (2).lnk
Verknüpfung Desinfiziert : C:\Users\PramoxLaptop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser (3).lnk
Verknüpfung Desinfiziert : C:\Users\PramoxLaptop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\PramoxLaptop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B8A8A437-E3AF-4FDE-987A-245E4C8EC8C3}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8A8A437-E3AF-4FDE-987A-245E4C8EC8C3}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{22A3279F-E17F-4CF4-9D50-59E919756BF7}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22A3279F-E17F-4CF4-9D50-59E919756BF7}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CAD4AC81-B983-469A-9E0C-3F206DF0C8A5}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D2988A8-7417-4F2C-B67F-1139C2BE677F}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CAD4AC81-B983-469A-9E0C-3F206DF0C8A5}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5D2988A8-7417-4F2C-B67F-1139C2BE677F}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D72A8D9A-AB18-4C9F-A94B-11D9AB6915DC}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D72A8D9A-AB18-4C9F-A94B-11D9AB6915DC}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FA8B1672-557D-4875-8C51-FC26CB4CFEC3}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA8B1672-557D-4875-8C51-FC26CB4CFEC3}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F102BFB1-5CA6-4EF3-8CC7-F2ACDFB66945}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F102BFB1-5CA6-4EF3-8CC7-F2ACDFB66945}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C9A9E64A-A75D-443E-A914-E49E8CB4557F}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6419A9F-34BE-4E37-932D-8C1689BC550C}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9A9E64A-A75D-443E-A914-E49E8CB4557F}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B6419A9F-34BE-4E37-932D-8C1689BC550C}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3A036A2B-F67B-4B36-BCB0-0B16F67722E8}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A036A2B-F67B-4B36-BCB0-0B16F67722E8}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F12B5211-3ACB-43A8-A108-6E11A238BAB6}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F12B5211-3ACB-43A8-A108-6E11A238BAB6}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [LManager]
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKLM\Software\GlobalUpdate
Schlüssel Gelöscht : HKLM\Software\installedbrowserextensions
Schlüssel Gelöscht : HKLM\Software\omiga-plusSoftware
Schlüssel Gelöscht : HKLM\Software\SupDp
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\supWindowsMangerProtect
Schlüssel Gelöscht : HKLM\Software\supWPM

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16561

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\PramoxLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\et5cxbr7.default-1405707576517\prefs.js ]

Zeile gelöscht : user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Zeile gelöscht : user_pref("extensions.crossrider.bic", "1474abfd97f74d137bc4df10cf2d1f63");

-\\ Google Chrome v36.0.1985.125

[ Datei : C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1405699677&from=smt&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309UD2416D2416&q={searchTerms}
Gelöscht [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma

*************************

AdwCleaner[R0].txt - [2809 octets] - [22/01/2014 18:40:09]
AdwCleaner[R1].txt - [1656 octets] - [19/03/2014 19:15:10]
AdwCleaner[R2].txt - [1571 octets] - [03/07/2014 18:40:05]
AdwCleaner[R3].txt - [13610 octets] - [20/07/2014 16:14:12]
AdwCleaner[S0].txt - [2397 octets] - [22/01/2014 18:46:50]
AdwCleaner[S1].txt - [1723 octets] - [19/03/2014 19:15:56]
AdwCleaner[S2].txt - [1632 octets] - [03/07/2014 18:45:05]
AdwCleaner[S3].txt - [11614 octets] - [20/07/2014 16:16:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [11675 octets] ##########
--- --- ---

Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software


Update, 20.07.2014 17:05:25, SYSTEM, PRAMOXLAPTOP-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.7.17.1,
Update, 20.07.2014 17:05:33, SYSTEM, PRAMOXLAPTOP-PC, Manual, Malware Database, 2014.3.4.9, 2014.7.20.4,

(end)



Zoek.exe v5.0.0.0 Updated 19-07-2014
Tool run by PramoxLaptop on 20.07.2014 at 17:23:03,18.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\PramoxLaptop\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

20.07.2014 17:25:51 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{11111111-1111-1111-1111-110511831162} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WindowsMangerProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WindowsMangerProtect deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\PRAMOX~1\AppData\Roaming\Mozilla\Firefox\Profiles\et5cxbr7.default-1405707576517\prefs.js:

Added to C:\Users\PRAMOX~1\AppData\Roaming\Mozilla\Firefox\Profiles\et5cxbr7.default-1405707576517\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\PRAMOX~1\AppData\Roaming\Thunderbird\Profiles\g2rudm5c.default\prefs.js:

Added to C:\Users\PRAMOX~1\AppData\Roaming\Thunderbird\Profiles\g2rudm5c.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\PRAMOX~1\AppData\Roaming\Mozilla\Firefox\Profiles\et5cxbr7.default-1405707576517

user.js not found
---- Lines a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362 removed from prefs.js ----
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.active", true);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.addressbar", "NA");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.addressbarenhanced", "");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.asyncdb.was_copied", "true");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.asyncdb_dbWasSet", true);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.asyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.asyncinternaldb.was_copied", "true");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.asyncinternaldb_dbWasSet", true);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.asyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.backgroundver", 1);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.certdomaininstaller", "");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.changeprevious", false);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.cookie.InstallationTime.expiration", "Fri Feb 01
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.cookie.InstallationTime.value", "%221405700044%2
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.cookie.InstallerParams.expiration", "Fri Feb 01
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.cookie.InstallerParams.value", "%7B%22source_id%
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.cookie.load_balancer.expiration", "Sun Jul 20 20
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.cookie.load_balancer.value", "%22%7B%20%5C%22Sta
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.cookie.previous_page.expiration", "Fri Feb 01 20
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.cookie.previous_page.value", "%22https%3A//www.g
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.cookie.user_id.expiration", "Fri Feb 01 2030 00:
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.cookie.user_id.value", "%221474abfd97f74d137bc4d
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.description", "Turn YouTube videos to High Defin
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.domain", "");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.enablesearch", false);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.homepage", "");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.iframe", false);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.InstallationThankYouPage", false);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.InstallationTime", 1405700044);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.__defualt_browser__.expiration", "Fri
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.__defualt_browser__.value", "%22ff%22
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb._installer_additional_info.expiration
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb._installer_additional_info.value", "%
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.installer.expiration", "Fri Feb 01 20
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.installer.value", "%7B%22InstallerIde
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.InstallerIdentifiers.expiration", "Fr
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.InstallerIdentifiers.value", "%7B%22i
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.InstallerParams.expiration", "Fri Feb
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.InstallerParams.value", "%7B%22source
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.InstallerParamsCache.expiration", "Fr
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.InstallerParamsCache.value", "%7B%22s
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.InstallerUserIdentifiersCache.expirat
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.InstallerUserIdentifiersCache.value",
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.monetization_plugin_bundledUrls.expir
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.monetization_plugin_bundledWithHash.e
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.monetization_plugin_bundledWithHash.v
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.monetization_plugin_last_executable_r
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.monetization_plugin_last_executable_r
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.monetization_plugin_notBundledArr_.ex
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.monetization_plugin_notBundledArr_.va
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.monetization_plugin_regBundledWithSof
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.monetization_plugin_regBundledWithSof
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.Resources_appVer.expiration", "Fri Fe
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.Resources_appVer.value", "72");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.Resources_lastVersion.expiration", "F
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.Resources_meta.expiration", "Fri Feb
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.Resources_nextCheck.expiration", "Sun
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.Resources_queue.expiration", "Fri Feb
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.lastDailyReport", "1405847887183");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.lastUpdate", "1405848000446");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.manifesturl", "");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.name", "Plus-HD-V1.4");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.newtab", "");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.opensearch", "");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.pluginsurl", "hxxp://js.genstatsnet.com/plugin/a
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.pluginsversion", 62);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.publisher", "Plus HD");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.searchstatus", 0);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.setnewtab", false);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.thankyou", "");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.updateinterval", 360);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.ver", 72);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.apps", "58362");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.bic", "1474abfd97f74d137bc4df10cf2d1f63");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.cid", 58362);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.firstrun", false);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.hadappinstalled", true);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.installationdate", 1405708393);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.installerAdditionalInfo", "{\"asw\":[0, 5, 0]}");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.modetype", "production");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.reportInstall", true);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.statsDailyCounter", 2);
---- FireFox user.js and prefs.js backups ----

prefs__1740_.backup

ProfilePath: C:\Users\PRAMOX~1\AppData\Roaming\Thunderbird\Profiles\g2rudm5c.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs__1740_.backup

==== Deleting Files \ Folders ======================

C:\Program Files\Common Files\DVDVideoSoft\bin deleted
C:\Users\PramoxLaptop\Searches deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn" [20.07.2014 17:18]

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\PramoxLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\et5cxbr7.default-1405707576517
4390CCD3790F8D9C427C0C29590C62D7 - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash
FB5621842FDABF9F8359775573498FBC - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update
1E5E8C84DE796A01D1D46E3A660690F1 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
F055C91A961601B8D50EF2976145AEE6 - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
E3B4EA121F7BDEB0F6366E2BA9608CB5 - C:\Users\PramoxLaptop\AppData\Local\Citrix\Plugins\104\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.104
B5371D2C9017EEE216B5361D600B3543 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
997FD370A65D2DD67C97E565E66EF8E6 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll - DivX Plus Web Player
01D93217A9EE48DD37072B671378CC9C - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll - Silverlight Plug-In
0CA4180B21C6B728578F3B0433BB740E - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
86244E1B6D062BBE2B91AA5DA7376806 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll - DivX VOD Helper Plug-in
24E990B1E6D55428001843CF7217DD81 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
28986F0A2342A033345EF9E70D395E4F - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll - Microsoft® Silverlight


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files\Norton 360\Engine\21.4.0.13\Exts\Chrome.crx[26.06.2014 12:22]


==== Chrome Fix ======================

C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.omiga-plus.com_0.localstorage deleted successfully
C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.omiga-plus.com_0.localstorage-journal deleted successfully
C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.bing.com"
"Search Bar"="hxxp://www.bing.com"
"Default_Page_URL"="hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1113&m=aspire_7738"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Default_Search_URL"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://www.google.com"
"SearchAssistant"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://www.bing.com"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="hxxp://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{70AD605D-D41B-4E48-B5F3-C6EB2A63A2AF} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW"

==== Reset Google Chrome ======================

C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyOverride"="*.local"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\omiga-plus uninstall deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\PramoxLaptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\PramoxLaptop\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\PramoxLaptop\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\PramoxLaptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\PramoxLaptop\AppData\Local\Mozilla\Firefox\Profiles\et5cxbr7.default-1405707576517\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=138 folders=24 16855643 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\PramoxLaptop\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\PRAMOX~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\PramoxLaptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on 20.07.2014 at 17:47:01,03 ======================
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:20-07-2014
Ran by PramoxLaptop (administrator) on PRAMOXLAPTOP-PC on 20-07-2014 18:14:21
Running from C:\Users\PramoxLaptop\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.4.0.13\n360.exe
(AlcorMicro Co., Ltd.) C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
() C:\Windows\PLFSetI.exe
(Realtek Semiconductor Corp.) C:\Users\PramoxLaptop\AppData\Local\Temp\RtkBtMnt.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHLE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHLE.EXE
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHLE.EXE
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\AcerVCM.exe
() C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.4.0.13\n360.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(RPA Technology) C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe


==================== Registry (Whitelisted) ==================

HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [ProductReg] => C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2008-11-17] (Acer)
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHLE.EXE [249440 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [EPLTarget\P0000000000000002] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHLE.EXE [249440 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [EPLTarget\P0000000000000003] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHLE.EXE [249440 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [iPhone PC Suite] => C:\Program Files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe /start
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [iDevice Manager Launcher] => "C:\Program Files\Software4u\iDevice Manager\Software4u.IDMLauncher.exe" /run
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Air Mouse.lnk
ShortcutTarget: Air Mouse.lnk -> C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe ()
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360\Engine\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360\Engine\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360\Engine\21.4.0.13\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bing
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer | explore beyond limits
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\PramoxLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\et5cxbr7.default-1405707576517
FF NewTab: hxxp://www.google.com/
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\PramoxLaptop\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-11-29]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-01-22]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-07-20]

========================== Services (Whitelisted) =================

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4161512 2013-12-04] (Emsisoft GmbH)
R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3526136 2013-08-27] (devolo AG)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [666144 2009-03-11] (Acer Incorporated)
R2 N360; C:\Program Files\Norton 360\Engine\21.4.0.13\N360.exe [265040 2014-06-27] (Symantec Corporation)
S2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [44800 2009-03-20] (NewTech Infosystems, Inc.)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.)
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [237568 2008-11-27] (Acer Incorporated) [File not signed]

