Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Hilfe!!! Internet öffnet selbstständig Fenster. (https://www.trojaner-board.de/164406-hilfe-internet-oeffnet-selbststaendig-fenster.html)

ola_123 24.02.2015 11:38
Hilfe!!! Internet öffnet selbstständig Fenster.
 
Hallo ihr Lieben,

kurz vorweg: Ich bin ein absoluter Laie was die Arbeit mit und am PC angeht. Daher wäre ich dankbar, wenn die Erklärungen (falls ihr Tipps habt) für einen Fachidioten formuliert sind :-)

Das Problem:

Ich nutze einen PC mit Win7, 64Bit und seit einiger Zeit machen sich die Internetseiten selbstständig. Soll heißen, dass permanent solche "Positive Finds Ads"-Fenster da sind und sich wie von Geisterhand neue Tabs öffnen wie z.B. "offerbycontext", "reimageplus", "youradchange" oder auch "dateformore". Außerdem ist der Rechner und das Internet extrem langsam geworden.

Ich habe als Virusprogramm Kaspersky Internet Security 2015 und habe außerdem bereits den Trojaner Remover, Spybot und Malewarebytes durchlaufen lassen. Leider ohne erwünschten Erfolg.

Ich weiß nicht weiter. Bitte helft mir. Vielen Dank im Vorraus,

Ola

cosinus 24.02.2015 11:39
Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

ola_123 24.02.2015 11:59
Wow, vielen Dank für die schnelle Antwort.
Hier kommt der die das FRST
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2015
Ran by ola (administrator) on OLA-PC on 24-02-2015 11:51:55
Running from C:\Users\ola\Downloads
Loaded Profiles: ola (Available profiles: ola)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Intenium) C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe
() C:\Users\ola\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqgpc01.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Users\ola\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ola\AppData\Local\Google\Chrome\Application\chrome.exe
(1&1 Mail & Media GmbH) C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe
(Google Inc.) C:\Users\ola\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Users\ola\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ola\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()
HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-25] (Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [60464 2009-09-02] (EasyBits Software AS)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1791856 2014-10-16] (Simply Super Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Run: [Google Update] => C:\Users\ola\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-19] (Google Inc.)
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Run: [Spiele Post] => C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe [483400 2013-12-06] (Intenium)
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Run: [GameXN GO] => "C:\ProgramData\GameXN\GameXNGO.exe" /startup
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Run: [GoogleChromeAutoLaunch_7AF6FE48D09771C69065DE049B362851] => C:\Users\ola\AppData\Local\Google\Chrome\Application\chrome.exe [843592 2015-02-17] (Google Inc.)
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Run: [Alamandi tray notifier] => c:\program files (x86)\deutschland spielt\alamandi\TaskBarNotifier.exe
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Run: [Amazon Music] => C:\Users\ola\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-06] ()
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\ola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\ola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-107307583-39740663-3650351078-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-107307583-39740663-3650351078-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = GMX Suche
URLSearchHook: HKLM-x32 - (No Name) - {79a2b609-bbc0-4d16-9925-70cb98a6490d} - No File
SearchScopes: HKLM -> {892BD02F-3625-446B-A532-15841A4B06CA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {892BD02F-3625-446B-A532-15841A4B06CA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> {09038620-190C-402B-A92F-18864E6AB22F} URL = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> {40064957-18EB-412d-9146-3F57E8D92EEC} URL = hxxp://go.gmx.net/br/ie9_search_pic/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> {5A817CF6-92D5-4DE5-AC38-82DF8A73EF28} URL = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> {6B1D1FB7-7233-4F7C-802C-21A1DDB12754} URL = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> {833BB9C0-5FE7-4DF9-9705-E7160106147D} URL = hxxp://suche.gmx.net/search/web/?su={searchTerms}&origin=searchplugin
SearchScopes: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> {892BD02F-3625-446B-A532-15841A4B06CA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> {8D27B32E-89EE-460e-82D2-5FC354078EAD} URL = hxxp://go.gmx.net/br/ie9_search_produkte/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> {DCE59F23-A446-45a5-9459-E68FDC0DE38D} URL = hxxp://go.gmx.net/br/ie9_search_maps/?su={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: GMX Toolbar BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: GMX Konfiguration -> {17166733-40EA-4432-A85C-AE672FF0E236} -> C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll (pdfforge GmbH)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: GMX Toolbar BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - No Name - {79a2b609-bbc0-4d16-9925-70cb98a6490d} -  No File
Toolbar: HKLM-x32 - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll (pdfforge GmbH)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {9E89BECE-D23F-4782-8397-242E78C042D1}
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
Handler-x32: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52272 2010-02-05] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.0 -> C:\Program Files (x86)\GameTreat Player\npExentControl.dll (Exent Technologies Ltd.)
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
FF Plugin-x32: @exent.com/npExentWidget,version=0.9.0.0 -> C:\Program Files (x86)\GameTreat Player\npExentWidget.dll (Exent Technologies Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/npracplug;version=1.0.0.0 -> C:\Program Files (x86)\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-107307583-39740663-3650351078-1001: @tools.google.com/Google Update;version=3 -> C:\Users\ola\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-107307583-39740663-3650351078-1001: @tools.google.com/Google Update;version=9 -> C:\Users\ola\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-12-03]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-11-23]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-11-23]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-11-23]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-11-23]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-11-23]
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension
FF Extension: PDF Architect 2 Creator - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension [2015-01-12]
FF HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR Profile: C:\Users\ola\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19]
CHR Extension: (Google Search) - C:\Users\ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19]
CHR Extension: (Kaspersky Protection) - C:\Users\ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-11-23]
CHR Extension: (No Name) - C:\Users\ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmcplcebggimminoiheibhndgamccdgl [2011-08-09]
CHR Extension: (Google Wallet) - C:\Users\ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-03-02]
StartMenuInternet: Google Chrome - C:\Users\ola\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-01-24] (Adobe Systems) [File not signed]
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-12-08] (WildTangent)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-11-23] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-11-23] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [116264 2008-05-27] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [19496 2008-05-27] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [159784 2008-05-27] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [138792 2008-05-27] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [34856 2008-05-27] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [137768 2008-05-27] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [153128 2008-05-27] (MCCI Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2008-01-09] (Sony Ericsson Mobile Communications)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1071616 2010-02-11] (Vimicro Corporation)
R2 X5XSEx_Pr146; C:\Program Files (x86)\GameTreat Player\X5XSEx.Sys [55328 2010-03-10] (Exent Technologies Ltd.)
R3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-24 11:52 - 2015-02-24 11:52 - 00112554 _____ () C:\Users\ola\Desktop\Hilfe!!! Internet öffnet selbstständig Fenster. - Trojaner-Board.html
2015-02-24 11:52 - 2015-02-24 11:52 - 00000000 ____D () C:\Users\ola\Desktop\Hilfe!!! Internet öffnet selbstständig Fenster. - Trojaner-Board_files
2015-02-24 11:51 - 2015-02-24 11:53 - 00031774 _____ () C:\Users\ola\Downloads\FRST.txt
2015-02-24 11:51 - 2015-02-24 11:51 - 02087424 _____ (Farbar) C:\Users\ola\Downloads\FRST64.exe
2015-02-24 11:51 - 2015-02-24 11:51 - 02087424 _____ (Farbar) C:\Users\ola\Downloads\FRST64 (1).exe
2015-02-24 11:51 - 2015-02-24 11:51 - 00000000 ____D () C:\FRST
2015-02-24 11:50 - 2015-02-24 11:50 - 01127424 _____ (Farbar) C:\Users\ola\Downloads\FRST.exe
2015-02-24 11:16 - 2015-02-24 11:16 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\ola\Downloads\revosetup95.exe
2015-02-24 11:16 - 2015-02-24 11:16 - 00001222 _____ () C:\Users\ola\Desktop\Revo Uninstaller.lnk
2015-02-24 11:16 - 2015-02-24 11:16 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-23 17:36 - 2015-02-23 17:36 - 00000000 ____D () C:\Users\Public\CyberLink
2015-02-23 17:35 - 2015-02-23 17:36 - 00001594 _____ () C:\Windows\VPNUnInstall.MIF
2015-02-23 17:23 - 2015-02-23 17:23 - 00000045 _____ () C:\error.log
2015-02-23 17:05 - 2015-02-23 17:27 - 00000000 ____D () C:\Users\ola\Desktop\MUSIK ALLES
2015-02-23 17:05 - 2015-02-23 17:07 - 00000000 ____D () C:\Users\ola\Desktop\FOTOS ALLES
2015-02-23 13:01 - 2015-02-23 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2015-02-23 12:47 - 2015-02-23 12:47 - 07778632 _____ () C:\Users\ola\Downloads\Infigo_setup.exe
2015-02-23 11:34 - 2015-02-23 11:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-23 11:32 - 2015-02-23 11:33 - 01388274 _____ (Thisisu) C:\Users\ola\Downloads\JRT42.exe
2015-02-23 11:31 - 2015-02-23 11:32 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\ola\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-22 15:16 - 2015-02-22 15:16 - 00000040 _____ () C:\Users\Public\Documents\_rgpl
2015-02-22 13:40 - 2015-02-22 14:41 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-22 13:40 - 2015-02-22 13:41 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-22 13:40 - 2015-02-22 13:40 - 00001349 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-22 13:40 - 2015-02-22 13:40 - 00001337 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-02-22 13:40 - 2015-02-22 13:40 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-02-22 13:40 - 2015-02-22 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-22 13:40 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-02-22 13:32 - 2015-02-22 13:32 - 00001175 _____ () C:\Users\ola\Desktop\spybot-2.4.40 - Verknüpfung.lnk
2015-02-22 13:24 - 2015-02-22 13:26 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\ola\Downloads\spybot-2.4.40.exe
2015-02-21 11:18 - 2015-02-21 11:18 - 00000000 ____D () C:\Users\ola\AppData\Roaming\AdobeUM
2015-02-17 16:06 - 2015-02-17 16:07 - 00000000 ____D () C:\Program Files (x86)\Burger Bustle
2015-02-17 16:06 - 2015-02-17 16:06 - 00000000 ____D () C:\Users\ola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Burger Bustle
2015-02-17 16:06 - 2015-02-17 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Burger Bustle
2015-02-17 15:59 - 2015-02-17 15:59 - 00237568 _____ (Big Fish Games) C:\Users\ola\Downloads\bigfishgames_p230064518_s2_l2.exe
2015-02-15 12:44 - 2015-02-15 12:44 - 00014653 _____ () C:\Users\ola\Downloads\WG Celle (1).xlsx
2015-02-15 12:26 - 2015-02-15 12:26 - 00012427 _____ () C:\Users\ola\Downloads\WG 15A (2).xlsx
2015-02-14 18:55 - 2015-02-14 18:55 - 00012427 _____ () C:\Users\ola\Downloads\WG 15A (1).xlsx
2015-02-14 18:54 - 2015-02-14 18:54 - 00014653 _____ () C:\Users\ola\Downloads\WG Celle.xlsx
2015-02-14 18:53 - 2015-02-14 18:53 - 00012427 _____ () C:\Users\ola\Downloads\WG 15A.xlsx
2015-02-14 14:03 - 2015-02-23 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jewelleria
2015-02-14 14:03 - 2015-02-14 14:03 - 00001875 _____ () C:\Users\Public\Desktop\Play Jewelleria.lnk
2015-02-14 14:03 - 2015-02-14 14:03 - 00000000 ____D () C:\Program Files (x86)\Jewelleria
2015-02-14 14:01 - 2015-02-14 14:01 - 00237568 _____ (Big Fish Games) C:\Users\ola\Downloads\bigfishgames_p229860281_s2_l2.exe
2015-02-14 12:46 - 2015-02-14 12:48 - 66714384 _____ (INTENIUM GmbH) C:\Users\ola\Downloads\GreenRanch.exe
2015-02-14 11:09 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-14 11:09 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-14 11:09 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-14 11:09 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 18:55 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-12 18:55 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-12 18:55 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-12 18:55 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-12 18:55 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-12 18:55 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-12 18:55 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-12 18:55 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-12 18:55 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-12 18:55 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-12 18:55 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-12 18:55 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-12 18:55 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-12 18:55 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-12 18:55 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-12 18:55 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-12 18:55 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-12 18:55 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-12 18:55 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-12 18:55 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-12 18:55 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-12 18:55 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-12 18:55 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-12 18:55 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-12 18:55 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-12 18:55 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-12 18:55 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-12 18:55 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-12 18:55 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-12 18:55 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-12 18:55 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-12 18:55 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-12 18:55 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-12 18:55 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-12 18:55 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-12 18:54 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-12 18:54 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-12 18:54 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-12 18:54 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-12 18:54 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-12 18:54 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-12 18:54 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-12 18:54 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-12 18:54 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-12 18:54 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-12 18:54 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-12 18:54 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-12 18:54 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-12 18:54 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-12 18:54 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-12 18:54 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-12 18:54 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-12 18:49 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-12 18:49 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-12 18:49 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-12 18:49 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-12 18:49 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-12 18:49 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-12 18:49 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-12 18:49 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-12 18:49 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-12 18:49 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-12 18:49 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-12 18:49 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-12 18:49 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-12 18:49 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-12 18:49 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-12 18:49 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-12 18:49 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-12 18:49 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-12 18:49 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-12 18:49 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-12 18:49 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-12 18:49 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-12 18:45 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-12 18:45 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 18:45 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-12 18:45 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-12 18:45 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-12 18:45 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-12 18:45 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-12 18:45 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-12 18:45 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-12 18:45 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-12 18:45 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-12 18:45 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-12 18:45 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-12 18:45 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-12 18:45 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-12 18:45 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-12 18:45 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-12 18:45 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-12 18:44 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-12 18:44 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-12 18:44 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-12 18:44 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-12 18:44 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-12 18:44 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-12 18:43 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 18:43 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-12 18:41 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 18:41 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-12 18:41 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-12 18:41 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-12 18:41 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-12 18:40 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-12 18:40 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-12 18:40 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-12 18:40 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-12 18:40 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-12 18:40 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-12 18:40 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-12 18:40 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-12 18:40 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-12 18:38 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-12 18:05 - 2015-02-12 18:05 - 00000000 ____D () C:\Users\ola\Documents\Simply Super Software
2015-02-12 18:05 - 2015-02-12 18:05 - 00000000 ____D () C:\ProgramData\Licenses
2015-02-12 18:04 - 2015-02-12 18:04 - 00001097 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2015-02-12 18:04 - 2015-02-12 18:04 - 00000000 ____D () C:\ProgramData\Simply Super Software
2015-02-12 18:04 - 2015-02-12 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2015-02-12 18:04 - 2015-02-12 18:04 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2015-02-12 18:02 - 2015-02-12 18:04 - 31390952 _____ (Simply Super Software ) C:\Users\ola\Downloads\trjsetup691.exe
2015-02-09 15:43 - 2015-02-09 15:43 - 00000000 ____D () C:\Users\ola\AppData\Roaming\MMFApplications
2015-02-09 13:06 - 2015-02-09 13:15 - 361382144 _____ (INTENIUM GmbH) C:\Users\ola\Downloads\Delicious10Sammleredition.exe
2015-02-05 11:37 - 2015-02-05 11:37 - 00000000 ____D () C:\Users\ola\AppData\Local\TuneUp Software
2015-02-05 11:36 - 2015-02-05 11:36 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-02-05 11:35 - 2015-02-05 11:35 - 00001490 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2015-02-05 11:35 - 2015-02-05 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-02-05 11:34 - 2015-02-05 11:35 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-02-05 11:34 - 2015-02-05 11:34 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-02-05 11:32 - 2015-02-05 11:33 - 34792128 _____ (DVDVideoSoft Ltd. ) C:\Users\ola\Downloads\FreeYouTubeToMP354Converter.exe
2015-02-04 16:56 - 2015-02-04 16:56 - 00014927 _____ () C:\Users\ola\Downloads\Steckbrief.odt
2015-01-31 10:44 - 2015-01-31 10:44 - 00000000 __SHD () C:\found.001

==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-24 11:50 - 2010-09-08 14:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-24 11:35 - 2013-02-27 22:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-24 11:26 - 2010-10-16 19:21 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-107307583-39740663-3650351078-1001UA.job
2015-02-24 11:08 - 2010-11-08 13:17 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-24 11:03 - 2010-05-14 19:24 - 01751189 _____ () C:\Windows\WindowsUpdate.log
2015-02-24 11:00 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-24 11:00 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-24 10:54 - 2010-10-17 10:13 - 00000000 ____D () C:\Users\ola\AppData\Roaming\Skype
2015-02-24 10:53 - 2010-12-12 15:30 - 00000000 ____D () C:\GameHouse Games
2015-02-24 10:52 - 2010-09-08 14:51 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-24 10:50 - 2010-09-09 18:33 - 01146558 _____ () C:\Windows\PFRO.log
2015-02-24 10:50 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-24 10:50 - 2009-07-14 05:51 - 00225582 _____ () C:\Windows\setupact.log
2015-02-24 02:36 - 2013-08-29 15:17 - 00000000 ____D () C:\Users\ola\Desktop\Gruppenleitung
2015-02-24 00:39 - 2010-02-05 19:06 - 00000000 ____D () C:\ProgramData\Temp
2015-02-24 00:28 - 2010-11-19 15:55 - 00000000 ____D () C:\Users\ola\AppData\Local\CrashDumps
2015-02-23 19:07 - 2009-10-15 15:15 - 00000000 ____D () C:\Users\ola\Desktop\Jessi´s Daten
2015-02-23 18:50 - 2010-02-06 03:50 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2015-02-23 18:50 - 2010-02-06 03:50 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2015-02-23 18:50 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-23 18:46 - 2013-06-05 00:09 - 00000000 ____D () C:\Users\ola\Desktop\Kreatives und Merke dir es
2015-02-23 18:37 - 2014-09-20 10:58 - 00000000 ____D () C:\Users\ola\AppData\Roaming\Samsung
2015-02-23 18:37 - 2014-09-20 10:58 - 00000000 ____D () C:\Users\ola\AppData\Local\Samsung
2015-02-23 18:37 - 2014-09-20 10:53 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-02-23 18:36 - 2014-09-20 10:53 - 00000000 ____D () C:\ProgramData\Samsung
2015-02-23 18:36 - 2010-02-05 19:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-23 18:19 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-23 18:12 - 2010-12-12 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameHouse
2015-02-23 18:12 - 2010-12-12 15:25 - 00000000 ____D () C:\Program Files (x86)\RealArcade
2015-02-23 18:06 - 2010-11-27 16:18 - 00000000 ____D () C:\Program Files (x86)\DEUTSCHLAND SPIELT
2015-02-23 17:55 - 2011-11-12 18:50 - 00000000 ____H () C:\ProgramData\PKP_DLdw.DAT
2015-02-23 17:55 - 2011-11-12 18:50 - 00000000 _____ () C:\Users\ola\AppData\Roaming\Database
2015-02-23 17:38 - 2010-02-05 19:06 - 00000000 ____D () C:\Program Files (x86)\Cyberlink
2015-02-23 17:26 - 2011-11-12 18:48 - 00000000 ____D () C:\Program Files (x86)\Nikon
2015-02-23 17:26 - 2011-11-12 18:47 - 00000000 ____H () C:\ProgramData\PKP_DLdu.DAT
2015-02-23 17:26 - 2011-11-12 18:47 - 00000000 _____ () C:\Users\ola\AppData\Roaming\Dance
2015-02-23 17:16 - 2010-09-08 14:33 - 00000000 ____D () C:\Users\ola
2015-02-23 17:00 - 2010-11-17 12:14 - 00000000 ____D () C:\Program Files\DivX
2015-02-23 17:00 - 2010-11-17 12:13 - 00000000 ____D () C:\Program Files (x86)\DivX
2015-02-23 17:00 - 2010-11-17 12:12 - 00000000 ____D () C:\ProgramData\DivX
2015-02-23 16:47 - 2015-01-22 10:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dancing Craze
2015-02-23 16:46 - 2015-01-23 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Keeper 2
2015-02-23 13:26 - 2010-10-16 19:21 - 00001060 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-107307583-39740663-3650351078-1001Core.job
2015-02-23 13:00 - 2010-09-08 14:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-02-23 12:37 - 2010-09-08 14:51 - 00000000 ____D () C:\Program Files\Google
2015-02-23 12:37 - 2010-09-08 14:51 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-23 12:34 - 2010-09-08 14:51 - 00000000 ____D () C:\Users\ola\AppData\Local\Google
2015-02-23 12:34 - 2010-09-08 14:51 - 00000000 ____D () C:\ProgramData\Google
2015-02-23 12:20 - 2010-09-18 12:10 - 00209930 _____ () C:\Windows\DPINST.LOG
2015-02-23 12:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Branding
2015-02-23 11:39 - 2010-11-12 10:42 - 00000000 ____D () C:\ProgramData\Alawar Stargaze
2015-02-23 11:26 - 2010-02-05 19:32 - 00000000 ____D () C:\ProgramData\Norton
2015-02-22 13:28 - 2011-05-30 09:37 - 00000000 ____D () C:\Users\TEMP
2015-02-21 10:29 - 2010-10-16 19:21 - 00002344 _____ () C:\Users\ola\Desktop\Google Chrome.lnk
2015-02-20 11:07 - 2010-12-16 13:07 - 00000000 ____D () C:\Users\ola\AppData\Roaming\HP Support Assistant
2015-02-20 11:07 - 2010-09-09 18:38 - 00000000 ____D () C:\Users\ola\AppData\Roaming\HpUpdate
2015-02-18 14:09 - 2013-07-10 14:21 - 00000000 ____D () C:\BigFishCache
2015-02-15 17:23 - 2010-12-05 15:21 - 00001885 _____ () C:\Users\ola\Documents\DancingCraze.log
2015-02-15 13:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-15 10:59 - 2014-03-04 18:16 - 00000000 ____D () C:\Users\ola\AppData\Roaming\Juliette's Fashion Empire DE
2015-02-14 12:54 - 2013-11-30 20:41 - 00000000 ____D () C:\Users\ola\AppData\Roaming\Palaplay
2015-02-14 12:53 - 2014-12-10 17:31 - 00001089 _____ () C:\Users\Public\Desktop\GAME CENTER.lnk
2015-02-14 11:44 - 2014-08-18 08:44 - 00000000 ____D () C:\Users\ola\AppData\Local\com.gamehouse.acid
2015-02-14 10:44 - 2009-07-14 05:45 - 00460736 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-14 10:42 - 2014-12-11 03:42 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-14 10:42 - 2014-05-06 09:24 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-13 01:39 - 2010-09-16 19:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-13 01:27 - 2013-08-14 09:51 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-13 00:13 - 2010-10-08 20:49 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-12 18:00 - 2013-10-23 16:12 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-12 17:59 - 2013-07-12 10:13 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-12 17:56 - 2014-11-24 12:08 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-02-12 17:56 - 2014-11-24 12:08 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-02-12 17:56 - 2014-11-24 12:08 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-02-12 17:56 - 2014-11-24 12:08 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-12 17:56 - 2014-11-24 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-09 13:21 - 2010-10-16 19:21 - 00004078 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-107307583-39740663-3650351078-1001UA
2015-02-09 13:21 - 2010-10-16 19:21 - 00003682 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-107307583-39740663-3650351078-1001Core
2015-02-05 12:36 - 2013-02-27 22:11 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 12:36 - 2013-02-27 22:11 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 12:36 - 2011-05-18 15:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 11:40 - 2012-06-25 12:20 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-05 11:37 - 2012-06-25 12:20 - 00000000 ____D () C:\Users\ola\AppData\Roaming\TuneUp Software
2015-02-05 11:35 - 2011-07-28 17:56 - 00000000 ____D () C:\Users\ola\AppData\Roaming\DVDVideoSoft
2015-02-04 10:45 - 2010-09-08 14:51 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 10:45 - 2010-09-08 14:51 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2010-11-16 13:57 - 2010-11-16 13:57 - 0774144 _____ (RealNetworks, Inc.) C:\Program Files (x86)\RngInterstitial.dll
2011-11-12 18:47 - 2015-02-23 17:26 - 0000000 _____ () C:\Users\ola\AppData\Roaming\Dance
2011-11-12 18:50 - 2015-02-23 17:55 - 0000000 _____ () C:\Users\ola\AppData\Roaming\Database
2011-06-05 17:42 - 2011-06-15 12:03 - 0000011 _____ () C:\Users\ola\AppData\Roaming\log.txt
2014-06-16 10:04 - 2014-06-16 10:04 - 0000216 _____ () C:\Users\ola\AppData\Roaming\wklnhst.dat
2011-01-08 02:14 - 2011-01-08 02:18 - 0022016 _____ () C:\Users\ola\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-11-16 14:02 - 2010-12-06 16:45 - 0000198 _____ () C:\Users\ola\AppData\Local\DownloadLog.txt
2012-01-02 10:07 - 2012-01-02 11:07 - 0153043 _____ () C:\Users\ola\AppData\Local\log.txt
2011-05-19 13:03 - 2011-05-19 13:03 - 0006474 _____ () C:\Users\ola\AppData\Local\tmp148996_172999622712932_100000086862591_620133_4604791_S.0
2011-05-19 13:03 - 2011-05-19 13:03 - 0006419 _____ () C:\Users\ola\AppData\Local\tmp148996_172999622712932_100000086862591_620133_4604791_S.JPG
2010-12-03 15:20 - 2014-11-14 05:07 - 0014983 _____ () C:\ProgramData\hpzinstall.log
2011-11-12 18:47 - 2015-02-23 17:26 - 0000000 ____H () C:\ProgramData\PKP_DLdu.DAT
2011-11-12 18:50 - 2015-02-23 17:55 - 0000000 ____H () C:\ProgramData\PKP_DLdw.DAT

Files to move or delete:
====================
C:\Users\ola\cudart32_30_14.dll
C:\Users\ola\vedFramework.dll
C:\Users\ola\XMLWrapper.dll


Some content of TEMP:
====================
C:\Users\ola\AppData\Local\Temp\AdobeUpdater12345.exe
C:\Users\ola\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\ola\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\ola\AppData\Local\Temp\ose00000.exe
C:\Users\ola\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\ola\AppData\Local\Temp\SDShelEx-x64.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-23 13:42

==================== End Of Log ============================
--- --- ---

ola_123 24.02.2015 12:03
ADDITIONFRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2015
Ran by ola at 2015-02-24 11:54:11
Running from C:\Users\ola\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0.1 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe Acrobat 7.0 Professional - English, Français, Deutsch (HKLM-x32\...\Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V) (Version: 7.0.0 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader 8.3.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A83000000003}) (Version: 8.3.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
AIO_CDA_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Amazon Music (HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC)
ATI Catalyst Install Manager (HKLM\...\{67CA5B4D-32DA-B54C-1851-F68ECD83262E}) (Version: 3.0.754.0 - ATI Technologies, Inc.)
Bauern-Spass (HKLM-x32\...\{08C06EC7-FD54-4C4E-9FED-1E8DA7367BE3}) (Version: 1.00.0000 - Intenium GmbH)
Bauern-Spaß (HKLM-x32\...\Bauern-Spaß) (Version: 1.0.0.0 - INTENIUM GmbH)
Beach Party Craze Deluxe (HKLM-x32\...\ab25efd7edca8068e25022a8dcb023bc) (Version:  - Zylom)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Burger Bustle (HKLM-x32\...\BFG-Burger Bustle) (Version:  - )
C5100 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
c5100_Help (x32 Version: 82.0.256.000 - Hewlett-Packard) Hidden
Cake Mania Main Street (HKLM-x32\...\BFG-Cake Mania Main Street) (Version:  - )
Cake Mania: Lights, Camera, Action! (HKLM-x32\...\BFG-Cake Mania - Lights, Camera, Action) (Version:  - )
ccc-core-static (x32 Version: 2009.1201.2247.40849 - Ihr Firmenname) Hidden
Chicken Invaders 4 – Weihnachtsedition (HKLM-x32\...\Chicken Invaders 4 – Weihnachtsedition) (Version: 1.0.0.0 - INTENIUM GmbH)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Dancing Craze (HKLM-x32\...\BFG-Dancing Craze) (Version:  - )
Delicious: Emily und die Traumhochzeit Sammleredition (HKLM-x32\...\Delicious: Emily und die Traumhochzeit Sammleredition) (Version: 0.0.0.0 - INTENIUM GmbH)
Der Bau der Chinesischen Mauer (HKLM-x32\...\Der Bau der Chinesischen Mauer) (Version:  - )
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
Deutschland Spielt - Spiele Post (HKLM-x32\...\Deutschland Spielt - Spiele Post) (Version: 1.0.4.38 - INTENIUM GmbH)
DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\{D2B31FE6-127F-4E79-8186-F080A282FBC7}) (Version: 1.0.0.46 - Intenium GmbH)
DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 2.4.2.14 - INTENIUM GmbH)
DEUTSCHLAND SPIELT Spiele Post (HKLM-x32\...\DEUTSCHLAND SPIELT Spiele Post) (Version: 1.0.3.0 - INTENIUM GmbH)
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
Die FreeRide Games Bar Toolbar (HKLM-x32\...\Die_FreeRide_Games_Bar Toolbar) (Version: 6.5.2.8 - Die FreeRide Games Bar)
Die Legende von Atlantis - Exodus (HKLM-x32\...\{AB49EB53-CEA8-40F1-828B-7DE5D7D158F0}) (Version: 1.00.0000 - Intenium GmbH)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 5.1.7 - CEWE Stiftung u Co. KGaA)
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Double Pack SuperMarket Management Deluxe (HKLM-x32\...\7283d44070835c6bc64e323b40b6ec9f) (Version:  - Zylom)
Dragon Keeper 2 (HKLM-x32\...\BFG-Dragon Keeper 2) (Version:  - )
DragonStone (HKLM-x32\...\BFG-DragonStone) (Version:  - )
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
Farm Mania Hot Vacation (HKLM-x32\...\Farm Mania Hot Vacation_is1) (Version:  - Realore Studios)
Farmscapes (HKLM-x32\...\BFG-Farmscapes) (Version:  - )
Farmscapes (HKLM-x32\...\Farmscapes_is1) (Version:  - Playrix Entertainment)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Free Audio CD Burner version 1.4.8 (HKLM-x32\...\Free Audio CD Burner_is1) (Version:  - DVDVideoSoft Limited.)
Free YouTube to MP3 Converter version 3.12.54.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.54.128 - DVDVideoSoft Ltd.)
GameCatalog42.2013 (x32 Version: 1.00.0000 - Intenium GmbH) Hidden
GameTreat Player (HKLM-x32\...\{AC323D63-F1B1-4FA6-88B1-72E74025036E}) (Version:  - )
GMX Internet Explorer Addon (HKLM-x32\...\1&1 Mail & Media GmbH 1und1InternetExplorerAddon) (Version: 1.0.1.0 - 1&1 Mail & Media GmbH)
GMX Softwareaktualisierung (HKLM-x32\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 2.0.1.5 - 1&1 Mail & Media GmbH)
GMX Toolbar für Internet Explorer (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 1.7.2.0 - 1&1 Mail & Media GmbH)
GMX Toolbar MSVC100 CRT x64 (Version: 1.0.0 - 1&1 Mail & Media GmbH) Hidden
GMX Toolbar MSVC100 CRT x86 (x32 Version: 1.0.0 - 1&1 Mail & Media GmbH) Hidden
Google Chrome (HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Grave Mania: Zombiefieber (HKLM-x32\...\BFG-Grave Mania - Zombiefieber) (Version:  - )
Hardwarediagnosetools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
Hello Venice (HKLM-x32\...\{6B19A215-DFA2-440D-B972-08CEEB77F078}) (Version: 1.00.0000 - Intenium GmbH)
Hello Venice (HKLM-x32\...\BFG-Hello Venice) (Version:  - )
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3422 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photosmart All-In-One Driver Software 13.0 Rel. A (HKLM\...\{17016DA1-F040-4032-BD36-34DD317BC9D5}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}) (Version: 5.1.10.7 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HydraVision (x32 Version: 4.2.128.0 - ATI Technologies Inc.) Hidden
Insaniquarium Deluxe (HKLM-x32\...\9a14c916588716e1e4a91a4414907685) (Version:  - Zylom)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
Island Tribe (HKLM-x32\...\Island Tribe_is1) (Version:  - Realore Studios)
Island Tribe 2 (HKLM-x32\...\BFG-Island Tribe 2) (Version:  - )
Island Tribe 2 (HKLM-x32\...\Island Tribe 2_is1) (Version:  - Realore Studios)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Jet Set Go (HKLM-x32\...\Jet Set Go) (Version: 1.0.0.0 - INTENIUM GmbH)
Jewelleria (HKLM-x32\...\BFG-Jewelleria) (Version:  - )
Juliettes Mode-Imperium (HKLM-x32\...\Juliettes Mode-Imperium) (Version: 1.0.0.0 - INTENIUM GmbH)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Katy + Bob (HKLM-x32\...\Katy + Bob) (Version:  - )
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version:  - EasyBits Software AS)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mein eigener Bauernhof (HKLM-x32\...\Mein eigener Bauernhof_is1) (Version:  - Realore Studios)
Mein eigener Bauernhof 2 (HKLM-x32\...\Mein eigener Bauernhof 2_is1) (Version:  - Realore Studios)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\MyFreeCodec) (Version:  - )
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
OpenOffice.org 3.2 (HKLM-x32\...\{8D1E61D1-1395-4E97-997F-D002DB3A5074}) (Version: 3.2.9502 - OpenOffice.org)
Paradise Beach 2 (HKLM-x32\...\{63C716AA-D7E0-4ED4-AC70-84F255F2AD55}) (Version: 1.00.0000 - Intenium GmbH)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.51.17865 - pdfforge GmbH)
PDF Architect 2 Create Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDF Architect 2 Edit Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDF Architect 2 View Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
Pet Show Craze Deluxe (HKLM-x32\...\7d89a1ed80d764888be08d8ed2b7ddbb) (Version:  - Zylom)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3405 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3405 - CyberLink Corp.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5938 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Ritter Arthur 4 (HKLM-x32\...\Ritter Arthur 4) (Version: 1.0.0.0 - INTENIUM GmbH)
Ritter Arthur III (HKLM-x32\...\Ritter Arthur III) (Version: 1.0.0.0 - INTENIUM GmbH)
Roads Of Rome (HKLM-x32\...\Roads Of Rome_is1) (Version:  - Realore Studios)
Roads of Rome 3 (HKLM-x32\...\Roads of Rome 3) (Version: 32.0.0.0 - Shockwave.com)
Royal Envoy (HKLM-x32\...\Royal Envoy_is1) (Version:  - Playrix Entertainment)
Royal Envoy 2 (HKLM-x32\...\Royal Envoy 2_is1) (Version:  - Playrix Entertainment)
Sally's Quick Clips (HKLM-x32\...\c59fb4f519ae3f5779eefbda2291335c) (Version:  - Zylom)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.10.9560 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Trojan Remover 6.9.1 (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.1 - Simply Super Software)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Viking Saga (HKLM-x32\...\b084798fee4191843dbe5cdb90c900ef) (Version:  - GameHouse)
Viking Saga (HKLM-x32\...\BFG-Viking Saga) (Version:  - )
viking saga (HKLM-x32\...\viking saga_is1) (Version:  - Realore Studios)
VLC media player 1.1.5 (HKLM-x32\...\VLC media player) (Version: 1.1.5 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Wedding Salon Deluxe (HKLM-x32\...\3866c7ce7716fadf1b53a2ff8d90be59) (Version:  - Zylom)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.10.20 - WildTangent)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Youda Farmer (HKLM-x32\...\Youda Farmer) (Version:  - )
Youda Farmer 3: Jahreszeiten (HKLM-x32\...\Youda Farmer 3: Jahreszeiten) (Version: 1.0.0.0 - INTENIUM GmbH)
Zylom Games Player Plugin (HKLM-x32\...\Zylom Games Player Plugin) (Version:  - Zylom Games)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-107307583-39740663-3650351078-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\ola\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-107307583-39740663-3650351078-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\ola\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-107307583-39740663-3650351078-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\ola\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-107307583-39740663-3650351078-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\ola\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-107307583-39740663-3650351078-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\ola\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-107307583-39740663-3650351078-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\ola\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-107307583-39740663-3650351078-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\ola\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