==================== Drivers (Whitelisted) ====================

S3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [57944 2013-08-24] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [14432 2013-03-28] (Emsisoft GmbH)
R1 BHDrvx86; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140703.001\BHDrvx86.sys [1101616 2014-05-10] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1504000.00D\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)
S3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-06-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [109872 2014-06-11] (Symantec Corporation)
R2 FPSensor; C:\Windows\System32\Drivers\FPSensor.sys [26928 2008-12-24] (Egis)
R3 hidshim; C:\Windows\System32\DRIVERS\hidshim.sys [5632 2008-10-08] (Windows (R) Codename Longhorn DDK provider)
R1 IDSVix86; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140718.001\IDSvix86.sys [395992 2014-03-29] (Symantec Corporation)
R3 NAVENG; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140719.001\NAVENG.SYS [93272 2014-05-14] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140719.001\NAVEX15.SYS [1612376 2014-05-14] (Symantec Corporation)
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2013-08-21] (CACE Technologies) [File not signed]
R3 nuvotonhidgeneric; C:\Windows\System32\DRIVERS\nuvotonhidgeneric.sys [22528 2008-10-08] (Nuvoton Technology Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360\1504000.00D\SRTSP.SYS [664280 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1504000.00D\SRTSPX.SYS [32344 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1504000.00D\SYMDS.SYS [367704 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1504000.00D\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-01-22] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1504000.00D\Ironx86.SYS [206936 2013-09-27] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\1504000.00D\SYMTDIV.SYS [384728 2014-02-18] (Symantec Corporation)
S2 int15; \??\c:\Windows\system32\drivers\int15.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Netaapl; system32\DRIVERS\netaapl.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSBXP.SYS [49408 2013-09-06] (Seiko Epson Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-20 18:13 - 2014-07-20 18:13 - 01080320 _____ (Farbar) C:\Users\PramoxLaptop\Desktop\FRST.exe
2014-07-20 17:48 - 2014-07-20 18:06 - 00000000 ____D () C:\Users\PramoxLaptop\Desktop\FRST-OlderVersion
2014-07-20 17:48 - 2014-07-20 17:48 - 00024644 _____ () C:\Users\PramoxLaptop\Desktop\zoek-results.txt
2014-07-20 17:44 - 2014-07-20 17:22 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-07-20 17:25 - 2014-07-20 17:47 - 00024644 _____ () C:\zoek-results.log
2014-07-20 17:22 - 2014-07-20 17:42 - 00000000 ____D () C:\zoek_backup
2014-07-20 17:21 - 2014-07-20 17:21 - 00000275 _____ () C:\Users\PramoxLaptop\Desktop\mbam.txt
2014-07-20 17:04 - 2014-07-20 17:19 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-20 17:04 - 2014-07-20 17:04 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-20 17:04 - 2014-07-20 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-20 17:04 - 2014-07-20 17:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-20 17:04 - 2014-07-20 17:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-20 17:04 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-20 17:04 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-20 17:04 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-20 17:01 - 2014-07-20 16:57 - 00011756 _____ () C:\Users\PramoxLaptop\Desktop\AdwCleaner[S3].txt
2014-07-20 16:12 - 2014-07-20 16:13 - 01287168 _____ () C:\Users\PramoxLaptop\Desktop\zoek.exe
2014-07-20 16:12 - 2014-07-20 16:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\PramoxLaptop\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-20 16:11 - 2014-07-20 16:11 - 01354223 _____ () C:\Users\PramoxLaptop\Desktop\adwcleaner_3.216.exe
2014-07-20 11:31 - 2014-07-20 18:12 - 00027515 _____ () C:\Users\PramoxLaptop\Desktop\Addition.txt
2014-07-20 11:24 - 2014-07-20 18:14 - 00014812 _____ () C:\Users\PramoxLaptop\Desktop\FRST.txt
2014-07-18 21:36 - 2014-07-18 21:41 - 318325712 _____ () C:\Users\PramoxLaptop\Desktop\WM 2014 - Siegesfeier Berlin 1 von 2.mp4
2014-07-18 20:49 - 2014-07-20 18:14 - 00000000 ____D () C:\FRST
2014-07-18 20:36 - 2014-07-18 20:36 - 00000000 ____D () C:\Users\PramoxLaptop\Documents\Symantec
2014-07-18 18:16 - 2014-07-20 16:16 - 00000000 ____D () C:\Program Files\trolatunt
2014-07-18 18:14 - 2014-07-20 17:15 - 00000000 ____D () C:\Program Files\PHD-V1.4
2014-07-18 18:07 - 2014-07-18 18:07 - 00000906 _____ () C:\Users\PramoxLaptop\Desktop\MP4Joiner.lnk
2014-07-18 18:07 - 2014-07-18 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4Joiner
2014-07-18 18:06 - 2014-07-18 18:07 - 00000000 ____D () C:\Program Files\MP4Joiner
2014-07-18 18:05 - 2014-07-18 18:06 - 08088746 _____ ( ) C:\Users\PramoxLaptop\Downloads\MP4Joiner-2.1.2-win32.exe
2014-07-16 20:25 - 2014-07-16 20:25 - 00002056 _____ () C:\Users\Public\Desktop\Free MP4 Video Converter.lnk
2014-07-16 20:21 - 2014-07-16 20:22 - 32691984 _____ (DVDVideoSoft Ltd. ) C:\Users\PramoxLaptop\Downloads\FreeMP4VideoConverter.exe
2014-07-16 20:19 - 2014-07-16 20:23 - 00000000 ____D () C:\ProgramData\Freemake
2014-07-16 20:19 - 2014-07-16 20:19 - 00000000 ____D () C:\Users\PramoxLaptop\Documents\Freemake
2014-07-16 20:18 - 2014-07-16 20:22 - 00000000 ____D () C:\Program Files\Freemake
2014-07-16 20:17 - 2014-07-16 20:17 - 01268264 _____ (Ellora Assets Corporation ) C:\Users\PramoxLaptop\Downloads\FreemakeVideoConverterSetup.exe
2014-07-16 20:02 - 2014-07-16 20:02 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\HandBrake
2014-07-16 19:59 - 2014-07-20 17:40 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-07-16 19:59 - 2014-07-16 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-07-16 19:59 - 2014-07-16 20:25 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-07-16 19:59 - 2014-07-16 20:00 - 00002056 _____ () C:\Users\Public\Desktop\Free DVD Video Converter.lnk
2014-07-16 19:59 - 2014-07-16 19:59 - 00001036 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-07-16 19:58 - 2014-07-16 20:25 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\DVDVideoSoft
2014-07-15 20:48 - 2014-07-15 20:48 - 37146304 _____ (DVDVideoSoft Ltd. ) C:\Users\PramoxLaptop\Downloads\FreeDVDVideoConverter-2.0.20.623.exe
2014-07-15 19:36 - 2014-07-15 19:36 - 00001668 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-15 19:36 - 2014-07-15 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-15 19:36 - 2012-08-21 13:01 - 00026840 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-07-15 19:35 - 2014-07-15 19:36 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-15 19:35 - 2014-07-15 19:36 - 00000000 ____D () C:\Program Files\iTunes
2014-07-15 19:35 - 2014-07-15 19:35 - 00000000 ____D () C:\Program Files\iPod
2014-07-15 19:34 - 2014-07-15 19:34 - 00001830 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-07-15 19:34 - 2014-07-15 19:34 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-07-15 19:30 - 2014-07-15 19:35 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-15 19:27 - 2014-07-15 19:28 - 111992144 _____ (Apple Inc.) C:\Users\PramoxLaptop\Downloads\iTunesSetup(1).exe
2014-07-14 19:22 - 2014-07-14 19:22 - 00002019 _____ () C:\Users\PramoxLaptop\Desktop\iDevice Manager.lnk
2014-07-14 19:22 - 2014-07-14 19:22 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\IsolatedStorage
2014-07-14 19:22 - 2014-07-14 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDevice Manager
2014-07-14 19:19 - 2014-07-14 19:19 - 04101456 _____ (Marx Softwareentwicklung ) C:\Users\PramoxLaptop\Downloads\IDMSetup34.exe
2014-07-14 19:19 - 2014-07-14 19:19 - 00000000 ____D () C:\Users\PramoxLaptop\Documents\91 Mobile
2014-07-14 19:18 - 2014-07-14 19:18 - 00000000 ____D () C:\Program Files\NetDragon
2014-07-14 19:06 - 2014-07-14 19:07 - 00961360 _____ (Chip Digital GmbH) C:\Users\PramoxLaptop\Downloads\SharePod - CHIP-Installer.exe
2014-07-14 18:22 - 2014-07-14 18:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl_01009.Wdf
2014-07-14 17:36 - 2014-07-14 17:43 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\WindSolutions
2014-07-14 17:36 - 2014-07-14 17:37 - 00000000 ____D () C:\ProgramData\WindSolutions
2014-07-14 17:35 - 2014-07-14 17:36 - 05102256 _____ (WindSolutions) C:\Users\PramoxLaptop\Downloads\Install_CopyTransControlCenter.exe
2014-07-13 12:30 - 2014-06-07 02:19 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-13 12:29 - 2014-06-07 02:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-13 12:29 - 2014-06-07 01:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-13 12:29 - 2014-06-07 01:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-13 12:29 - 2014-06-07 01:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-13 12:29 - 2014-06-07 01:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-13 12:29 - 2014-06-07 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-13 12:29 - 2014-06-07 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-13 12:29 - 2014-06-07 00:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-13 12:29 - 2014-06-07 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-13 12:29 - 2014-06-07 00:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-13 12:29 - 2014-06-07 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-13 12:29 - 2014-06-07 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-13 12:29 - 2014-06-07 00:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-13 12:29 - 2014-06-07 00:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-13 12:29 - 2014-06-07 00:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-13 12:29 - 2014-06-07 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-13 12:29 - 2014-06-07 00:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-13 12:29 - 2014-06-07 00:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-13 12:29 - 2014-06-07 00:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-13 12:29 - 2014-06-07 00:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-13 12:29 - 2014-06-07 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-13 12:29 - 2014-06-06 10:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-13 12:29 - 2014-05-30 08:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 16:29 - 2014-07-09 16:29 - 01058200 _____ (Adobe) C:\Users\PramoxLaptop\Downloads\install_flashplayer14x32au_mssd_aaa_aih.exe
2014-07-03 18:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-03 18:39 - 2014-07-03 18:39 - 01346519 _____ () C:\Users\PramoxLaptop\Downloads\adwcleaner_3.214.exe
2014-07-03 17:07 - 2014-07-04 13:50 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\dvdcss
2014-07-03 12:32 - 2014-07-03 13:11 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\pangu
2014-07-03 12:29 - 2014-07-03 12:30 - 35956160 _____ () C:\Users\PramoxLaptop\Downloads\Pangu_v1.1.exe
2014-07-02 20:30 - 2014-07-02 20:30 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\AirMouse
2014-07-02 20:30 - 2014-07-02 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Air Mouse
2014-07-02 20:30 - 2014-07-02 20:30 - 00000000 ____D () C:\Program Files\Air Mouse
2014-07-02 20:29 - 2014-07-02 20:29 - 08378272 _____ (RPA Tech, Inc ) C:\Users\PramoxLaptop\Downloads\setup2.7.0.exe
2014-07-02 20:29 - 2014-07-02 20:29 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\Downloaded Installations
2014-07-02 16:56 - 2014-07-02 16:56 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\Adobe
2014-06-29 05:29 - 2014-07-18 23:03 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-07-20 18:14 - 2014-07-20 11:24 - 00014812 _____ () C:\Users\PramoxLaptop\Desktop\FRST.txt
2014-07-20 18:14 - 2014-07-18 20:49 - 00000000 ____D () C:\FRST
2014-07-20 18:13 - 2014-07-20 18:13 - 01080320 _____ (Farbar) C:\Users\PramoxLaptop\Desktop\FRST.exe
2014-07-20 18:12 - 2014-07-20 11:31 - 00027515 _____ () C:\Users\PramoxLaptop\Desktop\Addition.txt
2014-07-20 18:12 - 2014-05-14 14:55 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-20 18:06 - 2014-07-20 17:48 - 00000000 ____D () C:\Users\PramoxLaptop\Desktop\FRST-OlderVersion
2014-07-20 18:03 - 2013-11-29 21:46 - 00098588 _____ () C:\ProgramData\nvModes.001
2014-07-20 18:03 - 2013-11-24 14:55 - 00000000 ____D () C:\Users\PramoxLaptop
2014-07-20 18:01 - 2013-11-24 14:46 - 01933620 _____ () C:\Windows\WindowsUpdate.log
2014-07-20 17:58 - 2014-05-14 14:55 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-20 17:58 - 2013-11-29 20:30 - 00098588 _____ () C:\ProgramData\nvModes.dat
2014-07-20 17:58 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-20 17:58 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-20 17:58 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-20 17:56 - 2006-11-02 15:01 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-20 17:48 - 2014-07-20 17:48 - 00024644 _____ () C:\Users\PramoxLaptop\Desktop\zoek-results.txt
2014-07-20 17:47 - 2014-07-20 17:25 - 00024644 _____ () C:\zoek-results.log
2014-07-20 17:46 - 2008-01-21 04:47 - 00875454 _____ () C:\Windows\PFRO.log
2014-07-20 17:42 - 2014-07-20 17:22 - 00000000 ____D () C:\zoek_backup
2014-07-20 17:40 - 2014-07-16 19:59 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-07-20 17:39 - 2014-04-07 18:21 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\CrashDumps
2014-07-20 17:30 - 2014-05-14 14:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-20 17:22 - 2014-07-20 17:44 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-07-20 17:21 - 2014-07-20 17:21 - 00000275 _____ () C:\Users\PramoxLaptop\Desktop\mbam.txt
2014-07-20 17:19 - 2014-07-20 17:04 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-20 17:15 - 2014-07-18 18:14 - 00000000 ____D () C:\Program Files\PHD-V1.4
2014-07-20 17:04 - 2014-07-20 17:04 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-20 17:04 - 2014-07-20 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-20 17:04 - 2014-07-20 17:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-20 17:04 - 2014-07-20 17:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-20 16:57 - 2014-07-20 17:01 - 00011756 _____ () C:\Users\PramoxLaptop\Desktop\AdwCleaner[S3].txt
2014-07-20 16:18 - 2014-03-06 20:09 - 00000604 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1096382573-999743387-1970358641-1000.job
2014-07-20 16:16 - 2014-07-18 18:16 - 00000000 ____D () C:\Program Files\trolatunt
2014-07-20 16:16 - 2014-05-14 14:55 - 00001071 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-20 16:16 - 2014-01-22 18:40 - 00000000 ____D () C:\AdwCleaner
2014-07-20 16:16 - 2013-11-24 17:31 - 00000862 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-20 16:16 - 2013-11-24 17:31 - 00000850 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-20 16:16 - 2013-11-24 14:58 - 00000963 _____ () C:\Users\PramoxLaptop\Desktop\Internet Explorer.lnk
2014-07-20 16:16 - 2006-11-02 12:23 - 00000246 _____ () C:\Windows\win.ini
2014-07-20 16:13 - 2014-07-20 16:12 - 01287168 _____ () C:\Users\PramoxLaptop\Desktop\zoek.exe
2014-07-20 16:12 - 2014-07-20 16:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\PramoxLaptop\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-20 16:11 - 2014-07-20 16:11 - 01354223 _____ () C:\Users\PramoxLaptop\Desktop\adwcleaner_3.216.exe
2014-07-20 11:19 - 2014-06-08 13:26 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\vlc
2014-07-18 23:03 - 2014-06-29 05:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-18 21:41 - 2014-07-18 21:36 - 318325712 _____ () C:\Users\PramoxLaptop\Desktop\WM 2014 - Siegesfeier Berlin 1 von 2.mp4
2014-07-18 20:36 - 2014-07-18 20:36 - 00000000 ____D () C:\Users\PramoxLaptop\Documents\Symantec
2014-07-18 18:07 - 2014-07-18 18:07 - 00000906 _____ () C:\Users\PramoxLaptop\Desktop\MP4Joiner.lnk
2014-07-18 18:07 - 2014-07-18 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4Joiner
2014-07-18 18:07 - 2014-07-18 18:06 - 00000000 ____D () C:\Program Files\MP4Joiner
2014-07-18 18:06 - 2014-07-18 18:05 - 08088746 _____ ( ) C:\Users\PramoxLaptop\Downloads\MP4Joiner-2.1.2-win32.exe
2014-07-16 22:17 - 2013-11-30 17:04 - 00162816 _____ () C:\Users\PramoxLaptop\Desktop\Ebay Auswertung.xls
2014-07-16 20:25 - 2014-07-16 20:25 - 00002056 _____ () C:\Users\Public\Desktop\Free MP4 Video Converter.lnk
2014-07-16 20:25 - 2014-07-16 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-07-16 20:25 - 2014-07-16 19:59 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-07-16 20:25 - 2014-07-16 19:58 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\DVDVideoSoft
2014-07-16 20:23 - 2014-07-16 20:19 - 00000000 ____D () C:\ProgramData\Freemake
2014-07-16 20:22 - 2014-07-16 20:21 - 32691984 _____ (DVDVideoSoft Ltd. ) C:\Users\PramoxLaptop\Downloads\FreeMP4VideoConverter.exe
2014-07-16 20:22 - 2014-07-16 20:18 - 00000000 ____D () C:\Program Files\Freemake
2014-07-16 20:19 - 2014-07-16 20:19 - 00000000 ____D () C:\Users\PramoxLaptop\Documents\Freemake
2014-07-16 20:17 - 2014-07-16 20:17 - 01268264 _____ (Ellora Assets Corporation ) C:\Users\PramoxLaptop\Downloads\FreemakeVideoConverterSetup.exe
2014-07-16 20:03 - 2014-01-15 19:17 - 00006656 _____ () C:\Users\PramoxLaptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-16 20:02 - 2014-07-16 20:02 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\HandBrake
2014-07-16 20:00 - 2014-07-16 19:59 - 00002056 _____ () C:\Users\Public\Desktop\Free DVD Video Converter.lnk
2014-07-16 19:59 - 2014-07-16 19:59 - 00001036 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-07-16 19:55 - 2014-03-12 16:24 - 00000000 ____D () C:\Users\PramoxLaptop\Desktop\Iphone
2014-07-16 06:55 - 2014-01-22 19:08 - 00002063 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-07-16 06:55 - 2014-01-22 19:07 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-07-16 06:55 - 2014-01-22 19:07 - 00000000 ____D () C:\Windows\system32\Drivers\N360
2014-07-15 20:48 - 2014-07-15 20:48 - 37146304 _____ (DVDVideoSoft Ltd. ) C:\Users\PramoxLaptop\Downloads\FreeDVDVideoConverter-2.0.20.623.exe
2014-07-15 19:36 - 2014-07-15 19:36 - 00001668 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-15 19:36 - 2014-07-15 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-15 19:36 - 2014-07-15 19:35 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-15 19:36 - 2014-07-15 19:35 - 00000000 ____D () C:\Program Files\iTunes
2014-07-15 19:35 - 2014-07-15 19:35 - 00000000 ____D () C:\Program Files\iPod
2014-07-15 19:35 - 2014-07-15 19:30 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-15 19:35 - 2014-03-12 16:31 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-07-15 19:34 - 2014-07-15 19:34 - 00001830 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-07-15 19:34 - 2014-07-15 19:34 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-07-15 19:30 - 2014-03-12 16:26 - 00000000 ____D () C:\ProgramData\Apple
2014-07-15 19:28 - 2014-07-15 19:27 - 111992144 _____ (Apple Inc.) C:\Users\PramoxLaptop\Downloads\iTunesSetup(1).exe
2014-07-15 19:18 - 2006-11-02 14:52 - 00124092 _____ () C:\Windows\setupact.log
2014-07-14 19:30 - 2009-02-11 22:16 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-07-14 19:22 - 2014-07-14 19:22 - 00002019 _____ () C:\Users\PramoxLaptop\Desktop\iDevice Manager.lnk
2014-07-14 19:22 - 2014-07-14 19:22 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\IsolatedStorage
2014-07-14 19:22 - 2014-07-14 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDevice Manager
2014-07-14 19:19 - 2014-07-14 19:19 - 04101456 _____ (Marx Softwareentwicklung ) C:\Users\PramoxLaptop\Downloads\IDMSetup34.exe
2014-07-14 19:19 - 2014-07-14 19:19 - 00000000 ____D () C:\Users\PramoxLaptop\Documents\91 Mobile
2014-07-14 19:18 - 2014-07-14 19:18 - 00000000 ____D () C:\Program Files\NetDragon
2014-07-14 19:07 - 2014-07-14 19:06 - 00961360 _____ (Chip Digital GmbH) C:\Users\PramoxLaptop\Downloads\SharePod - CHIP-Installer.exe
2014-07-14 18:22 - 2014-07-14 18:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl_01009.Wdf
2014-07-14 17:43 - 2014-07-14 17:36 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\WindSolutions
2014-07-14 17:37 - 2014-07-14 17:36 - 00000000 ____D () C:\ProgramData\WindSolutions
2014-07-14 17:36 - 2014-07-14 17:35 - 05102256 _____ (WindSolutions) C:\Users\PramoxLaptop\Downloads\Install_CopyTransControlCenter.exe
2014-07-13 12:55 - 2006-11-02 14:47 - 00308232 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-13 12:52 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-13 12:50 - 2013-11-30 14:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-13 12:46 - 2006-11-02 12:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-09 17:44 - 2013-12-08 14:33 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-09 17:44 - 2013-12-08 14:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 16:29 - 2014-07-09 16:29 - 01058200 _____ (Adobe) C:\Users\PramoxLaptop\Downloads\install_flashplayer14x32au_mssd_aaa_aih.exe
2014-07-06 14:31 - 2014-01-16 21:04 - 00000000 ____D () C:\Users\PramoxLaptop\Desktop\Pramox
2014-07-06 14:28 - 2014-05-29 17:36 - 00000653 _____ () C:\Users\PramoxLaptop\Desktop\Websites.txt
2014-07-04 13:50 - 2014-07-03 17:07 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\dvdcss
2014-07-03 18:39 - 2014-07-03 18:39 - 01346519 _____ () C:\Users\PramoxLaptop\Downloads\adwcleaner_3.214.exe
2014-07-03 16:27 - 2014-06-14 08:41 - 00017920 _____ () C:\Users\PramoxLaptop\Desktop\Urlaub 2014.xls
2014-07-03 13:58 - 2014-01-16 21:04 - 00000000 ____D () C:\Users\PramoxLaptop\Desktop\Nina
2014-07-03 13:11 - 2014-07-03 12:32 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\pangu
2014-07-03 12:30 - 2014-07-03 12:29 - 35956160 _____ () C:\Users\PramoxLaptop\Downloads\Pangu_v1.1.exe
2014-07-02 20:30 - 2014-07-02 20:30 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\AirMouse
2014-07-02 20:30 - 2014-07-02 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Air Mouse
2014-07-02 20:30 - 2014-07-02 20:30 - 00000000 ____D () C:\Program Files\Air Mouse
2014-07-02 20:29 - 2014-07-02 20:29 - 08378272 _____ (RPA Tech, Inc ) C:\Users\PramoxLaptop\Downloads\setup2.7.0.exe
2014-07-02 20:29 - 2014-07-02 20:29 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\Downloaded Installations
2014-07-02 16:56 - 2014-07-02 16:56 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\Adobe
2014-07-01 17:10 - 2013-11-24 17:26 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-29 10:43 - 2014-03-12 16:32 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\Apple Computer