14-02-2015 19:44:50 Windows Update
19-02-2015 10:17:20 Windows Update
23-02-2015 13:00:22 Windows Update
23-02-2015 16:54:54 TuneUp Utilities 2014 wird entfernt
23-02-2015 16:57:13 TuneUp Utilities 2014 (de-DE) wird entfernt
23-02-2015 17:15:48 Entfernt Panorama Maker
23-02-2015 17:23:41 Entfernt MediaImpression
23-02-2015 17:25:48 Removed Nikon Transfer
23-02-2015 17:35:06 Removed Cisco Systems VPN Client 5.0.07.0290
23-02-2015 17:37:17 Konfiguriert PowerStarter
23-02-2015 17:43:03 Removed Die Ratten.
23-02-2015 17:51:57 Removed File Uploader
23-02-2015 17:52:36 Removed File Uploader
23-02-2015 17:53:14 Removed Nikon Message Center
23-02-2015 17:53:32 Removed Picture Control Utility
23-02-2015 17:54:15 Removed ViewNX
23-02-2015 17:55:52 Removed File Uploader
23-02-2015 17:56:30 Removed Picture Control Utility
23-02-2015 18:03:42 Removed The Clockmaker - Die Stunde des Uhrmachers.
23-02-2015 18:34:51 Removed Samsung Kies

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0ADCF13C-D003-4C8D-94D7-EE901DA4A609} - System32\Tasks\{440C16AE-EFF7-4451-9E33-E04BFA205354} => Chrome.exe
Task: {222EB722-32B4-4C08-A2A1-67E2C6283CC2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {2CF4D595-4B23-416F-88CA-2861FD7D3B76} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {3B847ADD-D18A-42AB-B426-0774014E7014} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {42BF959D-4F51-4743-BF0E-ACD9096DECDA} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {43F46D89-5F6B-4D5D-AB7F-A404A7B51100} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {48C7550E-5201-4279-A0F1-2C60B8B60BB0} - System32\Tasks\{5F0472E8-4636-4748-8486-5A34D579AEB8} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {52BAA416-89BB-4321-B717-345162D64B72} - System32\Tasks\{DDDAEAD7-D45D-41AA-8A89-B0F818DE02C4} => pcalua.exe -a "C:\Program Files (x86)\Shockwave.com\Camp Funshine - Carrie the Caregiver 3\Camp Funshine - Carrie the Caregiver 3.exe" -d C:\Users\ola\Desktop
Task: {56DB60FE-FFCB-467B-93F0-6FF5E9A07FF9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {584CA625-7C99-4E0E-BE5F-9CDB3F94CE91} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {5FB1A7E7-2BF3-4A45-80B1-B8F6FA877477} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-107307583-39740663-3650351078-1001Core => C:\Users\ola\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {724F7291-CE40-41A1-A9A0-924316DE2390} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-10-22] (CyberLink)
Task: {85DA9ABF-C6C3-448C-B5BE-8A01C40C2840} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {94621FE4-1114-43E4-A95C-B112540CE59C} - System32\Tasks\1und1 Konfiguration => C:\ProgramData\1und1InternetExplorerAddon\ConfigTask.exe [2011-04-19] (1und1 Mail und Media GmbH)
Task: {9605CCA3-7C86-4ACC-90A5-3EBFA29BDB3B} - System32\Tasks\{AF6F217A-6557-4705-A11D-D8705CE52A49} => pcalua.exe -a "C:\Users\ola\Downloads\DancingCraze (1).exe" -d C:\Users\ola\Downloads
Task: {AA7B0780-C9B8-4CAD-95CC-371756F5B285} - System32\Tasks\{CAF7B480-2A56-4CF5-BEA1-D717E2B4F1AF} => pcalua.exe -a "C:\Users\ola\Downloads\InstallCakeMania2 (1).exe" -d C:\Users\ola\Downloads
Task: {AD1C7FB3-7C40-4FBA-ABB5-76BF963ECE99} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-11-15] (Hewlett-Packard Company)
Task: {B50C9F2D-9499-4AB6-A724-C8AC8FA222D3} - System32\Tasks\{996E5C7A-CCAE-4656-8D5D-89BE152FD3E4} => pcalua.exe -a C:\Users\ola\Desktop\DiamondDrop2.exe -d C:\Users\ola\Desktop
Task: {B609AA2B-B181-43D3-84EC-B660DC3C01EC} - System32\Tasks\{208FEADB-A1A9-4840-8445-2DE9903BAFDA} => pcalua.exe -a "C:\Users\ola\Downloads\RitterArthur4 (1).exe" -d C:\Users\ola\Downloads
Task: {B9BFC3EB-5A7E-43D6-83AF-E11CDD19DDA2} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2011-06-08] (1&1 Mail & Media GmbH)
Task: {C1EA5B84-2B14-43D4-A295-95C026651C8F} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)
Task: {C6409590-4B9B-4502-8AF5-0B8C7D0C9E64} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-11-15] (Hewlett-Packard Company)
Task: {C675942D-5330-49A1-9E19-48953EF659E6} - System32\Tasks\ExtendedServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {D08BC7DE-3204-457E-9541-091F2EEE1449} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-107307583-39740663-3650351078-1001UA => C:\Users\ola\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {E056F0DF-D200-4A05-AD81-BBA7BAC162FB} - System32\Tasks\{2FA90A2F-3E1B-4BDC-980B-0704EA92DA79} => pcalua.exe -a "C:\Users\ola\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZLAXA7BL\DiamondDrop2[1].exe" -d C:\Users\ola\Desktop
Task: {F7874B80-5184-4793-9FE4-3165B5525F41} - System32\Tasks\{0CF927CB-81C6-4D35-B425-FA96E1EA5DF3} => pcalua.exe -a "C:\Users\ola\Downloads\DieSpurensucher (1).exe" -d C:\Users\ola\Downloads
Task: {F78C369F-738B-4EDA-841C-520FA6C0878B} - System32\Tasks\{9B58D4A6-80C8-4626-96C0-D2D146DBFF74} => pcalua.exe -a "J:\maren\Office 2007 - Deutsch + seriell\setup.exe" -d "J:\maren\Office 2007 - Deutsch + seriell"
Task: {F8496263-A388-4A62-8EA8-52DA054C5770} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-107307583-39740663-3650351078-1001Core.job => C:\Users\ola\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-107307583-39740663-3650351078-1001UA.job => C:\Users\ola\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe5-fh scripts\monthly.xml

==================== Loaded Modules (whitelisted) ==============

2009-09-14 16:17 - 2009-09-14 16:17 - 00610360 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2014-09-12 18:39 - 2014-09-06 01:54 - 06281536 _____ () C:\Users\ola\AppData\Local\Amazon Music\Amazon Music Helper.exe
2009-06-26 11:25 - 2009-06-26 11:25 - 00098304 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-02-05 19:04 - 2010-02-05 19:04 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2015-02-22 13:40 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-22 13:40 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-22 13:40 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-02-22 13:40 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-02-22 13:40 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2010-02-05 19:03 - 2009-10-02 12:18 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2009-10-22 18:50 - 2009-10-22 18:50 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2010-05-04 15:36 - 2010-05-04 15:36 - 00970752 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2015-02-21 10:29 - 2015-02-17 23:44 - 01117512 _____ () C:\Users\ola\AppData\Local\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-21 10:29 - 2015-02-17 23:44 - 00211272 _____ () C:\Users\ola\AppData\Local\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-21 10:29 - 2015-02-17 23:44 - 14965064 _____ () C:\Users\ola\AppData\Local\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll
2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2015-02-21 10:29 - 2015-02-17 23:44 - 09171272 _____ () C:\Users\ola\AppData\Local\Google\Chrome\Application\40.0.2214.115\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\ola:zylomtest
AlternateDataStreams: C:\Users\ola:zylomtr{0000278T-TT9K-T8DU-07LG-28DG94S2MVRH}
AlternateDataStreams: C:\Users\ola:zylomtr{0000278T-TT9K-T8DU-07LG-28DG94S2MVTH}
AlternateDataStreams: C:\Users\ola:zylomtr{00013KEU-UKQE-K6V0-70L9-2A8RJ1B4CV71}
AlternateDataStreams: C:\Users\ola:zylomtr{00013KEU-UKQE-K6V0-70L9-2A8RJ1B4CVL4}
AlternateDataStreams: C:\Users\ola:zylomtr{00013KEU-UKQE-K6V0-9MH3-29NVUQ9IEVPR}
AlternateDataStreams: C:\Users\ola:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVIC}
AlternateDataStreams: C:\Users\ola:zylomtr{00013KEU-UKQE-K6V0-QFBF-26K1JL6KQVVO}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG1-1VH8-28I0EFCC2VOB}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG1-1VH8-28I0EFCC2VVP}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG1-3BG4-281NL05DCVTO}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG1-6E2T-2B6FMQRBGVRR}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG1-6E2T-2B6FMQRBGVTH}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG1-7LLS-22TDACKJ0VU4}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG1-J24H-293SB52ICVVS}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG2-CB1H-264U84BSAVVN}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG2-LKCU-2AJQPJA4AVIR}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG2-LKCU-2AJQPJA4AVPQ}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG2-LKCU-2AJQPJA4AVQQ}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG2-LKCU-2AJQPJA4AVUC}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG2-V08M-26E8LC4K2VVR}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG3-1EMN-28M5NPU00VQH}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG3-1EMN-295K77I0IVVI}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG3-40QI-27REBT9KOVVK}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG3-7U7M-26FBSL48IVVJ}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG3-8AT4-258NF6K78VST}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG3-L1G2-28QRSPMS6VVH}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG3-L4Q0-290ETKLEB000}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG3-O5NG-26MTF54NEVSV}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG3-S3H7-2A5PQROOQVT8}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG3-S3H7-2A5PQROOQVVP}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG4-3S8E-27J3AJ6UT000}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG4-5TO3-2831TOKLCVUL}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG4-74E3-28689HMLOVUP}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG4-US8E-26I93FV2MVV4}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG5-8A6T-26VOTC6OMVND}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVKL}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVLH}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVML}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVOE}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG6-64CA-2ASVQDAHMVP0}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG6-64CA-2ASVQDAHMVS3}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG7-5P29-2A14KFREQVPV}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG7-9H53-25QU2TIGSVVL}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG7-FCUD-27Q18NRLP000}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG7-FCUD-28A45N46SVTT}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG7-FCUD-28A45N46SVVI}
AlternateDataStreams: C:\Users\ola:zylomtr{1000278T-TT9K-T8DU-1KFV-23O5NTEJMVRJ}
AlternateDataStreams: C:\ProgramData\Temp:00F3978A
AlternateDataStreams: C:\ProgramData\Temp:014BC3B4
AlternateDataStreams: C:\ProgramData\Temp:02B823FE
AlternateDataStreams: C:\ProgramData\Temp:02DD996C
AlternateDataStreams: C:\ProgramData\Temp:059167AF
AlternateDataStreams: C:\ProgramData\Temp:06B8FE62
AlternateDataStreams: C:\ProgramData\Temp:073139EC
AlternateDataStreams: C:\ProgramData\Temp:07C99568
AlternateDataStreams: C:\ProgramData\Temp:07D9FF25
AlternateDataStreams: C:\ProgramData\Temp:0915A718
AlternateDataStreams: C:\ProgramData\Temp:0988A428
AlternateDataStreams: C:\ProgramData\Temp:09CD1DC6
AlternateDataStreams: C:\ProgramData\Temp:0ACF1AF5
AlternateDataStreams: C:\ProgramData\Temp:0AE2C68F
AlternateDataStreams: C:\ProgramData\Temp:0AF6266B
AlternateDataStreams: C:\ProgramData\Temp:0BABC4C8
AlternateDataStreams: C:\ProgramData\Temp:0BF4DA47
AlternateDataStreams: C:\ProgramData\Temp:0C2A17F2
AlternateDataStreams: C:\ProgramData\Temp:0C2F9CC7
AlternateDataStreams: C:\ProgramData\Temp:0CCCEDA1
AlternateDataStreams: C:\ProgramData\Temp:0CDF8C3D
AlternateDataStreams: C:\ProgramData\Temp:0DFE2AE1
AlternateDataStreams: C:\ProgramData\Temp:0E5CFA74
AlternateDataStreams: C:\ProgramData\Temp:0E61938B
AlternateDataStreams: C:\ProgramData\Temp:0FC68B9A
AlternateDataStreams: C:\ProgramData\Temp:10094A5D
AlternateDataStreams: C:\ProgramData\Temp:104A718B
AlternateDataStreams: C:\ProgramData\Temp:109BD730
AlternateDataStreams: C:\ProgramData\Temp:10D45FC3
AlternateDataStreams: C:\ProgramData\Temp:10D98D98
AlternateDataStreams: C:\ProgramData\Temp:120E44A4
AlternateDataStreams: C:\ProgramData\Temp:122B409D
AlternateDataStreams: C:\ProgramData\Temp:1297FF3C
AlternateDataStreams: C:\ProgramData\Temp:12A012A1
AlternateDataStreams: C:\ProgramData\Temp:1419F1F4
AlternateDataStreams: C:\ProgramData\Temp:14FA5E46
AlternateDataStreams: C:\ProgramData\Temp:15381DB9
AlternateDataStreams: C:\ProgramData\Temp:1656EE95
AlternateDataStreams: C:\ProgramData\Temp:165AF2C6
AlternateDataStreams: C:\ProgramData\Temp:169E7AC5
AlternateDataStreams: C:\ProgramData\Temp:16A4620C
AlternateDataStreams: C:\ProgramData\Temp:16C16B18
AlternateDataStreams: C:\ProgramData\Temp:16F42F1F
AlternateDataStreams: C:\ProgramData\Temp:175721D5
AlternateDataStreams: C:\ProgramData\Temp:17F7AEA3
AlternateDataStreams: C:\ProgramData\Temp:18345E10
AlternateDataStreams: C:\ProgramData\Temp:193CB03B
AlternateDataStreams: C:\ProgramData\Temp:197DD5C6
AlternateDataStreams: C:\ProgramData\Temp:1ADC4BD5
AlternateDataStreams: C:\ProgramData\Temp:1B3549F2
AlternateDataStreams: C:\ProgramData\Temp:1D4A17AE
AlternateDataStreams: C:\ProgramData\Temp:1D8551A3
AlternateDataStreams: C:\ProgramData\Temp:1E288DA3
AlternateDataStreams: C:\ProgramData\Temp:1E7308B6
AlternateDataStreams: C:\ProgramData\Temp:1EAB6298
AlternateDataStreams: C:\ProgramData\Temp:1FF82161
AlternateDataStreams: C:\ProgramData\Temp:206470A5
AlternateDataStreams: C:\ProgramData\Temp:217A2A36
AlternateDataStreams: C:\ProgramData\Temp:2216A431
AlternateDataStreams: C:\ProgramData\Temp:23622B8B
AlternateDataStreams: C:\ProgramData\Temp:2487D1DA
AlternateDataStreams: C:\ProgramData\Temp:24F08129
AlternateDataStreams: C:\ProgramData\Temp:258D2F8B
AlternateDataStreams: C:\ProgramData\Temp:2640C43F
AlternateDataStreams: C:\ProgramData\Temp:268A5068
AlternateDataStreams: C:\ProgramData\Temp:269C0B5C
AlternateDataStreams: C:\ProgramData\Temp:274516E7
AlternateDataStreams: C:\ProgramData\Temp:2775F9E2
AlternateDataStreams: C:\ProgramData\Temp:282CE153
AlternateDataStreams: C:\ProgramData\Temp:28819F45
AlternateDataStreams: C:\ProgramData\Temp:28CCFEFB
AlternateDataStreams: C:\ProgramData\Temp:29C0641D
AlternateDataStreams: C:\ProgramData\Temp:2C14DBD1
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:2CDB9CA3
AlternateDataStreams: C:\ProgramData\Temp:2CED8825
AlternateDataStreams: C:\ProgramData\Temp:2D0DFF22
AlternateDataStreams: C:\ProgramData\Temp:2D1AE3BE
AlternateDataStreams: C:\ProgramData\Temp:2D3CB929
AlternateDataStreams: C:\ProgramData\Temp:2EB79F01
AlternateDataStreams: C:\ProgramData\Temp:2F7C40B6
AlternateDataStreams: C:\ProgramData\Temp:30E0D641
AlternateDataStreams: C:\ProgramData\Temp:3113BD8B
AlternateDataStreams: C:\ProgramData\Temp:3118E26B
AlternateDataStreams: C:\ProgramData\Temp:31F2397C
AlternateDataStreams: C:\ProgramData\Temp:329BA65B
AlternateDataStreams: C:\ProgramData\Temp:32AA69ED
AlternateDataStreams: C:\ProgramData\Temp:32AE8659
AlternateDataStreams: C:\ProgramData\Temp:346337E3
AlternateDataStreams: C:\ProgramData\Temp:3487C53E
AlternateDataStreams: C:\ProgramData\Temp:349E5B74
AlternateDataStreams: C:\ProgramData\Temp:34FDB459
AlternateDataStreams: C:\ProgramData\Temp:35629AE6
AlternateDataStreams: C:\ProgramData\Temp:36608448
AlternateDataStreams: C:\ProgramData\Temp:366B74CA
AlternateDataStreams: C:\ProgramData\Temp:37994DBE
AlternateDataStreams: C:\ProgramData\Temp:385E2CFD
AlternateDataStreams: C:\ProgramData\Temp:38A0E181
AlternateDataStreams: C:\ProgramData\Temp:38FF076E
AlternateDataStreams: C:\ProgramData\Temp:393F7B1E
AlternateDataStreams: C:\ProgramData\Temp:395F6776
AlternateDataStreams: C:\ProgramData\Temp:3991CD7D
AlternateDataStreams: C:\ProgramData\Temp:3AC0ED43
AlternateDataStreams: C:\ProgramData\Temp:3B07E6F4
AlternateDataStreams: C:\ProgramData\Temp:3BAD65EA
AlternateDataStreams: C:\ProgramData\Temp:3C0F646D
AlternateDataStreams: C:\ProgramData\Temp:3C6860C5
AlternateDataStreams: C:\ProgramData\Temp:3D033DEC
AlternateDataStreams: C:\ProgramData\Temp:3D67D093
AlternateDataStreams: C:\ProgramData\Temp:3DF63AD7
AlternateDataStreams: C:\ProgramData\Temp:3FE1A827
AlternateDataStreams: C:\ProgramData\Temp:41289DF0
AlternateDataStreams: C:\ProgramData\Temp:41884BBE
AlternateDataStreams: C:\ProgramData\Temp:426D1496
AlternateDataStreams: C:\ProgramData\Temp:432EC713
AlternateDataStreams: C:\ProgramData\Temp:4363DE71
AlternateDataStreams: C:\ProgramData\Temp:439E3411
AlternateDataStreams: C:\ProgramData\Temp:43C9D140
AlternateDataStreams: C:\ProgramData\Temp:43E95997
AlternateDataStreams: C:\ProgramData\Temp:44E16D4A
AlternateDataStreams: C:\ProgramData\Temp:450ABF8D
AlternateDataStreams: C:\ProgramData\Temp:4573A78F
AlternateDataStreams: C:\ProgramData\Temp:45F3AD49
AlternateDataStreams: C:\ProgramData\Temp:46A2F27B
AlternateDataStreams: C:\ProgramData\Temp:4709F39D
AlternateDataStreams: C:\ProgramData\Temp:474D8B37
AlternateDataStreams: C:\ProgramData\Temp:483AC68A
AlternateDataStreams: C:\ProgramData\Temp:490BCC52
AlternateDataStreams: C:\ProgramData\Temp:49B217F7
AlternateDataStreams: C:\ProgramData\Temp:4A03F06E
AlternateDataStreams: C:\ProgramData\Temp:4A0829E0
AlternateDataStreams: C:\ProgramData\Temp:4A5CFD3B
AlternateDataStreams: C:\ProgramData\Temp:4A966CC2
AlternateDataStreams: C:\ProgramData\Temp:4B70A9FA
AlternateDataStreams: C:\ProgramData\Temp:4C16B46B
AlternateDataStreams: C:\ProgramData\Temp:4C3504B5
AlternateDataStreams: C:\ProgramData\Temp:4C71A42B
AlternateDataStreams: C:\ProgramData\Temp:4EF94CF3
AlternateDataStreams: C:\ProgramData\Temp:512336B9
AlternateDataStreams: C:\ProgramData\Temp:5279F7BF
AlternateDataStreams: C:\ProgramData\Temp:52B3B2D1
AlternateDataStreams: C:\ProgramData\Temp:5335CE76
AlternateDataStreams: C:\ProgramData\Temp:54531C7D
AlternateDataStreams: C:\ProgramData\Temp:554C6431
AlternateDataStreams: C:\ProgramData\Temp:56699AAF
AlternateDataStreams: C:\ProgramData\Temp:56C17A93
AlternateDataStreams: C:\ProgramData\Temp:56C66609
AlternateDataStreams: C:\ProgramData\Temp:57173DB4
AlternateDataStreams: C:\ProgramData\Temp:5742B6F5
AlternateDataStreams: C:\ProgramData\Temp:574F975B
AlternateDataStreams: C:\ProgramData\Temp:57619D72
AlternateDataStreams: C:\ProgramData\Temp:57CC1FDC
AlternateDataStreams: C:\ProgramData\Temp:57EE48CA
AlternateDataStreams: C:\ProgramData\Temp:592D7272
AlternateDataStreams: C:\ProgramData\Temp:59846E5E
AlternateDataStreams: C:\ProgramData\Temp:5A068EE1
AlternateDataStreams: C:\ProgramData\Temp:5A437AC3
AlternateDataStreams: C:\ProgramData\Temp:5C0940F1
AlternateDataStreams: C:\ProgramData\Temp:5C3ED5BB
AlternateDataStreams: C:\ProgramData\Temp:5C4A588B
AlternateDataStreams: C:\ProgramData\Temp:5CE2502D
AlternateDataStreams: C:\ProgramData\Temp:5D1BA9DE
AlternateDataStreams: C:\ProgramData\Temp:5DB4FD98
AlternateDataStreams: C:\ProgramData\Temp:5E05F78B
AlternateDataStreams: C:\ProgramData\Temp:5E209A50
AlternateDataStreams: C:\ProgramData\Temp:5E24C78B
AlternateDataStreams: C:\ProgramData\Temp:5ED747B8
AlternateDataStreams: C:\ProgramData\Temp:5FB7A2BD
AlternateDataStreams: C:\ProgramData\Temp:600F6768
AlternateDataStreams: C:\ProgramData\Temp:60AC3BC3
AlternateDataStreams: C:\ProgramData\Temp:60E0AB2A
AlternateDataStreams: C:\ProgramData\Temp:61C6B926
AlternateDataStreams: C:\ProgramData\Temp:61FEC5E3
AlternateDataStreams: C:\ProgramData\Temp:6301CE40
AlternateDataStreams: C:\ProgramData\Temp:639BB5E9
AlternateDataStreams: C:\ProgramData\Temp:640DDEFF
AlternateDataStreams: C:\ProgramData\Temp:64996B1C
AlternateDataStreams: C:\ProgramData\Temp:65484F45
AlternateDataStreams: C:\ProgramData\Temp:663B62CA
AlternateDataStreams: C:\ProgramData\Temp:6677D85A
AlternateDataStreams: C:\ProgramData\Temp:66AA0486
AlternateDataStreams: C:\ProgramData\Temp:67396145
AlternateDataStreams: C:\ProgramData\Temp:67421CB3
AlternateDataStreams: C:\ProgramData\Temp:67842DB7
AlternateDataStreams: C:\ProgramData\Temp:68FC22BD
AlternateDataStreams: C:\ProgramData\Temp:696F7DA7
AlternateDataStreams: C:\ProgramData\Temp:69F562A6
AlternateDataStreams: C:\ProgramData\Temp:69FE2EE4
AlternateDataStreams: C:\ProgramData\Temp:6AD65294
AlternateDataStreams: C:\ProgramData\Temp:6B28173C
AlternateDataStreams: C:\ProgramData\Temp:6C13E971
AlternateDataStreams: C:\ProgramData\Temp:6DDFD746
AlternateDataStreams: C:\ProgramData\Temp:6E3C585B
AlternateDataStreams: C:\ProgramData\Temp:6F57F1D1
AlternateDataStreams: C:\ProgramData\Temp:6FA346B6
AlternateDataStreams: C:\ProgramData\Temp:6FD36C4B
AlternateDataStreams: C:\ProgramData\Temp:6FDE1666
AlternateDataStreams: C:\ProgramData\Temp:716C3D9F
AlternateDataStreams: C:\ProgramData\Temp:723E56EC
AlternateDataStreams: C:\ProgramData\Temp:72C99D4E
AlternateDataStreams: C:\ProgramData\Temp:73461BFA
AlternateDataStreams: C:\ProgramData\Temp:73B78E79
AlternateDataStreams: C:\ProgramData\Temp:7425C891
AlternateDataStreams: C:\ProgramData\Temp:77E239B1
AlternateDataStreams: C:\ProgramData\Temp:7804B508
AlternateDataStreams: C:\ProgramData\Temp:78794301
AlternateDataStreams: C:\ProgramData\Temp:79C6A9CE
AlternateDataStreams: C:\ProgramData\Temp:7B8AF9AA
AlternateDataStreams: C:\ProgramData\Temp:7BB584AA
AlternateDataStreams: C:\ProgramData\Temp:7BBC3CCD
AlternateDataStreams: C:\ProgramData\Temp:7E4E56EA
AlternateDataStreams: C:\ProgramData\Temp:7E979BC9
AlternateDataStreams: C:\ProgramData\Temp:7EABF26C
AlternateDataStreams: C:\ProgramData\Temp:7ECD9621
AlternateDataStreams: C:\ProgramData\Temp:7F4DB476
AlternateDataStreams: C:\ProgramData\Temp:800FE171
AlternateDataStreams: C:\ProgramData\Temp:806E55F5
AlternateDataStreams: C:\ProgramData\Temp:80BFDE16
AlternateDataStreams: C:\ProgramData\Temp:80E965A3
AlternateDataStreams: C:\ProgramData\Temp:81067530
AlternateDataStreams: C:\ProgramData\Temp:8247A199
AlternateDataStreams: C:\ProgramData\Temp:82756AB7
AlternateDataStreams: C:\ProgramData\Temp:82EAE27C
AlternateDataStreams: C:\ProgramData\Temp:82FF14B1
AlternateDataStreams: C:\ProgramData\Temp:83BAA24B
AlternateDataStreams: C:\ProgramData\Temp:84C07F6B
AlternateDataStreams: C:\ProgramData\Temp:84FA02E7
AlternateDataStreams: C:\ProgramData\Temp:85345626
AlternateDataStreams: C:\ProgramData\Temp:87452B14
AlternateDataStreams: C:\ProgramData\Temp:87E3D720
AlternateDataStreams: C:\ProgramData\Temp:880F0FEF
AlternateDataStreams: C:\ProgramData\Temp:8967C154
AlternateDataStreams: C:\ProgramData\Temp:896E1EFF
AlternateDataStreams: C:\ProgramData\Temp:896FF808
AlternateDataStreams: C:\ProgramData\Temp:89FC8EEB
AlternateDataStreams: C:\ProgramData\Temp:8AA99C0C
AlternateDataStreams: C:\ProgramData\Temp:8AC20936
AlternateDataStreams: C:\ProgramData\Temp:8B3C3098
AlternateDataStreams: C:\ProgramData\Temp:8B69E3C3
AlternateDataStreams: C:\ProgramData\Temp:8C12CFCD
AlternateDataStreams: C:\ProgramData\Temp:8C81B36D
AlternateDataStreams: C:\ProgramData\Temp:8CCDAB14
AlternateDataStreams: C:\ProgramData\Temp:8DD36B71
AlternateDataStreams: C:\ProgramData\Temp:8F00BFC0
AlternateDataStreams: C:\ProgramData\Temp:908A1B53
AlternateDataStreams: C:\ProgramData\Temp:90C5140C
AlternateDataStreams: C:\ProgramData\Temp:9124663C
AlternateDataStreams: C:\ProgramData\Temp:9256664B
AlternateDataStreams: C:\ProgramData\Temp:928DF32E
AlternateDataStreams: C:\ProgramData\Temp:933D54A9
AlternateDataStreams: C:\ProgramData\Temp:94F67F32
AlternateDataStreams: C:\ProgramData\Temp:95D421DF
AlternateDataStreams: C:\ProgramData\Temp:96646EC1
AlternateDataStreams: C:\ProgramData\Temp:96838F8A
AlternateDataStreams: C:\ProgramData\Temp:968CA408
AlternateDataStreams: C:\ProgramData\Temp:969C0C96
AlternateDataStreams: C:\ProgramData\Temp:96C05DC7
AlternateDataStreams: C:\ProgramData\Temp:971DCCE2
AlternateDataStreams: C:\ProgramData\Temp:97B3B270
AlternateDataStreams: C:\ProgramData\Temp:98AE08EA
AlternateDataStreams: C:\ProgramData\Temp:98CF1A39
AlternateDataStreams: C:\ProgramData\Temp:993185CB
AlternateDataStreams: C:\ProgramData\Temp:99A29126
AlternateDataStreams: C:\ProgramData\Temp:9B3B8E95
AlternateDataStreams: C:\ProgramData\Temp:9B711F92
AlternateDataStreams: C:\ProgramData\Temp:9B721CFF
AlternateDataStreams: C:\ProgramData\Temp:9C206FB0
AlternateDataStreams: C:\ProgramData\Temp:9C337CCE
AlternateDataStreams: C:\ProgramData\Temp:9C5EEE30
AlternateDataStreams: C:\ProgramData\Temp:9D03192E
AlternateDataStreams: C:\ProgramData\Temp:9D2DE4B4
AlternateDataStreams: C:\ProgramData\Temp:9D91E651
AlternateDataStreams: C:\ProgramData\Temp:9E0656EC
AlternateDataStreams: C:\ProgramData\Temp:9E519D0B
AlternateDataStreams: C:\ProgramData\Temp:9EBE2014
AlternateDataStreams: C:\ProgramData\Temp:9F2C8DF4
AlternateDataStreams: C:\ProgramData\Temp:A0A7408F
AlternateDataStreams: C:\ProgramData\Temp:A0C7D68A
AlternateDataStreams: C:\ProgramData\Temp:A17CCD03
AlternateDataStreams: C:\ProgramData\Temp:A1A86E40
AlternateDataStreams: C:\ProgramData\Temp:A2B3764A
AlternateDataStreams: C:\ProgramData\Temp:A3840F5B
AlternateDataStreams: C:\ProgramData\Temp:A43B789A
AlternateDataStreams: C:\ProgramData\Temp:A561576B
AlternateDataStreams: C:\ProgramData\Temp:A6345BDA
AlternateDataStreams: C:\ProgramData\Temp:A6A65B80
AlternateDataStreams: C:\ProgramData\Temp:A6B07419
AlternateDataStreams: C:\ProgramData\Temp:A7856354
AlternateDataStreams: C:\ProgramData\Temp:A7964713
AlternateDataStreams: C:\ProgramData\Temp:A7BB14DF
AlternateDataStreams: C:\ProgramData\Temp:A899E64E
AlternateDataStreams: C:\ProgramData\Temp:A8BF0AE2
AlternateDataStreams: C:\ProgramData\Temp:A9356284
AlternateDataStreams: C:\ProgramData\Temp:A97C6729
AlternateDataStreams: C:\ProgramData\Temp:A97FF73C
AlternateDataStreams: C:\ProgramData\Temp:A9ABA3FF
AlternateDataStreams: C:\ProgramData\Temp:AA004D25
AlternateDataStreams: C:\ProgramData\Temp:AA18FA3A
AlternateDataStreams: C:\ProgramData\Temp:AA559E17
AlternateDataStreams: C:\ProgramData\Temp:AA60673F
AlternateDataStreams: C:\ProgramData\Temp:AB82C54F
AlternateDataStreams: C:\ProgramData\Temp:AC733A73
AlternateDataStreams: C:\ProgramData\Temp:AC95B5ED
AlternateDataStreams: C:\ProgramData\Temp:ACCEFF0E
AlternateDataStreams: C:\ProgramData\Temp:AE289451
AlternateDataStreams: C:\ProgramData\Temp:AE2EA3C2
AlternateDataStreams: C:\ProgramData\Temp:AE9351E0
AlternateDataStreams: C:\ProgramData\Temp:B059B88E
AlternateDataStreams: C:\ProgramData\Temp:B093E177
AlternateDataStreams: C:\ProgramData\Temp:B1997945
AlternateDataStreams: C:\ProgramData\Temp:B1E64E47
AlternateDataStreams: C:\ProgramData\Temp:B2112CA5
AlternateDataStreams: C:\ProgramData\Temp:B21F2857
AlternateDataStreams: C:\ProgramData\Temp:B285A50E
AlternateDataStreams: C:\ProgramData\Temp:B2D32F1D
AlternateDataStreams: C:\ProgramData\Temp:B2EDDE72
AlternateDataStreams: C:\ProgramData\Temp:B3942462
AlternateDataStreams: C:\ProgramData\Temp:B3D50E25
AlternateDataStreams: C:\ProgramData\Temp:B42826C8
AlternateDataStreams: C:\ProgramData\Temp:B4530133
AlternateDataStreams: C:\ProgramData\Temp:B504E4C2
AlternateDataStreams: C:\ProgramData\Temp:B61767F5
AlternateDataStreams: C:\ProgramData\Temp:B6285236
AlternateDataStreams: C:\ProgramData\Temp:B65E763D
AlternateDataStreams: C:\ProgramData\Temp:B722BCE5
AlternateDataStreams: C:\ProgramData\Temp:B72454C6
AlternateDataStreams: C:\ProgramData\Temp:B761039D
AlternateDataStreams: C:\ProgramData\Temp:B86642C5
AlternateDataStreams: C:\ProgramData\Temp:B91EDB04
AlternateDataStreams: C:\ProgramData\Temp:BA24E689
AlternateDataStreams: C:\ProgramData\Temp:BA5EEDA7
AlternateDataStreams: C:\ProgramData\Temp:BB0F4AA4
AlternateDataStreams: C:\ProgramData\Temp:BBF60A29
AlternateDataStreams: C:\ProgramData\Temp:BC064EDB
AlternateDataStreams: C:\ProgramData\Temp:BCDC6E07
AlternateDataStreams: C:\ProgramData\Temp:BD414E4B
AlternateDataStreams: C:\ProgramData\Temp:BD50071F
AlternateDataStreams: C:\ProgramData\Temp:BE0BAFE1
AlternateDataStreams: C:\ProgramData\Temp:BF2225C8
AlternateDataStreams: C:\ProgramData\Temp:BF6C4AAC
AlternateDataStreams: C:\ProgramData\Temp:C118E02A
AlternateDataStreams: C:\ProgramData\Temp:C36F1B98
AlternateDataStreams: C:\ProgramData\Temp:C43C957E
AlternateDataStreams: C:\ProgramData\Temp:C45094A1
AlternateDataStreams: C:\ProgramData\Temp:C458CC0A
AlternateDataStreams: C:\ProgramData\Temp:C54A1A57
AlternateDataStreams: C:\ProgramData\Temp:C695B256
AlternateDataStreams: C:\ProgramData\Temp:C69BA1D0
AlternateDataStreams: C:\ProgramData\Temp:C7B98566
AlternateDataStreams: C:\ProgramData\Temp:C8182692
AlternateDataStreams: C:\ProgramData\Temp:C87C3E2C
AlternateDataStreams: C:\ProgramData\Temp:C946EBB2
AlternateDataStreams: C:\ProgramData\Temp:C98828D3
AlternateDataStreams: C:\ProgramData\Temp:C9B27A06
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9
AlternateDataStreams: C:\ProgramData\Temp:CB3667AF
AlternateDataStreams: C:\ProgramData\Temp:CB959782
AlternateDataStreams: C:\ProgramData\Temp:CC386FD2
AlternateDataStreams: C:\ProgramData\Temp:CC45913B
AlternateDataStreams: C:\ProgramData\Temp:CC7382F6
AlternateDataStreams: C:\ProgramData\Temp:CC7738DB
AlternateDataStreams: C:\ProgramData\Temp:CD5D93E7
AlternateDataStreams: C:\ProgramData\Temp:CDB75348
AlternateDataStreams: C:\ProgramData\Temp:CE707633
AlternateDataStreams: C:\ProgramData\Temp:CE8A42A3
AlternateDataStreams: C:\ProgramData\Temp:CEE4A457
AlternateDataStreams: C:\ProgramData\Temp:CF33321C
AlternateDataStreams: C:\ProgramData\Temp:CFDE7852
AlternateDataStreams: C:\ProgramData\Temp:D01ACC06
AlternateDataStreams: C:\ProgramData\Temp:D0944474
AlternateDataStreams: C:\ProgramData\Temp:D2397415
AlternateDataStreams: C:\ProgramData\Temp:D254266B
AlternateDataStreams: C:\ProgramData\Temp:D3331ADB
AlternateDataStreams: C:\ProgramData\Temp:D46D2E5A
AlternateDataStreams: C:\ProgramData\Temp:D4D38596
AlternateDataStreams: C:\ProgramData\Temp:D51F4BAE
AlternateDataStreams: C:\ProgramData\Temp:D61EB62D
AlternateDataStreams: C:\ProgramData\Temp:D696AA12
AlternateDataStreams: C:\ProgramData\Temp:D7C0213D
AlternateDataStreams: C:\ProgramData\Temp:D7DA89B1
AlternateDataStreams: C:\ProgramData\Temp:D8DB81DC
AlternateDataStreams: C:\ProgramData\Temp:D994162E
AlternateDataStreams: C:\ProgramData\Temp:D9987109
AlternateDataStreams: C:\ProgramData\Temp:D9E6828A
AlternateDataStreams: C:\ProgramData\Temp:DA11DA54
AlternateDataStreams: C:\ProgramData\Temp:DA18D4E3
AlternateDataStreams: C:\ProgramData\Temp:DBB979D4
AlternateDataStreams: C:\ProgramData\Temp:DC9915D2
AlternateDataStreams: C:\ProgramData\Temp:DCA79AB3
AlternateDataStreams: C:\ProgramData\Temp:DCB27118
AlternateDataStreams: C:\ProgramData\Temp:DD95E6D9
AlternateDataStreams: C:\ProgramData\Temp:E00A6A60
AlternateDataStreams: C:\ProgramData\Temp:E06963C0
AlternateDataStreams: C:\ProgramData\Temp:E07EA07E
AlternateDataStreams: C:\ProgramData\Temp:E153075C
AlternateDataStreams: C:\ProgramData\Temp:E1ABC2C7
AlternateDataStreams: C:\ProgramData\Temp:E1CC2D5E
AlternateDataStreams: C:\ProgramData\Temp:E1D818F7
AlternateDataStreams: C:\ProgramData\Temp:E21987F7
AlternateDataStreams: C:\ProgramData\Temp:E2295807
AlternateDataStreams: C:\ProgramData\Temp:E41267F2
AlternateDataStreams: C:\ProgramData\Temp:E412AAF2
AlternateDataStreams: C:\ProgramData\Temp:E47BBD7B
AlternateDataStreams: C:\ProgramData\Temp:E4BC4A41
AlternateDataStreams: C:\ProgramData\Temp:E5816AB5
AlternateDataStreams: C:\ProgramData\Temp:E5BA9ADD
AlternateDataStreams: C:\ProgramData\Temp:E5CD413B
AlternateDataStreams: C:\ProgramData\Temp:E6537A16
AlternateDataStreams: C:\ProgramData\Temp:E8FC771D
AlternateDataStreams: C:\ProgramData\Temp:E96D894A
AlternateDataStreams: C:\ProgramData\Temp:EB5BDBB0
AlternateDataStreams: C:\ProgramData\Temp:EB68CA55
AlternateDataStreams: C:\ProgramData\Temp:EC0279DC
AlternateDataStreams: C:\ProgramData\Temp:EC752217
AlternateDataStreams: C:\ProgramData\Temp:EC7C9796
AlternateDataStreams: C:\ProgramData\Temp:ECC979BD
AlternateDataStreams: C:\ProgramData\Temp:ED796303
AlternateDataStreams: C:\ProgramData\Temp:ED9B661E
AlternateDataStreams: C:\ProgramData\Temp:EE0ABC44
AlternateDataStreams: C:\ProgramData\Temp:EE445D7C
AlternateDataStreams: C:\ProgramData\Temp:EE7A6A39
AlternateDataStreams: C:\ProgramData\Temp:EE7AAC75
AlternateDataStreams: C:\ProgramData\Temp:EEF1584F
AlternateDataStreams: C:\ProgramData\Temp:EF4FB3C5
AlternateDataStreams: C:\ProgramData\Temp:EFECABA9
AlternateDataStreams: C:\ProgramData\Temp:F123F8B9
AlternateDataStreams: C:\ProgramData\Temp:F2327E82
AlternateDataStreams: C:\ProgramData\Temp:F2AF86D9
AlternateDataStreams: C:\ProgramData\Temp:F3029A65
AlternateDataStreams: C:\ProgramData\Temp:F3591DDB
AlternateDataStreams: C:\ProgramData\Temp:F35AE645
AlternateDataStreams: C:\ProgramData\Temp:F3F9AB21
AlternateDataStreams: C:\ProgramData\Temp:F4362715
AlternateDataStreams: C:\ProgramData\Temp:F53B274A
AlternateDataStreams: C:\ProgramData\Temp:F5E30F6A
AlternateDataStreams: C:\ProgramData\Temp:F5FC5DCE
AlternateDataStreams: C:\ProgramData\Temp:F67AAFC5
AlternateDataStreams: C:\ProgramData\Temp:F6910DB1
AlternateDataStreams: C:\ProgramData\Temp:F6C0CA66
AlternateDataStreams: C:\ProgramData\Temp:F6CDA594
AlternateDataStreams: C:\ProgramData\Temp:F6DA3F39
AlternateDataStreams: C:\ProgramData\Temp:F78CC2A2
AlternateDataStreams: C:\ProgramData\Temp:F7B0AE93
AlternateDataStreams: C:\ProgramData\Temp:F81E7082
AlternateDataStreams: C:\ProgramData\Temp:F8E188F6
AlternateDataStreams: C:\ProgramData\Temp:F9283DA1
AlternateDataStreams: C:\ProgramData\Temp:F9E46E4C
AlternateDataStreams: C:\ProgramData\Temp:F9EE38AE
AlternateDataStreams: C:\ProgramData\Temp:FBA79096
AlternateDataStreams: C:\ProgramData\Temp:FBE5FDB9
AlternateDataStreams: C:\ProgramData\Temp:FBF21B24
AlternateDataStreams: C:\ProgramData\Temp:FC414D14
AlternateDataStreams: C:\ProgramData\Temp:FC4B020F
AlternateDataStreams: C:\ProgramData\Temp:FD774C83
AlternateDataStreams: C:\ProgramData\Temp:FE058F1D
AlternateDataStreams: C:\ProgramData\Temp:FEB0595A
AlternateDataStreams: C:\ProgramData\Temp:FEE00EB9
AlternateDataStreams: C:\ProgramData\Temp:FEEEFFAD
AlternateDataStreams: C:\ProgramData\Temp:FF747CFB