Some content of TEMP:
====================
C:\Users\PramoxLaptop\AppData\Local\Temp\RtkBtMnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-20 18:04

==================== End Of Log ============================
--- --- ---
FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:20-07-2014
Ran by PramoxLaptop at 2014-07-20 18:14:50
Running from C:\Users\PramoxLaptop\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton 360 (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

7-Zip 9.22beta (HKLM\...\7-Zip) (Version:  - )
AC3Filter 2.6.0b (HKLM\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Acer Backup Manager (HKLM\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 1.0.0.50 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.79.326 (HKLM\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.79.326 - Chicony Electronics Co.,Ltd.)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.00.3005 - Acer Incorporated)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer PowerSmart Manager (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.01.3006 - Acer Incorporated)
Acer Product Registration (HKLM\...\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}) (Version: 3.0.0.10 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\Acer Screensaver) (Version:  - Acer)
Acer VCM (HKLM\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.00.3004 - Acer Incorporated)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
AmIcoSingLun (HKLM\...\InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}) (Version: 1.2.117.1 - Alcor Micro Co., Ltd.)
AmIcoSingLun (Version: 1.2.117.1 - Alcor Micro Co., Ltd.) Hidden
Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Backup Manager Basic (Version: 1.0.0.50 - NewTech Infosystems) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{9AF0B106-56F1-461B-A270-95BC1682E282}) (Version: 11.34.02 - Broadcom Corporation)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
devolo dLAN Cockpit (HKLM\...\dlancockpit) (Version: 4.1.3.0 - devolo AG)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.100 - DivX, LLC)
Druckerdeinstallation für EPSON SX235 Series (HKLM\...\EPSON SX235 Series) (Version:  - SEIKO EPSON Corporation)
Emsisoft Anti-Malware (HKLM\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 8.1 - Emsisoft GmbH)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Config V4 (HKLM\...\{08013FB5-DF8B-4D29-9B5E-B3DE88EBA6CA}) (Version: 4.4.1 - SEIKO EPSON CORPORATION)
Free DVD Video Converter version 2.0.20.623 (HKLM\...\Free DVD Video Converter_is1) (Version: 2.0.20.623 - DVDVideoSoft Ltd.)
Free MP4 Video Converter version 5.0.44.623 (HKLM\...\Free MP4 Video Converter_is1) (Version: 5.0.44.623 - DVDVideoSoft Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 6.3.0.1468 (HKCU\...\GoToMeeting) (Version: 6.3.0.1468 - CitrixOnline)
iDevice Manager (HKLM\...\FE5AE7DC-7B01-4263-A94C-B4526C276550_is1) (Version: 3.4.0.0 - Marx Software)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{0A37EE62-9A58-420D-90CC-4E52153112EE}) (Version: 11.3.0.54 - Apple Inc.)
Launch Manager (HKLM\...\LManager) (Version: 2.0.01 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{91E30407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Mouse Server (HKLM\...\{895FE43E-71C2-4FEA-94EF-B88D111495FC}) (Version: 2.7.0 - RPA Tech, Inc)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MP4Joiner v2.1.2 (HKLM\...\MP4Joiner_is1) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton 360 (HKLM\...\N360) (Version: 21.4.0.13 - Symantec Corporation)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.616 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.616 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6509 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.2.6509 - NewTech Infosystems) Hidden
Nuvoton EC Generic HID Driver (HKLM\...\{302E9B7B-2B6A-4C29-9A02-9F2110649779}) (Version: 7.80.5000 - Nuvoton Technology Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
PDF24 Creator 6.3.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5807 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.1.0.0 - Synaptics)
trolatunt (HKLM\...\trolatunt) (Version: 2014.07.18.160707 - trolatunt) <==== ATTENTION
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WindowsMangerProtect20.0.0.502 (HKLM\...\WindowsMangerProtect) (Version: 20.0.0.502 - WindowsProtect LIMITED)

==================== Restore Points  =========================

12-05-2014 09:27:38 Geplanter Prüfpunkt
13-05-2014 13:04:16 Geplanter Prüfpunkt
14-05-2014 12:07:01 Geplanter Prüfpunkt
16-05-2014 05:09:40 Windows Update
22-05-2014 20:36:40 Gerätetreiber-Paketinstallation: EPSON Drucker
24-05-2014 21:05:13 Geplanter Prüfpunkt
26-05-2014 10:54:31 Geplanter Prüfpunkt
13-06-2014 07:27:37 Windows Update
29-06-2014 04:08:43 Geplanter Prüfpunkt
02-07-2014 17:37:07 Geplanter Prüfpunkt
02-07-2014 18:30:00 Installed Mobile Mouse Server.
13-07-2014 10:44:40 Windows Update
14-07-2014 17:07:13 ??? 91 PC Suite for iPhone
14-07-2014 17:17:55 ??? 91 PC Suite for iPhone
14-07-2014 17:29:56 ??? 91 PC Suite for iPhone
15-07-2014 17:09:27 Removed iTunes
15-07-2014 17:13:36 Removed Apple Application Support
15-07-2014 17:14:59 Removed Apple Mobile Device Support
15-07-2014 17:19:15 Removed Apple Software Update
15-07-2014 17:32:11 Gerätetreiber-Paketinstallation: Apple, Inc. USB-Controller
15-07-2014 17:33:16 Gerätetreiber-Paketinstallation: Apple Netzwerkadapter
15-07-2014 17:34:27 Installed iTunes
16-07-2014 17:46:20 Windows Update
18-07-2014 22:02:41 Geplanter Prüfpunkt
20-07-2014 15:25:07 zoek.exe restore point

==================== Hosts content: ==========================

2006-11-02 12:23 - 2014-03-12 19:12 - 00000763 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
::1            localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {014387AD-70C9-4FAF-8D90-6AB7A3C7C8B4} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {07BB548C-C299-488D-BB20-6AF1662E2688} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-14] (Google Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {23595F99-7FD0-4996-BDD8-64952584CE9C} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3EF60081-D08A-4C4E-82AD-6223E405811F} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {5A7D1ADD-D0A1-4CB2-915B-92DE99B0986C} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\21.4.0.13\WSCStub.exe [2014-06-27] (Symantec Corporation)
Task: {7C6B35B5-4D1F-4FBA-9170-460EBE595467} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {9B1091E8-5AF9-4125-AC97-20BBE0BACD0B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-14] (Google Inc.)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {D536E162-18C6-4752-9338-48B1FC17AD2D} - System32\Tasks\G2MUpdateTask-S-1-5-21-1096382573-999743387-1970358641-1000 => C:\Users\PramoxLaptop\AppData\Local\Citrix\GoToMeeting\1468\g2mupdate.exe [2014-07-15] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {FA6BD5BE-CC57-43FE-826E-C9A67CF648E7} - System32\Tasks\Acer\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-02-05] (Acer)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1096382573-999743387-1970358641-1000.job => C:\Users\PramoxLaptop\AppData\Local\Citrix\GoToMeeting\1468\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-24 15:08 - 2013-11-24 15:07 - 00200704 _____ () C:\Windows\PLFSetI.exe
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2012-09-23 20:44 - 2012-09-23 20:44 - 01600512 _____ () C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
2011-06-14 14:19 - 2011-06-14 14:19 - 00025600 _____ () C:\Program Files\Air Mouse\Air Mouse\BonjourService.dll
2014-06-12 06:37 - 2014-06-12 06:37 - 03022960 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2014-06-12 06:37 - 2014-06-12 06:37 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2014-06-12 06:37 - 2014-06-12 06:37 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-06-29 05:29 - 2014-06-29 05:29 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-07-09 17:44 - 2014-07-09 17:44 - 17029808 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/20/2014 05:58:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2014 05:58:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/20/2014 05:58:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/20/2014 05:47:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2014 05:47:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/20/2014 05:46:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/20/2014 05:39:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung plugin-container.exe, Version 30.0.0.5269, Zeitstempel 0x53914233, fehlerhaftes Modul mozalloc.dll, Version 30.0.0.5269, Zeitstempel 0x53911393, Ausnahmecode 0x80000003, Fehleroffset 0x0000141b,
Prozess-ID 0xe94, Anwendungsstartzeit plugin-container.exe0.

Error: (07/20/2014 05:18:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2014 05:18:48 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/20/2014 05:18:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (07/20/2014 05:59:30 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (07/20/2014 05:59:29 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/20/2014 05:58:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NTI IScheduleSvc%%14001

Error: (07/20/2014 05:58:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: int15%%2

Error: (07/20/2014 05:58:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (07/20/2014 05:47:50 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (07/20/2014 05:47:49 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/20/2014 05:47:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NTI IScheduleSvc%%14001

Error: (07/20/2014 05:47:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: int15%%2

Error: (07/20/2014 05:47:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058


Microsoft Office Sessions:
=========================
Error: (07/20/2014 05:58:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2014 05:58:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

Error: (07/20/2014 05:58:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

Error: (07/20/2014 05:47:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2014 05:47:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

Error: (07/20/2014 05:46:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

Error: (07/20/2014 05:39:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141be9401cfa42ea30c08d6

Error: (07/20/2014 05:18:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2014 05:18:48 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManager.exe

Error: (07/20/2014 05:18:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe


CodeIntegrity Errors:
===================================
  Date: 2014-07-20 18:14:46.064
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-20 18:14:45.926
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-20 18:14:45.790
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-20 18:14:45.652
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-20 18:14:45.384
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-20 18:14:45.247
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-20 18:14:45.109
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-20 18:14:44.972
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-20 18:05:55.461
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-20 18:05:55.258
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 51%
Total physical RAM: 3065.89 MB
Available physical RAM: 1472.84 MB
Total Pagefile: 6336.81 MB
Available Pagefile: 4705.37 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.54 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:452.99 GB) (Free:306.36 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (LOGICAL VOLUME IDENTIFIER) (CDROM) (Total:4.16 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 6F050EC2)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=453 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=12)

==================== End Of Log ============================
--- --- ---


Firefox geht inzwischen denke ich wieder. Aber bevor ich nach MBAM meinen Virenscanner deaktiviert habe, gab es bei Norton immer noch hinweise auf SearchProtect.

pramox 20.07.2014 17:26
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 20.07.2014 17:05:25, SYSTEM, PRAMOXLAPTOP-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.7.17.1,
Update, 20.07.2014 17:05:33, SYSTEM, PRAMOXLAPTOP-PC, Manual, Malware Database, 2014.3.4.9, 2014.7.20.4,

(end)
Code:
Zoek.exe v5.0.0.0 Updated 19-07-2014
Tool run by PramoxLaptop on 20.07.2014 at 17:23:03,18.
Microsoft® Windows Vista™ Home Premium  6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\PramoxLaptop\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

20.07.2014 17:25:51 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{11111111-1111-1111-1111-110511831162} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WindowsMangerProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WindowsMangerProtect deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\PRAMOX~1\AppData\Roaming\Mozilla\Firefox\Profiles\et5cxbr7.default-1405707576517\prefs.js:

Added to C:\Users\PRAMOX~1\AppData\Roaming\Mozilla\Firefox\Profiles\et5cxbr7.default-1405707576517\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\PRAMOX~1\AppData\Roaming\Thunderbird\Profiles\g2rudm5c.default\prefs.js:

Added to C:\Users\PRAMOX~1\AppData\Roaming\Thunderbird\Profiles\g2rudm5c.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\PRAMOX~1\AppData\Roaming\Mozilla\Firefox\Profiles\et5cxbr7.default-1405707576517

user.js not found
---- Lines a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362 removed from prefs.js ----
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.active", true);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.addressbar", "NA");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.addressbarenhanced", "");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.asyncdb.was_copied", "true");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.asyncdb_dbWasSet", true);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.asyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.asyncinternaldb.was_copied", "true");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.asyncinternaldb_dbWasSet", true);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.asyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.backgroundver", 1);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.certdomaininstaller", "");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.changeprevious", false);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.cookie.InstallationTime.expiration", "Fri Feb 01
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.cookie.InstallationTime.value", "%221405700044%2
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.cookie.InstallerParams.expiration", "Fri Feb 01
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.cookie.InstallerParams.value", "%7B%22source_id%
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.cookie.load_balancer.expiration", "Sun Jul 20 20
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.cookie.load_balancer.value", "%22%7B%20%5C%22Sta
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.cookie.previous_page.expiration", "Fri Feb 01 20
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.cookie.previous_page.value", "%22https%3A//www.g
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.cookie.user_id.expiration", "Fri Feb 01 2030 00:
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.cookie.user_id.value", "%221474abfd97f74d137bc4d
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.description", "Turn YouTube videos to High Defin
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.domain", "");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.enablesearch", false);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.homepage", "");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.iframe", false);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.InstallationThankYouPage", false);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.InstallationTime", 1405700044);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.__defualt_browser__.expiration", "Fri
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.__defualt_browser__.value", "%22ff%22
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb._installer_additional_info.expiration
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb._installer_additional_info.value", "%
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.installer.expiration", "Fri Feb 01 20
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.installer.value", "%7B%22InstallerIde
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.InstallerIdentifiers.expiration", "Fr
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.InstallerIdentifiers.value", "%7B%22i
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.InstallerParams.expiration", "Fri Feb
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.InstallerParams.value", "%7B%22source
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.InstallerParamsCache.expiration", "Fr
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.InstallerParamsCache.value", "%7B%22s
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.InstallerUserIdentifiersCache.expirat
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.InstallerUserIdentifiersCache.value",
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.monetization_plugin_bundledUrls.expir
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.monetization_plugin_bundledWithHash.e
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.monetization_plugin_bundledWithHash.v
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.monetization_plugin_last_executable_r
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.monetization_plugin_last_executable_r
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.monetization_plugin_notBundledArr_.ex
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.monetization_plugin_notBundledArr_.va
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.monetization_plugin_regBundledWithSof
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.monetization_plugin_regBundledWithSof
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.Resources_appVer.expiration", "Fri Fe
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.Resources_appVer.value", "72");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.Resources_lastVersion.expiration", "F
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.Resources_meta.expiration", "Fri Feb
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.Resources_nextCheck.expiration", "Sun
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.Resources_queue.expiration", "Fri Feb
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.lastDailyReport", "1405847887183");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.lastUpdate", "1405848000446");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.manifesturl", "");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.name", "Plus-HD-V1.4");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.newtab", "");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.opensearch", "");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.pluginsurl", "hxxp://js.genstatsnet.com/plugin/a
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.pluginsversion", 62);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.publisher", "Plus HD");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.searchstatus", 0);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.setnewtab", false);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.thankyou", "");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.updateinterval", 360);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.58362.ver", 72);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.apps", "58362");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.bic", "1474abfd97f74d137bc4df10cf2d1f63");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.cid", 58362);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.firstrun", false);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.hadappinstalled", true);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.installationdate", 1405708393);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.installerAdditionalInfo", "{\"asw\":[0, 5, 0]}");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.modetype", "production");
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.reportInstall", true);
user_pref("extensions.a508d4e2fa469421da294135dbb84fe1bf7b17943cc9e4d4ab2230bd1e7cfc871com58362.statsDailyCounter", 2);
---- FireFox user.js and prefs.js backups ----

prefs__1740_.backup

ProfilePath: C:\Users\PRAMOX~1\AppData\Roaming\Thunderbird\Profiles\g2rudm5c.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs__1740_.backup

==== Deleting Files \ Folders ======================

C:\Program Files\Common Files\DVDVideoSoft\bin deleted
C:\Users\PramoxLaptop\Searches deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn" [20.07.2014 17:18]

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\PramoxLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\et5cxbr7.default-1405707576517
4390CCD3790F8D9C427C0C29590C62D7        - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll -        Shockwave Flash
FB5621842FDABF9F8359775573498FBC        - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll -        Google Update
1E5E8C84DE796A01D1D46E3A660690F1        - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll -        Adobe Acrobat
F055C91A961601B8D50EF2976145AEE6        - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll -        Adobe Acrobat
E3B4EA121F7BDEB0F6366E2BA9608CB5        - C:\Users\PramoxLaptop\AppData\Local\Citrix\Plugins\104\npappdetector.dll -        Citrix Online Web Deployment Plugin 1.0.0.104
B5371D2C9017EEE216B5361D600B3543        - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll -        iTunes Application Detector
997FD370A65D2DD67C97E565E66EF8E6        - C:\Program Files\DivX\DivX Web Player\npdivx32.dll -        DivX Plus Web Player
01D93217A9EE48DD37072B671378CC9C        - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll -        Silverlight Plug-In
0CA4180B21C6B728578F3B0433BB740E        - C:\Program Files\VideoLAN\VLC\npvlc.dll -        VLC Web Plugin
86244E1B6D062BBE2B91AA5DA7376806        - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll -        DivX VOD Helper Plug-in
24E990B1E6D55428001843CF7217DD81        - C:\Program Files\Microsoft\Office Live\npOLW.dll -        Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox
AB87EEFFD18F2BAAFC274E7075EA6C67        - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll -        Windows Presentation Foundation / Windows Presentation Foundation
28986F0A2342A033345EF9E70D395E4F        - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll -        Microsoft® Silverlight


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files\Norton 360\Engine\21.4.0.13\Exts\Chrome.crx[26.06.2014 12:22]


==== Chrome Fix ======================

C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.omiga-plus.com_0.localstorage deleted successfully
C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.omiga-plus.com_0.localstorage-journal deleted successfully
C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.bing.com"
"Search Bar"="hxxp://www.bing.com"
"Default_Page_URL"="hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1113&m=aspire_7738"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Default_Search_URL"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://www.google.com"
"SearchAssistant"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://www.bing.com"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="hxxp://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{70AD605D-D41B-4E48-B5F3-C6EB2A63A2AF} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW"

==== Reset Google Chrome ======================

C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyOverride"="*.local"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\omiga-plus uninstall deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\PramoxLaptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\PramoxLaptop\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\PramoxLaptop\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\PramoxLaptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\PramoxLaptop\AppData\Local\Mozilla\Firefox\Profiles\et5cxbr7.default-1405707576517\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\PramoxLaptop\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=138 folders=24 16855643 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\PramoxLaptop\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\PRAMOX~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\PramoxLaptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on 20.07.2014 at 17:47:01,03 ======================

M-K-D-B 21.07.2014 10:58
Kannst du mir bitte noch die richtige Logdatei von MBAM posten... und zwar die des letzten Suchlaufs. Danke!




Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
C:\Program Files\trolatunt
C:\Program Files\PHD-V1.4
C:\Users\PramoxLaptop\Downloads\SharePod - CHIP-Installer.exe
Reboot:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    :regfind
    trolatunt
    PHD-V1.4
    globalUpdate
    IePluginServices
    software4u
    SupTab
    omiga-plus
    WindowsMangerProtect
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.






Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 4
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.





Schritt 5
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von SystemLook,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck,
  • die beiden neuen Logdateien von FRST.

pramox 21.07.2014 19:27
Glaube bei ESET sind die Einstellung nun etwas anders, teilweise mussten die Haken schon oben gesetzt werden, anderes war dann unter "erweitert". Hoffe ich habe alles richtig gemacht.


Hier die richtige MBAM

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 21.07.2014
Suchlauf-Zeit: 18:56:26
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.21.05
Rootkit Datenbank: v2014.07.17.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: PramoxLaptop

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 256553
Verstrichene Zeit: 7 Min, 40 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:20-07-2014
Ran by PramoxLaptop at 2014-07-21 19:10:18 Run:2
Running from C:\Users\PramoxLaptop\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
C:\Program Files\trolatunt
C:\Program Files\PHD-V1.4
C:\Users\PramoxLaptop\Downloads\SharePod - CHIP-Installer.exe
Reboot:
end
*****************

"C:\Program Files\trolatunt" => File/Directory not found.
"C:\Program Files\PHD-V1.4" => File/Directory not found.
"C:\Users\PramoxLaptop\Downloads\SharePod - CHIP-Installer.exe" => File/Directory not found.


The system needed a reboot.

==== End of Fixlog ====


Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 19:15 on 21/07/2014 by PramoxLaptop
Administrator - Elevation successful

========== regfind ==========

Searching for "trolatunt"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\trolatunt]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\InprocServer32]
@="C:\Program Files\trolatunt\bin\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\1.0\0\win32]
@="C:\Program Files\trolatunt\bin\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\1.0\HELPDIR]
@="C:\Program Files\trolatunt\bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\trolatunt]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\trolatunt]
"DisplayName"="trolatunt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\trolatunt]
"UninstallString"="C:\Program Files\trolatunt\trolatuntuninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\trolatunt]
"QuietUninstallString"="C:\Program Files\trolatunt\trolatuntuninstall.exe /S"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\trolatunt]
"InstallLocation"="C:\Program Files\trolatunt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\trolatunt]
"DisplayIcon"="C:\Program Files\trolatunt\trolatunt.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\trolatunt]
"Publisher"="trolatunt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\trolatunt]
"HelpLink"="mailto:support@trolatunt.co"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\trolatunt]
"URLUpdateInfo"="hxxp://trolatunt.co"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\trolatunt]
"URLInfoAbout"="hxxp://trolatunt.co/support"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Update trolatunt]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Util trolatunt]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Update trolatunt]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Util trolatunt]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update trolatunt]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util trolatunt]
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\trolatunt]

Searching for "PHD-V1.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{148A86A1-64D1-40A1-9F59-928E184B80CB}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{17133C8B-C81F-4297-ACA2-E3743812DB12}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{18C82B27-E11A-4265-8E9E-DBCB4BD1C791}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{199981DA-FB5D-443A-A842-F139D91C4B7}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B94ECA0-AC08-41EE-8217-21FCAF962796}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1CD325F-8185-46A2-BBA8-FC77D4B352E5}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2184378E-1543-40D1-881C-296921B03842}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{221A6433-800F-4725-B71B-5267702258BD}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AECE5F5-859B-4118-95A2-25BD94F9377}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{351FA02B-1FBC-4A86-B461-D5BF2B374B89}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{368A89BB-5541-4722-86AB-E96271D49F68}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{43442018-9EF-428F-A064-3B89D9706E7F}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B8C248C-F764-48AF-BA76-969BE681AFF4}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{58702F20-F3F2-4124-9994-E0475422EBA4}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C23937B-DABB-4E1E-ADAF-2CEEE242233C}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65073E3A-85AB-4050-80EF-B812F91299FA}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{651250B1-784B-4CF8-8E29-46828F33D85A}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D3ABA03-7F63-4A05-838-1F6F57E118A3}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DDC11A6-18AA-43F1-B434-42BB2D6125CB}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7EE73BB3-150-4FD6-BE98-4EA1B4673D6}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80BE20EE-618B-485F-8E85-A179FC268DC}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8AAD159D-6324-4056-A863-CF4BD2CEE05A}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B31471C-2463-4783-A41D-EFB185AFF63}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A16D6856-8B2A-4C31-94B8-992310B2EC9}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8C1E22D-36D5-4253-BAA-EB59F0282437}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A9677564-1FEE-4217-A96C-C962848EBCFD}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b130f5c2-be3e-4451-b2ef-854f50257d6d}]
"AppName"="PHD-V1.4-bg.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b130f5c2-be3e-4451-b2ef-854f50257d6d}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B28D41DF-191-4B5F-A1EC-F6AA24C8A83}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B3DA887C-A992-491E-AA81-85A67F831A36}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B6C6BE5F-E640-4EDC-BEB3-44662DE38C47}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB0A79A-D5B6-41F3-B280-B530CE8CAC8}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cc6b9281-ecfe-402e-b28a-d1d74e9b8f30}]
"AppName"="PHD-V1.4-codedownloader.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cc6b9281-ecfe-402e-b28a-d1d74e9b8f30}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D029A279-1829-4815-89E-7DCFC96477D3}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDEAD927-B420-4A7D-968B-24CD9E61FDE2}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC62F9D2-6768-415A-8E54-9C14D9886F50}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0F1A295-72A7-4F91-B41A-FF9C2BA2BD9A}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD0034C7-37-45B7-A056-B76968EB8A6C}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FDA5087A-6BF0-497B-9F3-D9BE724546C2}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PHD-V1.4]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\PHD-V1.4]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b130f5c2-be3e-4451-b2ef-854f50257d6d}]
"AppName"="PHD-V1.4-bg.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b130f5c2-be3e-4451-b2ef-854f50257d6d}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cc6b9281-ecfe-402e-b28a-d1d74e9b8f30}]
"AppName"="PHD-V1.4-codedownloader.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cc6b9281-ecfe-402e-b28a-d1d74e9b8f30}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\PHD-V1.4]
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{148A86A1-64D1-40A1-9F59-928E184B80CB}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{17133C8B-C81F-4297-ACA2-E3743812DB12}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{18C82B27-E11A-4265-8E9E-DBCB4BD1C791}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{199981DA-FB5D-443A-A842-F139D91C4B7}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B94ECA0-AC08-41EE-8217-21FCAF962796}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1CD325F-8185-46A2-BBA8-FC77D4B352E5}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2184378E-1543-40D1-881C-296921B03842}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{221A6433-800F-4725-B71B-5267702258BD}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AECE5F5-859B-4118-95A2-25BD94F9377}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{351FA02B-1FBC-4A86-B461-D5BF2B374B89}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{368A89BB-5541-4722-86AB-E96271D49F68}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{43442018-9EF-428F-A064-3B89D9706E7F}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B8C248C-F764-48AF-BA76-969BE681AFF4}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{58702F20-F3F2-4124-9994-E0475422EBA4}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C23937B-DABB-4E1E-ADAF-2CEEE242233C}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65073E3A-85AB-4050-80EF-B812F91299FA}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{651250B1-784B-4CF8-8E29-46828F33D85A}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D3ABA03-7F63-4A05-838-1F6F57E118A3}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DDC11A6-18AA-43F1-B434-42BB2D6125CB}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7EE73BB3-150-4FD6-BE98-4EA1B4673D6}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80BE20EE-618B-485F-8E85-A179FC268DC}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8AAD159D-6324-4056-A863-CF4BD2CEE05A}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B31471C-2463-4783-A41D-EFB185AFF63}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A16D6856-8B2A-4C31-94B8-992310B2EC9}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8C1E22D-36D5-4253-BAA-EB59F0282437}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A9677564-1FEE-4217-A96C-C962848EBCFD}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b130f5c2-be3e-4451-b2ef-854f50257d6d}]
"AppName"="PHD-V1.4-bg.exe"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b130f5c2-be3e-4451-b2ef-854f50257d6d}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B28D41DF-191-4B5F-A1EC-F6AA24C8A83}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B3DA887C-A992-491E-AA81-85A67F831A36}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B6C6BE5F-E640-4EDC-BEB3-44662DE38C47}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB0A79A-D5B6-41F3-B280-B530CE8CAC8}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cc6b9281-ecfe-402e-b28a-d1d74e9b8f30}]
"AppName"="PHD-V1.4-codedownloader.exe"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cc6b9281-ecfe-402e-b28a-d1d74e9b8f30}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D029A279-1829-4815-89E-7DCFC96477D3}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDEAD927-B420-4A7D-968B-24CD9E61FDE2}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC62F9D2-6768-415A-8E54-9C14D9886F50}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0F1A295-72A7-4F91-B41A-FF9C2BA2BD9A}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD0034C7-37-45B7-A056-B76968EB8A6C}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FDA5087A-6BF0-497B-9F3-D9BE724546C2}]
"AppPath"="C:\Program Files\PHD-V1.4"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PHD-V1.4]
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\PHD-V1.4]
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\PHD-V1.4]
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\PHD-V1.4]