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\S-1-5-21-107307583-39740663-3650351078-1001\Software\Classes\.exe:  =>  <===== ATTENTION!

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-107307583-39740663-3650351078-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ola\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-107307583-39740663-3650351078-500 - Administrator - Disabled)
Gast (S-1-5-21-107307583-39740663-3650351078-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-107307583-39740663-3650351078-1002 - Limited - Enabled)
ola (S-1-5-21-107307583-39740663-3650351078-1001 - Administrator - Enabled) => C:\Users\ola

==================== Faulty Device Manager Devices =============

Name: X5XSEx
Description: X5XSEx
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: X5XSEx
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/24/2015 00:42:14 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  0xc0041801 (0xc0041801)

Error: (02/24/2015 00:42:14 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=2350} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  0xc0041801 (0xc0041801)

Error: (02/24/2015 00:28:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CakeMania5.exe, Version: 0.0.0.0, Zeitstempel: 0x4c778a91
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xe06d7363
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x1640
Startzeit der fehlerhaften Anwendung: 0xCakeMania5.exe0
Pfad der fehlerhaften Anwendung: CakeMania5.exe1
Pfad des fehlerhaften Moduls: CakeMania5.exe2
Berichtskennung: CakeMania5.exe3

Error: (02/23/2015 10:47:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: bfgclient.exe, Version: 3.3.0.2, Zeitstempel: 0x53179a91
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000222d2
ID des fehlerhaften Prozesses: 0xb00
Startzeit der fehlerhaften Anwendung: 0xbfgclient.exe0
Pfad der fehlerhaften Anwendung: bfgclient.exe1
Pfad des fehlerhaften Moduls: bfgclient.exe2
Berichtskennung: bfgclient.exe3

Error: (02/23/2015 05:36:24 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: ola-PC)
Description: Die Anwendung oder der Dienst "Cisco Systems, Inc. VPN Service" konnte nicht neu gestartet werden.

Error: (02/23/2015 04:46:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: bfgclient.exe, Version: 3.3.0.2, Zeitstempel: 0x53179a91
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000222d2
ID des fehlerhaften Prozesses: 0x1ab4
Startzeit der fehlerhaften Anwendung: 0xbfgclient.exe0
Pfad der fehlerhaften Anwendung: bfgclient.exe1
Pfad des fehlerhaften Moduls: bfgclient.exe2
Berichtskennung: bfgclient.exe3

Error: (02/23/2015 04:46:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: bfgclient.exe, Version: 3.3.0.2, Zeitstempel: 0x53179a91
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000222d2
ID des fehlerhaften Prozesses: 0x1e94
Startzeit der fehlerhaften Anwendung: 0xbfgclient.exe0
Pfad der fehlerhaften Anwendung: bfgclient.exe1
Pfad des fehlerhaften Moduls: bfgclient.exe2
Berichtskennung: bfgclient.exe3

Error: (02/23/2015 04:46:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: bfgclient.exe, Version: 3.3.0.2, Zeitstempel: 0x53179a91
Name des fehlerhaften Moduls: libcef.dll, Version: 3.1180.823.0, Zeitstempel: 0x50660f86
Ausnahmecode: 0x80000003
Fehleroffset: 0x0004b310
ID des fehlerhaften Prozesses: 0x98c
Startzeit der fehlerhaften Anwendung: 0xbfgclient.exe0
Pfad der fehlerhaften Anwendung: bfgclient.exe1
Pfad des fehlerhaften Moduls: bfgclient.exe2
Berichtskennung: bfgclient.exe3

Error: (02/23/2015 03:16:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: bfgclient.exe, Version: 3.3.0.2, Zeitstempel: 0x53179a91
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000222d2
ID des fehlerhaften Prozesses: 0x1d0c
Startzeit der fehlerhaften Anwendung: 0xbfgclient.exe0
Pfad der fehlerhaften Anwendung: bfgclient.exe1
Pfad des fehlerhaften Moduls: bfgclient.exe2
Berichtskennung: bfgclient.exe3

Error: (02/23/2015 03:07:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: bfgclient.exe, Version: 3.3.0.2, Zeitstempel: 0x53179a91
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000222d2
ID des fehlerhaften Prozesses: 0x1c48
Startzeit der fehlerhaften Anwendung: 0xbfgclient.exe0
Pfad der fehlerhaften Anwendung: bfgclient.exe1
Pfad des fehlerhaften Moduls: bfgclient.exe2
Berichtskennung: bfgclient.exe3


System errors:
=============
Error: (02/24/2015 10:51:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "X5XSEx" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error: (02/23/2015 05:06:07 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {4991D34B-80A1-4291-83B6-3328366B9097}

Error: (02/23/2015 05:03:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "X5XSEx" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error: (02/23/2015 05:03:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (02/23/2015 05:03:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (02/23/2015 00:38:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "X5XSEx" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error: (02/23/2015 00:15:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "X5XSEx" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3


Microsoft Office Sessions:
=========================
Error: (05/14/2014 01:15:24 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3439 seconds with 2820 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-02-15 10:25:26.544
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-15 10:25:26.474
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-12 10:54:00.680
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-12 10:54:00.500
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-12 10:35:49.107
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-12 10:35:48.937
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-23 17:12:50.013
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-23 17:12:50.013
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-23 17:12:18.996
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-23 17:12:18.965
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz
Percentage of memory in use: 52%
Total physical RAM: 3959.08 MB
Available physical RAM: 1891.52 MB
Total Pagefile: 7916.34 MB
Available Pagefile: 4990.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:918.39 GB) (Free:681.85 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.02 GB) (Free:1.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Iomega_HDD) (Fixed) (Total:465.76 GB) (Free:139.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=918.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: C94041C3)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---


PS: Da dieser Rechner von unserer gesamten WG genutzt wird, habe ich gestern meine Mitbewohnerin gebeten, mal etwas aufzuräumen, da diese immer Spiele aus dem Netz zockt und demnach auch runter lädt.

cosinus 24.02.2015 12:12
Was ist mit meiner Frage nach bisherigen Virenscannerfunden und wenn es welche gab den entsprechenden Logs dazu?

Außerdem:

Zukünftig bitte beachten:
Zitat:
Running from C:\Users\ola\Downloads
Leider hast du unsere Anleitung nicht richtig befolgt:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.
Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter.

ola_123 24.02.2015 12:20
Oh entschuldige....ich bin wirklich eine Pfeife wenn es um Rechner geht :-(

Also ich habe diverse Sachen mit den o.g. Programmen gemacht (also irgendwelche Scans) und alles gemäß Anleitung befolgt. Wo ich jetzt aber irgendwelche Logs finde, weiß ich leider nicht. Kann ich einen Suchbegriff verwenden?

Soll ich den Scan jetzt nochmal vom Desktop aus durchführen, damit ich es dir nicht unnötig schwer mache?

cosinus 24.02.2015 12:22
Zitat:
AV: Kaspersky Internet Security
Diesen Virenscanner hast du. Wurde der nunmal fündig oder nicht?

Zitat:
und alles gemäß Anleitung befolgt. Wo ich jetzt aber irgendwelche Logs finde, weiß ich leider nicht.
Wo die Logs liegen steht alles in den Anleitungen

ola_123 24.02.2015 12:27
Kaspersky hat nicht gefunden.

Und nach dem rest suche ich kurz....

Danke für deine Geduld

Code:
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.9.1.2932. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 13:38:33 22 Feb 2015
Using Database v8517
Operating System:  Windows 7 x64 Home Premium (SP1) [Build: 6.1.7601]
File System:      NTFS
UAC is ENABLED [default level]
[Secure Desktop Prompt is DISABLED]
UserData directory: C:\Users\ola\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory:  C:\Users\ola\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files (x86)\Trojan Remover\
Running with Administrator privileges

************************************************************
13:38:35: ----- Checking Default File Associations -----
No modified default file associations detected

************************************************************
13:38:35: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
13:38:36: Scanning ----- Windows Registry -----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [explorer.exe]
File: C:\Windows\Explorer.exe
C:\Windows\Explorer.exe (verified signer: [Microsoft Windows])
2871808 bytes
Created:  27.04.2011 12:30
Modified: 25.02.2011 07:19
Company:  Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\Windows\system32\userinit.exe,]
File: C:\Windows\system32\userinit.exe
C:\Windows\System32\userinit.exe (verified signer: [Microsoft Windows])
30720 bytes
Created:  09.06.2011 10:26
Modified: 20.11.2010 14:25
Company:  Microsoft Corporation
----------
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [hpsysdrv]
Value Data: [c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe]
c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (verified signer: [Hewlett-Packard Company])
62768 bytes
Created:  20.11.2008 10:47
Modified: 20.11.2008 10:47
Company:  Hewlett-Packard
--------------------
Value Name: [HP Remote Solution]
Value Data: [%ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe]
C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe - [file not found to scan]
--------------------
Value Name: [IAStorIcon]
Value Data: [C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe]
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (verified signer: [Intel Corporation])
284696 bytes
Created:  05.02.2010 19:03
Modified: 02.10.2009 12:26
Company:  Intel Corporation
--------------------
Value Name: [StartCCC]
Value Data: ["C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun]
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
98304 bytes
Created:  01.12.2009 22:39
Modified: 01.12.2009 22:39
Company:  Advanced Micro Devices, Inc.
--------------------
Value Name: [HP Software Update]
Value Data: [c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe]
c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe (verified signer: [Hewlett-Packard Company])
54576 bytes
Created:  08.12.2008 14:50
Modified: 08.12.2008 14:50
Company:  Hewlett-Packard
--------------------
Value Name: [Easybits Recovery]
Value Data: [C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe]
C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (verified signer: [EasyBits Software AS])
60464 bytes
Created:  02.09.2009 12:00
Modified: 02.09.2009 12:00
Company:  EasyBits Software AS
--------------------
Value Name: [hpqSRMon]
Value Data: [C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe]
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
150528 bytes
Created:  22.07.2008 18:33
Modified: 22.07.2008 18:33
Company:  Hewlett-Packard
--------------------
Value Name: [GrooveMonitor]
Value Data: ["C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"]
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (verified signer: [Microsoft Corporation])
30040 bytes
Created:  26.02.2009 18:36
Modified: 26.02.2009 18:36
Company:  Microsoft Corporation
--------------------
Value Name: [DivXUpdate]
Value Data: ["C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW]
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (verified signer: [DivX, LLC])
1230704 bytes
Created:  21.03.2011 19:56
Modified: 21.03.2011 19:56
Company: 
--------------------
Value Name: [ArcSoft Connection Service]
Value Data: [C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe]
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (verified signer: [ArcSoft, Inc.])
207424 bytes
Created:  03.11.2011 19:54
Modified: 27.10.2010 19:17
Company:  ArcSoft Inc.
--------------------
Value Name: [Nikon Transfer Monitor]
Value Data: [C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe]
C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
479232 bytes
Created:  15.09.2009 18:47
Modified: 15.09.2009 18:47
Company:  Nikon Corporation
--------------------
Value Name: [Adobe Reader Speed Launcher]
Value Data: ["C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"]
C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (verified signer: [Adobe Systems, Incorporated])
40368 bytes
Created:  31.08.2011 02:57
Modified: 31.08.2011 02:57
Company:  Adobe Systems Incorporated
--------------------
Value Name: [Adobe ARM]
Value Data: ["C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (verified signer: [Adobe Systems, Incorporated])
-R- 937920 bytes
Created:  29.03.2011 21:59
Modified: 29.03.2011 21:59
Company:  Adobe Systems Incorporated
--------------------
Value Name: [KiesTrayAgent]
Value Data: [C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe]
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (verified signer: [Samsung Electronics CO., LTD.])
311616 bytes
Created:  14.06.2014 12:30
Modified: 25.07.2014 09:42
Company:  Samsung Electronics Co., Ltd.
--------------------
Value Name: [Acrobat Assistant 7.0]
Value Data: ["C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"]
C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
483328 bytes
Created:  14.12.2004 02:12
Modified: 14.12.2004 02:12
Company:  Adobe Systems Inc.
--------------------
Value Name: [TrojanScanner]
Value Data: [C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot]
C:\Program Files (x86)\Trojan Remover\Trjscan.exe (verified signer: [Simply Super Software])
1791856 bytes
Created:  12.02.2015 18:04
Modified: 16.10.2014 16:00
Company:  Simply Super Software
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: [HPADVISOR]
Value Data: [C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW]
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (verified signer: [Hewlett-Packard Company])
1685048 bytes
Created:  29.09.2009 15:26
Modified: 29.09.2009 15:26
Company:  Hewlett-Packard
--------------------
Value Name: [swg]
Value Data: ["C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"]
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (verified signer: [Google Inc])
39408 bytes
Created:  08.09.2010 14:51
Modified: 08.09.2010 14:51
Company:  Google Inc.
--------------------
Value Name: [Sony Ericsson PC Suite]
Value Data: ["C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon]
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
434176 bytes
Created:  23.09.2010 17:25
Modified: 24.09.2009 13:41
Company:  Sony Ericsson Mobile Communications AB
--------------------
Value Name: [Google Update]
Value Data: ["C:\Users\ola\AppData\Local\Google\Update\GoogleUpdate.exe" /c]
C:\Users\ola\AppData\Local\Google\Update\GoogleUpdate.exe (verified signer: [Google Inc])
107912 bytes
Created:  16.10.2010 19:21
Modified: 19.10.2014 15:09
Company:  Google Inc.
--------------------
Value Name: [Spiele Post]
Value Data: [C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe]
C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe (verified signer: [INTENIUM GmbH])
483400 bytes
Created:  06.12.2013 13:09
Modified: 06.12.2013 13:09
Company:  Intenium
--------------------
Value Name: [Exetender]
Value Data: ["C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup]
C:\Program Files (x86)\Free Ride Games\GPlayer.exe - [file not found to scan]
--------------------
Value Name: [GameXN GO]
Value Data: ["C:\ProgramData\GameXN\GameXNGO.exe" /startup]
C:\ProgramData\GameXN\GameXNGO.exe (verified signer: [EasyBits Software AS])
347144 bytes
Created:  01.09.2011 12:34
Modified: 08.08.2014 11:12
Company:  GameXN AS
--------------------
Value Name: [GoogleChromeAutoLaunch_7AF6FE48D09771C69065DE049B362851]
Value Data: ["C:\Users\ola\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window]
C:\Users\ola\AppData\Local\Google\Chrome\Application\chrome.exe (verified signer: [Google Inc])
843592 bytes
Created:  16.10.2010 19:21
Modified: 17.02.2015 23:45
Company:  Google Inc.
--------------------
Value Name: [Alamandi tray notifier]
Value Data: [c:\program files (x86)\deutschland spielt\alamandi\TaskBarNotifier.exe]
c:\program files (x86)\deutschland spielt\alamandi\TaskBarNotifier.exe - [file not found to scan]
--------------------
Value Name: [Amazon Music]
Value Data: ["C:\Users\ola\AppData\Local\Amazon Music\Amazon Music Helper.exe"]
C:\Users\ola\AppData\Local\Amazon Music\Amazon Music Helper.exe (verified signer: [Amazon Services LLC])
6281536 bytes
Created:  12.09.2014 18:39
Modified: 06.09.2014 01:54
Company:  [no info]
--------------------
Value Name: [KiesPreload]
Value Data: [C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload]
C:\Program Files (x86)\Samsung\Kies\Kies.exe (verified signer: [Samsung Electronics CO., LTD.])
1562264 bytes
Created:  14.06.2014 12:30
Modified: 25.07.2014 09:42
Company:  Samsung
--------------------
Value Name: [Skype]
Value Data: ["C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun]
C:\Program Files (x86)\Skype\Phone\Skype.exe (verified signer: [Skype Software Sarl])
-R- 30877280 bytes
Created:  11.12.2014 11:20
Modified: 11.12.2014 11:20
Company:  Skype Technologies S.A.
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty

************************************************************
13:38:52: Scanning ----- Windows 64-Bit Registry -----
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [SmartMenu]
Value Data: [C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background]
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (verified signer: [Hewlett-Packard Company])
610360 bytes
Created:  14.09.2009 16:17
Modified: 14.09.2009 16:17
Company: 
--------------------
Value Name: [PC-Doctor for Windows localizer]
Value Data: [C:\Program Files\PC-Doctor for Windows\localizer.exe]
C:\Program Files\PC-Doctor for Windows\localizer.exe (verified signer: [PC-Doctor, Inc.])
95728 bytes
Created:  17.09.2009 06:57
Modified: 17.09.2009 06:57
Company:  PC-Doctor, Inc.
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty

************************************************************
13:38:54: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {E54729E8-BB3D-4270-9D49-7389EA579090}
Value:    EasyBits Security Shield Hook - prevents launching insecure programs by kids
File:      C:\Windows\SysWow64\EZUPBH~1.DLL
C:\Windows\SysWow64\EZUPBH~1.DLL (verified signer: [EasyBits Software AS])
52272 bytes
Created:  05.02.2010 19:26
Modified: 05.02.2010 19:26
Company:  EasyBits Software Corp.
----------
ValueName: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}
Value:    Groove GFS Stub Execution Hook
File:      C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (verified signer: [Microsoft Corporation])
2217832 bytes
Created:  26.02.2009 18:36
Modified: 26.02.2009 18:36
Company:  Microsoft Corporation
----------

************************************************************
13:39:00: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
13:39:00: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
--------------------

************************************************************
13:39:00: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key:  {2D46B6DC-2207-486B-B523-A557E6D54B47}
Path: C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
C:\Windows\SysWoW64\ie4uinit.exe - [file not found to scan]
----------

************************************************************
13:39:02: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key:  HPSLPSVC
Path: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
1039360 bytes
Created:  22.10.2010 13:08
Modified: 22.10.2010 13:08
Company:  Hewlett-Packard Co.
----------

************************************************************
13:39:43: Scanning ----- SERVICES REGISTRY KEYS -----
----------
Key:      ACDaemon
ImagePath: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (verified signer: [ArcSoft, Inc.])
113152 bytes
Created:  03.11.2011 19:54
Modified: 18.03.2010 11:19
Company:  ArcSoft Inc.
----------
----------
Key:      Adobe LM Service
ImagePath: "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
72704 bytes
Created:  24.01.2015 15:56
Modified: 24.01.2015 15:56
Company:  Adobe Systems
----------
----------
Key:      Afc
ImagePath: SysWOW64\drivers\Afc.sys
C:\Windows\SysWOW64\drivers\Afc.sys
22784 bytes
Created:  03.11.2011 19:54
Modified: 14.11.2006 11:31
Company:  Arcsoft, Inc.
----------
----------
Key:      AVP15.0.0
ImagePath: "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe" -r
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe (verified signer: [Kaspersky Lab])
233552 bytes
Created:  20.04.2014 16:15
Modified: 20.04.2014 16:15
Company:  Kaspersky Lab ZAO
----------
----------
Key:      CVPND
ImagePath: "C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe"
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (verified signer: [Cisco Systems, Inc.])
1528616 bytes
Created:  23.03.2010 12:19
Modified: 23.03.2010 12:19
Company:  Cisco Systems, Inc.
----------
----------
Key:      CVPNDRVA
ImagePath: \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
C:\Windows\System32\Drivers\CVPNDRVA.sys
304784 bytes
Created:  23.03.2010 12:29
Modified: 23.03.2010 12:29
Company:  [no info]
----------
----------
Key:      GamesAppIntegrationService
ImagePath: "C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe"
C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (verified signer: [WildTangent Inc])
227936 bytes
Created:  06.09.2013 01:41
Modified: 08.12.2013 15:09
Company:  WildTangent
----------
----------
Key:      GamesAppService
ImagePath: "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe"
C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (verified signer: [WildTangent Inc])
206072 bytes
Created:  12.10.2010 18:59
Modified: 12.10.2010 18:59
Company:  WildTangent, Inc.
----------
----------
Key:      HP Health Check Service
ImagePath: "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe"
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (verified signer: [Hewlett-Packard Company])
126520 bytes
Created:  15.11.2010 09:04
Modified: 15.11.2010 09:04
Company:  Hewlett-Packard Company
----------
----------
Key:      HPDrvMntSvc.exe
ImagePath: "C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (verified signer: [Hewlett-Packard Company])
92216 bytes
Created:  14.10.2010 17:27
Modified: 14.10.2010 17:27
Company:  Hewlett-Packard Company
----------
----------
Key:      hpqwmiex
ImagePath: "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (verified signer: [Hewlett-Packard Company])
751672 bytes
Created:  14.10.2010 17:22
Modified: 14.10.2010 17:22
Company:  Hewlett-Packard Company
----------
----------
Key:      IAStorDataMgrSvc
ImagePath: "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (verified signer: [Intel Corporation])
13336 bytes
Created:  05.02.2010 19:03
Modified: 02.10.2009 12:26
Company:  Intel Corporation
----------
----------
Key:      klflt
ImagePath: system32\DRIVERS\klflt.sys
C:\Windows\System32\DRIVERS\klflt.sys
141320 bytes
Created:  23.11.2014 17:12
Modified: 23.11.2014 17:20
Company:  Kaspersky Lab ZAO
----------
----------
Key:      klhk
ImagePath: system32\DRIVERS\klhk.sys
C:\Windows\System32\DRIVERS\klhk.sys
243808 bytes
Created:  23.11.2014 17:12
Modified: 10.04.2014 17:25
Company:  Kaspersky Lab ZAO
----------
----------
Key:      klpd
ImagePath: system32\DRIVERS\klpd.sys
C:\Windows\System32\DRIVERS\klpd.sys
15456 bytes
Created:  12.04.2013 15:34
Modified: 12.04.2013 15:34
Company:  Kaspersky Lab ZAO
----------
----------
Key:      McComponentHostService
ImagePath: "C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe"
C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe (verified signer: [McAfee, Inc.])
289256 bytes
Created:  09.04.2014 14:13
Modified: 09.04.2014 14:13
Company:  McAfee, Inc.
----------
----------
Key:      ogmservice
ImagePath: "C:\Program Files (x86)\Online Games Manager\ogmservice.exe" --service-run
C:\Program Files (x86)\Online Games Manager\ogmservice.exe (verified signer: [GameHouse])
581568 bytes
Created:  27.03.2014 13:07
Modified: 27.03.2014 13:07
Company:  RealNetworks, Inc.
----------
----------
Key:      OMSI download service
ImagePath: C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
90112 bytes
Created:  23.09.2010 17:25
Modified: 30.04.2009 11:23
Company:  [no info]
----------
----------
Key:      PDF Architect 2
ImagePath: "C:\Program Files (x86)\PDF Architect 2\ws.exe"
C:\Program Files (x86)\PDF Architect 2\ws.exe (verified signer: [pdfforge GmbH])
1771560 bytes
Created:  10.10.2014 16:03
Modified: 10.10.2014 16:03
Company:  pdfforge GmbH
----------
----------
Key:      PDF Architect 2 Creator
ImagePath: "C:\Program Files (x86)\PDF Architect 2\creator-ws.exe"
C:\Program Files (x86)\PDF Architect 2\creator-ws.exe (verified signer: [pdfforge GmbH])
738856 bytes
Created:  10.10.2014 16:03
Modified: 10.10.2014 16:03
Company:  pdfforge GmbH
----------
----------
Key:      pdfforge CrashHandler
ImagePath: "C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe"
C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe (verified signer: [pdfforge GmbH])
861736 bytes
Created:  10.10.2014 16:03
Modified: 10.10.2014 16:03
Company:  pdfforge GmbH
----------
----------
Key:      SkypeUpdate
ImagePath: "C:\Program Files (x86)\Skype\Updater\Updater.exe"
C:\Program Files (x86)\Skype\Updater\Updater.exe (verified signer: [Skype Software Sarl])
-R- 315496 bytes
Created:  11.12.2014 10:30
Modified: 11.12.2014 10:30
Company:  Skype Technologies
----------
----------
Key:      TuneUp.UtilitiesSvc
ImagePath: "C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe"
C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (verified signer: [AVG Netherlands B.V.])
2145080 bytes
Created:  16.07.2014 10:24
Modified: 16.07.2014 10:24
Company:  TuneUp Software
----------
----------
Key:      TuneUpUtilitiesDrv
ImagePath: \??\C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys
C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys
14112 bytes
Created:  23.06.2014 08:44
Modified: 23.06.2014 08:44
Company:  TuneUp Software
----------
----------
Key:      X5XSEx
ImagePath: \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys
C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys - [file not found to scan]
----------
----------
Key:      X5XSEx_Pr146
ImagePath: \??\C:\Program Files (x86)\GameTreat Player\X5XSEx.Sys
C:\Program Files (x86)\GameTreat Player\X5XSEx.Sys
55328 bytes
Created:  15.01.2012 15:12
Modified: 10.03.2010 20:02
Company:  Exent Technologies Ltd.
----------

************************************************************
13:44:48: Scanning -----VXD ENTRIES-----

************************************************************
13:44:48: Scanning ----- ContextMenuHandlers -----
Key:  Adobe.Acrobat.ContextMenu
CLSID: {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}
Path:  C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
577536 bytes
Created:  14.12.2004 03:11
Modified: 14.12.2004 03:11
Company:  Adobe Systems Inc.
----------
Key:  Kaspersky Anti-Virus 15.0.0
CLSID: {BD8BB16E-84EC-485E-8F58-9BD1FEFB8EE2}
Path:  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\shellex.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\shellex.dll (verified signer: [Kaspersky Lab])
154784 bytes
Created:  20.04.2014 16:15
Modified: 20.04.2014 16:15
Company:  Kaspersky Lab ZAO
----------
Key:  PDFManagerExt
CLSID: {59E4A616-E484-44B5-95FB-7F430B35E8FE}
Path:  C:\Program Files (x86)\PDF Architect 2\creator-context-menu.dll
C:\Program Files (x86)\PDF Architect 2\creator-context-menu.dll (verified signer: [pdfforge GmbH])
321576 bytes
Created:  10.10.2014 16:03
Modified: 10.10.2014 16:03
Company:  pdfforge GmbH
----------
Key:  SDECon32
CLSID: {44176360-2BBF-4EC1-93CE-384B8681A0BC}
Path:  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon32.dll
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon32.dll (verified signer: [Safer Networking Ltd.])
212432 bytes
Created:  22.02.2015 13:40
Modified: 24.06.2014 10:42
Company:  Safer-Networking Ltd.
----------
Key:  TuneUp Shredder Shell Extension
CLSID: {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
Path:  C:\Program Files (x86)\TuneUp Utilities 2014\SDShelEx-win32.dll
C:\Program Files (x86)\TuneUp Utilities 2014\SDShelEx-win32.dll (verified signer: [AVG Netherlands B.V.])
32568 bytes
Created:  16.07.2014 10:24
Modified: 16.07.2014 10:24
Company:  TuneUp Software
----------

************************************************************
13:44:51: Scanning ----- Folder\ColumnHandlers -----
Key:  {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
File: "C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
401920 bytes
Created:  19.05.2010 15:37
Modified: 19.05.2010 15:37
Company:  OpenOffice.org
----------
Key:  {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
110592 bytes
Created:  14.12.2004 02:20
Modified: 14.12.2004 02:20
Company:  Adobe Systems, Inc.
----------

************************************************************
13:44:52: Scanning ----- 64-Bit ContextMenuHandlers -----
Key:  Kaspersky Anti-Virus 15.0.0
CLSID: {BD8BB16E-84EC-485E-8F58-9BD1FEFB8EE2}
Path:  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\shellex.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\shellex.dll (verified signer: [Kaspersky Lab])
245408 bytes
Created:  20.04.2014 16:15
Modified: 20.04.2014 16:15
Company:  Kaspersky Lab ZAO
----------
Key:  SDECon32
CLSID: {44176360-2BBF-4EC1-93CE-384B8681A0BC}
Path:  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll (verified signer: [Safer Networking Ltd.])
484304 bytes
Created:  22.02.2015 13:40
Modified: 24.06.2014 10:42
Company:  Safer-Networking Ltd.
----------
Key:  TuneUp Shredder Shell Extension
CLSID: {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
Path:  C:\Program Files (x86)\TuneUp Utilities 2014\SDShelEx-x64.dll
C:\Program Files (x86)\TuneUp Utilities 2014\SDShelEx-x64.dll (verified signer: [AVG Netherlands B.V.])
32056 bytes
Created:  16.07.2014 10:24
Modified: 16.07.2014 10:24
Company:  TuneUp Software
----------

************************************************************
13:44:53: Scanning ----- 64-Bit Folder\ColumnHandlers -----
Key:  {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
File: "C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll"
C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll
830464 bytes
Created:  19.05.2010 15:41
Modified: 19.05.2010 15:41
Company:  OpenOffice.org
----------

************************************************************
13:44:54: Scanning ----- Browser Helper Objects -----
Key: {0347C33E-8762-4905-BF09-768834316C61}
BHO: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (verified signer: [Hewlett-Packard Company])
328248 bytes
Created:  20.09.2009 12:15
Modified: 20.09.2009 12:15
Company:  Hewlett-Packard Co.
----------
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (verified signer: [Adobe Systems, Incorporated])
63136 bytes
Created:  14.12.2004 01:56
Modified: 14.12.2004 01:56
Company:  Adobe Systems Incorporated
----------
Key: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01}
BHO: C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (verified signer: [McAfee, Inc.])
96128 bytes
Created:  09.04.2014 14:12
Modified: 09.04.2014 14:12
Company:  McAfee, Inc.
----------
Key: {17166733-40EA-4432-A85C-AE672FF0E236}
BHO: C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll
C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (verified signer: [1&1 Mail & Media GmbH])
163936 bytes
Created:  11.05.2011 16:36
Modified: 11.05.2011 16:36
Company:  1&1 Mail & Media GmbH
----------
Key: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6}
BHO: C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (verified signer: [Microsoft Corporation])
1431712 bytes
Created:  11.03.2014 22:36
Modified: 11.03.2014 22:36
Company:  Microsoft Corporation.
----------
Key: {326E768D-4182-46FD-9C16-1449A49795F4}
BHO: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (verified signer: [DivX, LLC])
3118976 bytes
Created:  08.02.2011 01:17
Modified: 08.02.2011 01:17
Company:  DivX, LLC
----------
Key: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}
BHO: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (verified signer: [Kaspersky Lab])
709312 bytes
Created:  20.04.2014 01:42
Modified: 20.04.2014 01:42
Company:  Kaspersky Lab ZAO
----------
Key: {691B33B0-B86E-47F3-81C7-56E4FE3B929C}
BHO: C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll
C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll (verified signer: [pdfforge GmbH])
37928 bytes
Created:  10.10.2014 16:03
Modified: 10.10.2014 16:03
Company:  pdfforge GmbH
----------
Key: {73455575-E40C-433C-9784-C78DC7761455}
BHO: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (verified signer: [Kaspersky Lab])
1152808 bytes
Created:  20.04.2014 01:42
Modified: 23.11.2014 17:20
Company:  Kaspersky Lab ZAO
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (verified signer: [Oracle America, Inc.])
460712 bytes
Created:  12.02.2015 17:56
Modified: 12.02.2015 17:56
Company:  Oracle Corporation
----------
Key: {79a2b609-bbc0-4d16-9925-70cb98a6490d}
BHO: C:\Program Files (x86)\Die_FreeRide_Games_Bar\prxtbDie_.dll
C:\Program Files (x86)\Die_FreeRide_Games_Bar\prxtbDie_.dll (verified signer: [Conduit Ltd.])
176936 bytes
Created:  09.05.2011 10:49
Modified: 09.05.2011 10:49
Company:  Conduit Ltd.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (verified signer: [Microsoft Corporation])
408448 bytes
Created:  22.01.2009 15:41
Modified: 22.01.2009 15:41
Company:  Microsoft Corporation
----------
Key: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}
BHO: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (verified signer: [Kaspersky Lab])
480448 bytes
Created:  20.04.2014 01:42
Modified: 20.04.2014 01:42
Company:  Kaspersky Lab ZAO
----------
Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (verified signer: [Google Inc])
194504 bytes
Created:  08.09.2010 14:51
Modified: 28.03.2014 14:07
Company:  Google Inc.
----------
Key: {AE7CD045-E861-484f-8273-0445EE161910}
BHO: C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
225280 bytes
Created:  14.12.2004 02:13
Modified: 14.12.2004 02:13
Company:  Adobe Systems Incorporated
----------
Key: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
BHO: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (verified signer: [Skype Technologies SA])
4296864 bytes
Created:  02.03.2012 10:51
Modified: 02.03.2012 10:51
Company:  Skype Technologies S.A.
----------
Key: {BF42D4A8-016E-4fcd-B1EB-837659FD77C6}
BHO: C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll
C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (verified signer: [1&1 Mail & Media GmbH])
1579104 bytes
Created:  02.02.2012 19:32
Modified: 02.02.2012 19:32
Company:  1und1 Mail und Media GmbH
----------
Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}
BHO: C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (verified signer: [Oracle America, Inc.])
172968 bytes
Created:  12.02.2015 17:56
Modified: 12.02.2015 17:56
Company:  Oracle Corporation
----------
Key: {E33CF602-D945-461A-83F0-819F76A199F8}
BHO: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (verified signer: [Kaspersky Lab])
891072 bytes
Created:  20.04.2014 01:42
Modified: 20.04.2014 01:42
Company:  Kaspersky Lab ZAO
----------
Key: {f92a9fe4-2850-4198-b9d5-279880e49b16}
BHO: C:\Program Files (x86)\A_Free_Ride_Games_Bar\prxtbA_Fr.dll
C:\Program Files (x86)\A_Free_Ride_Games_Bar\prxtbA_Fr.dll (verified signer: [Conduit Ltd.])
175912 bytes
Created:  31.07.2011 13:00
Modified: 17.01.2011 15:54
Company:  Conduit Ltd.
----------
Key: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
BHO: C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (verified signer: [Yahoo! Inc.])
160496 bytes
Created:  28.07.2008 11:47
Modified: 28.07.2008 11:47
Company:  Yahoo! Inc
----------
Key: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}
BHO: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (verified signer: [Hewlett-Packard Company])
509496 bytes
Created:  20.09.2009 12:15
Modified: 20.09.2009 12:15
Company:  Hewlett-Packard Co.
----------

************************************************************
13:45:02: Scanning ----- 64-Bit Browser Helper Objects -----
Key: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6}
BHO: C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (verified signer: [Microsoft Corporation])
1154720 bytes
Created:  11.03.2014 22:30
Modified: 11.03.2014 22:30
Company:  Microsoft Corporation.
----------
Key: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}
BHO: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (verified signer: [Kaspersky Lab])
878784 bytes
Created:  20.04.2014 01:42
Modified: 20.04.2014 01:42
Company:  Kaspersky Lab ZAO
----------
Key: {73455575-E40C-433C-9784-C78DC7761455}
BHO: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (verified signer: [Kaspersky Lab])
1428264 bytes
Created:  20.04.2014 01:42
Modified: 23.11.2014 17:20
Company:  Kaspersky Lab ZAO
----------
Key: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}
BHO: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (verified signer: [Kaspersky Lab])
583360 bytes
Created:  20.04.2014 01:42
Modified: 20.04.2014 01:42
Company:  Kaspersky Lab ZAO
----------
Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (verified signer: [Google Inc])
256456 bytes
Created:  08.09.2010 14:52
Modified: 28.03.2014 14:08
Company:  Google Inc.
----------
Key: {BF42D4A8-016E-4fcd-B1EB-837659FD77C6}
BHO: C:\Program Files\GMX Toolbar\IE\uitb.dll
C:\Program Files\GMX Toolbar\IE\uitb.dll (verified signer: [1&1 Mail & Media GmbH])
1973344 bytes
Created:  02.02.2012 19:32
Modified: 02.02.2012 19:32
Company:  1und1 Mail und Media GmbH
----------
Key: {E33CF602-D945-461A-83F0-819F76A199F8}
BHO: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (verified signer: [Kaspersky Lab])
1109696 bytes
Created:  20.04.2014 01:42
Modified: 20.04.2014 01:42
Company:  Kaspersky Lab ZAO
----------

************************************************************
13:45:04: Scanning ----- ShellServiceObjectDelayLoad Entries -----

************************************************************
13:45:04: Scanning ----- 64-Bit ShellServiceObjectDelayLoad Entries -----

************************************************************
13:45:04: Scanning ----- ShellServiceObjects -----

************************************************************
13:45:07: Scanning ----- 64-Bit ShellServiceObjects -----

************************************************************
13:45:09: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
No SharedTaskScheduler entries found to scan

************************************************************
13:45:09: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
13:45:09: Scanning ----- APPINIT_DLLS -----
No AppInit_DLLs value found to check

************************************************************
13:45:09: Scanning ----- 64-Bit APPINIT_DLLS -----
No 64-Bit AppInit_DLLs value found to check

************************************************************
13:45:09: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
13:45:09: Scanning ----- CREDENTIAL PROVIDERS -----

************************************************************
13:45:12: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
Adobe Acrobat - Schnellstart.lnk - links to [C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe]
C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe
-R- 25214 bytes
Created:  24.01.2015 15:49
Modified: 24.01.2015 15:49
Company:  [no info]
--------------------
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created:  14.07.2009 05:54
Modified: 14.07.2009 05:54
Company:  [no info]
--------------------
HP Digital Imaging Monitor.lnk - links to [C:\PROGRA~2\hp\DIGITA~1\bin\hpqtra08.exe]
C:\PROGRA~2\hp\DIGITA~1\bin\hpqtra08.exe
270336 bytes
Created:  20.09.2009 12:36
Modified: 20.09.2009 12:36
Company:  Hewlett-Packard Co.
--------------------
McAfee Security Scan Plus.lnk - links to [C:\PROGRA~1\MCAFEE~1\385C9A~1.150\SSSCHE~1.EXE]
C:\PROGRA~1\MCAFEE~1\385C9A~1.150\SSSCHE~1.EXE (verified signer: [McAfee, Inc.])
332016 bytes
Created:  09.04.2014 14:14
Modified: 09.04.2014 14:14
Company:  McAfee, Inc.
--------------------
vpngui.exe.lnk - links to [C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe]
C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
-R- 5120 bytes
Created:  24.10.2011 17:33
Modified: 24.10.2011 17:33
Company:  [no info]
--------------------

************************************************************
13:45:13: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: ola
[C:\Users\ola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
Adobe Gamma.lnk - links to [C:\PROGRA~2\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE]
C:\PROGRA~2\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
113664 bytes
Created:  16.03.2005 19:16
Modified: 16.03.2005 19:16
Company:  Adobe Systems, Inc.
----------
C:\Users\ola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created:  08.09.2010 14:37
Modified: 18.08.2014 08:29
Company:  [no info]
----------
OpenOffice.org 3.2.lnk - links to [C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE]
C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE
1195008 bytes
Created:  20.05.2010 12:14
Modified: 20.05.2010 12:14
Company:  [no info]
----------
--------------------

************************************************************
13:45:14: Scanning ----- SCHEDULED TASKS -----
Taskname:      {440C16AE-EFF7-4451-9E33-E04BFA205354}
File:          C:\Users\ola\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ola\AppData\Local\Google\Chrome\Application\chrome.exe (verified signer: [Google Inc])
843592 bytes
Created:  16.10.2010 19:21
Modified: 17.02.2015 23:45
Company:  Google Inc.
Schedule:      At task creation/modification
Next Run Time:
Status:        Ready
Creator:     
Comments:     
----------
Taskname:      {5F0472E8-4636-4748-8486-5A34D579AEB8}
File:          C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe (verified signer: [Skype Software Sarl])
-R- 30877280 bytes
Created:  11.12.2014 11:20
Modified: 11.12.2014 11:20
Company:  Skype Technologies S.A.
Schedule:      At task creation/modification
Next Run Time:
Status:        Ready
Creator:      SkypeSetupLight
Comments:     
----------
Taskname:      1und1 Konfiguration
File:          C:\ProgramData\1und1InternetExplorerAddon\ConfigTask.exe
C:\ProgramData\1und1InternetExplorerAddon\ConfigTask.exe (verified signer: [1&1 Mail & Media GmbH])
193632 bytes
Created:  19.04.2011 13:26
Modified: 19.04.2011 13:26
Company:  1und1 Mail und Media GmbH
Schedule:      At 09:55:54 every day
Next Run Time: 23.02.2015 09:55:54
Status:        Ready
Creator:      1und1
Comments:     
----------
Taskname:      Adobe Flash Player Updater
File:          C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (verified signer: [Adobe Systems Incorporated])
267440 bytes
Created:  27.02.2013 22:11
Modified: 05.02.2015 12:36
Company:  Adobe Systems Incorporated
Schedule:      At 01:35:00 every day
Next Run Time: 22.02.2015 14:35:00
Status:        Ready
Creator:      Adobe Systems Incorporated
Comments:      Mit diesem Task ist Ihre Flash Player-Installation immer aktuell und verwendet die neuesten Verbesserungen und Sicherheits-Fixes. Wenn dieser Task deaktiviert oder entfernt wird, kann Adobe Flash Player Ihren Computer nicht automatisch mit den neuesten Sicherheits-Fixes sichern.
----------
Taskname:      CLMLSvc
File:          c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (verified signer: [CyberLink])
210216 bytes
Created:  22.10.2009 18:50
Modified: 22.10.2009 18:50
Company:  CyberLink
Schedule:      At logon
Next Run Time:
Status:        Running
Creator:      CyberLink
Comments:     
----------
Taskname:      CreateChoiceProcessTask
File:          C:\Windows\System32\browserchoice.exe
C:\Windows\System32\browserchoice.exe
294912 bytes
Created:  09.09.2010 19:44
Modified: 23.02.2010 09:16
Company:  Microsoft Corporation
Parameters:    /launch
Schedule:      At task creation/modification
Next Run Time:
Status:        Ready
Creator:      BrowserChoice
Comments:     
----------
Taskname:      DVDAgent
File:          c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Schedule:      At logon
Next Run Time:
Status:        Ready
Creator:      CyberLink
Comments:     
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe - [file not found to scan]
----------
Taskname:      ExtendedServicePlan
File:          C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe
C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe (verified signer: [Hewlett-Packard Company])
26680 bytes
Created:  05.02.2010 19:19
Modified: 20.10.2009 10:58
Company: 
Parameters:    ExtendedServicePlan ShowMessageTask
Schedule:      At 00:00:00 on 08.08.2011
Next Run Time:
Status:        Ready
Creator:     
Comments:     
----------
Taskname:      GoogleUpdateTaskMachineCore
File:          C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (verified signer: [Google Inc])
107912 bytes
Created:  08.09.2010 14:51
Modified: 23.10.2014 11:33
Company:  Google Inc.
Parameters:    /c
Schedule:      Multiple schedule times
Next Run Time: 23.02.2015 10:50:00
Status:        Ready
Creator:      SYSTEM
Comments:      Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird.
----------
Taskname:      GoogleUpdateTaskMachineUA
File:          C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (verified signer: [Google Inc])
107912 bytes
Created:  08.09.2010 14:51
Modified: 23.10.2014 11:33
Company:  Google Inc.
Parameters:    /ua /installsource scheduler
Schedule:      At 10:50:00 every day
Next Run Time: 22.02.2015 13:50:00
Status:        Ready
Creator:      SYSTEM
Comments:      Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird.
----------
Taskname:      GoogleUpdateTaskUserS-1-5-21-107307583-39740663-3650351078-1001Core
File:          C:\Users\ola\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\ola\AppData\Local\Google\Update\GoogleUpdate.exe (verified signer: [Google Inc])
107912 bytes
Created:  16.10.2010 19:21
Modified: 19.10.2014 15:09
Company:  Google Inc.
Parameters:    /c
Schedule:      At 13:26:00 every day
Next Run Time: 23.02.2015 13:26:00
Status:        Ready
Creator:      ola
Comments:      Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird.
----------
Taskname:      GoogleUpdateTaskUserS-1-5-21-107307583-39740663-3650351078-1001UA
File:          C:\Users\ola\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\ola\AppData\Local\Google\Update\GoogleUpdate.exe (verified signer: [Google Inc])
107912 bytes
Created:  16.10.2010 19:21
Modified: 19.10.2014 15:09
Company:  Google Inc.
Parameters:    /ua /installsource scheduler
Schedule:      At 13:26:00 every day
Next Run Time: 22.02.2015 14:26:00
Status:        Ready
Creator:      ola
Comments:      Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird.
----------
Taskname:      Norton Security Scan for ola
File:          C:\PROGRA~2\NORTON~2\Engine\351~1.8\Nss.exe
C:\PROGRA~2\NORTON~2\Engine\351~1.8\Nss.exe (verified signer: [Symantec Corporation])
641464 bytes
Created:  12.11.2011 19:29
Modified: 03.04.2012 01:45
Company:  Symantec Corporation
Parameters:    /scan-quick /scheduled
Schedule:      At 17:15:00 every Sonntag, Montag, Dienstag, Mittwoch, Donnerstag, Freitag, Samstag of every week, starting 12.11.2011
Next Run Time: 22.02.2015 17:15:00
Status:        Ready
Creator:      ola
Comments:      Norton Security Scan
----------
Taskname:      PCDRScheduledMaintenance
File:          C:\Program Files\PC-Doctor for Windows\pcdrcui.exe
C:\Program Files\PC-Doctor for Windows\pcdrcui.exe (verified signer: [PC-Doctor, Inc.])
147440 bytes
Created:  18.09.2009 08:11
Modified: 18.09.2009 08:11
Company:  PC-Doctor, Inc.
Parameters:    -fh scripts\monthly.xml -st PCDRScheduledMaintenance
Schedule:      Multiple schedule times
Next Run Time: 28.02.2015 10:00:00
Status:        Ready
Creator:      PC-Doctor
Comments:     
----------
Taskname:      RecoveryCDWin7
File:          C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe
C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe (verified signer: [Hewlett-Packard Company])
26680 bytes
Created:  05.02.2010 19:19
Modified: 20.10.2009 10:58
Company: 
Parameters:    RecoveryCDWin7 ShowMessageTask
Schedule:      At 00:00:00 every 14 days
Next Run Time:
Status:        Ready
Creator:     
Comments:     
----------
Taskname:      Registration 1und1 Task
File:          C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe
C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe (verified signer: [ITSCM - IT Solution Center Muenchen GmbH])
588656 bytes
Created:  08.06.2011 13:23
Modified: 08.06.2011 13:23
Company:  1&1 Mail & Media GmbH
Schedule:      Multiple schedule times
Next Run Time: 23.02.2015 09:56:00
Status:        Ready
Creator:      1und1
Comments:     
----------
Taskname:      ServicePlan
File:          C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe
C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe (verified signer: [Hewlett-Packard Company])
26680 bytes
Created:  05.02.2010 19:19
Modified: 20.10.2009 10:58
Company: 
Parameters:    ServicePlan ShowMessageTask15D
Schedule:      At 00:00:00 on 23.09.2010
Next Run Time:
Status:        Ready
Creator:     
Comments:     
----------
Taskname:      SidebarExecute
File:          C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe (verified signer: [Microsoft Windows])
1475584 bytes
Created:  09.06.2011 10:27
Modified: 20.11.2010 14:25
Company:  Microsoft Corporation
Schedule:      At task creation/modification
Next Run Time:
Status:        Ready
Creator:     
Comments:     
----------
Taskname:      TuneUpUtilities_Task_BkGndMaintenance2013
File:          C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe
C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe (verified signer: [AVG Netherlands B.V.])
459576 bytes
Created:  16.07.2014 10:22
Modified: 16.07.2014 10:22
Company:  TuneUp Software
Parameters:    $(Arg0)
Schedule:      Task not scheduled
Next Run Time:
Status:        Ready
Creator:     
Comments:     
----------

************************************************************
13:45:20: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
13:45:21: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: msacm.l3acm
File:  C:\Windows\SysWOW64\l3codeca.acm
C:\Windows\SysWOW64\l3codeca.acm
64000 bytes
Created:  14.07.2009 01:07
Modified: 14.07.2009 02:14
Company:  Fraunhofer Institut Integrierte Schaltungen IIS
----------
Value: msacm.l3codecp
File:  l3codecp.acm
C:\Windows\SysWoW64\l3codecp.acm
220672 bytes
Created:  14.07.2009 01:09
Modified: 14.07.2009 02:14
Company:  Fraunhofer Institut Integrierte Schaltungen IIS
----------

************************************************************
13:45:22: ----- ADDITIONAL CHECKS -----
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Users\ola\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
C:\Users\ola\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
988938 bytes
Created:  08.09.2010 14:37
Modified: 09.09.2011 13:58
Company:  [no info]
----------
Web Desktop Wallpaper entry is blank
----------
Checks for rogue DNS NameServers completed
----------
Checks for Backdoor.ZeroAccess completed
----------
Safe Mode checks completed
Additional checks completed

************************************************************
13:45:22: Scanning ----- RUNNING PROCESSES -----

C:\Windows\System32\smss.exe
112640 bytes
Created:  17.09.2013 07:29
Modified: 02.08.2013 01:59
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\csrss.exe
7680 bytes
Created:  14.07.2009 00:19
Modified: 14.07.2009 02:39
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\wininit.exe
129024 bytes
Created:  14.07.2009 00:52
Modified: 14.07.2009 02:39
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\services.exe
328704 bytes
Created:  14.07.2009 00:19
Modified: 14.07.2009 02:39
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\winlogon.exe
455168 bytes
Created:  17.10.2014 09:26
Modified: 17.07.2014 03:07
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\lsass.exe
31232 bytes
Created:  12.02.2015 18:45
Modified: 15.01.2015 09:09
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\lsm.exe
343040 bytes
Created:  09.06.2011 10:27
Modified: 20.11.2010 14:24
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\svchost.exe
27136 bytes
Created:  14.07.2009 00:31
Modified: 14.07.2009 02:39
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\atiesrxx.exe
202752 bytes
Created:  06.02.2010 03:39
Modified: 02.12.2009 13:18
Company:  AMD
--------------------
C:\Windows\System32\atieclxx.exe
446976 bytes
Created:  06.02.2010 03:39
Modified: 02.12.2009 13:19
Company:  AMD
--------------------
C:\Windows\System32\spoolsv.exe
559104 bytes
Created:  15.08.2012 10:05
Modified: 11.02.2012 07:36
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
193696 bytes
Created:  11.03.2014 22:36
Modified: 11.03.2014 22:36
Company:  Microsoft Corporation.
--------------------
C:\Windows\SysWOW64\svchost.exe
20992 bytes
Created:  14.07.2009 00:19
Modified: 14.07.2009 02:14
Company:  Microsoft Corporation
C:\Windows\SysWOW64\svchost.exe
20992 bytes
Created:  14.07.2009 00:19
Modified: 14.07.2009 02:14
Company:  Microsoft Corporation
C:\Windows\System32\msiexec.exe
128000 bytes
Created:  09.06.2011 10:26
Modified: 20.11.2010 14:24
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\WUDFHost.exe
229888 bytes
Created:  16.11.2012 19:48
Modified: 26.07.2012 04:08
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\taskeng.exe
464384 bytes
Created:  09.06.2011 10:27
Modified: 20.11.2010 14:25
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\taskhost.exe
68608 bytes
Created:  21.03.2013 10:00
Modified: 23.11.2012 04:13
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\dwm.exe
120320 bytes
Created:  14.07.2009 00:37
Modified: 14.07.2009 02:39
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
192160 bytes
Created:  20.04.2014 16:15
Modified: 20.04.2014 16:15
Company:  Kaspersky Lab ZAO
--------------------
C:\Windows\System32\SearchIndexer.exe
591872 bytes
Created:  29.06.2011 09:24
Modified: 04.05.2011 06:19
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
2040120 bytes
Created:  16.07.2014 10:24
Modified: 16.07.2014 10:24
Company:  TuneUp Software
--------------------
C:\Program Files\Windows Media Player\wmpnetwk.exe
1525248 bytes
Created:  09.06.2011 10:27
Modified: 20.11.2010 14:25
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
270336 bytes
Created:  20.09.2009 12:36
Modified: 20.09.2009 12:36
Company:  Hewlett-Packard Co.
--------------------
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
332016 bytes
Created:  09.04.2014 14:14
Modified: 09.04.2014 14:14
Company:  McAfee, Inc.
--------------------
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
656896 bytes
Created:  25.08.2009 03:11
Modified: 25.08.2009 03:11
Company:  Hewlett-Packard
--------------------
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
309824 bytes
Created:  03.11.2011 19:54
Modified: 25.08.2010 11:27
Company:  ArcSoft Inc.
--------------------
C:\Program Files (x86)\hp\Digital Imaging\bin\hpqste08.exe
168960 bytes
Created:  20.09.2009 12:07
Modified: 20.09.2009 12:07
Company:  Hewlett-Packard Co.
--------------------
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
65536 bytes
Created:  22.04.2009 17:38
Modified: 22.04.2009 17:38
Company:  Advanced Micro Devices Inc.
--------------------
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
11318784 bytes
Created:  20.05.2010 23:59
Modified: 20.05.2010 23:59
Company:  OpenOffice.org
--------------------
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
11312128 bytes
Created:  20.05.2010 23:59
Modified: 20.05.2010 23:59
Company:  OpenOffice.org
--------------------
C:\Program Files (x86)\hp\Digital Imaging\bin\hpqbam08.exe
559104 bytes
Created:  20.09.2009 12:07
Modified: 20.09.2009 12:07
Company:  Hewlett-Packard Co.
--------------------
C:\Program Files (x86)\hp\Digital Imaging\bin\hpqgpc01.exe
362496 bytes
Created:  21.05.2009 18:57
Modified: 21.05.2009 18:57
Company:  Hewlett-Packard
--------------------
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
65536 bytes
Created:  22.04.2009 17:37
Modified: 22.04.2009 17:37
Company:  ATI Technologies Inc.
--------------------
C:\Users\ola\Downloads\adwcleaner_4.111.exe
2126848 bytes
Created:  22.02.2015 13:22
Modified: 22.02.2015 13:23
Company: 
--------------------
C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe
FileSize:          5484896
[This is a Trojan Remover component]
--------------------
--------------------
C:\Windows\System32\wuauclt.exe
58336 bytes
Created:  31.08.2014 10:08
Modified: 14.05.2014 17:23
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
4101576 bytes
Created:  22.02.2015 13:40
Modified: 24.06.2014 10:42
Company:  Safer-Networking Ltd.
--------------------
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
171928 bytes
Created:  22.02.2015 13:40
Modified: 25.04.2014 14:12
Company:  Safer-Networking Ltd.
--------------------
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
2088408 bytes
Created:  22.02.2015 13:40
Modified: 27.06.2014 11:52
Company:  Safer-Networking Ltd.
--------------------
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
4214168 bytes
Created:  22.02.2015 13:40
Modified: 24.06.2014 10:42
Company:  Safer-Networking Ltd.
--------------------
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
4747720 bytes
Created:  22.02.2015 13:40
Modified: 27.06.2014 11:52
Company:  Safer-Networking Ltd.
--------------------
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
1738168 bytes
Created:  22.02.2015 13:40
Modified: 24.06.2014 10:41
Company:  Safer-Networking Ltd.
--------------------
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
247968 bytes
Created:  11.03.2014 22:36
Modified: 11.03.2014 22:36
Company:  Microsoft Corporation.
--------------------
C:\Windows\System32\SearchProtocolHost.exe
249856 bytes
Created:  29.06.2011 09:24
Modified: 04.05.2011 06:19
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\SearchFilterHost.exe
113664 bytes
Created:  29.06.2011 09:24
Modified: 04.05.2011 06:19
Company:  Microsoft Corporation
--------------------

************************************************************
13:45:35: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
13:45:35: Checking ----- ROGUE BROWSER MODIFICATIONS -----

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\SysWOW64\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
hxxp://go.gmx.net/br/ie9_startpage