Searching for "globalUpdate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}]
"LocalService"="globalUpdatem"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}]
"LocalService"="globalUpdate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}\InprocHandler32]
@="C:\Program Files\globalUpdate\Update\1.3.25.0\psmachine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}\ProgID]
@="globalUpdateUpdate.OnDemandCOMClassSvc.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}\VersionIndependentProgID]
@="globalUpdateUpdate.OnDemandCOMClassSvc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}\ProgID]
@="globalUpdateUpdate.CoreClass.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}\VersionIndependentProgID]
@="globalUpdateUpdate.CoreClass"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}]
@="globalUpdate Update Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}\InprocServer32]
@="C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}\ProgID]
@="globalUpdate.OneClickCtrl.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}\ProgID]
@="globalUpdateUpdate.Update3COMClassService.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}\VersionIndependentProgID]
@="globalUpdateUpdate.Update3COMClassService"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}]
@="globalUpdate.OneClickProcessLauncher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}\LocalServer32]
@=""C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}\ProgID]
@="globalUpdate.OneClickProcessLauncherMachine.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}\VersionIndependentProgID]
@="globalUpdate.OneClickProcessLauncherMachine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}]
"LocalizedString"="@C:\Program Files\globalUpdate\Update\1.3.25.0\goopdate.dll,-3000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}\Elevation]
"IconReference"="@C:\Program Files\globalUpdate\Update\1.3.25.0\goopdate.dll,-1004"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}\LocalServer32]
@=""C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}\ProgID]
@="globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}\VersionIndependentProgID]
@="globalUpdateUpdate.OnDemandCOMClassMachineFallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}]
"LocalizedString"="@C:\Program Files\globalUpdate\Update\1.3.25.0\goopdate.dll,-3000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}\Elevation]
"IconReference"="@C:\Program Files\globalUpdate\Update\1.3.25.0\goopdate.dll,-1004"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}\LocalServer32]
@=""C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}\ProgID]
@="globalUpdateUpdate.CoreMachineClass.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}\VersionIndependentProgID]
@="globalUpdateUpdate.CoreMachineClass"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}\ProgID]
@="globalUpdateUpdate.Update3WebSvc.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}\VersionIndependentProgID]
@="globalUpdateUpdate.Update3WebSvc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}\LocalServer32]
@=""C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}\ProgID]
@="globalUpdateUpdate.CredentialDialogMachine.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}\VersionIndependentProgID]
@="globalUpdateUpdate.CredentialDialogMachine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}\LocalServer32]
@=""C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}\ProgID]
@="globalUpdateUpdate.ProcessLauncher.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}\VersionIndependentProgID]
@="globalUpdateUpdate.ProcessLauncher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}]
"LocalizedString"="@C:\Program Files\globalUpdate\Update\1.3.25.0\goopdate.dll,-3000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}\Elevation]
"IconReference"="@C:\Program Files\globalUpdate\Update\1.3.25.0\goopdate.dll,-1004"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}\LocalServer32]
@=""C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}\ProgID]
@="globalUpdateUpdate.OnDemandCOMClassMachine.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}\VersionIndependentProgID]
@="globalUpdateUpdate.OnDemandCOMClassMachine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}]
@="globalUpdate Update Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}\InprocServer32]
@="C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}\ProgID]
@="globalUpdate.Update3WebControl.4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}\InProcServer32]
@="C:\Program Files\globalUpdate\Update\1.3.25.0\psmachine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}\LocalServer32]
@=""C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}\ProgID]
@="globalUpdateUpdate.CoCreateAsync.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}\VersionIndependentProgID]
@="globalUpdateUpdate.CoCreateAsync"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}\InprocServer32]
@="C:\Program Files\globalUpdate\Update\1.3.25.0\psmachine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}]
"LocalizedString"="@C:\Program Files\globalUpdate\Update\1.3.25.0\goopdate.dll,-3000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}\Elevation]
"IconReference"="@C:\Program Files\globalUpdate\Update\1.3.25.0\goopdate.dll,-1004"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}\LocalServer32]
@=""C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}\ProgID]
@="globalUpdateUpdate.Update3WebMachineFallback.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}\VersionIndependentProgID]
@="globalUpdateUpdate.Update3WebMachineFallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}]
"LocalizedString"="@C:\Program Files\globalUpdate\Update\1.3.25.0\goopdate.dll,-3000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}\Elevation]
"IconReference"="@C:\Program Files\globalUpdate\Update\1.3.25.0\goopdate.dll,-1004"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}\LocalServer32]
@=""C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}\ProgID]
@="globalUpdateUpdate.Update3WebMachine.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}\VersionIndependentProgID]
@="globalUpdateUpdate.Update3WebMachine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10]
@="globalUpdate Update Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine]
@="globalUpdate.OneClickProcessLauncher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine\CurVer]
@="globalUpdate.OneClickProcessLauncherMachine.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0]
@="globalUpdate.OneClickProcessLauncher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdate.Update3WebControl.4]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdate.Update3WebControl.4]
@="globalUpdate Update Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync\CurVer]
@="globalUpdateUpdate.CoCreateAsync.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CoreClass]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CoreClass\CurVer]
@="globalUpdateUpdate.CoreClass.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass\CurVer]
@="globalUpdateUpdate.CoreMachineClass.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine\CurVer]
@="globalUpdateUpdate.CredentialDialogMachine.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine\CurVer]
@="globalUpdateUpdate.OnDemandCOMClassMachine.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback\CurVer]
@="globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc\CurVer]
@="globalUpdateUpdate.OnDemandCOMClassSvc.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher\CurVer]
@="globalUpdateUpdate.ProcessLauncher.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService\CurVer]
@="globalUpdateUpdate.Update3COMClassService.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine\CurVer]
@="globalUpdateUpdate.Update3WebMachine.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback\CurVer]
@="globalUpdateUpdate.Update3WebMachineFallback.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc\CurVer]
@="globalUpdateUpdate.Update3WebSvc.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}]
"AppPath"="C:\Program Files\globalUpdate\Update"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}]
"AppPath"="C:\Program Files\globalUpdate\Update\1.3.25.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA]

Searching for "IePluginServices"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\IePluginServices]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\IePluginServices]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices]

Searching for "software4u"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"iDevice Manager Launcher"=""C:\Program Files\Software4u\iDevice Manager\Software4u.IDMLauncher.exe" /run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FE5AE7DC-7B01-4263-A94C-B4526C276550_is1]
"Inno Setup: App Path"="C:\Program Files\Software4u\iDevice Manager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FE5AE7DC-7B01-4263-A94C-B4526C276550_is1]
"InstallLocation"="C:\Program Files\Software4u\iDevice Manager\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FE5AE7DC-7B01-4263-A94C-B4526C276550_is1]
"DisplayIcon"="C:\Program Files\Software4u\iDevice Manager\Software4u.IDeviceManager.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FE5AE7DC-7B01-4263-A94C-B4526C276550_is1]
"UninstallString"=""C:\Program Files\Software4u\iDevice Manager\unins000.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FE5AE7DC-7B01-4263-A94C-B4526C276550_is1]
"QuietUninstallString"=""C:\Program Files\Software4u\iDevice Manager\unins000.exe" /SILENT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FE5AE7DC-7B01-4263-A94C-B4526C276550_is1]
"URLInfoAbout"="hxxp://www.software4u.de"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FE5AE7DC-7B01-4263-A94C-B4526C276550_is1]
"HelpLink"="hxxp://forum.software4u.de"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FE5AE7DC-7B01-4263-A94C-B4526C276550_is1]
"URLUpdateInfo"="hxxp://www.software4u.de/download.aspx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{43D2B907-4427-4454-858D-FA431CD5464B}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Software4u\iDevice Manager\Software4u.IDeviceManager.exe|Name=iDevice Manager|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D8A5CC63-B0B4-4E13-ACE0-A69AECE56111}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Software4u\iDevice Manager\Software4u.IDeviceManager.exe|Name=iDevice Manager|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{43D2B907-4427-4454-858D-FA431CD5464B}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Software4u\iDevice Manager\Software4u.IDeviceManager.exe|Name=iDevice Manager|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D8A5CC63-B0B4-4E13-ACE0-A69AECE56111}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Software4u\iDevice Manager\Software4u.IDeviceManager.exe|Name=iDevice Manager|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{43D2B907-4427-4454-858D-FA431CD5464B}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Software4u\iDevice Manager\Software4u.IDeviceManager.exe|Name=iDevice Manager|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D8A5CC63-B0B4-4E13-ACE0-A69AECE56111}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Software4u\iDevice Manager\Software4u.IDeviceManager.exe|Name=iDevice Manager|Edge=FALSE|"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"iDevice Manager Launcher"=""C:\Program Files\Software4u\iDevice Manager\Software4u.IDMLauncher.exe" /run"

Searching for "SupTab"
No data found.

Searching for "omiga-plus"
[HKEY_CURRENT_USER\Software\SupHpUISoft]
"url"="hxxp://isearch.omiga-plus.com/?type=hp&ts=1405699928&from=smt&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309UD2416D2416"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\SupHpUISoft]
"url"="hxxp://isearch.omiga-plus.com/?type=hp&ts=1405699928&from=smt&uid=WDCXWD5000BEVT-22ZAT0_WD-WXN309UD2416D2416"

Searching for "WindowsMangerProtect"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WindowsMangerProtect]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect]
"DisplayName"="WindowsMangerProtect20.0.0.502"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect]
"UninstallString"="C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -uninstall"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect]
"DisplayIcon"="C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe"
[HKEY_USERS\S-1-5-21-1096382573-999743387-1970358641-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WindowsMangerProtect]

-= EOF =-


Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ec24771ae2cc3343a4c27318cc7344c0
# engine=19277
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-21 06:09:18
# local_time=2014-07-21 08:09:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Norton 360'
# compatibility_mode=3598 16777213 100 100 479639 156628654 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 95 20151814 243498886 0 0
# compatibility_mode_1='Emsisoft Anti-Malware'
# compatibility_mode=16641 16777213 83 65 15560626 207208446 0 0
# scanned=131560
# found=24
# cleaned=0
# scan_time=2450
sh=BB3752D2131C964718E918AEB456F2A20F9C3D56 ft=1 fh=a8d087ddbacdd236 vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\uninstall.exe.vir"
sh=2C72C2967E07E465C85E06D7DE9F53AE59FD524C ft=1 fh=818637f81cd0ffe9 vn="Variante von Win32/ELEX.AB evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SupIePluginServiceUpdate.exe.vir"
sh=DC534EE9AC7785306C6076460E3DF9C7B0AD3799 ft=1 fh=97dff54846362986 vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SupTab.dll.vir"
sh=309BB3228B3E62D4F2B2C494CF3E2D7B9C8B318E ft=1 fh=f039ac92f67c503d vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\trolatunt\updatetrolatunt.exe.vir"
sh=101CAB94B46041BB3B8FB28CA20CD902EFCF8A1E ft=1 fh=f0059b44e4aa5391 vn="Variante von Win32/BrowseFox.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\trolatunt\bin\trolatunt.BrowserAdapter.exe.vir"
sh=5449DDA670D77301AC497B449314E54A7CAE8745 ft=1 fh=089aaacd01dfeed3 vn="Variante von Win32/BrowseFox.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\trolatunt\bin\trolatunt.PurBrowse.exe.vir"
sh=60DB4E5996D5DFD25BE8FD78A069956029878801 ft=1 fh=5f4c160dd99176cf vn="Variante von Win32/BrowseFox.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\trolatunt\bin\trolatuntBAApp.dll.vir"
sh=309BB3228B3E62D4F2B2C494CF3E2D7B9C8B318E ft=1 fh=f039ac92f67c503d vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\trolatunt\bin\utiltrolatunt.exe.vir"
sh=9A55AA0CD858CB70DF6719060B2CA09568DE818A ft=1 fh=639214ade3a784a5 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\trolatunt\bin\plugins\trolatunt.Bromon.dll.vir"
sh=1212947AB6DE1D79E327DF5FEC31199CC5A314F5 ft=1 fh=c6c15dd593359131 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\trolatunt\bin\plugins\trolatunt.BroStats.dll.vir"
sh=967D685AF88DB35F57626B68CD118B0682113211 ft=1 fh=75b5d19c75b1583d vn="möglicherweise Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\trolatunt\bin\plugins\trolatunt.BrowserAdapterS.dll.vir"
sh=F17C8BB73E283EC6654222E1C5D951C861DE2F51 ft=1 fh=15e13923b7b6d5fa vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\trolatunt\bin\plugins\trolatunt.CompatibilityChecker.dll.vir"
sh=59BBEA1AFE84B0B705F65AD41B28DEFB473D3319 ft=1 fh=3a6e0b05763ee0e5 vn="Variante von MSIL/BrowseFox.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\trolatunt\bin\plugins\trolatunt.FFUpdate.dll.vir"
sh=D219638943380C07C4FB2BEDA27200144066747B ft=1 fh=21f0eb0da6dc95eb vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\trolatunt\bin\plugins\trolatunt.IEUpdate.dll.vir"
sh=28A402C4ED2937462A2330F703E1C71897E4BF9D ft=1 fh=0abd6273958eff1c vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\trolatunt\bin\plugins\trolatunt.PurBrowseG.dll.vir"
sh=2C72C2967E07E465C85E06D7DE9F53AE59FD524C ft=1 fh=818637f81cd0ffe9 vn="Variante von Win32/ELEX.AB evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=9CA8EBFF024F34D076C7BFFF92B978D99251DC66 ft=1 fh=03cf8fdbea9a76d3 vn="Variante von Win32/ELEX.AM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=8578D27065EE73A497345A094FE08D5D8FC38C2D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PramoxLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\et5cxbr7.default-1405707576517\Extensions\508d4e2f-a469-421d-a294-135dbb84fe1b@f7b17943-cc9e-4d4a-b223-0bd1e7cfc871.com\extensionData\plugins\91.js.vir"
sh=CC55F75767D3A084046493652EFC2175A044F63E ft=1 fh=f1da04dff6795e53 vn="Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PramoxLaptop\AppData\Roaming\OpenCandy\1BBF47C833C44C32A59F1D886F95AD4A\Installer.exe.vir"
sh=101CAB94B46041BB3B8FB28CA20CD902EFCF8A1E ft=1 fh=f0059b44e4aa5391 vn="Variante von Win32/BrowseFox.I evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files\trolatunt\bin\trolatunt.BrowserAdapter.exe"
sh=60DB4E5996D5DFD25BE8FD78A069956029878801 ft=1 fh=5f4c160dd99176cf vn="Variante von Win32/BrowseFox.I evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files\trolatunt\bin\trolatuntBAApp.dll"
sh=8687D32074B6CD5E44360C97CF2972C227E1C773 ft=1 fh=966ed316e3499b14 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\PramoxLaptop\Downloads\SharePod - CHIP-Installer.exe.xBAD"
sh=63C07F52802B59710924F75C01DCFEFFA338E063 ft=1 fh=43a6f6e7aec8b73c vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="C:\Users\PramoxLaptop\Desktop\Pramox\Musik\FreeYouTubeToMP3Converter105.exe"
sh=33953161AEA77F64F2DB2DD49180176357184785 ft=1 fh=70f2756a65e31bad vn="Win32/Somoto.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\PramoxLaptop\Downloads\MP4Joiner-2.1.2-win32.exe"