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 13:45:36 22 Feb 2015
Total Scan time: 00:07:02
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.9.1.2932. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 18:49:26 12 Feb 2015
Using Database v8517
Operating System:  Windows 7 x64 Home Premium (SP1) [Build: 6.1.7601]
File System:      NTFS
UAC is ENABLED [default level]
[Secure Desktop Prompt is DISABLED]
UserData directory: C:\Users\ola\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory:  C:\Users\ola\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files (x86)\Trojan Remover\
Running with Administrator privileges

************************************************************
18:49:28: ----- Checking Default File Associations -----
No modified default file associations detected

************************************************************
18:49:28: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
18:49:34: Scanning ----- Windows Registry -----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [explorer.exe]
File: C:\Windows\Explorer.exe
C:\Windows\Explorer.exe (verified signer: [Microsoft Windows])
2871808 bytes
Created:  27.04.2011 12:30
Modified: 25.02.2011 07:19
Company:  Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\Windows\system32\userinit.exe,]
File: C:\Windows\system32\userinit.exe
C:\Windows\System32\userinit.exe (verified signer: [Microsoft Windows])
30720 bytes
Created:  09.06.2011 10:26
Modified: 20.11.2010 14:25
Company:  Microsoft Corporation
----------
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [hpsysdrv]
Value Data: [c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe]
c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (verified signer: [Hewlett-Packard Company])
62768 bytes
Created:  20.11.2008 10:47
Modified: 20.11.2008 10:47
Company:  Hewlett-Packard
--------------------
Value Name: [HP Remote Solution]
Value Data: [%ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe]
C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe - [file not found to scan]
--------------------
Value Name: [IAStorIcon]
Value Data: [C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe]
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (verified signer: [Intel Corporation])
284696 bytes
Created:  05.02.2010 19:03
Modified: 02.10.2009 12:26
Company:  Intel Corporation
--------------------
Value Name: [StartCCC]
Value Data: ["C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun]
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
98304 bytes
Created:  01.12.2009 22:39
Modified: 01.12.2009 22:39
Company:  Advanced Micro Devices, Inc.
--------------------
Value Name: [HP Software Update]
Value Data: [c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe]
c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe (verified signer: [Hewlett-Packard Company])
54576 bytes
Created:  08.12.2008 14:50
Modified: 08.12.2008 14:50
Company:  Hewlett-Packard
--------------------
Value Name: [Easybits Recovery]
Value Data: [C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe]
C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (verified signer: [EasyBits Software AS])
60464 bytes
Created:  02.09.2009 12:00
Modified: 02.09.2009 12:00
Company:  EasyBits Software AS
--------------------
Value Name: [hpqSRMon]
Value Data: [C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe]
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
150528 bytes
Created:  22.07.2008 18:33
Modified: 22.07.2008 18:33
Company:  Hewlett-Packard
--------------------
Value Name: [GrooveMonitor]
Value Data: ["C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"]
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (verified signer: [Microsoft Corporation])
30040 bytes
Created:  26.02.2009 18:36
Modified: 26.02.2009 18:36
Company:  Microsoft Corporation
--------------------
Value Name: [DivXUpdate]
Value Data: ["C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW]
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (verified signer: [DivX, LLC])
1230704 bytes
Created:  21.03.2011 19:56
Modified: 21.03.2011 19:56
Company: 
--------------------
Value Name: [ArcSoft Connection Service]
Value Data: [C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe]
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (verified signer: [ArcSoft, Inc.])
207424 bytes
Created:  03.11.2011 19:54
Modified: 27.10.2010 19:17
Company:  ArcSoft Inc.
--------------------
Value Name: [Nikon Transfer Monitor]
Value Data: [C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe]
C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
479232 bytes
Created:  15.09.2009 18:47
Modified: 15.09.2009 18:47
Company:  Nikon Corporation
--------------------
Value Name: [Adobe Reader Speed Launcher]
Value Data: ["C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"]
C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (verified signer: [Adobe Systems, Incorporated])
40368 bytes
Created:  31.08.2011 02:57
Modified: 31.08.2011 02:57
Company:  Adobe Systems Incorporated
--------------------
Value Name: [Adobe ARM]
Value Data: ["C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (verified signer: [Adobe Systems, Incorporated])
-R- 937920 bytes
Created:  29.03.2011 21:59
Modified: 29.03.2011 21:59
Company:  Adobe Systems Incorporated
--------------------
Value Name: [ApnTBMon]
Value Data: ["C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"]
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (verified signer: [APN LLC])
1934744 bytes
Created:  31.01.2015 00:53
Modified: 31.01.2015 00:53
Company:  APN
--------------------
Value Name: [KiesTrayAgent]
Value Data: [C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe]
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (verified signer: [Samsung Electronics CO., LTD.])
311616 bytes
Created:  14.06.2014 12:30
Modified: 25.07.2014 09:42
Company:  Samsung Electronics Co., Ltd.
--------------------
Value Name: [Acrobat Assistant 7.0]
Value Data: ["C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"]
C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
483328 bytes
Created:  14.12.2004 02:12
Modified: 14.12.2004 02:12
Company:  Adobe Systems Inc.
--------------------
Value Name: [TrojanScanner]
Value Data: [C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot]
C:\Program Files (x86)\Trojan Remover\Trjscan.exe (verified signer: [Simply Super Software])
1791856 bytes
Created:  12.02.2015 18:04
Modified: 16.10.2014 16:00
Company:  Simply Super Software
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: [HPADVISOR]
Value Data: [C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW]
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (verified signer: [Hewlett-Packard Company])
1685048 bytes
Created:  29.09.2009 15:26
Modified: 29.09.2009 15:26
Company:  Hewlett-Packard
--------------------
Value Name: [swg]
Value Data: ["C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"]
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (verified signer: [Google Inc])
39408 bytes
Created:  08.09.2010 14:51
Modified: 08.09.2010 14:51
Company:  Google Inc.
--------------------
Value Name: [Sony Ericsson PC Suite]
Value Data: ["C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon]
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
434176 bytes
Created:  23.09.2010 17:25
Modified: 24.09.2009 13:41
Company:  Sony Ericsson Mobile Communications AB
--------------------
Value Name: [Google Update]
Value Data: ["C:\Users\ola\AppData\Local\Google\Update\GoogleUpdate.exe" /c]
C:\Users\ola\AppData\Local\Google\Update\GoogleUpdate.exe (verified signer: [Google Inc])
107912 bytes
Created:  16.10.2010 19:21
Modified: 19.10.2014 15:09
Company:  Google Inc.
--------------------
Value Name: [Spiele Post]
Value Data: [C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe]
C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe (verified signer: [INTENIUM GmbH])
483400 bytes
Created:  06.12.2013 13:09
Modified: 06.12.2013 13:09
Company:  Intenium
--------------------
Value Name: [Exetender]
Value Data: ["C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup]
C:\Program Files (x86)\Free Ride Games\GPlayer.exe (verified signer: [Exent Technologies Ltd.])
4862384 bytes
Created:  31.07.2011 13:00
Modified: 01.09.2011 18:18
Company:  Exent Technologies Ltd.
--------------------
Value Name: [GameXN GO]
Value Data: ["C:\ProgramData\GameXN\GameXNGO.exe" /startup]
C:\ProgramData\GameXN\GameXNGO.exe (verified signer: [EasyBits Software AS])
347144 bytes
Created:  01.09.2011 12:34
Modified: 08.08.2014 11:12
Company:  GameXN AS
--------------------
Value Name: [GoogleChromeAutoLaunch_7AF6FE48D09771C69065DE049B362851]
Value Data: ["C:\Users\ola\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window]
C:\Users\ola\AppData\Local\Google\Chrome\Application\chrome.exe (verified signer: [Google Inc])
843592 bytes
Created:  16.10.2010 19:21
Modified: 04.02.2015 10:02
Company:  Google Inc.
--------------------
Value Name: [Alamandi tray notifier]
Value Data: [c:\program files (x86)\deutschland spielt\alamandi\TaskBarNotifier.exe]
c:\program files (x86)\deutschland spielt\alamandi\TaskBarNotifier.exe - [file not found to scan]
--------------------
Value Name: [Amazon Music]
Value Data: ["C:\Users\ola\AppData\Local\Amazon Music\Amazon Music Helper.exe"]
C:\Users\ola\AppData\Local\Amazon Music\Amazon Music Helper.exe (verified signer: [Amazon Services LLC])
6281536 bytes
Created:  12.09.2014 18:39
Modified: 06.09.2014 01:54
Company:  [no info]
--------------------
Value Name: [KiesPreload]
Value Data: [C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload]
C:\Program Files (x86)\Samsung\Kies\Kies.exe (verified signer: [Samsung Electronics CO., LTD.])
1562264 bytes
Created:  14.06.2014 12:30
Modified: 25.07.2014 09:42
Company:  Samsung
--------------------
Value Name: [Skype]
Value Data: ["C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun]
C:\Program Files (x86)\Skype\Phone\Skype.exe (verified signer: [Skype Software Sarl])
-R- 30877280 bytes
Created:  11.12.2014 11:20
Modified: 11.12.2014 11:20
Company:  Skype Technologies S.A.
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty

************************************************************
18:49:47: Scanning ----- Windows 64-Bit Registry -----
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [SmartMenu]
Value Data: [C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background]
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (verified signer: [Hewlett-Packard Company])
610360 bytes
Created:  14.09.2009 16:17
Modified: 14.09.2009 16:17
Company: 
--------------------
Value Name: [PC-Doctor for Windows localizer]
Value Data: [C:\Program Files\PC-Doctor for Windows\localizer.exe]
C:\Program Files\PC-Doctor for Windows\localizer.exe (verified signer: [PC-Doctor, Inc.])
95728 bytes
Created:  17.09.2009 06:57
Modified: 17.09.2009 06:57
Company:  PC-Doctor, Inc.
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty

************************************************************
18:49:47: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {E54729E8-BB3D-4270-9D49-7389EA579090}
Value:    EasyBits Security Shield Hook - prevents launching insecure programs by kids
File:      C:\Windows\SysWow64\EZUPBH~1.DLL
C:\Windows\SysWow64\EZUPBH~1.DLL (verified signer: [EasyBits Software AS])
52272 bytes
Created:  05.02.2010 19:26
Modified: 05.02.2010 19:26
Company:  EasyBits Software Corp.
----------
ValueName: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}
Value:    Groove GFS Stub Execution Hook
File:      C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (verified signer: [Microsoft Corporation])
2217832 bytes
Created:  26.02.2009 18:36
Modified: 26.02.2009 18:36
Company:  Microsoft Corporation
----------

************************************************************
18:49:48: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
18:49:48: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
--------------------

************************************************************
18:49:48: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key:  {2D46B6DC-2207-486B-B523-A557E6D54B47}
Path: C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
C:\Windows\SysWoW64\ie4uinit.exe - [file not found to scan]
----------

************************************************************
18:49:49: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key:  HPSLPSVC
Path: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
1039360 bytes
Created:  22.10.2010 13:08
Modified: 22.10.2010 13:08
Company:  Hewlett-Packard Co.
----------

************************************************************
18:50:10: Scanning ----- SERVICES REGISTRY KEYS -----
----------
Key:      ACDaemon
ImagePath: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (verified signer: [ArcSoft, Inc.])
113152 bytes
Created:  03.11.2011 19:54
Modified: 18.03.2010 11:19
Company:  ArcSoft Inc.
----------
----------
Key:      Adobe LM Service
ImagePath: "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
72704 bytes
Created:  24.01.2015 15:56
Modified: 24.01.2015 15:56
Company:  Adobe Systems
----------
----------
Key:      Afc
ImagePath: SysWOW64\drivers\Afc.sys
C:\Windows\SysWOW64\drivers\Afc.sys
22784 bytes
Created:  03.11.2011 19:54
Modified: 14.11.2006 11:31
Company:  Arcsoft, Inc.
----------

cosinus 24.02.2015 12:27
Malwarebytes: Verlauf => Anwendungsprotokolle => Suchlaufprotokolle

ola_123 24.02.2015 12:36
Code:
----------
Key:      APNMCP
ImagePath: "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe"
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (verified signer: [APN LLC])
177560 bytes
Created:  31.01.2015 00:53
Modified: 31.01.2015 00:53
Company:  APN LLC.
----------
----------
Key:      AVP15.0.0
ImagePath: "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe" -r
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe (verified signer: [Kaspersky Lab])
233552 bytes
Created:  20.04.2014 16:15
Modified: 20.04.2014 16:15
Company:  Kaspersky Lab ZAO
----------
----------
Key:      CVPND
ImagePath: "C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe"
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (verified signer: [Cisco Systems, Inc.])
1528616 bytes
Created:  23.03.2010 12:19
Modified: 23.03.2010 12:19
Company:  Cisco Systems, Inc.
----------
----------
Key:      CVPNDRVA
ImagePath: \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
C:\Windows\System32\Drivers\CVPNDRVA.sys
304784 bytes
Created:  23.03.2010 12:29
Modified: 23.03.2010 12:29
Company:  [no info]
----------
----------
Key:      GamesAppIntegrationService
ImagePath: "C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe"
C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (verified signer: [WildTangent Inc])
227936 bytes
Created:  06.09.2013 01:41
Modified: 08.12.2013 15:09
Company:  WildTangent
----------
----------
Key:      GamesAppService
ImagePath: "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe"
C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (verified signer: [WildTangent Inc])
206072 bytes
Created:  12.10.2010 18:59
Modified: 12.10.2010 18:59
Company:  WildTangent, Inc.
----------
----------
Key:      HP Health Check Service
ImagePath: "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe"
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (verified signer: [Hewlett-Packard Company])
126520 bytes
Created:  15.11.2010 09:04
Modified: 15.11.2010 09:04
Company:  Hewlett-Packard Company
----------
----------
Key:      HPDrvMntSvc.exe
ImagePath: "C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (verified signer: [Hewlett-Packard Company])
92216 bytes
Created:  14.10.2010 17:27
Modified: 14.10.2010 17:27
Company:  Hewlett-Packard Company
----------
----------
Key:      hpqwmiex
ImagePath: "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (verified signer: [Hewlett-Packard Company])
751672 bytes
Created:  14.10.2010 17:22
Modified: 14.10.2010 17:22
Company:  Hewlett-Packard Company
----------
----------
Key:      IAStorDataMgrSvc
ImagePath: "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (verified signer: [Intel Corporation])
13336 bytes
Created:  05.02.2010 19:03
Modified: 02.10.2009 12:26
Company:  Intel Corporation
----------
----------
Key:      klflt
ImagePath: system32\DRIVERS\klflt.sys
C:\Windows\System32\DRIVERS\klflt.sys
141320 bytes
Created:  23.11.2014 17:12
Modified: 23.11.2014 17:20
Company:  Kaspersky Lab ZAO
----------
----------
Key:      McComponentHostService
ImagePath: "C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe"
C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe (verified signer: [McAfee, Inc.])
289256 bytes
Created:  09.04.2014 14:13
Modified: 09.04.2014 14:13
Company:  McAfee, Inc.
----------
----------
Key:      ogmservice
ImagePath: "C:\Program Files (x86)\Online Games Manager\ogmservice.exe" --service-run
C:\Program Files (x86)\Online Games Manager\ogmservice.exe (verified signer: [GameHouse])
581568 bytes
Created:  27.03.2014 13:07
Modified: 27.03.2014 13:07
Company:  RealNetworks, Inc.
----------
----------
Key:      OMSI download service
ImagePath: C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
90112 bytes
Created:  23.09.2010 17:25
Modified: 30.04.2009 11:23
Company:  [no info]
----------
----------
Key:      PDF Architect 2
ImagePath: "C:\Program Files (x86)\PDF Architect 2\ws.exe"
C:\Program Files (x86)\PDF Architect 2\ws.exe (verified signer: [pdfforge GmbH])
1771560 bytes
Created:  10.10.2014 16:03
Modified: 10.10.2014 16:03
Company:  pdfforge GmbH
----------
----------
Key:      PDF Architect 2 Creator
ImagePath: "C:\Program Files (x86)\PDF Architect 2\creator-ws.exe"
C:\Program Files (x86)\PDF Architect 2\creator-ws.exe (verified signer: [pdfforge GmbH])
738856 bytes
Created:  10.10.2014 16:03
Modified: 10.10.2014 16:03
Company:  pdfforge GmbH
----------
----------
Key:      pdfforge CrashHandler
ImagePath: "C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe"
C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe (verified signer: [pdfforge GmbH])
861736 bytes
Created:  10.10.2014 16:03
Modified: 10.10.2014 16:03
Company:  pdfforge GmbH
----------
----------
Key:      Service Mgr PositiveFinds
ImagePath: "C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe"
C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe (verified signer: [Positive Finds])
577272 bytes
Created:  05.02.2015 05:49
Modified: 12.02.2015 01:33
Company: 
----------
----------
Key:      SkypeUpdate
ImagePath: "C:\Program Files (x86)\Skype\Updater\Updater.exe"
C:\Program Files (x86)\Skype\Updater\Updater.exe (verified signer: [Skype Software Sarl])
-R- 315496 bytes
Created:  11.12.2014 10:30
Modified: 11.12.2014 10:30
Company:  Skype Technologies
----------
----------
Key:      TuneUp.UtilitiesSvc
ImagePath: "C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe"
C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (verified signer: [AVG Netherlands B.V.])
2145080 bytes
Created:  16.07.2014 10:24
Modified: 16.07.2014 10:24
Company:  TuneUp Software
----------
----------
Key:      TuneUpUtilitiesDrv
ImagePath: \??\C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys
C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys
14112 bytes
Created:  23.06.2014 08:44
Modified: 23.06.2014 08:44
Company:  TuneUp Software
----------
----------
Key:      Update Mgr PositiveFinds
ImagePath: "C:\Program Files (x86)\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe"
C:\Program Files (x86)\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe (verified signer: [Positive Finds])
384760 bytes
Created:  05.02.2015 04:49
Modified: 12.02.2015 01:33
Company: 
----------
----------
Key:      X5XSEx
ImagePath: \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys
C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys
55400 bytes
Created:  31.07.2011 13:00
Modified: 22.11.2010 08:25
Company:  Exent Technologies Ltd.
----------
----------
Key:      X5XSEx_Pr146
ImagePath: \??\C:\Program Files (x86)\GameTreat Player\X5XSEx.Sys
C:\Program Files (x86)\GameTreat Player\X5XSEx.Sys
55328 bytes
Created:  15.01.2012 15:12
Modified: 10.03.2010 20:02
Company:  Exent Technologies Ltd.
----------

************************************************************
18:50:58: Scanning -----VXD ENTRIES-----

************************************************************
18:50:58: Scanning ----- ContextMenuHandlers -----
Key:  Adobe.Acrobat.ContextMenu
CLSID: {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}
Path:  C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
577536 bytes
Created:  14.12.2004 03:11
Modified: 14.12.2004 03:11
Company:  Adobe Systems Inc.
----------
Key:  Kaspersky Anti-Virus 15.0.0
CLSID: {BD8BB16E-84EC-485E-8F58-9BD1FEFB8EE2}
Path:  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\shellex.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\shellex.dll (verified signer: [Kaspersky Lab])
154784 bytes
Created:  20.04.2014 16:15
Modified: 20.04.2014 16:15
Company:  Kaspersky Lab ZAO
----------
Key:  PDFManagerExt
CLSID: {59E4A616-E484-44B5-95FB-7F430B35E8FE}
Path:  C:\Program Files (x86)\PDF Architect 2\creator-context-menu.dll
C:\Program Files (x86)\PDF Architect 2\creator-context-menu.dll (verified signer: [pdfforge GmbH])
321576 bytes
Created:  10.10.2014 16:03
Modified: 10.10.2014 16:03
Company:  pdfforge GmbH
----------
Key:  TuneUp Shredder Shell Extension
CLSID: {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
Path:  C:\Program Files (x86)\TuneUp Utilities 2014\SDShelEx-win32.dll
C:\Program Files (x86)\TuneUp Utilities 2014\SDShelEx-win32.dll (verified signer: [AVG Netherlands B.V.])
32568 bytes
Created:  16.07.2014 10:24
Modified: 16.07.2014 10:24
Company:  TuneUp Software
----------

************************************************************
18:51:00: Scanning ----- Folder\ColumnHandlers -----
Key:  {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
File: "C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
401920 bytes
Created:  19.05.2010 15:37
Modified: 19.05.2010 15:37
Company:  OpenOffice.org
----------
Key:  {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
110592 bytes
Created:  14.12.2004 02:20
Modified: 14.12.2004 02:20
Company:  Adobe Systems, Inc.
----------

************************************************************
18:51:00: Scanning ----- 64-Bit ContextMenuHandlers -----
Key:  Kaspersky Anti-Virus 15.0.0
CLSID: {BD8BB16E-84EC-485E-8F58-9BD1FEFB8EE2}
Path:  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\shellex.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\shellex.dll (verified signer: [Kaspersky Lab])
245408 bytes
Created:  20.04.2014 16:15
Modified: 20.04.2014 16:15
Company:  Kaspersky Lab ZAO
----------
Key:  TuneUp Shredder Shell Extension
CLSID: {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
Path:  C:\Program Files (x86)\TuneUp Utilities 2014\SDShelEx-x64.dll
C:\Program Files (x86)\TuneUp Utilities 2014\SDShelEx-x64.dll (verified signer: [AVG Netherlands B.V.])
32056 bytes
Created:  16.07.2014 10:24
Modified: 16.07.2014 10:24
Company:  TuneUp Software
----------

************************************************************
18:51:01: Scanning ----- 64-Bit Folder\ColumnHandlers -----
Key:  {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
File: "C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll"
C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll
830464 bytes
Created:  19.05.2010 15:41
Modified: 19.05.2010 15:41
Company:  OpenOffice.org
----------

************************************************************
18:51:01: Scanning ----- Browser Helper Objects -----
Key: {02478D38-C3F9-4efb-9B51-7695ECA05670}
BHO: C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (verified signer: [Yahoo! Inc.])
882416 bytes
Created:  28.07.2008 11:47
Modified: 28.07.2008 11:47
Company:  Yahoo! Inc.
----------
Key: {0347C33E-8762-4905-BF09-768834316C61}
BHO: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (verified signer: [Hewlett-Packard Company])
328248 bytes
Created:  20.09.2009 12:15
Modified: 20.09.2009 12:15
Company:  Hewlett-Packard Co.
----------
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (verified signer: [Adobe Systems, Incorporated])
63136 bytes
Created:  14.12.2004 01:56
Modified: 14.12.2004 01:56
Company:  Adobe Systems Incorporated
----------
Key: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01}
BHO: C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (verified signer: [McAfee, Inc.])
96128 bytes
Created:  09.04.2014 14:12
Modified: 09.04.2014 14:12
Company:  McAfee, Inc.
----------
Key: {17166733-40EA-4432-A85C-AE672FF0E236}
BHO: C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll
C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (verified signer: [1&1 Mail & Media GmbH])
163936 bytes
Created:  11.05.2011 16:36
Modified: 11.05.2011 16:36
Company:  1&1 Mail & Media GmbH
----------
Key: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6}
BHO: C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (verified signer: [Microsoft Corporation])
1431712 bytes
Created:  11.03.2014 22:36
Modified: 11.03.2014 22:36
Company:  Microsoft Corporation.
----------
Key: {30c85a3d-1d96-4589-b63f-91fb7ef45a41}
BHO: C:\Program Files (x86)\Positive Finds\Extensions\30c85a3d-1d96-4589-b63f-91fb7ef45a41.dll
C:\Program Files (x86)\Positive Finds\Extensions\30c85a3d-1d96-4589-b63f-91fb7ef45a41.dll (verified signer: [Positive Finds])
145656 bytes
Created:  05.02.2015 08:00
Modified: 05.02.2015 08:00
Company: 
----------
Key: {30F9B915-B755-4826-820B-08FBA6BD249D}
BHO: C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (verified signer: [Conduit Ltd.])
175912 bytes
Created:  02.05.2011 17:37
Modified: 17.01.2011 15:54
Company:  Conduit Ltd.
----------
Key: {31ad400d-1b06-4e33-a59a-90c2c140cba0}
BHO: mscoree.dll
C:\Windows\SysWoW64\mscoree.dll (verified signer: [Microsoft Windows])
297808 bytes
Created:  09.06.2011 10:27
Modified: 05.11.2010 02:58
Company:  Microsoft Corporation
----------
Key: {326E768D-4182-46FD-9C16-1449A49795F4}
BHO: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (verified signer: [DivX, LLC])
3118976 bytes
Created:  08.02.2011 01:17
Modified: 08.02.2011 01:17
Company:  DivX, LLC
----------
Key: {4F524A2D-5350-4500-76A7-7A786E7484D7}
BHO: "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll"
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll (verified signer: [APN LLC])
12184 bytes
Created:  31.01.2015 00:53
Modified: 31.01.2015 00:53
Company:  APN LLC.
----------
Key: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}
BHO: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (verified signer: [Kaspersky Lab])
709312 bytes
Created:  20.04.2014 01:42
Modified: 20.04.2014 01:42
Company:  Kaspersky Lab ZAO
----------
Key: {691B33B0-B86E-47F3-81C7-56E4FE3B929C}
BHO: C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll
C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll (verified signer: [pdfforge GmbH])
37928 bytes
Created:  10.10.2014 16:03
Modified: 10.10.2014 16:03
Company:  pdfforge GmbH
----------
Key: {73455575-E40C-433C-9784-C78DC7761455}
BHO: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (verified signer: [Kaspersky Lab])
1152808 bytes
Created:  20.04.2014 01:42
Modified: 23.11.2014 17:20
Company:  Kaspersky Lab ZAO
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (verified signer: [Oracle America, Inc.])
460712 bytes
Created:  12.02.2015 17:56
Modified: 12.02.2015 17:56
Company:  Oracle Corporation
----------
Key: {79a2b609-bbc0-4d16-9925-70cb98a6490d}
BHO: C:\Program Files (x86)\Die_FreeRide_Games_Bar\prxtbDie_.dll
C:\Program Files (x86)\Die_FreeRide_Games_Bar\prxtbDie_.dll (verified signer: [Conduit Ltd.])
176936 bytes
Created:  09.05.2011 10:49
Modified: 09.05.2011 10:49
Company:  Conduit Ltd.
----------
Key: {872b5b88-9db5-4310-bdd0-ac189557e5f5}
BHO: C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (verified signer: [Conduit Ltd.])
175912 bytes
Created:  28.07.2011 17:55
Modified: 17.01.2011 15:54
Company:  Conduit Ltd.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (verified signer: [Microsoft Corporation])
408448 bytes
Created:  22.01.2009 15:41
Modified: 22.01.2009 15:41
Company:  Microsoft Corporation
----------
Key: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}
BHO: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (verified signer: [Kaspersky Lab])
480448 bytes
Created:  20.04.2014 01:42
Modified: 20.04.2014 01:42
Company:  Kaspersky Lab ZAO
----------
Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (verified signer: [Google Inc])
194504 bytes
Created:  08.09.2010 14:51
Modified: 28.03.2014 14:07
Company:  Google Inc.
----------
Key: {AE7CD045-E861-484f-8273-0445EE161910}
BHO: C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
225280 bytes
Created:  14.12.2004 02:13
Modified: 14.12.2004 02:13
Company:  Adobe Systems Incorporated
----------
Key: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
BHO: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (verified signer: [Skype Technologies SA])
4296864 bytes
Created:  02.03.2012 10:51
Modified: 02.03.2012 10:51
Company:  Skype Technologies S.A.
----------
Key: {BF42D4A8-016E-4fcd-B1EB-837659FD77C6}
BHO: C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll
C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (verified signer: [1&1 Mail & Media GmbH])
1579104 bytes
Created:  02.02.2012 19:32
Modified: 02.02.2012 19:32
Company:  1und1 Mail und Media GmbH
----------
Key: {D4027C7F-154A-4066-A1AD-4243D8127440}
BHO: "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MTV\Passport.dll"
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MTV\Passport.dll (verified signer: [APN LLC])
12184 bytes
Created:  30.10.2014 17:56
Modified: 30.10.2014 17:56
Company:  APN LLC.
----------
Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}
BHO: C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (verified signer: [Oracle America, Inc.])
172968 bytes
Created:  12.02.2015 17:56
Modified: 12.02.2015 17:56
Company:  Oracle Corporation
----------
Key: {E33CF602-D945-461A-83F0-819F76A199F8}
BHO: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (verified signer: [Kaspersky Lab])
891072 bytes
Created:  20.04.2014 01:42
Modified: 20.04.2014 01:42
Company:  Kaspersky Lab ZAO
----------
Key: {f92a9fe4-2850-4198-b9d5-279880e49b16}
BHO: C:\Program Files (x86)\A_Free_Ride_Games_Bar\prxtbA_Fr.dll
C:\Program Files (x86)\A_Free_Ride_Games_Bar\prxtbA_Fr.dll (verified signer: [Conduit Ltd.])
175912 bytes
Created:  31.07.2011 13:00
Modified: 17.01.2011 15:54
Company:  Conduit Ltd.
----------
Key: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
BHO: C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (verified signer: [Yahoo! Inc.])
160496 bytes
Created:  28.07.2008 11:47
Modified: 28.07.2008 11:47
Company:  Yahoo! Inc
----------
Key: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}
BHO: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (verified signer: [Hewlett-Packard Company])
509496 bytes
Created:  20.09.2009 12:15
Modified: 20.09.2009 12:15
Company:  Hewlett-Packard Co.
----------

************************************************************
18:51:11: Scanning ----- 64-Bit Browser Helper Objects -----
Key: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6}
BHO: C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (verified signer: [Microsoft Corporation])
1154720 bytes
Created:  11.03.2014 22:30
Modified: 11.03.2014 22:30
Company:  Microsoft Corporation.
----------
Key: {31ad400d-1b06-4e33-a59a-90c2c140cba0}
BHO: mscoree.dll
C:\Windows\System32\mscoree.dll (verified signer: [Microsoft Windows])
444752 bytes
Created:  09.06.2011 10:27
Modified: 05.11.2010 02:57
Company:  Microsoft Corporation
----------
Key: {4F524A2D-5350-4500-76A7-7A786E7484D7}
BHO: "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll"
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll (verified signer: [APN LLC])
13720 bytes
Created:  31.01.2015 00:53
Modified: 31.01.2015 00:53
Company:  APN LLC.
----------
Key: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}
BHO: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (verified signer: [Kaspersky Lab])
878784 bytes
Created:  20.04.2014 01:42
Modified: 20.04.2014 01:42
Company:  Kaspersky Lab ZAO
----------
Key: {73455575-E40C-433C-9784-C78DC7761455}
BHO: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (verified signer: [Kaspersky Lab])
1428264 bytes
Created:  20.04.2014 01:42
Modified: 23.11.2014 17:20
Company:  Kaspersky Lab ZAO
----------
Key: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}
BHO: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (verified signer: [Kaspersky Lab])
583360 bytes
Created:  20.04.2014 01:42
Modified: 20.04.2014 01:42
Company:  Kaspersky Lab ZAO
----------
Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (verified signer: [Google Inc])
256456 bytes
Created:  08.09.2010 14:52
Modified: 28.03.2014 14:08
Company:  Google Inc.
----------
Key: {BF42D4A8-016E-4fcd-B1EB-837659FD77C6}
BHO: C:\Program Files\GMX Toolbar\IE\uitb.dll
C:\Program Files\GMX Toolbar\IE\uitb.dll (verified signer: [1&1 Mail & Media GmbH])
1973344 bytes
Created:  02.02.2012 19:32
Modified: 02.02.2012 19:32
Company:  1und1 Mail und Media GmbH
----------
Key: {D4027C7F-154A-4066-A1AD-4243D8127440}
BHO: "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MTV\Passport_x64.dll"
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MTV\Passport_x64.dll (verified signer: [APN LLC])
13720 bytes
Created:  30.10.2014 17:56
Modified: 30.10.2014 17:56
Company:  APN LLC.
----------
Key: {E33CF602-D945-461A-83F0-819F76A199F8}
BHO: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (verified signer: [Kaspersky Lab])
1109696 bytes
Created:  20.04.2014 01:42
Modified: 20.04.2014 01:42
Company:  Kaspersky Lab ZAO
----------

************************************************************
18:51:15: Scanning ----- ShellServiceObjectDelayLoad Entries -----

************************************************************
18:51:15: Scanning ----- 64-Bit ShellServiceObjectDelayLoad Entries -----

************************************************************
18:51:15: Scanning ----- ShellServiceObjects -----

************************************************************
18:51:18: Scanning ----- 64-Bit ShellServiceObjects -----

************************************************************
18:51:21: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
No SharedTaskScheduler entries found to scan

************************************************************
18:51:21: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
18:51:21: Scanning ----- APPINIT_DLLS -----
No AppInit_DLLs value found to check

************************************************************
18:51:21: Scanning ----- 64-Bit APPINIT_DLLS -----
No 64-Bit AppInit_DLLs value found to check

************************************************************
18:51:21: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
18:51:21: Scanning ----- CREDENTIAL PROVIDERS -----

************************************************************
18:51:24: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
Adobe Acrobat - Schnellstart.lnk - links to [C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe]
C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe
-R- 25214 bytes
Created:  24.01.2015 15:49
Modified: 24.01.2015 15:49
Company:  [no info]
--------------------
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created:  14.07.2009 05:54
Modified: 14.07.2009 05:54
Company:  [no info]
--------------------
HP Digital Imaging Monitor.lnk - links to [C:\PROGRA~2\hp\DIGITA~1\bin\hpqtra08.exe]
C:\PROGRA~2\hp\DIGITA~1\bin\hpqtra08.exe
270336 bytes
Created:  20.09.2009 12:36
Modified: 20.09.2009 12:36
Company:  Hewlett-Packard Co.
--------------------
McAfee Security Scan Plus.lnk - links to [C:\PROGRA~1\MCAFEE~1\385C9A~1.150\SSSCHE~1.EXE]
C:\PROGRA~1\MCAFEE~1\385C9A~1.150\SSSCHE~1.EXE (verified signer: [McAfee, Inc.])
332016 bytes
Created:  09.04.2014 14:14
Modified: 09.04.2014 14:14
Company:  McAfee, Inc.
--------------------
vpngui.exe.lnk - links to [C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe]
C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
-R- 5120 bytes
Created:  24.10.2011 17:33
Modified: 24.10.2011 17:33
Company:  [no info]
--------------------

************************************************************
18:51:25: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: ola
[C:\Users\ola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
Adobe Gamma.lnk - links to [C:\PROGRA~2\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE]
C:\PROGRA~2\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
113664 bytes
Created:  16.03.2005 19:16
Modified: 16.03.2005 19:16
Company:  Adobe Systems, Inc.
----------
C:\Users\ola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created:  08.09.2010 14:37
Modified: 18.08.2014 08:29
Company:  [no info]
----------
OpenOffice.org 3.2.lnk - links to [C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE]
C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE
1195008 bytes
Created:  20.05.2010 12:14
Modified: 20.05.2010 12:14
Company:  [no info]
----------
--------------------

************************************************************
18:51:26: Scanning ----- SCHEDULED TASKS -----
Taskname:      {440C16AE-EFF7-4451-9E33-E04BFA205354}
File:          C:\Users\ola\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ola\AppData\Local\Google\Chrome\Application\chrome.exe (verified signer: [Google Inc])
843592 bytes
Created:  16.10.2010 19:21
Modified: 04.02.2015 10:02
Company:  Google Inc.
Schedule:      At task creation/modification
Next Run Time:
Status:        Ready
Creator:     
Comments:     
----------
Taskname:      {5F0472E8-4636-4748-8486-5A34D579AEB8}
File:          C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe (verified signer: [Skype Software Sarl])
-R- 30877280 bytes
Created:  11.12.2014 11:20
Modified: 11.12.2014 11:20
Company:  Skype Technologies S.A.
Schedule:      At task creation/modification
Next Run Time:
Status:        Ready
Creator:      SkypeSetupLight
Comments:     
----------
Taskname:      1und1 Konfiguration
File:          C:\ProgramData\1und1InternetExplorerAddon\ConfigTask.exe
C:\ProgramData\1und1InternetExplorerAddon\ConfigTask.exe (verified signer: [1&1 Mail & Media GmbH])
193632 bytes
Created:  19.04.2011 13:26
Modified: 19.04.2011 13:26
Company:  1und1 Mail und Media GmbH
Schedule:      At 09:55:54 every day
Next Run Time: 13.02.2015 09:55:54
Status:        Ready
Creator:      1und1
Comments:     
----------
Taskname:      Adobe Flash Player Updater
File:          C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (verified signer: [Adobe Systems Incorporated])
267440 bytes
Created:  27.02.2013 22:11
Modified: 05.02.2015 12:36
Company:  Adobe Systems Incorporated
Schedule:      At 01:35:00 every day
Next Run Time: 12.02.2015 19:35:00
Status:        Ready
Creator:      Adobe Systems Incorporated
Comments:      Mit diesem Task ist Ihre Flash Player-Installation immer aktuell und verwendet die neuesten Verbesserungen und Sicherheits-Fixes. Wenn dieser Task deaktiviert oder entfernt wird, kann Adobe Flash Player Ihren Computer nicht automatisch mit den neuesten Sicherheits-Fixes sichern.
----------
Taskname:      CLMLSvc
File:          c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (verified signer: [CyberLink])
210216 bytes
Created:  22.10.2009 18:50
Modified: 22.10.2009 18:50
Company:  CyberLink
Schedule:      At logon
Next Run Time:
Status:        Running
Creator:      CyberLink
Comments:     
----------
Taskname:      CreateChoiceProcessTask
File:          C:\Windows\System32\browserchoice.exe
C:\Windows\System32\browserchoice.exe
294912 bytes
Created:  09.09.2010 19:44
Modified: 23.02.2010 09:16
Company:  Microsoft Corporation
Parameters:    /launch
Schedule:      At task creation/modification
Next Run Time:
Status:        Ready
Creator:      BrowserChoice
Comments:     
----------
Taskname:      DVDAgent
File:          c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Schedule:      At logon
Next Run Time:
Status:        Ready
Creator:      CyberLink
Comments:     
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe - [file not found to scan]
----------
Taskname:      ExtendedServicePlan
File:          C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe
C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe (verified signer: [Hewlett-Packard Company])
26680 bytes
Created:  05.02.2010 19:19
Modified: 20.10.2009 10:58
Company: 
Parameters:    ExtendedServicePlan ShowMessageTask
Schedule:      At 00:00:00 on 08.08.2011
Next Run Time:
Status:        Ready
Creator:     
Comments:     
----------
Taskname:      GoogleUpdateTaskMachineCore
File:          C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (verified signer: [Google Inc])
107912 bytes
Created:  08.09.2010 14:51
Modified: 23.10.2014 11:33
Company:  Google Inc.
Parameters:    /c
Schedule:      Multiple schedule times
Next Run Time: 13.02.2015 10:50:00
Status:        Ready
Creator:      SYSTEM
Comments:      Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird.
----------
Taskname:      GoogleUpdateTaskMachineUA
File:          C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (verified signer: [Google Inc])
107912 bytes
Created:  08.09.2010 14:51
Modified: 23.10.2014 11:33
Company:  Google Inc.
Parameters:    /ua /installsource scheduler
Schedule:      At 10:50:00 every day
Next Run Time: 12.02.2015 19:50:00
Status:        Ready
Creator:      SYSTEM
Comments:      Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird.
----------
Taskname:      GoogleUpdateTaskUserS-1-5-21-107307583-39740663-3650351078-1001Core
File:          C:\Users\ola\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\ola\AppData\Local\Google\Update\GoogleUpdate.exe (verified signer: [Google Inc])
107912 bytes
Created:  16.10.2010 19:21
Modified: 19.10.2014 15:09
Company:  Google Inc.
Parameters:    /c
Schedule:      At 13:26:00 every day
Next Run Time: 13.02.2015 13:26:00
Status:        Ready
Creator:      ola
Comments:      Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird.
----------
Taskname:      GoogleUpdateTaskUserS-1-5-21-107307583-39740663-3650351078-1001UA
File:          C:\Users\ola\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\ola\AppData\Local\Google\Update\GoogleUpdate.exe (verified signer: [Google Inc])
107912 bytes
Created:  16.10.2010 19:21
Modified: 19.10.2014 15:09
Company:  Google Inc.
Parameters:    /ua /installsource scheduler
Schedule:      At 13:26:00 every day
Next Run Time: 12.02.2015 19:26:00
Status:        Ready
Creator:      ola
Comments:      Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird.
----------
Taskname:      Norton Security Scan for ola
File:          C:\PROGRA~2\NORTON~2\Engine\351~1.8\Nss.exe
C:\PROGRA~2\NORTON~2\Engine\351~1.8\Nss.exe (verified signer: [Symantec Corporation])
641464 bytes
Created:  12.11.2011 19:29
Modified: 03.04.2012 01:45
Company:  Symantec Corporation
Parameters:    /scan-quick /scheduled
Schedule:      At 17:15:00 every Sonntag, Montag, Dienstag, Mittwoch, Donnerstag, Freitag, Samstag of every week, starting 12.11.2011
Next Run Time: 13.02.2015 17:15:00
Status:        Ready
Creator:      ola
Comments:      Norton Security Scan
----------
Taskname:      PCDRScheduledMaintenance
File:          C:\Program Files\PC-Doctor for Windows\pcdrcui.exe
C:\Program Files\PC-Doctor for Windows\pcdrcui.exe (verified signer: [PC-Doctor, Inc.])
147440 bytes
Created:  18.09.2009 08:11
Modified: 18.09.2009 08:11
Company:  PC-Doctor, Inc.
Parameters:    -fh scripts\monthly.xml -st PCDRScheduledMaintenance
Schedule:      Multiple schedule times
Next Run Time: 28.02.2015 10:00:00
Status:        Ready
Creator:      PC-Doctor
Comments:     
----------
Taskname:      RecoveryCDWin7
File:          C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe
C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe (verified signer: [Hewlett-Packard Company])
26680 bytes
Created:  05.02.2010 19:19
Modified: 20.10.2009 10:58
Company: 
Parameters:    RecoveryCDWin7 ShowMessageTask
Schedule:      At 00:00:00 every 14 days
Next Run Time:
Status:        Ready
Creator:     
Comments:     
----------
Taskname:      Registration 1und1 Task
File:          C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe
C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe (verified signer: [ITSCM - IT Solution Center Muenchen GmbH])
588656 bytes
Created:  08.06.2011 13:23
Modified: 08.06.2011 13:23
Company:  1&1 Mail & Media GmbH
Schedule:      Multiple schedule times
Next Run Time: 13.02.2015 09:56:00
Status:        Ready
Creator:      1und1
Comments:     
----------
Taskname:      ServicePlan
File:          C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe
C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe (verified signer: [Hewlett-Packard Company])
26680 bytes
Created:  05.02.2010 19:19
Modified: 20.10.2009 10:58
Company: 
Parameters:    ServicePlan ShowMessageTask15D
Schedule:      At 00:00:00 on 23.09.2010
Next Run Time:
Status:        Ready
Creator:     
Comments:     
----------
Taskname:      SidebarExecute
File:          C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe (verified signer: [Microsoft Windows])
1475584 bytes
Created:  09.06.2011 10:27
Modified: 20.11.2010 14:25
Company:  Microsoft Corporation
Schedule:      At task creation/modification
Next Run Time:
Status:        Ready
Creator:     
Comments:     
----------
Taskname:      TuneUpUtilities_Task_BkGndMaintenance2013
File:          C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe
C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe (verified signer: [AVG Netherlands B.V.])
459576 bytes
Created:  16.07.2014 10:22
Modified: 16.07.2014 10:22
Company:  TuneUp Software
Parameters:    $(Arg0)
Schedule:      Task not scheduled
Next Run Time:
Status:        Running
Creator:     
Comments:     
----------

************************************************************
18:51:33: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
18:51:34: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: msacm.l3acm
File:  C:\Windows\SysWOW64\l3codeca.acm
C:\Windows\SysWOW64\l3codeca.acm
64000 bytes
Created:  14.07.2009 01:07
Modified: 14.07.2009 02:14
Company:  Fraunhofer Institut Integrierte Schaltungen IIS
----------
Value: msacm.l3codecp
File:  l3codecp.acm
C:\Windows\SysWoW64\l3codecp.acm
220672 bytes
Created:  14.07.2009 01:09
Modified: 14.07.2009 02:14
Company:  Fraunhofer Institut Integrierte Schaltungen IIS
----------

************************************************************
18:51:35: ----- ADDITIONAL CHECKS -----
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Users\ola\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
C:\Users\ola\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
988938 bytes
Created:  08.09.2010 14:37
Modified: 09.09.2011 13:58
Company:  [no info]
----------
Web Desktop Wallpaper entry is blank
----------
Checks for rogue DNS NameServers completed
----------
Checks for Backdoor.ZeroAccess completed
----------
Safe Mode checks completed
Additional checks completed

************************************************************
18:51:36: Scanning ----- RUNNING PROCESSES -----

C:\Windows\System32\smss.exe
112640 bytes
Created:  17.09.2013 07:29
Modified: 02.08.2013 01:59
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\csrss.exe
7680 bytes
Created:  14.07.2009 00:19
Modified: 14.07.2009 02:39
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\wininit.exe
129024 bytes
Created:  14.07.2009 00:52
Modified: 14.07.2009 02:39
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\services.exe
328704 bytes
Created:  14.07.2009 00:19
Modified: 14.07.2009 02:39
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\winlogon.exe
455168 bytes
Created:  17.10.2014 09:26
Modified: 17.07.2014 03:07
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\lsass.exe
31232 bytes
Created:  14.05.2014 13:51
Modified: 12.04.2014 03:19
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\lsm.exe
343040 bytes
Created:  09.06.2011 10:27
Modified: 20.11.2010 14:24
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\svchost.exe
27136 bytes
Created:  14.07.2009 00:31
Modified: 14.07.2009 02:39
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\atiesrxx.exe
202752 bytes
Created:  06.02.2010 03:39
Modified: 02.12.2009 13:18
Company:  AMD
--------------------
C:\Windows\System32\atieclxx.exe
446976 bytes
Created:  06.02.2010 03:39
Modified: 02.12.2009 13:19
Company:  AMD
--------------------
C:\Windows\System32\spoolsv.exe
559104 bytes
Created:  15.08.2012 10:05
Modified: 11.02.2012 07:36
Company:  Microsoft Corporation
--------------------
C:\Windows\SysWOW64\svchost.exe
20992 bytes
Created:  14.07.2009 00:19
Modified: 14.07.2009 02:14
Company:  Microsoft Corporation
C:\Windows\SysWOW64\svchost.exe
20992 bytes
Created:  14.07.2009 00:19
Modified: 14.07.2009 02:14
Company:  Microsoft Corporation
C:\Windows\System32\dwm.exe
120320 bytes
Created:  14.07.2009 00:37
Modified: 14.07.2009 02:39
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\taskhost.exe
68608 bytes
Created:  21.03.2013 10:00
Modified: 23.11.2012 04:13
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\wbem\WmiPrvSE.exe
372736 bytes
Created:  09.06.2011 10:27
Modified: 20.11.2010 14:25
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
270336 bytes
Created:  20.09.2009 12:36
Modified: 20.09.2009 12:36
Company:  Hewlett-Packard Co.
--------------------
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
332016 bytes
Created:  09.04.2014 14:14
Modified: 09.04.2014 14:14
Company:  McAfee, Inc.
--------------------
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
11318784 bytes
Created:  20.05.2010 23:59
Modified: 20.05.2010 23:59
Company:  OpenOffice.org
--------------------
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
11312128 bytes
Created:  20.05.2010 23:59
Modified: 20.05.2010 23:59
Company:  OpenOffice.org
--------------------
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
656896 bytes
Created:  25.08.2009 03:11
Modified: 25.08.2009 03:11
Company:  Hewlett-Packard
--------------------
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
309824 bytes
Created:  03.11.2011 19:54
Modified: 25.08.2010 11:27
Company:  ArcSoft Inc.
--------------------
C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
2040120 bytes
Created:  16.07.2014 10:24
Modified: 16.07.2014 10:24
Company:  TuneUp Software
--------------------
C:\Windows\System32\taskeng.exe
464384 bytes
Created:  09.06.2011 10:27
Modified: 20.11.2010 14:25
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\wbem\unsecapp.exe
47104 bytes
Created:  14.07.2009 00:47
Modified: 14.07.2009 02:39
Company:  Microsoft Corporation
--------------------
C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\4\Plugin.exe
400120 bytes
Created:  11.02.2015 19:33
Modified: 11.02.2015 19:33
Company: 
--------------------
C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\8\Plugin.exe
508152 bytes
Created:  12.02.2015 06:33
Modified: 12.02.2015 06:33
Company: 
--------------------
C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\3\Plugin.exe
701176 bytes
Created:  12.02.2015 07:33
Modified: 12.02.2015 07:33
Company: 
--------------------
C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\5\Plugin.exe
518904 bytes
Created:  11.02.2015 19:33
Modified: 11.02.2015 19:33
Company: 
--------------------
C:\Windows\System32\SearchIndexer.exe
591872 bytes
Created:  29.06.2011 09:24
Modified: 04.05.2011 06:19
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
65536 bytes
Created:  22.04.2009 17:38
Modified: 22.04.2009 17:38
Company:  Advanced Micro Devices Inc.
--------------------
C:\Windows\System32\WUDFHost.exe
229888 bytes
Created:  16.11.2012 19:48
Modified: 26.07.2012 04:08
Company:  Microsoft Corporation
--------------------
C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
42856 bytes
Created:  09.06.2011 10:26
Modified: 05.11.2010 02:53
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\hp\Digital Imaging\bin\hpqste08.exe
168960 bytes
Created:  20.09.2009 12:07
Modified: 20.09.2009 12:07
Company:  Hewlett-Packard Co.
--------------------
C:\Program Files (x86)\hp\Digital Imaging\bin\hpqbam08.exe
559104 bytes
Created:  20.09.2009 12:07
Modified: 20.09.2009 12:07
Company:  Hewlett-Packard Co.
--------------------
C:\Program Files (x86)\hp\Digital Imaging\bin\hpqgpc01.exe
362496 bytes
Created:  21.05.2009 18:57
Modified: 21.05.2009 18:57
Company:  Hewlett-Packard
--------------------
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
65536 bytes
Created:  22.04.2009 17:37
Modified: 22.04.2009 17:37
Company:  ATI Technologies Inc.
--------------------
C:\Program Files\Windows Media Player\wmpnetwk.exe
1525248 bytes
Created:  09.06.2011 10:27
Modified: 20.11.2010 14:25
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
192160 bytes
Created:  20.04.2014 16:15
Modified: 20.04.2014 16:15
Company:  Kaspersky Lab ZAO
--------------------
C:\Windows\servicing\TrustedInstaller.exe
194048 bytes
Created:  09.06.2011 10:26
Modified: 20.11.2010 14:25
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\wuauclt.exe
58336 bytes
Created:  31.08.2014 10:08
Modified: 14.05.2014 17:23
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
247968 bytes
Created:  11.03.2014 22:36
Modified: 11.03.2014 22:36
Company:  Microsoft Corporation.
--------------------
C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe
FileSize:          5484896
[This is a Trojan Remover component]
--------------------
--------------------
C:\Windows\System32\SearchProtocolHost.exe
249856 bytes
Created:  29.06.2011 09:24
Modified: 04.05.2011 06:19
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\SearchFilterHost.exe
113664 bytes
Created:  29.06.2011 09:24
Modified: 04.05.2011 06:19
Company:  Microsoft Corporation
--------------------

************************************************************
18:51:47: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
18:51:48: Checking ----- ROGUE BROWSER MODIFICATIONS -----

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\SysWOW64\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11412&pf=V7&trgb=CR&p2=%5EBBK%5EOSJ000%5EYY%5EDE&gct=hp&apn_ptnrs=BBK&apn_dtid=%5EOSJ000%5EYY%5EDE&apn_dbr=cr_37.0.2062.120&apn_uid=E5F992F8-2029-4972-9D8F-8C5D058ACD21&itbv=12.15.5.30&doi=2014-09-15&psv=&pt=tb
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=01ff5193-73d3-475b-a8f9-3b78739c5878&searchtype=ds&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
hxxp://go.gmx.net/br/ie9_startpage

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 18:51:48 12 Feb 2015
Total Scan time: 00:02:21
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.9.1.2932. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 18:05:20 12 Feb 2015
Using Database v8517
Operating System:  Windows 7 x64 Home Premium (SP1) [Build: 6.1.7601]
File System:      NTFS
UAC is ENABLED [default level]
[Secure Desktop Prompt is DISABLED]
UserData directory: C:\Users\ola\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory:  C:\Users\ola\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files (x86)\Trojan Remover\
Running with Administrator privileges

************************************************************
18:05:22: ----- Checking Default File Associations -----
No modified default file associations detected

************************************************************
18:05:22: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
18:05:24: Scanning ----- Windows Registry -----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [explorer.exe]
File: C:\Windows\Explorer.exe
C:\Windows\Explorer.exe (verified signer: [Microsoft Windows])
2871808 bytes
Created:  27.04.2011 12:30
Modified: 25.02.2011 07:19
Company:  Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\Windows\system32\userinit.exe,]
File: C:\Windows\system32\userinit.exe
C:\Windows\System32\userinit.exe (verified signer: [Microsoft Windows])
30720 bytes
Created:  09.06.2011 10:26
Modified: 20.11.2010 14:25
Company:  Microsoft Corporation
----------
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [hpsysdrv]
Value Data: [c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe]
c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (verified signer: [Hewlett-Packard Company])
62768 bytes
Created:  20.11.2008 10:47
Modified: 20.11.2008 10:47
Company:  Hewlett-Packard
--------------------
Value Name: [HP Remote Solution]
Value Data: [%ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe]
C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe - [file not found to scan]
--------------------
Value Name: [IAStorIcon]
Value Data: [C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe]
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (verified signer: [Intel Corporation])
284696 bytes
Created:  05.02.2010 19:03
Modified: 02.10.2009 12:26
Company:  Intel Corporation
--------------------
Value Name: [StartCCC]
Value Data: ["C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun]
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
98304 bytes
Created:  01.12.2009 22:39
Modified: 01.12.2009 22:39
Company:  Advanced Micro Devices, Inc.
--------------------
Value Name: [HP Software Update]
Value Data: [c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe]
c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe (verified signer: [Hewlett-Packard Company])
54576 bytes
Created:  08.12.2008 14:50
Modified: 08.12.2008 14:50
Company:  Hewlett-Packard
--------------------
Value Name: [Easybits Recovery]
Value Data: [C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe]
C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (verified signer: [EasyBits Software AS])
60464 bytes
Created:  02.09.2009 12:00
Modified: 02.09.2009 12:00
Company:  EasyBits Software AS
--------------------
Value Name: [hpqSRMon]
Value Data: [C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe]
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
150528 bytes
Created:  22.07.2008 18:33
Modified: 22.07.2008 18:33
Company:  Hewlett-Packard
--------------------
Value Name: [GrooveMonitor]
Value Data: ["C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"]
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (verified signer: [Microsoft Corporation])
30040 bytes
Created:  26.02.2009 18:36
Modified: 26.02.2009 18:36
Company:  Microsoft Corporation
--------------------
Value Name: [DivXUpdate]
Value Data: ["C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW]
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (verified signer: [DivX, LLC])
1230704 bytes
Created:  21.03.2011 19:56
Modified: 21.03.2011 19:56
Company: 
--------------------
Value Name: [ArcSoft Connection Service]
Value Data: [C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe]
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (verified signer: [ArcSoft, Inc.])
207424 bytes
Created:  03.11.2011 19:54
Modified: 27.10.2010 19:17
Company:  ArcSoft Inc.
--------------------
Value Name: [Nikon Transfer Monitor]
Value Data: [C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe]
C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
479232 bytes
Created:  15.09.2009 18:47
Modified: 15.09.2009 18:47
Company:  Nikon Corporation
--------------------
Value Name: [Adobe Reader Speed Launcher]
Value Data: ["C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"]
C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (verified signer: [Adobe Systems, Incorporated])
40368 bytes
Created:  31.08.2011 02:57
Modified: 31.08.2011 02:57
Company:  Adobe Systems Incorporated
--------------------
Value Name: [Adobe ARM]
Value Data: ["C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (verified signer: [Adobe Systems, Incorporated])
-R- 937920 bytes
Created:  29.03.2011 21:59
Modified: 29.03.2011 21:59
Company:  Adobe Systems Incorporated
--------------------
Value Name: [ApnTBMon]
Value Data: ["C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"]
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (verified signer: [APN LLC])
1934744 bytes
Created:  31.01.2015 00:53
Modified: 31.01.2015 00:53
Company:  APN
--------------------
Value Name: [KiesTrayAgent]
Value Data: [C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe]
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (verified signer: [Samsung Electronics CO., LTD.])
311616 bytes
Created:  14.06.2014 12:30
Modified: 25.07.2014 09:42
Company:  Samsung Electronics Co., Ltd.
--------------------
Value Name: [Acrobat Assistant 7.0]
Value Data: ["C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"]
C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
483328 bytes
Created:  14.12.2004 02:12
Modified: 14.12.2004 02:12
Company:  Adobe Systems Inc.
--------------------
Value Name: [TrojanScanner]
Value Data: [C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot]
C:\Program Files (x86)\Trojan Remover\Trjscan.exe (verified signer: [Simply Super Software])
1791856 bytes
Created:  12.02.2015 18:04
Modified: 16.10.2014 16:00
Company:  Simply Super Software
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: [HPADVISOR]
Value Data: [C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW]
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (verified signer: [Hewlett-Packard Company])
1685048 bytes
Created:  29.09.2009 15:26
Modified: 29.09.2009 15:26
Company:  Hewlett-Packard
--------------------
Value Name: [swg]
Value Data: ["C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"]
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (verified signer: [Google Inc])
39408 bytes
Created:  08.09.2010 14:51
Modified: 08.09.2010 14:51
Company:  Google Inc.
--------------------
Value Name: [Sony Ericsson PC Suite]
Value Data: ["C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon]
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
434176 bytes
Created:  23.09.2010 17:25
Modified: 24.09.2009 13:41
Company:  Sony Ericsson Mobile Communications AB
--------------------
Value Name: [Google Update]
Value Data: ["C:\Users\ola\AppData\Local\Google\Update\GoogleUpdate.exe" /c]
C:\Users\ola\AppData\Local\Google\Update\GoogleUpdate.exe (verified signer: [Google Inc])
107912 bytes
Created:  16.10.2010 19:21
Modified: 19.10.2014 15:09
Company:  Google Inc.
--------------------
Value Name: [Spiele Post]
Value Data: [C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe]
C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe (verified signer: [INTENIUM GmbH])
483400 bytes
Created:  06.12.2013 13:09
Modified: 06.12.2013 13:09
Company:  Intenium
--------------------
Value Name: [Exetender]
Value Data: ["C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup]
C:\Program Files (x86)\Free Ride Games\GPlayer.exe (verified signer: [Exent Technologies Ltd.])
4862384 bytes
Created:  31.07.2011 13:00
Modified: 01.09.2011 18:18
Company:  Exent Technologies Ltd.
--------------------
Value Name: [GameXN GO]
Value Data: ["C:\ProgramData\GameXN\GameXNGO.exe" /startup]
C:\ProgramData\GameXN\GameXNGO.exe (verified signer: [EasyBits Software AS])
347144 bytes
Created:  01.09.2011 12:34
Modified: 08.08.2014 11:12
Company:  GameXN AS
--------------------
Value Name: [GoogleChromeAutoLaunch_7AF6FE48D09771C69065DE049B362851]
Value Data: ["C:\Users\ola\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window]
C:\Users\ola\AppData\Local\Google\Chrome\Application\chrome.exe (verified signer: [Google Inc])
843592 bytes
Created:  16.10.2010 19:21
Modified: 04.02.2015 10:02
Company:  Google Inc.
--------------------
Value Name: [Alamandi tray notifier]
Value Data: [c:\program files (x86)\deutschland spielt\alamandi\TaskBarNotifier.exe]
c:\program files (x86)\deutschland spielt\alamandi\TaskBarNotifier.exe - [file not found to scan]
--------------------
Value Name: [Amazon Music]
Value Data: ["C:\Users\ola\AppData\Local\Amazon Music\Amazon Music Helper.exe"]
C:\Users\ola\AppData\Local\Amazon Music\Amazon Music Helper.exe (verified signer: [Amazon Services LLC])
6281536 bytes
Created:  12.09.2014 18:39
Modified: 06.09.2014 01:54
Company:  [no info]
--------------------
Value Name: [KiesPreload]
Value Data: [C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload]
C:\Program Files (x86)\Samsung\Kies\Kies.exe (verified signer: [Samsung Electronics CO., LTD.])
1562264 bytes
Created:  14.06.2014 12:30
Modified: 25.07.2014 09:42
Company:  Samsung
--------------------
Value Name: [Skype]
Value Data: ["C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun]
C:\Program Files (x86)\Skype\Phone\Skype.exe (verified signer: [Skype Software Sarl])
-R- 30877280 bytes
Created:  11.12.2014 11:20
Modified: 11.12.2014 11:20
Company:  Skype Technologies S.A.
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty

************************************************************
18:05:53: Scanning ----- Windows 64-Bit Registry -----
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [SmartMenu]
Value Data: [C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background]
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (verified signer: [Hewlett-Packard Company])
610360 bytes
Created:  14.09.2009 16:17
Modified: 14.09.2009 16:17
Company: 
--------------------
Value Name: [PC-Doctor for Windows localizer]
Value Data: [C:\Program Files\PC-Doctor for Windows\localizer.exe]
C:\Program Files\PC-Doctor for Windows\localizer.exe (verified signer: [PC-Doctor, Inc.])
95728 bytes
Created:  17.09.2009 06:57
Modified: 17.09.2009 06:57
Company:  PC-Doctor, Inc.
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty

************************************************************
18:05:54: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {E54729E8-BB3D-4270-9D49-7389EA579090}
Value:    EasyBits Security Shield Hook - prevents launching insecure programs by kids
File:      C:\Windows\SysWow64\EZUPBH~1.DLL
C:\Windows\SysWow64\EZUPBH~1.DLL (verified signer: [EasyBits Software AS])
52272 bytes
Created:  05.02.2010 19:26
Modified: 05.02.2010 19:26
Company:  EasyBits Software Corp.
----------
ValueName: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}
Value:    Groove GFS Stub Execution Hook
File:      C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (verified signer: [Microsoft Corporation])
2217832 bytes
Created:  26.02.2009 18:36
Modified: 26.02.2009 18:36
Company:  Microsoft Corporation
----------

************************************************************
18:06:00: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
18:06:00: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
--------------------

************************************************************
18:06:00: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key:  {2D46B6DC-2207-486B-B523-A557E6D54B47}
Path: C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
C:\Windows\SysWoW64\ie4uinit.exe - [file not found to scan]
----------

************************************************************
18:06:02: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key:  HPSLPSVC
Path: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
1039360 bytes
Created:  22.10.2010 13:08
Modified: 22.10.2010 13:08
Company:  Hewlett-Packard Co.
----------

************************************************************
18:06:40: Scanning ----- SERVICES REGISTRY KEYS -----
----------
Key:      ACDaemon
ImagePath: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (verified signer: [ArcSoft, Inc.])
113152 bytes
Created:  03.11.2011 19:54
Modified: 18.03.2010 11:19
Company:  ArcSoft Inc.
----------
----------
Key:      Adobe LM Service
ImagePath: "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
72704 bytes
Created:  24.01.2015 15:56
Modified: 24.01.2015 15:56
Company:  Adobe Systems
----------
----------
Key:      Afc
ImagePath: SysWOW64\drivers\Afc.sys
C:\Windows\SysWOW64\drivers\Afc.sys
22784 bytes
Created:  03.11.2011 19:54
Modified: 14.11.2006 11:31
Company:  Arcsoft, Inc.
----------
----------
Key:      APNMCP
ImagePath: "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe"
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (verified signer: [APN LLC])
177560 bytes
Created:  31.01.2015 00:53
Modified: 31.01.2015 00:53
Company:  APN LLC.
----------
----------
Key:      AVP15.0.0
ImagePath: "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe" -r
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe (verified signer: [Kaspersky Lab])
233552 bytes
Created:  20.04.2014 16:15
Modified: 20.04.2014 16:15
Company:  Kaspersky Lab ZAO
----------
----------
Key:      CVPND
ImagePath: "C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe"
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (verified signer: [Cisco Systems, Inc.])
1528616 bytes
Created:  23.03.2010 12:19
Modified: 23.03.2010 12:19
Company:  Cisco Systems, Inc.
----------
----------
Key:      CVPNDRVA
ImagePath: \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
C:\Windows\System32\Drivers\CVPNDRVA.sys
304784 bytes
Created:  23.03.2010 12:29
Modified: 23.03.2010 12:29
Company:  [no info]
----------
----------
Key:      GamesAppIntegrationService
ImagePath: "C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe"
C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (verified signer: [WildTangent Inc])
227936 bytes
Created:  06.09.2013 01:41
Modified: 08.12.2013 15:09
Company:  WildTangent
----------
----------
Key:      GamesAppService
ImagePath: "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe"
C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (verified signer: [WildTangent Inc])
206072 bytes
Created:  12.10.2010 18:59
Modified: 12.10.2010 18:59
Company:  WildTangent, Inc.
----------
----------
Key:      HP Health Check Service
ImagePath: "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe"
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (verified signer: [Hewlett-Packard Company])
126520 bytes
Created:  15.11.2010 09:04
Modified: 15.11.2010 09:04
Company:  Hewlett-Packard Company
----------
----------
Key:      HPDrvMntSvc.exe
ImagePath: "C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (verified signer: [Hewlett-Packard Company])
92216 bytes
Created:  14.10.2010 17:27
Modified: 14.10.2010 17:27
Company:  Hewlett-Packard Company
----------
----------
Key:      hpqwmiex
ImagePath: "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (verified signer: [Hewlett-Packard Company])
751672 bytes
Created:  14.10.2010 17:22
Modified: 14.10.2010 17:22
Company:  Hewlett-Packard Company
----------
----------
Key:      IAStorDataMgrSvc
ImagePath: "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (verified signer: [Intel Corporation])
13336 bytes
Created:  05.02.2010 19:03
Modified: 02.10.2009 12:26
Company:  Intel Corporation
----------
----------
Key:      klflt
ImagePath: system32\DRIVERS\klflt.sys
C:\Windows\System32\DRIVERS\klflt.sys
141320 bytes
Created:  23.11.2014 17:12
Modified: 23.11.2014 17:20
Company:  Kaspersky Lab ZAO
----------
----------
Key:      McComponentHostService
ImagePath: "C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe"
C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe (verified signer: [McAfee, Inc.])
289256 bytes
Created:  09.04.2014 14:13
Modified: 09.04.2014 14:13
Company:  McAfee, Inc.
----------
----------
Key:      ogmservice
ImagePath: "C:\Program Files (x86)\Online Games Manager\ogmservice.exe" --service-run
C:\Program Files (x86)\Online Games Manager\ogmservice.exe (verified signer: [GameHouse])
581568 bytes
Created:  27.03.2014 13:07
Modified: 27.03.2014 13:07
Company:  RealNetworks, Inc.
----------
----------
Key:      OMSI download service
ImagePath: C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
90112 bytes
Created:  23.09.2010 17:25
Modified: 30.04.2009 11:23
Company:  [no info]
----------
----------
Key:      PDF Architect 2
ImagePath: "C:\Program Files (x86)\PDF Architect 2\ws.exe"
C:\Program Files (x86)\PDF Architect 2\ws.exe (verified signer: [pdfforge GmbH])
1771560 bytes
Created:  10.10.2014 16:03
Modified: 10.10.2014 16:03
Company:  pdfforge GmbH
----------
----------
Key:      PDF Architect 2 Creator
ImagePath: "C:\Program Files (x86)\PDF Architect 2\creator-ws.exe"
C:\Program Files (x86)\PDF Architect 2\creator-ws.exe (verified signer: [pdfforge GmbH])
738856 bytes
Created:  10.10.2014 16:03
Modified: 10.10.2014 16:03
Company:  pdfforge GmbH
----------
----------
Key:      pdfforge CrashHandler
ImagePath: "C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe"
C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe (verified signer: [pdfforge GmbH])
861736 bytes
Created:  10.10.2014 16:03
Modified: 10.10.2014 16:03
Company:  pdfforge GmbH
----------
----------
Key:      Service Mgr PositiveFinds
ImagePath: "C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe"
C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe (verified signer: [Positive Finds])
577272 bytes
Created:  05.02.2015 05:49
Modified: 12.02.2015 01:33
Company: 
----------
----------
Key:      SkypeUpdate
ImagePath: "C:\Program Files (x86)\Skype\Updater\Updater.exe"
C:\Program Files (x86)\Skype\Updater\Updater.exe (verified signer: [Skype Software Sarl])
-R- 315496 bytes
Created:  11.12.2014 10:30
Modified: 11.12.2014 10:30
Company:  Skype Technologies
----------
----------
Key:      TuneUp.UtilitiesSvc
ImagePath: "C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe"
C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (verified signer: [AVG Netherlands B.V.])
2145080 bytes
Created:  16.07.2014 10:24
Modified: 16.07.2014 10:24
Company:  TuneUp Software
----------
----------
Key:      TuneUpUtilitiesDrv
ImagePath: \??\C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys
C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys
14112 bytes
Created:  23.06.2014 08:44
Modified: 23.06.2014 08:44
Company:  TuneUp Software
----------
----------
Key:      Update Mgr PositiveFinds
ImagePath: "C:\Program Files (x86)\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe"
C:\Program Files (x86)\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe (verified signer: [Positive Finds])
384760 bytes
Created:  05.02.2015 04:49
Modified: 12.02.2015 01:33
Company: 
----------
----------
Key:      X5XSEx
ImagePath: \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys
C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys
55400 bytes
Created:  31.07.2011 13:00
Modified: 22.11.2010 08:25
Company:  Exent Technologies Ltd.
----------
----------
Key:      X5XSEx_Pr146
ImagePath: \??\C:\Program Files (x86)\GameTreat Player\X5XSEx.Sys
C:\Program Files (x86)\GameTreat Player\X5XSEx.Sys
55328 bytes
Created:  15.01.2012 15:12
Modified: 10.03.2010 20:02
Company:  Exent Technologies Ltd.
----------