Code:
Results of screen317's Security Check version 0.99.85 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
Norton 360   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player        14.0.0.145 
 Adobe Reader 10.1.10 Adobe Reader out of Date! 
 Mozilla Firefox (30.0)
 Mozilla Thunderbird (24.6.0)
 Google Chrome 35.0.1916.153 
 Google Chrome 36.0.1985.125 
````````Process Check: objlist.exe by Laurent```````` 
 Emsisoft Anti-Malware a2service.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:20-07-2014
Ran by PramoxLaptop (administrator) on PRAMOXLAPTOP-PC on 21-07-2014 20:21:02
Running from C:\Users\PramoxLaptop\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.4.0.13\n360.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AlcorMicro Co., Ltd.) C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
() C:\Windows\PLFSetI.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHLE.EXE
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.4.0.13\n360.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHLE.EXE
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHLE.EXE
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\AcerVCM.exe
() C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Realtek Semiconductor Corp.) C:\Users\PramoxLaptop\AppData\Local\Temp\RtkBtMnt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(RPA Technology) C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [ProductReg] => C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2008-11-17] (Acer)
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHLE.EXE [249440 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [EPLTarget\P0000000000000002] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHLE.EXE [249440 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [EPLTarget\P0000000000000003] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHLE.EXE [249440 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [iPhone PC Suite] => C:\Program Files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe /start
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [iDevice Manager Launcher] => "C:\Program Files\Software4u\iDevice Manager\Software4u.IDMLauncher.exe" /run
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Air Mouse.lnk
ShortcutTarget: Air Mouse.lnk -> C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe ()
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360\Engine\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360\Engine\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360\Engine\21.4.0.13\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\PramoxLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\et5cxbr7.default-1405707576517
FF NewTab: hxxp://www.google.com/
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\PramoxLaptop\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-11-29]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-01-22]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-07-21]

========================== Services (Whitelisted) =================

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4161512 2013-12-04] (Emsisoft GmbH)
R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3526136 2013-08-27] (devolo AG)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [666144 2009-03-11] (Acer Incorporated)
R2 N360; C:\Program Files\Norton 360\Engine\21.4.0.13\N360.exe [265040 2014-06-27] (Symantec Corporation)
S2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [44800 2009-03-20] (NewTech Infosystems, Inc.)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.)
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [237568 2008-11-27] (Acer Incorporated) [File not signed]

==================== Drivers (Whitelisted) ====================

S3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [57944 2013-08-24] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [14432 2013-03-28] (Emsisoft GmbH)
R1 BHDrvx86; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140703.001\BHDrvx86.sys [1101616 2014-05-10] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1504000.00D\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)
S3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-06-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [109872 2014-06-11] (Symantec Corporation)
R2 FPSensor; C:\Windows\System32\Drivers\FPSensor.sys [26928 2008-12-24] (Egis)
R3 hidshim; C:\Windows\System32\DRIVERS\hidshim.sys [5632 2008-10-08] (Windows (R) Codename Longhorn DDK provider)
R1 IDSVix86; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140718.001\IDSvix86.sys [395992 2014-03-29] (Symantec Corporation)
R3 NAVENG; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140721.001\NAVENG.SYS [93272 2014-05-14] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140721.001\NAVEX15.SYS [1612376 2014-05-14] (Symantec Corporation)
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2013-08-21] (CACE Technologies) [File not signed]
R3 nuvotonhidgeneric; C:\Windows\System32\DRIVERS\nuvotonhidgeneric.sys [22528 2008-10-08] (Nuvoton Technology Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360\1504000.00D\SRTSP.SYS [664280 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1504000.00D\SRTSPX.SYS [32344 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1504000.00D\SYMDS.SYS [367704 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1504000.00D\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-01-22] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1504000.00D\Ironx86.SYS [206936 2013-09-27] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\1504000.00D\SYMTDIV.SYS [384728 2014-02-18] (Symantec Corporation)
S2 int15; \??\c:\Windows\system32\drivers\int15.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Netaapl; system32\DRIVERS\netaapl.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSBXP.SYS [49408 2013-09-06] (Seiko Epson Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-21 20:19 - 2014-07-21 20:21 - 00014812 _____ () C:\Users\PramoxLaptop\Desktop\FRST.txt
2014-07-21 20:17 - 2014-07-21 20:17 - 00000925 _____ () C:\Users\PramoxLaptop\Desktop\checkup.txt
2014-07-21 19:15 - 2014-07-21 19:18 - 00076686 _____ () C:\Users\PramoxLaptop\Desktop\SystemLook.txt
2014-07-21 19:07 - 2014-07-21 19:08 - 00001169 _____ () C:\Users\PramoxLaptop\Desktop\mbam.txt
2014-07-21 18:58 - 2014-07-21 18:58 - 02347384 _____ (ESET) C:\Users\PramoxLaptop\Desktop\esetsmartinstaller_deu.exe
2014-07-21 18:58 - 2014-07-21 18:58 - 00854390 _____ () C:\Users\PramoxLaptop\Desktop\SecurityCheck.exe
2014-07-21 18:56 - 2014-07-21 18:56 - 00139264 _____ () C:\Users\PramoxLaptop\Desktop\SystemLook.exe
2014-07-21 18:49 - 2014-07-21 18:49 - 01080320 _____ (Farbar) C:\Users\PramoxLaptop\Desktop\FRST.exe
2014-07-20 19:30 - 2014-07-20 19:35 - 323429482 _____ () C:\Users\PramoxLaptop\Desktop\WM 2014 - Siegesfeier Berlin 2 von 2.mp4
2014-07-20 17:48 - 2014-07-20 17:48 - 00024644 _____ () C:\Users\PramoxLaptop\Desktop\zoek-results.txt
2014-07-20 17:44 - 2014-07-20 17:22 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-07-20 17:25 - 2014-07-20 17:47 - 00024644 _____ () C:\zoek-results.log
2014-07-20 17:22 - 2014-07-20 17:42 - 00000000 ____D () C:\zoek_backup
2014-07-20 17:04 - 2014-07-21 18:55 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-20 17:04 - 2014-07-20 17:04 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-20 17:04 - 2014-07-20 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-20 17:04 - 2014-07-20 17:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-20 17:04 - 2014-07-20 17:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-20 17:04 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-20 17:04 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-20 17:04 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-20 17:01 - 2014-07-20 16:57 - 00011756 _____ () C:\Users\PramoxLaptop\Desktop\AdwCleaner[S3].txt
2014-07-20 16:12 - 2014-07-20 16:13 - 01287168 _____ () C:\Users\PramoxLaptop\Desktop\zoek.exe
2014-07-20 16:12 - 2014-07-20 16:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\PramoxLaptop\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-20 16:11 - 2014-07-20 16:11 - 01354223 _____ () C:\Users\PramoxLaptop\Desktop\adwcleaner_3.216.exe
2014-07-18 21:36 - 2014-07-18 21:41 - 318325712 _____ () C:\Users\PramoxLaptop\Desktop\WM 2014 - Siegesfeier Berlin 1 von 2.mp4
2014-07-18 20:49 - 2014-07-21 20:21 - 00000000 ____D () C:\FRST
2014-07-18 20:36 - 2014-07-18 20:36 - 00000000 ____D () C:\Users\PramoxLaptop\Documents\Symantec
2014-07-18 18:07 - 2014-07-18 18:07 - 00000906 _____ () C:\Users\PramoxLaptop\Desktop\MP4Joiner.lnk
2014-07-18 18:07 - 2014-07-18 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4Joiner
2014-07-18 18:06 - 2014-07-18 18:07 - 00000000 ____D () C:\Program Files\MP4Joiner
2014-07-18 18:05 - 2014-07-18 18:06 - 08088746 _____ ( ) C:\Users\PramoxLaptop\Downloads\MP4Joiner-2.1.2-win32.exe
2014-07-16 20:25 - 2014-07-16 20:25 - 00002056 _____ () C:\Users\Public\Desktop\Free MP4 Video Converter.lnk
2014-07-16 20:21 - 2014-07-16 20:22 - 32691984 _____ (DVDVideoSoft Ltd. ) C:\Users\PramoxLaptop\Downloads\FreeMP4VideoConverter.exe
2014-07-16 20:19 - 2014-07-16 20:23 - 00000000 ____D () C:\ProgramData\Freemake
2014-07-16 20:19 - 2014-07-16 20:19 - 00000000 ____D () C:\Users\PramoxLaptop\Documents\Freemake
2014-07-16 20:18 - 2014-07-16 20:22 - 00000000 ____D () C:\Program Files\Freemake
2014-07-16 20:17 - 2014-07-16 20:17 - 01268264 _____ (Ellora Assets Corporation ) C:\Users\PramoxLaptop\Downloads\FreemakeVideoConverterSetup.exe
2014-07-16 20:02 - 2014-07-16 20:02 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\HandBrake
2014-07-16 19:59 - 2014-07-20 17:40 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-07-16 19:59 - 2014-07-16 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-07-16 19:59 - 2014-07-16 20:25 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-07-16 19:59 - 2014-07-16 20:00 - 00002056 _____ () C:\Users\Public\Desktop\Free DVD Video Converter.lnk
2014-07-16 19:59 - 2014-07-16 19:59 - 00001036 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-07-16 19:58 - 2014-07-16 20:25 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\DVDVideoSoft
2014-07-15 20:48 - 2014-07-15 20:48 - 37146304 _____ (DVDVideoSoft Ltd. ) C:\Users\PramoxLaptop\Downloads\FreeDVDVideoConverter-2.0.20.623.exe
2014-07-15 19:36 - 2014-07-15 19:36 - 00001668 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-15 19:36 - 2014-07-15 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-15 19:36 - 2012-08-21 13:01 - 00026840 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-07-15 19:35 - 2014-07-15 19:36 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-15 19:35 - 2014-07-15 19:36 - 00000000 ____D () C:\Program Files\iTunes
2014-07-15 19:35 - 2014-07-15 19:35 - 00000000 ____D () C:\Program Files\iPod
2014-07-15 19:34 - 2014-07-15 19:34 - 00001830 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-07-15 19:34 - 2014-07-15 19:34 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-07-15 19:30 - 2014-07-15 19:35 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-15 19:27 - 2014-07-15 19:28 - 111992144 _____ (Apple Inc.) C:\Users\PramoxLaptop\Downloads\iTunesSetup(1).exe
2014-07-14 19:22 - 2014-07-14 19:22 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\IsolatedStorage
2014-07-14 19:22 - 2014-07-14 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDevice Manager
2014-07-14 19:19 - 2014-07-14 19:19 - 04101456 _____ (Marx Softwareentwicklung ) C:\Users\PramoxLaptop\Downloads\IDMSetup34.exe
2014-07-14 19:19 - 2014-07-14 19:19 - 00000000 ____D () C:\Users\PramoxLaptop\Documents\91 Mobile
2014-07-14 19:18 - 2014-07-14 19:18 - 00000000 ____D () C:\Program Files\NetDragon
2014-07-14 18:22 - 2014-07-14 18:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl_01009.Wdf
2014-07-14 17:36 - 2014-07-14 17:43 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\WindSolutions
2014-07-14 17:36 - 2014-07-14 17:37 - 00000000 ____D () C:\ProgramData\WindSolutions
2014-07-14 17:35 - 2014-07-14 17:36 - 05102256 _____ (WindSolutions) C:\Users\PramoxLaptop\Downloads\Install_CopyTransControlCenter.exe
2014-07-13 12:30 - 2014-06-07 02:19 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-13 12:29 - 2014-06-07 02:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-13 12:29 - 2014-06-07 01:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-13 12:29 - 2014-06-07 01:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-13 12:29 - 2014-06-07 01:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-13 12:29 - 2014-06-07 01:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-13 12:29 - 2014-06-07 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-13 12:29 - 2014-06-07 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-13 12:29 - 2014-06-07 00:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-13 12:29 - 2014-06-07 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-13 12:29 - 2014-06-07 00:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-13 12:29 - 2014-06-07 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-13 12:29 - 2014-06-07 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-13 12:29 - 2014-06-07 00:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-13 12:29 - 2014-06-07 00:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-13 12:29 - 2014-06-07 00:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-13 12:29 - 2014-06-07 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-13 12:29 - 2014-06-07 00:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-13 12:29 - 2014-06-07 00:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-13 12:29 - 2014-06-07 00:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-13 12:29 - 2014-06-07 00:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-13 12:29 - 2014-06-07 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-13 12:29 - 2014-06-06 10:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-13 12:29 - 2014-05-30 08:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 16:29 - 2014-07-09 16:29 - 01058200 _____ (Adobe) C:\Users\PramoxLaptop\Downloads\install_flashplayer14x32au_mssd_aaa_aih.exe
2014-07-03 18:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-03 18:39 - 2014-07-03 18:39 - 01346519 _____ () C:\Users\PramoxLaptop\Downloads\adwcleaner_3.214.exe
2014-07-03 17:07 - 2014-07-04 13:50 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\dvdcss
2014-07-03 12:32 - 2014-07-03 13:11 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\pangu
2014-07-03 12:29 - 2014-07-03 12:30 - 35956160 _____ () C:\Users\PramoxLaptop\Downloads\Pangu_v1.1.exe
2014-07-02 20:30 - 2014-07-02 20:30 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\AirMouse
2014-07-02 20:30 - 2014-07-02 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Air Mouse
2014-07-02 20:30 - 2014-07-02 20:30 - 00000000 ____D () C:\Program Files\Air Mouse
2014-07-02 20:29 - 2014-07-02 20:29 - 08378272 _____ (RPA Tech, Inc ) C:\Users\PramoxLaptop\Downloads\setup2.7.0.exe
2014-07-02 20:29 - 2014-07-02 20:29 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\Downloaded Installations
2014-07-02 16:56 - 2014-07-02 16:56 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\Adobe
2014-06-29 05:29 - 2014-07-18 23:03 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-07-21 20:21 - 2014-07-21 20:19 - 00014812 _____ () C:\Users\PramoxLaptop\Desktop\FRST.txt
2014-07-21 20:21 - 2014-07-18 20:49 - 00000000 ____D () C:\FRST
2014-07-21 20:18 - 2014-03-06 20:09 - 00000604 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1096382573-999743387-1970358641-1000.job
2014-07-21 20:17 - 2014-07-21 20:17 - 00000925 _____ () C:\Users\PramoxLaptop\Desktop\checkup.txt
2014-07-21 20:12 - 2014-05-14 14:55 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-21 20:11 - 2013-11-29 21:46 - 00098588 _____ () C:\ProgramData\nvModes.001
2014-07-21 19:30 - 2014-05-14 14:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-21 19:18 - 2014-07-21 19:15 - 00076686 _____ () C:\Users\PramoxLaptop\Desktop\SystemLook.txt
2014-07-21 19:15 - 2013-11-24 14:46 - 01962925 _____ () C:\Windows\WindowsUpdate.log
2014-07-21 19:12 - 2014-05-14 14:55 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-21 19:12 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-21 19:12 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-21 19:12 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-21 19:10 - 2006-11-02 15:01 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-21 19:08 - 2014-07-21 19:07 - 00001169 _____ () C:\Users\PramoxLaptop\Desktop\mbam.txt
2014-07-21 18:58 - 2014-07-21 18:58 - 02347384 _____ (ESET) C:\Users\PramoxLaptop\Desktop\esetsmartinstaller_deu.exe
2014-07-21 18:58 - 2014-07-21 18:58 - 00854390 _____ () C:\Users\PramoxLaptop\Desktop\SecurityCheck.exe