************************************************************
18:08:25: Scanning -----VXD ENTRIES-----

************************************************************
18:08:25: Scanning ----- ContextMenuHandlers -----
Key:  Adobe.Acrobat.ContextMenu
CLSID: {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}
Path:  C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
577536 bytes
Created:  14.12.2004 03:11
Modified: 14.12.2004 03:11
Company:  Adobe Systems Inc.
----------
Key:  Kaspersky Anti-Virus 15.0.0
CLSID: {BD8BB16E-84EC-485E-8F58-9BD1FEFB8EE2}
Path:  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\shellex.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\shellex.dll (verified signer: [Kaspersky Lab])
154784 bytes
Created:  20.04.2014 16:15
Modified: 20.04.2014 16:15
Company:  Kaspersky Lab ZAO
----------
Key:  PDFManagerExt
CLSID: {59E4A616-E484-44B5-95FB-7F430B35E8FE}
Path:  C:\Program Files (x86)\PDF Architect 2\creator-context-menu.dll
C:\Program Files (x86)\PDF Architect 2\creator-context-menu.dll (verified signer: [pdfforge GmbH])
321576 bytes
Created:  10.10.2014 16:03
Modified: 10.10.2014 16:03
Company:  pdfforge GmbH
----------
Key:  TuneUp Shredder Shell Extension
CLSID: {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
Path:  C:\Program Files (x86)\TuneUp Utilities 2014\SDShelEx-win32.dll
C:\Program Files (x86)\TuneUp Utilities 2014\SDShelEx-win32.dll (verified signer: [AVG Netherlands B.V.])
32568 bytes
Created:  16.07.2014 10:24
Modified: 16.07.2014 10:24
Company:  TuneUp Software
----------

************************************************************
18:08:27: Scanning ----- Folder\ColumnHandlers -----
Key:  {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
File: "C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
401920 bytes
Created:  19.05.2010 15:37
Modified: 19.05.2010 15:37
Company:  OpenOffice.org
----------
Key:  {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
110592 bytes
Created:  14.12.2004 02:20
Modified: 14.12.2004 02:20
Company:  Adobe Systems, Inc.
----------

************************************************************
18:08:28: Scanning ----- 64-Bit ContextMenuHandlers -----
Key:  Kaspersky Anti-Virus 15.0.0
CLSID: {BD8BB16E-84EC-485E-8F58-9BD1FEFB8EE2}
Path:  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\shellex.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\shellex.dll (verified signer: [Kaspersky Lab])
245408 bytes
Created:  20.04.2014 16:15
Modified: 20.04.2014 16:15
Company:  Kaspersky Lab ZAO
----------
Key:  TuneUp Shredder Shell Extension
CLSID: {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
Path:  C:\Program Files (x86)\TuneUp Utilities 2014\SDShelEx-x64.dll
C:\Program Files (x86)\TuneUp Utilities 2014\SDShelEx-x64.dll (verified signer: [AVG Netherlands B.V.])
32056 bytes
Created:  16.07.2014 10:24
Modified: 16.07.2014 10:24
Company:  TuneUp Software
----------

************************************************************
18:08:29: Scanning ----- 64-Bit Folder\ColumnHandlers -----
Key:  {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
File: "C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll"
C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll
830464 bytes
Created:  19.05.2010 15:41
Modified: 19.05.2010 15:41
Company:  OpenOffice.org
----------

************************************************************
18:08:30: Scanning ----- Browser Helper Objects -----
Key: {02478D38-C3F9-4efb-9B51-7695ECA05670}
BHO: C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (verified signer: [Yahoo! Inc.])
882416 bytes
Created:  28.07.2008 11:47
Modified: 28.07.2008 11:47
Company:  Yahoo! Inc.
----------
Key: {0347C33E-8762-4905-BF09-768834316C61}
BHO: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (verified signer: [Hewlett-Packard Company])
328248 bytes
Created:  20.09.2009 12:15
Modified: 20.09.2009 12:15
Company:  Hewlett-Packard Co.
----------
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (verified signer: [Adobe Systems, Incorporated])
63136 bytes
Created:  14.12.2004 01:56
Modified: 14.12.2004 01:56
Company:  Adobe Systems Incorporated
----------
Key: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01}
BHO: C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (verified signer: [McAfee, Inc.])
96128 bytes
Created:  09.04.2014 14:12
Modified: 09.04.2014 14:12
Company:  McAfee, Inc.
----------
Key: {17166733-40EA-4432-A85C-AE672FF0E236}
BHO: C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll
C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (verified signer: [1&1 Mail & Media GmbH])
163936 bytes
Created:  11.05.2011 16:36
Modified: 11.05.2011 16:36
Company:  1&1 Mail & Media GmbH
----------
Key: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6}
BHO: C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (verified signer: [Microsoft Corporation])
1431712 bytes
Created:  11.03.2014 22:36
Modified: 11.03.2014 22:36
Company:  Microsoft Corporation.
----------
Key: {30c85a3d-1d96-4589-b63f-91fb7ef45a41}
BHO: C:\Program Files (x86)\Positive Finds\Extensions\30c85a3d-1d96-4589-b63f-91fb7ef45a41.dll
C:\Program Files (x86)\Positive Finds\Extensions\30c85a3d-1d96-4589-b63f-91fb7ef45a41.dll (verified signer: [Positive Finds])
145656 bytes
Created:  05.02.2015 08:00
Modified: 05.02.2015 08:00
Company: 
----------
Key: {30F9B915-B755-4826-820B-08FBA6BD249D}
BHO: C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (verified signer: [Conduit Ltd.])
175912 bytes
Created:  02.05.2011 17:37
Modified: 17.01.2011 15:54
Company:  Conduit Ltd.
----------
Key: {31ad400d-1b06-4e33-a59a-90c2c140cba0}
BHO: mscoree.dll
C:\Windows\SysWoW64\mscoree.dll (verified signer: [Microsoft Windows])
297808 bytes
Created:  09.06.2011 10:27
Modified: 05.11.2010 02:58
Company:  Microsoft Corporation
----------
Key: {326E768D-4182-46FD-9C16-1449A49795F4}
BHO: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (verified signer: [DivX, LLC])
3118976 bytes
Created:  08.02.2011 01:17
Modified: 08.02.2011 01:17
Company:  DivX, LLC
----------
Key: {4F524A2D-5350-4500-76A7-7A786E7484D7}
BHO: "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll"
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll (verified signer: [APN LLC])
12184 bytes
Created:  31.01.2015 00:53
Modified: 31.01.2015 00:53
Company:  APN LLC.
----------
Key: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}
BHO: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (verified signer: [Kaspersky Lab])
709312 bytes
Created:  20.04.2014 01:42
Modified: 20.04.2014 01:42
Company:  Kaspersky Lab ZAO
----------
Key: {691B33B0-B86E-47F3-81C7-56E4FE3B929C}
BHO: C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll
C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll (verified signer: [pdfforge GmbH])
37928 bytes
Created:  10.10.2014 16:03
Modified: 10.10.2014 16:03
Company:  pdfforge GmbH
----------
Key: {73455575-E40C-433C-9784-C78DC7761455}
BHO: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (verified signer: [Kaspersky Lab])
1152808 bytes
Created:  20.04.2014 01:42
Modified: 23.11.2014 17:20
Company:  Kaspersky Lab ZAO
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (verified signer: [Oracle America, Inc.])
460712 bytes
Created:  12.02.2015 17:56
Modified: 12.02.2015 17:56
Company:  Oracle Corporation
----------
Key: {79a2b609-bbc0-4d16-9925-70cb98a6490d}
BHO: C:\Program Files (x86)\Die_FreeRide_Games_Bar\prxtbDie_.dll
C:\Program Files (x86)\Die_FreeRide_Games_Bar\prxtbDie_.dll (verified signer: [Conduit Ltd.])
176936 bytes
Created:  09.05.2011 10:49
Modified: 09.05.2011 10:49
Company:  Conduit Ltd.
----------
Key: {872b5b88-9db5-4310-bdd0-ac189557e5f5}
BHO: C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (verified signer: [Conduit Ltd.])
175912 bytes
Created:  28.07.2011 17:55
Modified: 17.01.2011 15:54
Company:  Conduit Ltd.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (verified signer: [Microsoft Corporation])
408448 bytes
Created:  22.01.2009 15:41
Modified: 22.01.2009 15:41
Company:  Microsoft Corporation
----------
Key: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}
BHO: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (verified signer: [Kaspersky Lab])
480448 bytes
Created:  20.04.2014 01:42
Modified: 20.04.2014 01:42
Company:  Kaspersky Lab ZAO
----------
Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (verified signer: [Google Inc])
194504 bytes
Created:  08.09.2010 14:51
Modified: 28.03.2014 14:07
Company:  Google Inc.
----------
Key: {AE7CD045-E861-484f-8273-0445EE161910}
BHO: C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
225280 bytes
Created:  14.12.2004 02:13
Modified: 14.12.2004 02:13
Company:  Adobe Systems Incorporated
----------
Key: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
BHO: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (verified signer: [Skype Technologies SA])
4296864 bytes
Created:  02.03.2012 10:51
Modified: 02.03.2012 10:51
Company:  Skype Technologies S.A.
----------
Key: {BF42D4A8-016E-4fcd-B1EB-837659FD77C6}
BHO: C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll
C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (verified signer: [1&1 Mail & Media GmbH])
1579104 bytes
Created:  02.02.2012 19:32
Modified: 02.02.2012 19:32
Company:  1und1 Mail und Media GmbH
----------
Key: {D4027C7F-154A-4066-A1AD-4243D8127440}
BHO: "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MTV\Passport.dll"
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MTV\Passport.dll (verified signer: [APN LLC])
12184 bytes
Created:  30.10.2014 17:56
Modified: 30.10.2014 17:56
Company:  APN LLC.
----------
Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}
BHO: C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (verified signer: [Oracle America, Inc.])
172968 bytes
Created:  12.02.2015 17:56
Modified: 12.02.2015 17:56
Company:  Oracle Corporation
----------
Key: {E33CF602-D945-461A-83F0-819F76A199F8}
BHO: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (verified signer: [Kaspersky Lab])
891072 bytes
Created:  20.04.2014 01:42
Modified: 20.04.2014 01:42
Company:  Kaspersky Lab ZAO
----------
Key: {f92a9fe4-2850-4198-b9d5-279880e49b16}
BHO: C:\Program Files (x86)\A_Free_Ride_Games_Bar\prxtbA_Fr.dll
C:\Program Files (x86)\A_Free_Ride_Games_Bar\prxtbA_Fr.dll (verified signer: [Conduit Ltd.])
175912 bytes
Created:  31.07.2011 13:00
Modified: 17.01.2011 15:54
Company:  Conduit Ltd.
----------
Key: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
BHO: C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (verified signer: [Yahoo! Inc.])
160496 bytes
Created:  28.07.2008 11:47
Modified: 28.07.2008 11:47
Company:  Yahoo! Inc
----------
Key: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}
BHO: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (verified signer: [Hewlett-Packard Company])
509496 bytes
Created:  20.09.2009 12:15
Modified: 20.09.2009 12:15
Company:  Hewlett-Packard Co.
----------

************************************************************
18:08:45: Scanning ----- 64-Bit Browser Helper Objects -----
Key: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6}
BHO: C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (verified signer: [Microsoft Corporation])
1154720 bytes
Created:  11.03.2014 22:30
Modified: 11.03.2014 22:30
Company:  Microsoft Corporation.
----------
Key: {31ad400d-1b06-4e33-a59a-90c2c140cba0}
BHO: mscoree.dll
C:\Windows\System32\mscoree.dll (verified signer: [Microsoft Windows])
444752 bytes
Created:  09.06.2011 10:27
Modified: 05.11.2010 02:57
Company:  Microsoft Corporation
----------
Key: {4F524A2D-5350-4500-76A7-7A786E7484D7}
BHO: "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll"
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll (verified signer: [APN LLC])
13720 bytes
Created:  31.01.2015 00:53
Modified: 31.01.2015 00:53
Company:  APN LLC.
----------
Key: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}
BHO: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (verified signer: [Kaspersky Lab])
878784 bytes
Created:  20.04.2014 01:42
Modified: 20.04.2014 01:42
Company:  Kaspersky Lab ZAO
----------
Key: {73455575-E40C-433C-9784-C78DC7761455}
BHO: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (verified signer: [Kaspersky Lab])
1428264 bytes
Created:  20.04.2014 01:42
Modified: 23.11.2014 17:20
Company:  Kaspersky Lab ZAO
----------
Key: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}
BHO: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (verified signer: [Kaspersky Lab])
583360 bytes
Created:  20.04.2014 01:42
Modified: 20.04.2014 01:42
Company:  Kaspersky Lab ZAO
----------
Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (verified signer: [Google Inc])
256456 bytes
Created:  08.09.2010 14:52
Modified: 28.03.2014 14:08
Company:  Google Inc.
----------
Key: {BF42D4A8-016E-4fcd-B1EB-837659FD77C6}
BHO: C:\Program Files\GMX Toolbar\IE\uitb.dll
C:\Program Files\GMX Toolbar\IE\uitb.dll (verified signer: [1&1 Mail & Media GmbH])
1973344 bytes
Created:  02.02.2012 19:32
Modified: 02.02.2012 19:32
Company:  1und1 Mail und Media GmbH
----------
Key: {D4027C7F-154A-4066-A1AD-4243D8127440}
BHO: "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MTV\Passport_x64.dll"
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MTV\Passport_x64.dll (verified signer: [APN LLC])
13720 bytes
Created:  30.10.2014 17:56
Modified: 30.10.2014 17:56
Company:  APN LLC.
----------
Key: {E33CF602-D945-461A-83F0-819F76A199F8}
BHO: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (verified signer: [Kaspersky Lab])
1109696 bytes
Created:  20.04.2014 01:42
Modified: 20.04.2014 01:42
Company:  Kaspersky Lab ZAO
----------

************************************************************
18:08:51: Scanning ----- ShellServiceObjectDelayLoad Entries -----

************************************************************
18:08:51: Scanning ----- 64-Bit ShellServiceObjectDelayLoad Entries -----

************************************************************
18:08:51: Scanning ----- ShellServiceObjects -----

************************************************************
18:08:56: Scanning ----- 64-Bit ShellServiceObjects -----

************************************************************
18:09:03: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
No SharedTaskScheduler entries found to scan

************************************************************
18:09:03: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
18:09:03: Scanning ----- APPINIT_DLLS -----
No AppInit_DLLs value found to check

************************************************************
18:09:04: Scanning ----- 64-Bit APPINIT_DLLS -----
No 64-Bit AppInit_DLLs value found to check

************************************************************
18:09:05: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
18:09:05: Scanning ----- CREDENTIAL PROVIDERS -----

************************************************************
18:09:09: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
Adobe Acrobat - Schnellstart.lnk - links to [C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe]
C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe
-R- 25214 bytes
Created:  24.01.2015 15:49
Modified: 24.01.2015 15:49
Company:  [no info]
--------------------
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created:  14.07.2009 05:54
Modified: 14.07.2009 05:54
Company:  [no info]
--------------------
HP Digital Imaging Monitor.lnk - links to [C:\PROGRA~2\hp\DIGITA~1\bin\hpqtra08.exe]
C:\PROGRA~2\hp\DIGITA~1\bin\hpqtra08.exe
270336 bytes
Created:  20.09.2009 12:36
Modified: 20.09.2009 12:36
Company:  Hewlett-Packard Co.
--------------------
McAfee Security Scan Plus.lnk - links to [C:\PROGRA~1\MCAFEE~1\385C9A~1.150\SSSCHE~1.EXE]
C:\PROGRA~1\MCAFEE~1\385C9A~1.150\SSSCHE~1.EXE (verified signer: [McAfee, Inc.])
332016 bytes
Created:  09.04.2014 14:14
Modified: 09.04.2014 14:14
Company:  McAfee, Inc.
--------------------
vpngui.exe.lnk - links to [C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe]
C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
-R- 5120 bytes
Created:  24.10.2011 17:33
Modified: 24.10.2011 17:33
Company:  [no info]
--------------------

************************************************************
18:09:11: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: ola
[C:\Users\ola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
Adobe Gamma.lnk - links to [C:\PROGRA~2\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE]
C:\PROGRA~2\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
113664 bytes
Created:  16.03.2005 19:16
Modified: 16.03.2005 19:16
Company:  Adobe Systems, Inc.
----------
C:\Users\ola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created:  08.09.2010 14:37
Modified: 18.08.2014 08:29
Company:  [no info]
----------
OpenOffice.org 3.2.lnk - links to [C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE]
C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE
1195008 bytes
Created:  20.05.2010 12:14
Modified: 20.05.2010 12:14
Company:  [no info]
----------
--------------------

************************************************************
18:09:12: Scanning ----- SCHEDULED TASKS -----
Taskname:      {440C16AE-EFF7-4451-9E33-E04BFA205354}
File:          C:\Users\ola\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ola\AppData\Local\Google\Chrome\Application\chrome.exe (verified signer: [Google Inc])
843592 bytes
Created:  16.10.2010 19:21
Modified: 04.02.2015 10:02
Company:  Google Inc.
Schedule:      At task creation/modification
Next Run Time:
Status:        Ready
Creator:     
Comments:     
----------
Taskname:      {5F0472E8-4636-4748-8486-5A34D579AEB8}
File:          C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe (verified signer: [Skype Software Sarl])
-R- 30877280 bytes
Created:  11.12.2014 11:20
Modified: 11.12.2014 11:20
Company:  Skype Technologies S.A.
Schedule:      At task creation/modification
Next Run Time:
Status:        Ready
Creator:      SkypeSetupLight
Comments:     
----------
Taskname:      1und1 Konfiguration
File:          C:\ProgramData\1und1InternetExplorerAddon\ConfigTask.exe
C:\ProgramData\1und1InternetExplorerAddon\ConfigTask.exe (verified signer: [1&1 Mail & Media GmbH])
193632 bytes
Created:  19.04.2011 13:26
Modified: 19.04.2011 13:26
Company:  1und1 Mail und Media GmbH
Schedule:      At 09:55:54 every day
Next Run Time: 13.02.2015 09:55:54
Status:        Ready
Creator:      1und1
Comments:     
----------
Taskname:      Adobe Flash Player Updater
File:          C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (verified signer: [Adobe Systems Incorporated])
267440 bytes
Created:  27.02.2013 22:11
Modified: 05.02.2015 12:36
Company:  Adobe Systems Incorporated
Schedule:      At 01:35:00 every day
Next Run Time: 12.02.2015 18:35:00
Status:        Ready
Creator:      Adobe Systems Incorporated
Comments:      Mit diesem Task ist Ihre Flash Player-Installation immer aktuell und verwendet die neuesten Verbesserungen und Sicherheits-Fixes. Wenn dieser Task deaktiviert oder entfernt wird, kann Adobe Flash Player Ihren Computer nicht automatisch mit den neuesten Sicherheits-Fixes sichern.
----------
Taskname:      CLMLSvc
File:          c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (verified signer: [CyberLink])
210216 bytes
Created:  22.10.2009 18:50
Modified: 22.10.2009 18:50
Company:  CyberLink
Schedule:      At logon
Next Run Time:
Status:        Running
Creator:      CyberLink
Comments:     
----------
Taskname:      CreateChoiceProcessTask
File:          C:\Windows\System32\browserchoice.exe
C:\Windows\System32\browserchoice.exe
294912 bytes
Created:  09.09.2010 19:44
Modified: 23.02.2010 09:16
Company:  Microsoft Corporation
Parameters:    /launch
Schedule:      At task creation/modification
Next Run Time:
Status:        Ready
Creator:      BrowserChoice
Comments:     
----------
Taskname:      DVDAgent
File:          c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Schedule:      At logon
Next Run Time:
Status:        Ready
Creator:      CyberLink
Comments:     
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe - [file not found to scan]
----------
Taskname:      ExtendedServicePlan
File:          C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe
C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe (verified signer: [Hewlett-Packard Company])
26680 bytes
Created:  05.02.2010 19:19
Modified: 20.10.2009 10:58
Company: 
Parameters:    ExtendedServicePlan ShowMessageTask
Schedule:      At 00:00:00 on 08.08.2011
Next Run Time:
Status:        Ready
Creator:     
Comments:     
----------
Taskname:      GoogleUpdateTaskMachineCore
File:          C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (verified signer: [Google Inc])
107912 bytes
Created:  08.09.2010 14:51
Modified: 23.10.2014 11:33
Company:  Google Inc.
Parameters:    /c
Schedule:      Multiple schedule times
Next Run Time: 13.02.2015 10:50:00
Status:        Ready
Creator:      SYSTEM
Comments:      Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird.
----------
Taskname:      GoogleUpdateTaskMachineUA
File:          C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (verified signer: [Google Inc])
107912 bytes
Created:  08.09.2010 14:51
Modified: 23.10.2014 11:33
Company:  Google Inc.
Parameters:    /ua /installsource scheduler
Schedule:      At 10:50:00 every day
Next Run Time: 12.02.2015 18:50:00
Status:        Ready
Creator:      SYSTEM
Comments:      Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird.
----------
Taskname:      GoogleUpdateTaskUserS-1-5-21-107307583-39740663-3650351078-1001Core
File:          C:\Users\ola\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\ola\AppData\Local\Google\Update\GoogleUpdate.exe (verified signer: [Google Inc])
107912 bytes
Created:  16.10.2010 19:21
Modified: 19.10.2014 15:09
Company:  Google Inc.
Parameters:    /c
Schedule:      At 13:26:00 every day
Next Run Time: 13.02.2015 13:26:00
Status:        Ready
Creator:      ola
Comments:      Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird.
----------
Taskname:      GoogleUpdateTaskUserS-1-5-21-107307583-39740663-3650351078-1001UA
File:          C:\Users\ola\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\ola\AppData\Local\Google\Update\GoogleUpdate.exe (verified signer: [Google Inc])
107912 bytes
Created:  16.10.2010 19:21
Modified: 19.10.2014 15:09
Company:  Google Inc.
Parameters:    /ua /installsource scheduler
Schedule:      At 13:26:00 every day
Next Run Time: 12.02.2015 18:26:00
Status:        Ready
Creator:      ola
Comments:      Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird.
----------
Taskname:      Norton Security Scan for ola
File:          C:\PROGRA~2\NORTON~2\Engine\351~1.8\Nss.exe
C:\PROGRA~2\NORTON~2\Engine\351~1.8\Nss.exe (verified signer: [Symantec Corporation])
641464 bytes
Created:  12.11.2011 19:29
Modified: 03.04.2012 01:45
Company:  Symantec Corporation
Parameters:    /scan-quick /scheduled
Schedule:      At 17:15:00 every Sonntag, Montag, Dienstag, Mittwoch, Donnerstag, Freitag, Samstag of every week, starting 12.11.2011
Next Run Time: 13.02.2015 17:15:00
Status:        Ready
Creator:      ola
Comments:      Norton Security Scan
----------
Taskname:      PCDRScheduledMaintenance
File:          C:\Program Files\PC-Doctor for Windows\pcdrcui.exe
C:\Program Files\PC-Doctor for Windows\pcdrcui.exe (verified signer: [PC-Doctor, Inc.])
147440 bytes
Created:  18.09.2009 08:11
Modified: 18.09.2009 08:11
Company:  PC-Doctor, Inc.
Parameters:    -fh scripts\monthly.xml -st PCDRScheduledMaintenance
Schedule:      Multiple schedule times
Next Run Time: 28.02.2015 10:00:00
Status:        Ready
Creator:      PC-Doctor
Comments:     
----------
Taskname:      RecoveryCDWin7
File:          C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe
C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe (verified signer: [Hewlett-Packard Company])
26680 bytes
Created:  05.02.2010 19:19
Modified: 20.10.2009 10:58
Company: 
Parameters:    RecoveryCDWin7 ShowMessageTask
Schedule:      At 00:00:00 every 14 days
Next Run Time:
Status:        Ready
Creator:     
Comments:     
----------
Taskname:      Registration 1und1 Task
File:          C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe
C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe (verified signer: [ITSCM - IT Solution Center Muenchen GmbH])
588656 bytes
Created:  08.06.2011 13:23
Modified: 08.06.2011 13:23
Company:  1&1 Mail & Media GmbH
Schedule:      Multiple schedule times
Next Run Time: 13.02.2015 09:56:00
Status:        Running
Creator:      1und1
Comments:     
----------
Taskname:      ServicePlan
File:          C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe
C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe (verified signer: [Hewlett-Packard Company])
26680 bytes
Created:  05.02.2010 19:19
Modified: 20.10.2009 10:58
Company: 
Parameters:    ServicePlan ShowMessageTask15D
Schedule:      At 00:00:00 on 23.09.2010
Next Run Time:
Status:        Ready
Creator:     
Comments:     
----------
Taskname:      SidebarExecute
File:          C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe (verified signer: [Microsoft Windows])
1475584 bytes
Created:  09.06.2011 10:27
Modified: 20.11.2010 14:25
Company:  Microsoft Corporation
Schedule:      At task creation/modification
Next Run Time:
Status:        Ready
Creator:     
Comments:     
----------
Taskname:      TuneUpUtilities_Task_BkGndMaintenance2013
File:          C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe
C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe (verified signer: [AVG Netherlands B.V.])
459576 bytes
Created:  16.07.2014 10:22
Modified: 16.07.2014 10:22
Company:  TuneUp Software
Parameters:    $(Arg0)
Schedule:      Task not scheduled
Next Run Time:
Status:        Ready
Creator:     
Comments:     
----------

************************************************************
18:09:21: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
18:09:22: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: msacm.l3acm
File:  C:\Windows\SysWOW64\l3codeca.acm
C:\Windows\SysWOW64\l3codeca.acm
64000 bytes
Created:  14.07.2009 01:07
Modified: 14.07.2009 02:14
Company:  Fraunhofer Institut Integrierte Schaltungen IIS
----------
Value: msacm.l3codecp
File:  l3codecp.acm
C:\Windows\SysWoW64\l3codecp.acm
220672 bytes
Created:  14.07.2009 01:09
Modified: 14.07.2009 02:14
Company:  Fraunhofer Institut Integrierte Schaltungen IIS
----------

************************************************************
18:09:25: ----- ADDITIONAL CHECKS -----
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Users\ola\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
C:\Users\ola\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
988938 bytes
Created:  08.09.2010 14:37
Modified: 09.09.2011 13:58
Company:  [no info]
----------
Web Desktop Wallpaper entry is blank
----------
Checks for rogue DNS NameServers completed
----------
Checks for Backdoor.ZeroAccess completed
----------
Safe Mode checks completed
Additional checks completed

************************************************************
18:09:27: Scanning ----- RUNNING PROCESSES -----

C:\Windows\System32\smss.exe
112640 bytes
Created:  17.09.2013 07:29
Modified: 02.08.2013 01:59
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\csrss.exe
7680 bytes
Created:  14.07.2009 00:19
Modified: 14.07.2009 02:39
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\wininit.exe
129024 bytes
Created:  14.07.2009 00:52
Modified: 14.07.2009 02:39
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\services.exe
328704 bytes
Created:  14.07.2009 00:19
Modified: 14.07.2009 02:39
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\lsass.exe
31232 bytes
Created:  14.05.2014 13:51
Modified: 12.04.2014 03:19
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\lsm.exe
343040 bytes
Created:  09.06.2011 10:27
Modified: 20.11.2010 14:24
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\winlogon.exe
455168 bytes
Created:  17.10.2014 09:26
Modified: 17.07.2014 03:07
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\svchost.exe
27136 bytes
Created:  14.07.2009 00:31
Modified: 14.07.2009 02:39
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\atiesrxx.exe
202752 bytes
Created:  06.02.2010 03:39
Modified: 02.12.2009 13:18
Company:  AMD
--------------------
C:\Windows\System32\atieclxx.exe
446976 bytes
Created:  06.02.2010 03:39
Modified: 02.12.2009 13:19
Company:  AMD
--------------------
C:\Windows\System32\spoolsv.exe
559104 bytes
Created:  15.08.2012 10:05
Modified: 11.02.2012 07:36
Company:  Microsoft Corporation
--------------------
C:\Windows\SysWOW64\svchost.exe
20992 bytes
Created:  14.07.2009 00:19
Modified: 14.07.2009 02:14
Company:  Microsoft Corporation
C:\Windows\SysWOW64\svchost.exe
20992 bytes
Created:  14.07.2009 00:19
Modified: 14.07.2009 02:14
Company:  Microsoft Corporation
C:\Windows\System32\wbem\WmiPrvSE.exe
372736 bytes
Created:  09.06.2011 10:27
Modified: 20.11.2010 14:25
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\WUDFHost.exe
229888 bytes
Created:  16.11.2012 19:48
Modified: 26.07.2012 04:08
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\taskhost.exe
68608 bytes
Created:  21.03.2013 10:00
Modified: 23.11.2012 04:13
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\dwm.exe
120320 bytes
Created:  14.07.2009 00:37
Modified: 14.07.2009 02:39
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\SearchIndexer.exe
591872 bytes
Created:  29.06.2011 09:24
Modified: 04.05.2011 06:19
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
2040120 bytes
Created:  16.07.2014 10:24
Modified: 16.07.2014 10:24
Company:  TuneUp Software
--------------------
C:\Program Files\Windows Media Player\wmpnetwk.exe
1525248 bytes
Created:  09.06.2011 10:27
Modified: 20.11.2010 14:25
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
192160 bytes
Created:  20.04.2014 16:15
Modified: 20.04.2014 16:15
Company:  Kaspersky Lab ZAO
--------------------
C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
270336 bytes
Created:  20.09.2009 12:36
Modified: 20.09.2009 12:36
Company:  Hewlett-Packard Co.
--------------------
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
332016 bytes
Created:  09.04.2014 14:14
Modified: 09.04.2014 14:14
Company:  McAfee, Inc.
--------------------
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
656896 bytes
Created:  25.08.2009 03:11
Modified: 25.08.2009 03:11
Company:  Hewlett-Packard
--------------------
C:\Windows\System32\taskeng.exe
464384 bytes
Created:  09.06.2011 10:27
Modified: 20.11.2010 14:25
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
65536 bytes
Created:  22.04.2009 17:38
Modified: 22.04.2009 17:38
Company:  Advanced Micro Devices Inc.
--------------------
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
11318784 bytes
Created:  20.05.2010 23:59
Modified: 20.05.2010 23:59
Company:  OpenOffice.org
--------------------
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
11312128 bytes
Created:  20.05.2010 23:59
Modified: 20.05.2010 23:59
Company:  OpenOffice.org
--------------------
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
309824 bytes
Created:  03.11.2011 19:54
Modified: 25.08.2010 11:27
Company:  ArcSoft Inc.
--------------------
C:\Program Files (x86)\hp\Digital Imaging\bin\hpqste08.exe
168960 bytes
Created:  20.09.2009 12:07
Modified: 20.09.2009 12:07
Company:  Hewlett-Packard Co.
--------------------
C:\Program Files (x86)\hp\Digital Imaging\bin\hpqbam08.exe
559104 bytes
Created:  20.09.2009 12:07
Modified: 20.09.2009 12:07
Company:  Hewlett-Packard Co.
--------------------
C:\Program Files (x86)\hp\Digital Imaging\bin\hpqgpc01.exe
362496 bytes
Created:  21.05.2009 18:57
Modified: 21.05.2009 18:57
Company:  Hewlett-Packard
--------------------
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
65536 bytes
Created:  22.04.2009 17:37
Modified: 22.04.2009 17:37
Company:  ATI Technologies Inc.
--------------------
C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\8\Plugin.exe
508152 bytes
Created:  12.02.2015 06:33
Modified: 12.02.2015 06:33
Company: 
--------------------
C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\4\Plugin.exe
400120 bytes
Created:  11.02.2015 19:33
Modified: 11.02.2015 19:33
Company: 
--------------------
C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\5\Plugin.exe
518904 bytes
Created:  11.02.2015 19:33
Modified: 11.02.2015 19:33
Company: 
--------------------
C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\3\Plugin.exe
701176 bytes
Created:  12.02.2015 07:33
Modified: 12.02.2015 07:33
Company: 
--------------------
C:\Windows\System32\wuauclt.exe
58336 bytes
Created:  31.08.2014 10:08
Modified: 14.05.2014 17:23
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
247968 bytes
Created:  11.03.2014 22:36
Modified: 11.03.2014 22:36
Company:  Microsoft Corporation.
--------------------
C:\Windows\System32\msiexec.exe
128000 bytes
Created:  09.06.2011 10:26
Modified: 20.11.2010 14:24
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\SearchProtocolHost.exe
249856 bytes
Created:  29.06.2011 09:24
Modified: 04.05.2011 06:19
Company:  Microsoft Corporation
--------------------
C:\Users\ola\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe
157080 bytes
Created:  15.09.2014 08:49
Modified: 31.01.2015 00:53
Company:  APN LLC.
--------------------
C:\Users\ola\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe
164248 bytes
Created:  15.09.2014 08:49
Modified: 31.01.2015 00:53
Company:  APN LLC.
--------------------
C:\Windows\System32\wbem\unsecapp.exe
47104 bytes
Created:  14.07.2009 00:47
Modified: 14.07.2009 02:39
Company:  Microsoft Corporation
--------------------
C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe
FileSize:          5484896
[This is a Trojan Remover component]
--------------------
--------------------
C:\Windows\splwow64.exe
67072 bytes
Created:  15.08.2012 10:05
Modified: 11.02.2012 07:36
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\SearchFilterHost.exe
113664 bytes
Created:  29.06.2011 09:24
Modified: 04.05.2011 06:19
Company:  Microsoft Corporation
--------------------
C:\Windows\servicing\TrustedInstaller.exe
194048 bytes
Created:  09.06.2011 10:26
Modified: 20.11.2010 14:25
Company:  Microsoft Corporation
--------------------

************************************************************
18:09:43: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
18:09:43: Checking ----- ROGUE BROWSER MODIFICATIONS -----
{006ee092-9658-4fd6-bd8e-a21a348e59f5} - this rogue IE SearchScope, associated with BrowserHijack.SnapDo, has been removed

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\SysWOW64\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11412&pf=V7&trgb=CR&p2=%5EBBK%5EOSJ000%5EYY%5EDE&gct=hp&apn_ptnrs=BBK&apn_dtid=%5EOSJ000%5EYY%5EDE&apn_dbr=cr_37.0.2062.120&apn_uid=E5F992F8-2029-4972-9D8F-8C5D058ACD21&itbv=12.15.5.30&doi=2014-09-15&psv=&pt=tb
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=01ff5193-73d3-475b-a8f9-3b78739c5878&searchtype=ds&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
hxxp://go.gmx.net/br/ie9_startpage

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 18:10:02 12 Feb 2015
Total Scan time: 00:04:42
************************************************************
Mehr finde ich nicht. Malware habe ich aber auch schon wieder deinstalliert.
Und nu?
(Vielleicht sollte ich doch wieder zur Schreibmaschine zurück kehren.
Es tut mir wirklich leid.

cosinus 24.02.2015 12:40
Ok, bitte mit MBAR fortfahren:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

ola_123 24.02.2015 13:46
So, erledigt und im zweiten Scan wurde nichts gefunden.
Ich poste zunächst den Scan mit Funden. Brauchst du den zweiten auch?