2014-07-21 18:56 - 2014-07-21 18:56 - 00139264 _____ () C:\Users\PramoxLaptop\Desktop\SystemLook.exe
2014-07-21 18:55 - 2014-07-20 17:04 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 18:49 - 2014-07-21 18:49 - 01080320 _____ (Farbar) C:\Users\PramoxLaptop\Desktop\FRST.exe
2014-07-20 19:39 - 2013-11-29 20:30 - 00098588 _____ () C:\ProgramData\nvModes.dat
2014-07-20 19:36 - 2014-06-08 13:26 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\vlc
2014-07-20 19:36 - 2014-01-15 19:17 - 00005632 _____ () C:\Users\PramoxLaptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-20 19:35 - 2014-07-20 19:30 - 323429482 _____ () C:\Users\PramoxLaptop\Desktop\WM 2014 - Siegesfeier Berlin 2 von 2.mp4
2014-07-20 18:03 - 2013-11-24 14:55 - 00000000 ____D () C:\Users\PramoxLaptop
2014-07-20 17:48 - 2014-07-20 17:48 - 00024644 _____ () C:\Users\PramoxLaptop\Desktop\zoek-results.txt
2014-07-20 17:47 - 2014-07-20 17:25 - 00024644 _____ () C:\zoek-results.log
2014-07-20 17:46 - 2008-01-21 04:47 - 00875454 _____ () C:\Windows\PFRO.log
2014-07-20 17:42 - 2014-07-20 17:22 - 00000000 ____D () C:\zoek_backup
2014-07-20 17:40 - 2014-07-16 19:59 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-07-20 17:39 - 2014-04-07 18:21 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\CrashDumps
2014-07-20 17:22 - 2014-07-20 17:44 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-07-20 17:04 - 2014-07-20 17:04 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-20 17:04 - 2014-07-20 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-20 17:04 - 2014-07-20 17:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-20 17:04 - 2014-07-20 17:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-20 16:57 - 2014-07-20 17:01 - 00011756 _____ () C:\Users\PramoxLaptop\Desktop\AdwCleaner[S3].txt
2014-07-20 16:16 - 2014-05-14 14:55 - 00001071 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-20 16:16 - 2014-01-22 18:40 - 00000000 ____D () C:\AdwCleaner
2014-07-20 16:16 - 2013-11-24 17:31 - 00000862 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-20 16:16 - 2013-11-24 17:31 - 00000850 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-20 16:16 - 2013-11-24 14:58 - 00000963 _____ () C:\Users\PramoxLaptop\Desktop\Internet Explorer.lnk
2014-07-20 16:16 - 2006-11-02 12:23 - 00000246 _____ () C:\Windows\win.ini
2014-07-20 16:13 - 2014-07-20 16:12 - 01287168 _____ () C:\Users\PramoxLaptop\Desktop\zoek.exe
2014-07-20 16:12 - 2014-07-20 16:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\PramoxLaptop\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-20 16:11 - 2014-07-20 16:11 - 01354223 _____ () C:\Users\PramoxLaptop\Desktop\adwcleaner_3.216.exe
2014-07-18 23:03 - 2014-06-29 05:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-18 21:41 - 2014-07-18 21:36 - 318325712 _____ () C:\Users\PramoxLaptop\Desktop\WM 2014 - Siegesfeier Berlin 1 von 2.mp4
2014-07-18 20:36 - 2014-07-18 20:36 - 00000000 ____D () C:\Users\PramoxLaptop\Documents\Symantec
2014-07-18 18:07 - 2014-07-18 18:07 - 00000906 _____ () C:\Users\PramoxLaptop\Desktop\MP4Joiner.lnk
2014-07-18 18:07 - 2014-07-18 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4Joiner
2014-07-18 18:07 - 2014-07-18 18:06 - 00000000 ____D () C:\Program Files\MP4Joiner
2014-07-18 18:06 - 2014-07-18 18:05 - 08088746 _____ ( ) C:\Users\PramoxLaptop\Downloads\MP4Joiner-2.1.2-win32.exe
2014-07-16 22:17 - 2013-11-30 17:04 - 00162816 _____ () C:\Users\PramoxLaptop\Desktop\Ebay Auswertung.xls
2014-07-16 20:25 - 2014-07-16 20:25 - 00002056 _____ () C:\Users\Public\Desktop\Free MP4 Video Converter.lnk
2014-07-16 20:25 - 2014-07-16 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-07-16 20:25 - 2014-07-16 19:59 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-07-16 20:25 - 2014-07-16 19:58 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\DVDVideoSoft
2014-07-16 20:23 - 2014-07-16 20:19 - 00000000 ____D () C:\ProgramData\Freemake
2014-07-16 20:22 - 2014-07-16 20:21 - 32691984 _____ (DVDVideoSoft Ltd. ) C:\Users\PramoxLaptop\Downloads\FreeMP4VideoConverter.exe
2014-07-16 20:22 - 2014-07-16 20:18 - 00000000 ____D () C:\Program Files\Freemake
2014-07-16 20:19 - 2014-07-16 20:19 - 00000000 ____D () C:\Users\PramoxLaptop\Documents\Freemake
2014-07-16 20:17 - 2014-07-16 20:17 - 01268264 _____ (Ellora Assets Corporation ) C:\Users\PramoxLaptop\Downloads\FreemakeVideoConverterSetup.exe
2014-07-16 20:02 - 2014-07-16 20:02 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\HandBrake
2014-07-16 20:00 - 2014-07-16 19:59 - 00002056 _____ () C:\Users\Public\Desktop\Free DVD Video Converter.lnk
2014-07-16 19:59 - 2014-07-16 19:59 - 00001036 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-07-16 19:55 - 2014-03-12 16:24 - 00000000 ____D () C:\Users\PramoxLaptop\Desktop\Iphone
2014-07-16 06:55 - 2014-01-22 19:08 - 00002063 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-07-16 06:55 - 2014-01-22 19:07 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-07-16 06:55 - 2014-01-22 19:07 - 00000000 ____D () C:\Windows\system32\Drivers\N360
2014-07-15 20:48 - 2014-07-15 20:48 - 37146304 _____ (DVDVideoSoft Ltd. ) C:\Users\PramoxLaptop\Downloads\FreeDVDVideoConverter-2.0.20.623.exe
2014-07-15 19:36 - 2014-07-15 19:36 - 00001668 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-15 19:36 - 2014-07-15 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-15 19:36 - 2014-07-15 19:35 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-15 19:36 - 2014-07-15 19:35 - 00000000 ____D () C:\Program Files\iTunes
2014-07-15 19:35 - 2014-07-15 19:35 - 00000000 ____D () C:\Program Files\iPod
2014-07-15 19:35 - 2014-07-15 19:30 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-15 19:35 - 2014-03-12 16:31 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-07-15 19:34 - 2014-07-15 19:34 - 00001830 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-07-15 19:34 - 2014-07-15 19:34 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-07-15 19:30 - 2014-03-12 16:26 - 00000000 ____D () C:\ProgramData\Apple
2014-07-15 19:28 - 2014-07-15 19:27 - 111992144 _____ (Apple Inc.) C:\Users\PramoxLaptop\Downloads\iTunesSetup(1).exe
2014-07-15 19:18 - 2006-11-02 14:52 - 00124092 _____ () C:\Windows\setupact.log
2014-07-14 19:30 - 2009-02-11 22:16 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-07-14 19:22 - 2014-07-14 19:22 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\IsolatedStorage
2014-07-14 19:22 - 2014-07-14 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDevice Manager
2014-07-14 19:19 - 2014-07-14 19:19 - 04101456 _____ (Marx Softwareentwicklung ) C:\Users\PramoxLaptop\Downloads\IDMSetup34.exe
2014-07-14 19:19 - 2014-07-14 19:19 - 00000000 ____D () C:\Users\PramoxLaptop\Documents\91 Mobile
2014-07-14 19:18 - 2014-07-14 19:18 - 00000000 ____D () C:\Program Files\NetDragon
2014-07-14 18:22 - 2014-07-14 18:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl_01009.Wdf
2014-07-14 17:43 - 2014-07-14 17:36 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\WindSolutions
2014-07-14 17:37 - 2014-07-14 17:36 - 00000000 ____D () C:\ProgramData\WindSolutions
2014-07-14 17:36 - 2014-07-14 17:35 - 05102256 _____ (WindSolutions) C:\Users\PramoxLaptop\Downloads\Install_CopyTransControlCenter.exe
2014-07-13 12:55 - 2006-11-02 14:47 - 00308232 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-13 12:52 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-13 12:50 - 2013-11-30 14:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-13 12:46 - 2006-11-02 12:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-09 17:44 - 2013-12-08 14:33 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-09 17:44 - 2013-12-08 14:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 16:29 - 2014-07-09 16:29 - 01058200 _____ (Adobe) C:\Users\PramoxLaptop\Downloads\install_flashplayer14x32au_mssd_aaa_aih.exe
2014-07-06 14:31 - 2014-01-16 21:04 - 00000000 ____D () C:\Users\PramoxLaptop\Desktop\Pramox
2014-07-06 14:28 - 2014-05-29 17:36 - 00000653 _____ () C:\Users\PramoxLaptop\Desktop\Websites.txt
2014-07-04 13:50 - 2014-07-03 17:07 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\dvdcss
2014-07-03 18:39 - 2014-07-03 18:39 - 01346519 _____ () C:\Users\PramoxLaptop\Downloads\adwcleaner_3.214.exe
2014-07-03 16:27 - 2014-06-14 08:41 - 00017920 _____ () C:\Users\PramoxLaptop\Desktop\Urlaub 2014.xls
2014-07-03 13:58 - 2014-01-16 21:04 - 00000000 ____D () C:\Users\PramoxLaptop\Desktop\Nina
2014-07-03 13:11 - 2014-07-03 12:32 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\pangu
2014-07-03 12:30 - 2014-07-03 12:29 - 35956160 _____ () C:\Users\PramoxLaptop\Downloads\Pangu_v1.1.exe
2014-07-02 20:30 - 2014-07-02 20:30 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\AirMouse
2014-07-02 20:30 - 2014-07-02 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Air Mouse
2014-07-02 20:30 - 2014-07-02 20:30 - 00000000 ____D () C:\Program Files\Air Mouse
2014-07-02 20:29 - 2014-07-02 20:29 - 08378272 _____ (RPA Tech, Inc ) C:\Users\PramoxLaptop\Downloads\setup2.7.0.exe
2014-07-02 20:29 - 2014-07-02 20:29 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\Downloaded Installations
2014-07-02 16:56 - 2014-07-02 16:56 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Local\Adobe
2014-07-01 17:10 - 2013-11-24 17:26 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-29 10:43 - 2014-03-12 16:32 - 00000000 ____D () C:\Users\PramoxLaptop\AppData\Roaming\Apple Computer

Some content of TEMP:
====================
C:\Users\PramoxLaptop\AppData\Local\Temp\RtkBtMnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-21 19:18

==================== End Of Log ============================
--- --- ---



Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:20-07-2014
Ran by PramoxLaptop at 2014-07-21 20:21:32
Running from C:\Users\PramoxLaptop\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton 360 (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

7-Zip 9.22beta (HKLM\...\7-Zip) (Version:  - )
AC3Filter 2.6.0b (HKLM\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Acer Backup Manager (HKLM\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 1.0.0.50 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.79.326 (HKLM\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.79.326 - Chicony Electronics Co.,Ltd.)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.00.3005 - Acer Incorporated)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer PowerSmart Manager (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.01.3006 - Acer Incorporated)
Acer Product Registration (HKLM\...\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}) (Version: 3.0.0.10 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\Acer Screensaver) (Version:  - Acer)
Acer VCM (HKLM\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.00.3004 - Acer Incorporated)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
AmIcoSingLun (HKLM\...\InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}) (Version: 1.2.117.1 - Alcor Micro Co., Ltd.)
AmIcoSingLun (Version: 1.2.117.1 - Alcor Micro Co., Ltd.) Hidden
Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Backup Manager Basic (Version: 1.0.0.50 - NewTech Infosystems) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{9AF0B106-56F1-461B-A270-95BC1682E282}) (Version: 11.34.02 - Broadcom Corporation)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
devolo dLAN Cockpit (HKLM\...\dlancockpit) (Version: 4.1.3.0 - devolo AG)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.100 - DivX, LLC)
Druckerdeinstallation für EPSON SX235 Series (HKLM\...\EPSON SX235 Series) (Version:  - SEIKO EPSON Corporation)
Emsisoft Anti-Malware (HKLM\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 8.1 - Emsisoft GmbH)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Config V4 (HKLM\...\{08013FB5-DF8B-4D29-9B5E-B3DE88EBA6CA}) (Version: 4.4.1 - SEIKO EPSON CORPORATION)
Free DVD Video Converter version 2.0.20.623 (HKLM\...\Free DVD Video Converter_is1) (Version: 2.0.20.623 - DVDVideoSoft Ltd.)
Free MP4 Video Converter version 5.0.44.623 (HKLM\...\Free MP4 Video Converter_is1) (Version: 5.0.44.623 - DVDVideoSoft Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 6.3.0.1468 (HKCU\...\GoToMeeting) (Version: 6.3.0.1468 - CitrixOnline)
iDevice Manager (HKLM\...\FE5AE7DC-7B01-4263-A94C-B4526C276550_is1) (Version: 3.4.0.0 - Marx Software)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{0A37EE62-9A58-420D-90CC-4E52153112EE}) (Version: 11.3.0.54 - Apple Inc.)
Launch Manager (HKLM\...\LManager) (Version: 2.0.01 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{91E30407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Mouse Server (HKLM\...\{895FE43E-71C2-4FEA-94EF-B88D111495FC}) (Version: 2.7.0 - RPA Tech, Inc)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MP4Joiner v2.1.2 (HKLM\...\MP4Joiner_is1) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton 360 (HKLM\...\N360) (Version: 21.4.0.13 - Symantec Corporation)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.616 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.616 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6509 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.2.6509 - NewTech Infosystems) Hidden
Nuvoton EC Generic HID Driver (HKLM\...\{302E9B7B-2B6A-4C29-9A02-9F2110649779}) (Version: 7.80.5000 - Nuvoton Technology Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
PDF24 Creator 6.3.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5807 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.1.0.0 - Synaptics)
trolatunt (HKLM\...\trolatunt) (Version: 2014.07.18.160707 - trolatunt) <==== ATTENTION
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WindowsMangerProtect20.0.0.502 (HKLM\...\WindowsMangerProtect) (Version: 20.0.0.502 - WindowsProtect LIMITED)

==================== Restore Points  =========================

13-05-2014 13:04:16 Geplanter Prüfpunkt
14-05-2014 12:07:01 Geplanter Prüfpunkt
16-05-2014 05:09:40 Windows Update
22-05-2014 20:36:40 Gerätetreiber-Paketinstallation: EPSON Drucker
24-05-2014 21:05:13 Geplanter Prüfpunkt
26-05-2014 10:54:31 Geplanter Prüfpunkt
13-06-2014 07:27:37 Windows Update
29-06-2014 04:08:43 Geplanter Prüfpunkt
02-07-2014 17:37:07 Geplanter Prüfpunkt
02-07-2014 18:30:00 Installed Mobile Mouse Server.
13-07-2014 10:44:40 Windows Update
14-07-2014 17:07:13 ??? 91 PC Suite for iPhone
14-07-2014 17:17:55 ??? 91 PC Suite for iPhone
14-07-2014 17:29:56 ??? 91 PC Suite for iPhone
15-07-2014 17:09:27 Removed iTunes
15-07-2014 17:13:36 Removed Apple Application Support
15-07-2014 17:14:59 Removed Apple Mobile Device Support
15-07-2014 17:19:15 Removed Apple Software Update
15-07-2014 17:32:11 Gerätetreiber-Paketinstallation: Apple, Inc. USB-Controller
15-07-2014 17:33:16 Gerätetreiber-Paketinstallation: Apple Netzwerkadapter
15-07-2014 17:34:27 Installed iTunes
16-07-2014 17:46:20 Windows Update
18-07-2014 22:02:41 Geplanter Prüfpunkt
20-07-2014 15:25:07 zoek.exe restore point

==================== Hosts content: ==========================

2006-11-02 12:23 - 2014-03-12 19:12 - 00000763 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
::1            localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {014387AD-70C9-4FAF-8D90-6AB7A3C7C8B4} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {07BB548C-C299-488D-BB20-6AF1662E2688} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-14] (Google Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {23595F99-7FD0-4996-BDD8-64952584CE9C} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3EF60081-D08A-4C4E-82AD-6223E405811F} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {5A7D1ADD-D0A1-4CB2-915B-92DE99B0986C} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\21.4.0.13\WSCStub.exe [2014-06-27] (Symantec Corporation)
Task: {7C6B35B5-4D1F-4FBA-9170-460EBE595467} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {9B1091E8-5AF9-4125-AC97-20BBE0BACD0B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-14] (Google Inc.)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {D536E162-18C6-4752-9338-48B1FC17AD2D} - System32\Tasks\G2MUpdateTask-S-1-5-21-1096382573-999743387-1970358641-1000 => C:\Users\PramoxLaptop\AppData\Local\Citrix\GoToMeeting\1468\g2mupdate.exe [2014-07-15] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {FA6BD5BE-CC57-43FE-826E-C9A67CF648E7} - System32\Tasks\Acer\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-02-05] (Acer)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1096382573-999743387-1970358641-1000.job => C:\Users\PramoxLaptop\AppData\Local\Citrix\GoToMeeting\1468\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-24 15:08 - 2013-11-24 15:07 - 00200704 _____ () C:\Windows\PLFSetI.exe
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2012-09-23 20:44 - 2012-09-23 20:44 - 01600512 _____ () C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
2011-06-14 14:19 - 2011-06-14 14:19 - 00025600 _____ () C:\Program Files\Air Mouse\Air Mouse\BonjourService.dll
2014-06-12 06:37 - 2014-06-12 06:37 - 03022960 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2014-06-12 06:37 - 2014-06-12 06:37 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2014-06-12 06:37 - 2014-06-12 06:37 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-06-29 05:29 - 2014-06-29 05:29 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-07-09 17:44 - 2014-07-09 17:44 - 17029808 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/21/2014 07:13:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2014 07:12:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/21/2014 07:12:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/21/2014 06:53:55 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\PRAMOXLAPTOP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\ET5CXBR7.DEFAULT-1405707576517\CACHE2> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (07/21/2014 06:52:56 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/21/2014 06:52:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2014 06:52:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/21/2014 06:52:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/21/2014 06:44:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2014 06:44:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (07/21/2014 07:13:26 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (07/21/2014 07:13:26 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/21/2014 07:13:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NTI IScheduleSvc%%14001

Error: (07/21/2014 07:13:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: int15%%2

Error: (07/21/2014 07:13:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (07/21/2014 06:53:39 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (07/21/2014 06:53:38 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/21/2014 06:52:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NTI IScheduleSvc%%14001

Error: (07/21/2014 06:52:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: int15%%2

Error: (07/21/2014 06:52:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058


Microsoft Office Sessions:
=========================
Error: (07/21/2014 07:13:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2014 07:12:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

Error: (07/21/2014 07:12:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

Error: (07/21/2014 06:53:55 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\PRAMOXLAPTOP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\ET5CXBR7.DEFAULT-1405707576517\CACHE2

Error: (07/21/2014 06:52:56 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManager.exe

Error: (07/21/2014 06:52:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2014 06:52:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

Error: (07/21/2014 06:52:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

Error: (07/21/2014 06:44:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2014 06:44:11 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe


CodeIntegrity Errors:
===================================
  Date: 2014-07-21 20:21:27.055
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-21 20:21:26.867
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-21 20:21:26.689
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-21 20:21:26.512
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-21 20:21:26.159
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-21 20:21:25.983
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-21 20:21:25.827
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-21 20:21:25.646
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-21 20:21:12.481
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-21 20:21:12.326
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 51%
Total physical RAM: 3065.89 MB
Available physical RAM: 1491.95 MB
Total Pagefile: 6340.81 MB
Available Pagefile: 4655.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1915.87 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:452.99 GB) (Free:295.7 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (LOGICAL VOLUME IDENTIFIER) (CDROM) (Total:4.16 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 6F050EC2)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=453 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=12)

==================== End Of Log ============================

pramox 21.07.2014 20:40
Hier noch mal ESET mit dem Haken bei "Archiev", wusste nicht ob ich den beim ersten mak gesetzt hatte.

Es gab 24 "Bedrohungen", alles "unerwünschte Anwendungen". Gelöscht oder Bereinigt wurde nichts, da ich den Haken wie gefordert bei "Endeckte Bedrohungen löschen" NICHT gesetzt habe.


Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ec24771ae2cc3343a4c27318cc7344c0
# engine=19277
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-21 07:29:22
# local_time=2014-07-21 09:29:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Norton 360'
# compatibility_mode=3598 16777213 100 100 6957 156633458 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 95 20156618 243503690 0 0
# compatibility_mode_1='Emsisoft Anti-Malware'
# compatibility_mode=16641 16777213 83 65 15565430 207213250 0 0
# scanned=131607
# found=24
# cleaned=0
# scan_time=3220
sh=BB3752D2131C964718E918AEB456F2A20F9C3D56 ft=1 fh=a8d087ddbacdd236 vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\uninstall.exe.vir"
sh=2C72C2967E07E465C85E06D7DE9F53AE59FD524C ft=1 fh=818637f81cd0ffe9 vn="Variante von Win32/ELEX.AB evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SupIePluginServiceUpdate.exe.vir"
sh=DC534EE9AC7785306C6076460E3DF9C7B0AD3799 ft=1 fh=97dff54846362986 vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SupTab.dll.vir"
sh=309BB3228B3E62D4F2B2C494CF3E2D7B9C8B318E ft=1 fh=f039ac92f67c503d vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\trolatunt\updatetrolatunt.exe.vir"
sh=101CAB94B46041BB3B8FB28CA20CD902EFCF8A1E ft=1 fh=f0059b44e4aa5391 vn="Variante von Win32/BrowseFox.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\trolatunt\bin\trolatunt.BrowserAdapter.exe.vir"
sh=5449DDA670D77301AC497B449314E54A7CAE8745 ft=1 fh=089aaacd01dfeed3 vn="Variante von Win32/BrowseFox.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\trolatunt\bin\trolatunt.PurBrowse.exe.vir"
sh=60DB4E5996D5DFD25BE8FD78A069956029878801 ft=1 fh=5f4c160dd99176cf vn="Variante von Win32/BrowseFox.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\trolatunt\bin\trolatuntBAApp.dll.vir"
sh=309BB3228B3E62D4F2B2C494CF3E2D7B9C8B318E ft=1 fh=f039ac92f67c503d vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\trolatunt\bin\utiltrolatunt.exe.vir"
sh=9A55AA0CD858CB70DF6719060B2CA09568DE818A ft=1 fh=639214ade3a784a5 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\trolatunt\bin\plugins\trolatunt.Bromon.dll.vir"
sh=1212947AB6DE1D79E327DF5FEC31199CC5A314F5 ft=1 fh=c6c15dd593359131 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\trolatunt\bin\plugins\trolatunt.BroStats.dll.vir"
sh=967D685AF88DB35F57626B68CD118B0682113211 ft=1 fh=75b5d19c75b1583d vn="möglicherweise Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\trolatunt\bin\plugins\trolatunt.BrowserAdapterS.dll.vir"
sh=F17C8BB73E283EC6654222E1C5D951C861DE2F51 ft=1 fh=15e13923b7b6d5fa vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\trolatunt\bin\plugins\trolatunt.CompatibilityChecker.dll.vir"
sh=59BBEA1AFE84B0B705F65AD41B28DEFB473D3319 ft=1 fh=3a6e0b05763ee0e5 vn="Variante von MSIL/BrowseFox.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\trolatunt\bin\plugins\trolatunt.FFUpdate.dll.vir"
sh=D219638943380C07C4FB2BEDA27200144066747B ft=1 fh=21f0eb0da6dc95eb vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\trolatunt\bin\plugins\trolatunt.IEUpdate.dll.vir"
sh=28A402C4ED2937462A2330F703E1C71897E4BF9D ft=1 fh=0abd6273958eff1c vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\trolatunt\bin\plugins\trolatunt.PurBrowseG.dll.vir"
sh=2C72C2967E07E465C85E06D7DE9F53AE59FD524C ft=1 fh=818637f81cd0ffe9 vn="Variante von Win32/ELEX.AB evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=9CA8EBFF024F34D076C7BFFF92B978D99251DC66 ft=1 fh=03cf8fdbea9a76d3 vn="Variante von Win32/ELEX.AM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=8578D27065EE73A497345A094FE08D5D8FC38C2D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PramoxLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\et5cxbr7.default-1405707576517\Extensions\508d4e2f-a469-421d-a294-135dbb84fe1b@f7b17943-cc9e-4d4a-b223-0bd1e7cfc871.com\extensionData\plugins\91.js.vir"
sh=CC55F75767D3A084046493652EFC2175A044F63E ft=1 fh=f1da04dff6795e53 vn="Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PramoxLaptop\AppData\Roaming\OpenCandy\1BBF47C833C44C32A59F1D886F95AD4A\Installer.exe.vir"
sh=101CAB94B46041BB3B8FB28CA20CD902EFCF8A1E ft=1 fh=f0059b44e4aa5391 vn="Variante von Win32/BrowseFox.I evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files\trolatunt\bin\trolatunt.BrowserAdapter.exe"
sh=60DB4E5996D5DFD25BE8FD78A069956029878801 ft=1 fh=5f4c160dd99176cf vn="Variante von Win32/BrowseFox.I evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files\trolatunt\bin\trolatuntBAApp.dll"
sh=8687D32074B6CD5E44360C97CF2972C227E1C773 ft=1 fh=966ed316e3499b14 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\PramoxLaptop\Downloads\SharePod - CHIP-Installer.exe.xBAD"
sh=63C07F52802B59710924F75C01DCFEFFA338E063 ft=1 fh=43a6f6e7aec8b73c vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="C:\Users\PramoxLaptop\Desktop\Pramox\Musik\FreeYouTubeToMP3Converter105.exe"
sh=33953161AEA77F64F2DB2DD49180176357184785 ft=1 fh=70f2756a65e31bad vn="Win32/Somoto.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\PramoxLaptop\Downloads\MP4Joiner-2.1.2-win32.exe"

M-K-D-B 22.07.2014 15:58
Die meisten Funde von ESET befinden sich bereits in der Qurantäne von AdwCleaner oder FRST und können daher keinen Schaden mehr anrichten. Diese werden mit DelFix (siehe Schritt 1 weiter unten) automatisch entfernt).





Reste entfernen
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
C:\Users\PramoxLaptop\Desktop\Pramox\Musik\FreeYouTubeToMP3Converter105.exe
C:\Users\PramoxLaptop\Downloads\MP4Joiner-2.1.2-win32.exe
HKU\S-1-5-21-1096382573-999743387-1970358641-1000\...\Run: [iDevice Manager Launcher] => "C:\Program Files\Software4u\iDevice Manager\Software4u.IDMLauncher.exe" /run
C:\Program Files\Software4u
DeleteKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\trolatunt
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\trolatunt
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update trolatunt
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util trolatunt
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FE5AE7DC-7B01-4263-A94C-B4526C276550_is1
DeleteKey: HKEY_CURRENT_USER\Software\SupHpUISoft
DeleteKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WindowsMangerProtect
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Reboot:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.









Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.






Schritt 1
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.







Schritt 2
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.


Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti-Viren-Programm und zusätzlicher Schutz
  • Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist! Ein kostenloses Anti-Viren Programm, das wir empfehlen, wäre z. B. Avast! Free Antivirus oder Microsoft Security Essentials.
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt. Du kannst es zusätzlich zu deinem Anti-Viren Programm verwenden.
    Update das Tool und lasse es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • AdwCleaner
    Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwümschten Programmen (PUPs).
    Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt von der Herstellerseite auf den Desktop herunterladen. Auch dieses Programm kann parallel zu deinem Anti-Viren Programm verwendet werden.
  • SpywareBlaster
    Eine kurze Einführung findest du Hier


Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzuzufügen reicht und dieser wird nicht mehr geladen.
    Es spart außerdem Downloadkapazität.


Performance
  • Halte dich fern von Registry Cleanern.
    Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
    Miekemoes Blogspot ( MVP )


Was du vermeiden solltest:
  • Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
  • Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..).
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
  • Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!



Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

pramox 22.07.2014 19:57
Die Fixlog Datei ist weg, wahrscheinlich weil ich erst alle Schritte gemacht habe und dann mit dem LÖschprogramm auch diese Datei entfernt wurde, soll ich nochmal installieren und dann posten?

Ansonsten hier noch die beiden anderen Ergebnisse:

Code:
# DelFix v10.7 - Datei am 22/07/2014 um 20:28:28 erstellt
# Aktualisiert am 27/04/2014 von Xplode
# Benutzer : PramoxLaptop - PRAMOXLAPTOP-PC
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)

~ Aktiviere die Benutzerkontensteuerung ... OK

~ Entferne die Bereinigungsprogramme ...

Gelöscht : C:\FRST
Gelöscht : C:\zoek_backup
Gelöscht : C:\AdwCleaner
Gelöscht : C:\zoek-results.log
Gelöscht : C:\Users\PramoxLaptop\Desktop\AdwCleaner[S3].txt
Gelöscht : C:\Users\PramoxLaptop\Desktop\adwcleaner_3.216.exe
Gelöscht : C:\Users\PramoxLaptop\Desktop\esetsmartinstaller_deu.exe
Gelöscht : C:\Users\PramoxLaptop\Desktop\Fixlog.txt
Gelöscht : C:\Users\PramoxLaptop\Desktop\FRST.exe
Gelöscht : C:\Users\PramoxLaptop\Desktop\log.txt
Gelöscht : C:\Users\PramoxLaptop\Desktop\SecurityCheck.exe
Gelöscht : C:\Users\PramoxLaptop\Desktop\SystemLook.exe
Gelöscht : C:\Users\PramoxLaptop\Desktop\SystemLook.txt
Gelöscht : C:\Users\PramoxLaptop\Desktop\zoek-results.txt
Gelöscht : C:\Users\PramoxLaptop\Desktop\zoek.exe
Gelöscht : C:\Users\PramoxLaptop\Downloads\adwcleaner_3.214.exe
Gelöscht : HKLM\SOFTWARE\AdwCleaner

~ Erstelle ein Backup der Registrierungsdatenbank ... OK

~ Lösche die Wiederherstellungspunkte ...

Gelöscht : RP #102 [Geplanter Prüfpunkt | 05/13/2014 13:04:16]
Gelöscht : RP #103 [Geplanter Prüfpunkt | 05/14/2014 12:07:01]
Gelöscht : RP #104 [Windows Update | 05/16/2014 05:09:40]
Gelöscht : RP #105 [Gerätetreiber-Paketinstallation: EPSON Drucker | 05/22/2014 20:36:40]
Gelöscht : RP #106 [Geplanter Prüfpunkt | 05/24/2014 21:05:13]
Gelöscht : RP #107 [Geplanter Prüfpunkt | 05/26/2014 10:54:31]
Gelöscht : RP #108 [Windows Update | 06/13/2014 07:27:37]
Gelöscht : RP #109 [Geplanter Prüfpunkt | 06/29/2014 04:08:43]
Gelöscht : RP #110 [Geplanter Prüfpunkt | 07/02/2014 17:37:07]
Gelöscht : RP #111 [Installed Mobile Mouse Server. | 07/02/2014 18:30:00]
Gelöscht : RP #112 [Windows Update | 07/13/2014 10:44:40]
Gelöscht : RP #114 [??? 91 PC Suite for iPhone | 07/14/2014 17:07:13]
Gelöscht : RP #116 [??? 91 PC Suite for iPhone | 07/14/2014 17:17:55]
Gelöscht : RP #118 [??? 91 PC Suite for iPhone | 07/14/2014 17:29:56]
Gelöscht : RP #119 [Removed iTunes | 07/15/2014 17:09:27]
Gelöscht : RP #120 [Removed Apple Application Support | 07/15/2014 17:13:36]
Gelöscht : RP #121 [Removed Apple Mobile Device Support | 07/15/2014 17:14:59]
Gelöscht : RP #122 [Removed Apple Software Update | 07/15/2014 17:19:15]
Gelöscht : RP #123 [Gerätetreiber-Paketinstallation: Apple, Inc. USB-Controller | 07/15/2014 17:32:11]
Gelöscht : RP #124 [Gerätetreiber-Paketinstallation: Apple Netzwerkadapter | 07/15/2014 17:33:16]
Gelöscht : RP #125 [Installed iTunes | 07/15/2014 17:34:27]
Gelöscht : RP #126 [Windows Update | 07/16/2014 17:46:20]
Gelöscht : RP #127 [Geplanter Prüfpunkt | 07/18/2014 22:02:41]
Gelöscht : RP #128 [zoek.exe restore point | 07/20/2014 15:25:07]

Ein neuer Wiederherstellungspunkt wurde erstellt !

~ Stelle die Systemeinstellungen wieder her ... OK

########## - EOF - ##########
Code:
Results of screen317's Security Check version 0.99.85 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
Norton 360   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player        14.0.0.145 
 Adobe Reader 10.1.10 Adobe Reader out of Date! 
 Mozilla Firefox (30.0)
 Mozilla Thunderbird (24.6.0)
 Google Chrome 35.0.1916.153 
 Google Chrome 36.0.1985.125 
````````Process Check: objlist.exe by Laurent```````` 
 Emsisoft Anti-Malware a2service.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

M-K-D-B 23.07.2014 08:21
Servus,


den FRST-Fix brauchst du nicht mehr posten, das sollte so passen. :)




Ich bin froh, dass wir helfen konnten :abklatsch:

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! :)

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:34 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131