Code:
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.02.24.03
  rootkit: v2015.02.22.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17633
ola :: OLA-PC [administrator]

24.02.2015 12:46:02
mbar-log-2015-02-24 (12-46-02).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 401585
Time elapsed: 21 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKU\S-1-5-21-107307583-39740663-3650351078-1001_Classes\WOW6432NODE\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} (Trojan.Poweliks.B) -> Delete on reboot. [8eb5f0320387dc5a4d200ff3fb052cd4]

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
PS: Diese "Positiv Finds"-Fenster sind auch hier grade aktiv.

cosinus 24.02.2015 13:59
Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


ola_123 24.02.2015 14:28
adw cleaner

Code:
# AdwCleaner v4.111 - Bericht erstellt 24/02/2015 um 14:14:28
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-02-18.3 [Lokal]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : ola - OLA-PC
# Gestarted von : C:\Users\ola\Desktop\AdwCleaner_4.111.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\ola\AppData\LocalLow\HPAppData
Datei Gelöscht : C:\Users\ola\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\ola\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\ola\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\ola\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [1361 Bytes] - [24/02/2015 14:09:08]
AdwCleaner[S0].txt - [1283 Bytes] - [24/02/2015 14:14:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1342  Bytes] ##########

JRT
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by ola on 24.02.2015 at 14:19:04,87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.02.2015 at 14:22:26,35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2015
Ran by ola (administrator) on OLA-PC on 24-02-2015 14:24:18
Running from C:\Users\ola\Desktop
Loaded Profiles: ola (Available profiles: ola)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Intenium) C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
() C:\Users\ola\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqgpc01.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()
HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-25] (Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [60464 2009-09-02] (EasyBits Software AS)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1791856 2014-10-16] (Simply Super Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Run: [Google Update] => C:\Users\ola\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-19] (Google Inc.)
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Run: [Spiele Post] => C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe [483400 2013-12-06] (Intenium)
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Run: [GameXN GO] => "C:\ProgramData\GameXN\GameXNGO.exe" /startup
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Run: [GoogleChromeAutoLaunch_7AF6FE48D09771C69065DE049B362851] => C:\Users\ola\AppData\Local\Google\Chrome\Application\chrome.exe [843592 2015-02-17] (Google Inc.)
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Run: [Alamandi tray notifier] => c:\program files (x86)\deutschland spielt\alamandi\TaskBarNotifier.exe
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Run: [Amazon Music] => C:\Users\ola\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-06] ()
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\ola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\ola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-107307583-39740663-3650351078-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-107307583-39740663-3650351078-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/br/ie9_startpage
URLSearchHook: HKLM-x32 - (No Name) - {79a2b609-bbc0-4d16-9925-70cb98a6490d} - No File
SearchScopes: HKLM -> {892BD02F-3625-446B-A532-15841A4B06CA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {892BD02F-3625-446B-A532-15841A4B06CA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> {09038620-190C-402B-A92F-18864E6AB22F} URL = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> {40064957-18EB-412d-9146-3F57E8D92EEC} URL = hxxp://go.gmx.net/br/ie9_search_pic/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> {5A817CF6-92D5-4DE5-AC38-82DF8A73EF28} URL = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> {6B1D1FB7-7233-4F7C-802C-21A1DDB12754} URL = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> {833BB9C0-5FE7-4DF9-9705-E7160106147D} URL = hxxp://suche.gmx.net/search/web/?su={searchTerms}&origin=searchplugin
SearchScopes: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> {892BD02F-3625-446B-A532-15841A4B06CA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> {8D27B32E-89EE-460e-82D2-5FC354078EAD} URL = hxxp://go.gmx.net/br/ie9_search_produkte/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> {DCE59F23-A446-45a5-9459-E68FDC0DE38D} URL = hxxp://go.gmx.net/br/ie9_search_maps/?su={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: GMX Toolbar BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: GMX Konfiguration -> {17166733-40EA-4432-A85C-AE672FF0E236} -> C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll (pdfforge GmbH)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: GMX Toolbar BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - No Name - {79a2b609-bbc0-4d16-9925-70cb98a6490d} -  No File
Toolbar: HKLM-x32 - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll (pdfforge GmbH)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {9E89BECE-D23F-4782-8397-242E78C042D1}
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
Handler-x32: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52272 2010-02-05] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.0 -> C:\Program Files (x86)\GameTreat Player\npExentControl.dll (Exent Technologies Ltd.)
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
FF Plugin-x32: @exent.com/npExentWidget,version=0.9.0.0 -> C:\Program Files (x86)\GameTreat Player\npExentWidget.dll (Exent Technologies Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/npracplug;version=1.0.0.0 -> C:\Program Files (x86)\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-107307583-39740663-3650351078-1001: @tools.google.com/Google Update;version=3 -> C:\Users\ola\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-107307583-39740663-3650351078-1001: @tools.google.com/Google Update;version=9 -> C:\Users\ola\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-12-03]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-11-23]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-11-23]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-11-23]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-11-23]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-11-23]
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension
FF Extension: PDF Architect 2 Creator - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension [2015-01-12]
FF HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR Profile: C:\Users\ola\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19]
CHR Extension: (Google Search) - C:\Users\ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19]
CHR Extension: (Kaspersky Protection) - C:\Users\ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-11-23]
CHR Extension: (No Name) - C:\Users\ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmcplcebggimminoiheibhndgamccdgl [2011-08-09]
CHR Extension: (Google Wallet) - C:\Users\ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-03-02]
StartMenuInternet: Google Chrome - C:\Users\ola\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-01-24] (Adobe Systems) [File not signed]
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-12-08] (WildTangent)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-11-23] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-11-23] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [116264 2008-05-27] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [19496 2008-05-27] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [159784 2008-05-27] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [138792 2008-05-27] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [34856 2008-05-27] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [137768 2008-05-27] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [153128 2008-05-27] (MCCI Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2008-01-09] (Sony Ericsson Mobile Communications)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1071616 2010-02-11] (Vimicro Corporation)
R2 X5XSEx_Pr146; C:\Program Files (x86)\GameTreat Player\X5XSEx.Sys [55328 2010-03-10] (Exent Technologies Ltd.)
S2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-24 14:24 - 2015-02-24 14:24 - 00001422 _____ () C:\Users\ola\Desktop\AdwCleaner[S0].txt
2015-02-24 14:22 - 2015-02-24 14:22 - 00000623 _____ () C:\Users\ola\Desktop\JRT.txt
2015-02-24 14:14 - 2015-02-24 14:14 - 00001994 _____ () C:\Users\ola\Desktop\anleitung.txt
2015-02-24 14:09 - 2015-02-24 14:14 - 00000000 ____D () C:\AdwCleaner
2015-02-24 14:06 - 2015-02-24 14:06 - 01388274 _____ (Thisisu) C:\Users\ola\Desktop\JRT.exe
2015-02-24 14:05 - 2015-02-24 14:05 - 02126848 _____ () C:\Users\ola\Desktop\AdwCleaner_4.111.exe
2015-02-24 12:45 - 2015-02-24 13:41 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-24 12:45 - 2015-02-24 13:17 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-24 12:43 - 2015-02-24 13:17 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-24 12:42 - 2015-02-24 13:41 - 00000000 ____D () C:\Users\ola\Desktop\mbar
2015-02-24 12:42 - 2015-02-24 12:42 - 16502728 _____ (Malwarebytes Corp.) C:\Users\ola\Desktop\mbar-1.09.1.1004.exe
2015-02-24 12:17 - 2015-02-24 14:24 - 00031132 _____ () C:\Users\ola\Desktop\FRST.txt
2015-02-24 12:17 - 2015-02-24 11:55 - 00075549 _____ () C:\Users\ola\Desktop\Addition.txt
2015-02-24 12:17 - 2015-02-24 11:51 - 02087424 _____ (Farbar) C:\Users\ola\Desktop\FRST64.exe
2015-02-24 11:54 - 2015-02-24 11:55 - 00075549 _____ () C:\Users\ola\Downloads\Addition.txt
2015-02-24 11:52 - 2015-02-24 11:52 - 00112554 _____ () C:\Users\ola\Desktop\Hilfe!!! Internet öffnet selbstständig Fenster. - Trojaner-Board.html
2015-02-24 11:52 - 2015-02-24 11:52 - 00000000 ____D () C:\Users\ola\Desktop\Hilfe!!! Internet öffnet selbstständig Fenster. - Trojaner-Board_files
2015-02-24 11:51 - 2015-02-24 14:24 - 00000000 ____D () C:\FRST
2015-02-24 11:51 - 2015-02-24 11:55 - 00063378 _____ () C:\Users\ola\Downloads\FRST.txt
2015-02-24 11:51 - 2015-02-24 11:51 - 02087424 _____ (Farbar) C:\Users\ola\Downloads\FRST64.exe
2015-02-24 11:51 - 2015-02-24 11:51 - 02087424 _____ (Farbar) C:\Users\ola\Downloads\FRST64 (1).exe
2015-02-24 11:50 - 2015-02-24 11:50 - 01127424 _____ (Farbar) C:\Users\ola\Downloads\FRST.exe
2015-02-24 11:16 - 2015-02-24 11:16 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\ola\Downloads\revosetup95.exe
2015-02-24 11:16 - 2015-02-24 11:16 - 00001222 _____ () C:\Users\ola\Desktop\Revo Uninstaller.lnk
2015-02-24 11:16 - 2015-02-24 11:16 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-23 17:36 - 2015-02-23 17:36 - 00000000 ____D () C:\Users\Public\CyberLink
2015-02-23 17:35 - 2015-02-23 17:36 - 00001594 _____ () C:\Windows\VPNUnInstall.MIF
2015-02-23 17:23 - 2015-02-23 17:23 - 00000045 _____ () C:\error.log
2015-02-23 17:05 - 2015-02-23 17:27 - 00000000 ____D () C:\Users\ola\Desktop\MUSIK ALLES
2015-02-23 17:05 - 2015-02-23 17:07 - 00000000 ____D () C:\Users\ola\Desktop\FOTOS ALLES
2015-02-23 13:01 - 2015-02-23 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2015-02-23 12:47 - 2015-02-23 12:47 - 07778632 _____ () C:\Users\ola\Downloads\Infigo_setup.exe
2015-02-23 11:34 - 2015-02-24 12:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-23 11:32 - 2015-02-23 11:33 - 01388274 _____ (Thisisu) C:\Users\ola\Downloads\JRT42.exe
2015-02-23 11:31 - 2015-02-23 11:32 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\ola\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-22 15:16 - 2015-02-22 15:16 - 00000040 _____ () C:\Users\Public\Documents\_rgpl
2015-02-22 13:40 - 2015-02-22 14:41 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-22 13:40 - 2015-02-22 13:41 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-22 13:40 - 2015-02-22 13:40 - 00001349 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-22 13:40 - 2015-02-22 13:40 - 00001337 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-02-22 13:40 - 2015-02-22 13:40 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-02-22 13:40 - 2015-02-22 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-22 13:40 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-02-22 13:32 - 2015-02-22 13:32 - 00001175 _____ () C:\Users\ola\Desktop\spybot-2.4.40 - Verknüpfung.lnk
2015-02-22 13:24 - 2015-02-22 13:26 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\ola\Downloads\spybot-2.4.40.exe
2015-02-21 11:18 - 2015-02-21 11:18 - 00000000 ____D () C:\Users\ola\AppData\Roaming\AdobeUM
2015-02-17 16:06 - 2015-02-17 16:07 - 00000000 ____D () C:\Program Files (x86)\Burger Bustle
2015-02-17 16:06 - 2015-02-17 16:06 - 00000000 ____D () C:\Users\ola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Burger Bustle
2015-02-17 16:06 - 2015-02-17 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Burger Bustle
2015-02-17 15:59 - 2015-02-17 15:59 - 00237568 _____ (Big Fish Games) C:\Users\ola\Downloads\bigfishgames_p230064518_s2_l2.exe
2015-02-15 12:44 - 2015-02-15 12:44 - 00014653 _____ () C:\Users\ola\Downloads\WG Celle (1).xlsx
2015-02-15 12:26 - 2015-02-15 12:26 - 00012427 _____ () C:\Users\ola\Downloads\WG 15A (2).xlsx
2015-02-14 18:55 - 2015-02-14 18:55 - 00012427 _____ () C:\Users\ola\Downloads\WG 15A (1).xlsx
2015-02-14 18:54 - 2015-02-14 18:54 - 00014653 _____ () C:\Users\ola\Downloads\WG Celle.xlsx
2015-02-14 18:53 - 2015-02-14 18:53 - 00012427 _____ () C:\Users\ola\Downloads\WG 15A.xlsx
2015-02-14 14:03 - 2015-02-23 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jewelleria
2015-02-14 14:03 - 2015-02-14 14:03 - 00001875 _____ () C:\Users\Public\Desktop\Play Jewelleria.lnk
2015-02-14 14:03 - 2015-02-14 14:03 - 00000000 ____D () C:\Program Files (x86)\Jewelleria
2015-02-14 14:01 - 2015-02-14 14:01 - 00237568 _____ (Big Fish Games) C:\Users\ola\Downloads\bigfishgames_p229860281_s2_l2.exe
2015-02-14 12:46 - 2015-02-14 12:48 - 66714384 _____ (INTENIUM GmbH) C:\Users\ola\Downloads\GreenRanch.exe
2015-02-14 11:09 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-14 11:09 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-14 11:09 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-14 11:09 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 18:55 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-12 18:55 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-12 18:55 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-12 18:55 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-12 18:55 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-12 18:55 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-12 18:55 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-12 18:55 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-12 18:55 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-12 18:55 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-12 18:55 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-12 18:55 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-12 18:55 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-12 18:55 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-12 18:55 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-12 18:55 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-12 18:55 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-12 18:55 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-12 18:55 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-12 18:55 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-12 18:55 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-12 18:55 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-12 18:55 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-12 18:55 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-12 18:55 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-12 18:55 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-12 18:55 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-12 18:55 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-12 18:55 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-12 18:55 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-12 18:55 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-12 18:55 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-12 18:55 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-12 18:55 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-12 18:55 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-12 18:54 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-12 18:54 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-12 18:54 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-12 18:54 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-12 18:54 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-12 18:54 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-12 18:54 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-12 18:54 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-12 18:54 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-12 18:54 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-12 18:54 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-12 18:54 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-12 18:54 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-12 18:54 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-12 18:54 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-12 18:54 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-12 18:54 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-12 18:49 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-12 18:49 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-12 18:49 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-12 18:49 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-12 18:49 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-12 18:49 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-12 18:49 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-12 18:49 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-12 18:49 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-12 18:49 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-12 18:49 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-12 18:49 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-12 18:49 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-12 18:49 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-12 18:49 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-12 18:49 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-12 18:49 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-12 18:49 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-12 18:49 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-12 18:49 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-12 18:49 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-12 18:49 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-12 18:45 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-12 18:45 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 18:45 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-12 18:45 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-12 18:45 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-12 18:45 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-12 18:45 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-12 18:45 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-12 18:45 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-12 18:45 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-12 18:45 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-12 18:45 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-12 18:45 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-12 18:45 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-12 18:45 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-12 18:45 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-12 18:45 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-12 18:45 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-12 18:44 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-12 18:44 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-12 18:44 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-12 18:44 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-12 18:44 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-12 18:44 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-12 18:43 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 18:43 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-12 18:41 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 18:41 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-12 18:41 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-12 18:41 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-12 18:41 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-12 18:40 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-12 18:40 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-12 18:40 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-12 18:40 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-12 18:40 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-12 18:40 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-12 18:40 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-12 18:40 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-12 18:40 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-12 18:38 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-12 18:05 - 2015-02-12 18:05 - 00000000 ____D () C:\Users\ola\Documents\Simply Super Software
2015-02-12 18:05 - 2015-02-12 18:05 - 00000000 ____D () C:\ProgramData\Licenses
2015-02-12 18:04 - 2015-02-12 18:04 - 00001097 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2015-02-12 18:04 - 2015-02-12 18:04 - 00000000 ____D () C:\ProgramData\Simply Super Software
2015-02-12 18:04 - 2015-02-12 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2015-02-12 18:04 - 2015-02-12 18:04 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2015-02-12 18:02 - 2015-02-12 18:04 - 31390952 _____ (Simply Super Software ) C:\Users\ola\Downloads\trjsetup691.exe
2015-02-09 15:43 - 2015-02-09 15:43 - 00000000 ____D () C:\Users\ola\AppData\Roaming\MMFApplications
2015-02-09 13:06 - 2015-02-09 13:15 - 361382144 _____ (INTENIUM GmbH) C:\Users\ola\Downloads\Delicious10Sammleredition.exe
2015-02-05 11:37 - 2015-02-05 11:37 - 00000000 ____D () C:\Users\ola\AppData\Local\TuneUp Software
2015-02-05 11:36 - 2015-02-05 11:36 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-02-05 11:35 - 2015-02-05 11:35 - 00001490 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2015-02-05 11:35 - 2015-02-05 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-02-05 11:34 - 2015-02-05 11:35 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-02-05 11:34 - 2015-02-05 11:34 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-02-05 11:32 - 2015-02-05 11:33 - 34792128 _____ (DVDVideoSoft Ltd. ) C:\Users\ola\Downloads\FreeYouTubeToMP354Converter.exe
2015-02-04 16:56 - 2015-02-04 16:56 - 00014927 _____ () C:\Users\ola\Downloads\Steckbrief.odt
2015-01-31 10:44 - 2015-01-31 10:44 - 00000000 __SHD () C:\found.001

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-24 14:23 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-24 14:23 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-24 14:18 - 2010-10-17 10:13 - 00000000 ____D () C:\Users\ola\AppData\Roaming\Skype
2015-02-24 14:16 - 2010-11-08 13:17 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-24 14:16 - 2010-09-08 14:51 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-24 14:15 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-24 14:15 - 2009-07-14 05:51 - 00225750 _____ () C:\Windows\setupact.log
2015-02-24 14:14 - 2010-05-14 19:24 - 01809233 _____ () C:\Windows\WindowsUpdate.log
2015-02-24 13:50 - 2010-09-08 14:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-24 13:35 - 2013-02-27 22:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-24 13:26 - 2010-10-16 19:21 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-107307583-39740663-3650351078-1001UA.job
2015-02-24 13:26 - 2010-10-16 19:21 - 00001060 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-107307583-39740663-3650351078-1001Core.job
2015-02-24 10:53 - 2010-12-12 15:30 - 00000000 ____D () C:\GameHouse Games
2015-02-24 10:50 - 2010-09-09 18:33 - 01146558 _____ () C:\Windows\PFRO.log
2015-02-24 02:36 - 2013-08-29 15:17 - 00000000 ____D () C:\Users\ola\Desktop\Gruppenleitung
2015-02-24 00:39 - 2010-02-05 19:06 - 00000000 ____D () C:\ProgramData\Temp
2015-02-24 00:28 - 2010-11-19 15:55 - 00000000 ____D () C:\Users\ola\AppData\Local\CrashDumps
2015-02-23 19:07 - 2009-10-15 15:15 - 00000000 ____D () C:\Users\ola\Desktop\Jessi´s Daten
2015-02-23 18:50 - 2010-02-06 03:50 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2015-02-23 18:50 - 2010-02-06 03:50 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2015-02-23 18:50 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-23 18:46 - 2013-06-05 00:09 - 00000000 ____D () C:\Users\ola\Desktop\Kreatives und Merke dir es
2015-02-23 18:37 - 2014-09-20 10:58 - 00000000 ____D () C:\Users\ola\AppData\Roaming\Samsung
2015-02-23 18:37 - 2014-09-20 10:58 - 00000000 ____D () C:\Users\ola\AppData\Local\Samsung
2015-02-23 18:37 - 2014-09-20 10:53 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-02-23 18:36 - 2014-09-20 10:53 - 00000000 ____D () C:\ProgramData\Samsung
2015-02-23 18:36 - 2010-02-05 19:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-23 18:19 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-23 18:12 - 2010-12-12 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameHouse
2015-02-23 18:12 - 2010-12-12 15:25 - 00000000 ____D () C:\Program Files (x86)\RealArcade
2015-02-23 18:06 - 2010-11-27 16:18 - 00000000 ____D () C:\Program Files (x86)\DEUTSCHLAND SPIELT
2015-02-23 17:55 - 2011-11-12 18:50 - 00000000 ____H () C:\ProgramData\PKP_DLdw.DAT
2015-02-23 17:55 - 2011-11-12 18:50 - 00000000 _____ () C:\Users\ola\AppData\Roaming\Database
2015-02-23 17:38 - 2010-02-05 19:06 - 00000000 ____D () C:\Program Files (x86)\Cyberlink
2015-02-23 17:26 - 2011-11-12 18:48 - 00000000 ____D () C:\Program Files (x86)\Nikon
2015-02-23 17:26 - 2011-11-12 18:47 - 00000000 ____H () C:\ProgramData\PKP_DLdu.DAT
2015-02-23 17:26 - 2011-11-12 18:47 - 00000000 _____ () C:\Users\ola\AppData\Roaming\Dance
2015-02-23 17:16 - 2010-09-08 14:33 - 00000000 ____D () C:\Users\ola
2015-02-23 17:00 - 2010-11-17 12:14 - 00000000 ____D () C:\Program Files\DivX
2015-02-23 17:00 - 2010-11-17 12:13 - 00000000 ____D () C:\Program Files (x86)\DivX
2015-02-23 17:00 - 2010-11-17 12:12 - 00000000 ____D () C:\ProgramData\DivX
2015-02-23 16:47 - 2015-01-22 10:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dancing Craze
2015-02-23 16:46 - 2015-01-23 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Keeper 2
2015-02-23 13:00 - 2010-09-08 14:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-02-23 12:37 - 2010-09-08 14:51 - 00000000 ____D () C:\Program Files\Google
2015-02-23 12:37 - 2010-09-08 14:51 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-23 12:34 - 2010-09-08 14:51 - 00000000 ____D () C:\Users\ola\AppData\Local\Google
2015-02-23 12:34 - 2010-09-08 14:51 - 00000000 ____D () C:\ProgramData\Google
2015-02-23 12:20 - 2010-09-18 12:10 - 00209930 _____ () C:\Windows\DPINST.LOG
2015-02-23 12:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Branding
2015-02-23 11:39 - 2010-11-12 10:42 - 00000000 ____D () C:\ProgramData\Alawar Stargaze
2015-02-23 11:26 - 2010-02-05 19:32 - 00000000 ____D () C:\ProgramData\Norton
2015-02-22 13:28 - 2011-05-30 09:37 - 00000000 ____D () C:\Users\TEMP
2015-02-21 10:29 - 2010-10-16 19:21 - 00002344 _____ () C:\Users\ola\Desktop\Google Chrome.lnk
2015-02-20 11:07 - 2010-12-16 13:07 - 00000000 ____D () C:\Users\ola\AppData\Roaming\HP Support Assistant
2015-02-20 11:07 - 2010-09-09 18:38 - 00000000 ____D () C:\Users\ola\AppData\Roaming\HpUpdate
2015-02-18 14:09 - 2013-07-10 14:21 - 00000000 ____D () C:\BigFishCache
2015-02-15 17:23 - 2010-12-05 15:21 - 00001885 _____ () C:\Users\ola\Documents\DancingCraze.log
2015-02-15 13:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-15 10:59 - 2014-03-04 18:16 - 00000000 ____D () C:\Users\ola\AppData\Roaming\Juliette's Fashion Empire DE
2015-02-14 12:54 - 2013-11-30 20:41 - 00000000 ____D () C:\Users\ola\AppData\Roaming\Palaplay
2015-02-14 12:53 - 2014-12-10 17:31 - 00001089 _____ () C:\Users\Public\Desktop\GAME CENTER.lnk
2015-02-14 11:44 - 2014-08-18 08:44 - 00000000 ____D () C:\Users\ola\AppData\Local\com.gamehouse.acid
2015-02-14 10:44 - 2009-07-14 05:45 - 00460736 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-14 10:42 - 2014-12-11 03:42 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-14 10:42 - 2014-05-06 09:24 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-13 01:39 - 2010-09-16 19:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-13 01:27 - 2013-08-14 09:51 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-13 00:13 - 2010-10-08 20:49 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-12 18:00 - 2013-10-23 16:12 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-12 17:59 - 2013-07-12 10:13 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-12 17:56 - 2014-11-24 12:08 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-02-12 17:56 - 2014-11-24 12:08 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-02-12 17:56 - 2014-11-24 12:08 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-02-12 17:56 - 2014-11-24 12:08 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-12 17:56 - 2014-11-24 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-09 13:21 - 2010-10-16 19:21 - 00004078 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-107307583-39740663-3650351078-1001UA
2015-02-09 13:21 - 2010-10-16 19:21 - 00003682 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-107307583-39740663-3650351078-1001Core
2015-02-05 12:36 - 2013-02-27 22:11 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 12:36 - 2013-02-27 22:11 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 12:36 - 2011-05-18 15:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 11:40 - 2012-06-25 12:20 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-05 11:37 - 2012-06-25 12:20 - 00000000 ____D () C:\Users\ola\AppData\Roaming\TuneUp Software
2015-02-05 11:35 - 2011-07-28 17:56 - 00000000 ____D () C:\Users\ola\AppData\Roaming\DVDVideoSoft
2015-02-04 10:45 - 2010-09-08 14:51 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 10:45 - 2010-09-08 14:51 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2010-11-16 13:57 - 2010-11-16 13:57 - 0774144 _____ (RealNetworks, Inc.) C:\Program Files (x86)\RngInterstitial.dll
2011-11-12 18:47 - 2015-02-23 17:26 - 0000000 _____ () C:\Users\ola\AppData\Roaming\Dance
2011-11-12 18:50 - 2015-02-23 17:55 - 0000000 _____ () C:\Users\ola\AppData\Roaming\Database
2011-06-05 17:42 - 2011-06-15 12:03 - 0000011 _____ () C:\Users\ola\AppData\Roaming\log.txt
2014-06-16 10:04 - 2014-06-16 10:04 - 0000216 _____ () C:\Users\ola\AppData\Roaming\wklnhst.dat
2011-01-08 02:14 - 2011-01-08 02:18 - 0022016 _____ () C:\Users\ola\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-11-16 14:02 - 2010-12-06 16:45 - 0000198 _____ () C:\Users\ola\AppData\Local\DownloadLog.txt
2012-01-02 10:07 - 2012-01-02 11:07 - 0153043 _____ () C:\Users\ola\AppData\Local\log.txt
2011-05-19 13:03 - 2011-05-19 13:03 - 0006474 _____ () C:\Users\ola\AppData\Local\tmp148996_172999622712932_100000086862591_620133_4604791_S.0
2011-05-19 13:03 - 2011-05-19 13:03 - 0006419 _____ () C:\Users\ola\AppData\Local\tmp148996_172999622712932_100000086862591_620133_4604791_S.JPG
2010-12-03 15:20 - 2014-11-14 05:07 - 0014983 _____ () C:\ProgramData\hpzinstall.log
2011-11-12 18:47 - 2015-02-23 17:26 - 0000000 ____H () C:\ProgramData\PKP_DLdu.DAT
2011-11-12 18:50 - 2015-02-23 17:55 - 0000000 ____H () C:\ProgramData\PKP_DLdw.DAT

Files to move or delete:
====================
C:\Users\ola\cudart32_30_14.dll
C:\Users\ola\vedFramework.dll
C:\Users\ola\XMLWrapper.dll


Some content of TEMP:
====================
C:\Users\ola\AppData\Local\Temp\AdobeUpdater12345.exe
C:\Users\ola\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\ola\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\ola\AppData\Local\Temp\ose00000.exe
C:\Users\ola\AppData\Local\Temp\Quarantine.exe
C:\Users\ola\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\ola\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\ola\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-23 13:42

==================== End Of Log ============================
--- --- ---

cosinus 24.02.2015 15:10
Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

http://saved.im/mtg0mjy4yjlu/2014-04...ryscantool.png

ola_123 24.02.2015 15:15

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2015
Ran by ola (administrator) on OLA-PC on 24-02-2015 15:11:41
Running from C:\Users\ola\Desktop
Loaded Profiles: ola (Available profiles: ola)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Intenium) C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
() C:\Users\ola\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqgpc01.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Google Inc.) C:\Users\ola\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ola\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ola\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ola\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe
(Google Inc.) C:\Users\ola\AppData\Local\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()
HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-25] (Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [60464 2009-09-02] (EasyBits Software AS)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1791856 2014-10-16] (Simply Super Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Run: [Google Update] => C:\Users\ola\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-19] (Google Inc.)
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Run: [Spiele Post] => C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe [483400 2013-12-06] (Intenium)
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Run: [GameXN GO] => "C:\ProgramData\GameXN\GameXNGO.exe" /startup
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Run: [GoogleChromeAutoLaunch_7AF6FE48D09771C69065DE049B362851] => C:\Users\ola\AppData\Local\Google\Chrome\Application\chrome.exe [843592 2015-02-17] (Google Inc.)
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Run: [Alamandi tray notifier] => c:\program files (x86)\deutschland spielt\alamandi\TaskBarNotifier.exe
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Run: [Amazon Music] => C:\Users\ola\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-06] ()
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\ola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\ola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-107307583-39740663-3650351078-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-107307583-39740663-3650351078-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/br/ie9_startpage
URLSearchHook: HKLM-x32 - (No Name) - {79a2b609-bbc0-4d16-9925-70cb98a6490d} - No File
SearchScopes: HKLM -> {892BD02F-3625-446B-A532-15841A4B06CA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {892BD02F-3625-446B-A532-15841A4B06CA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> {09038620-190C-402B-A92F-18864E6AB22F} URL = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> {40064957-18EB-412d-9146-3F57E8D92EEC} URL = hxxp://go.gmx.net/br/ie9_search_pic/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> {5A817CF6-92D5-4DE5-AC38-82DF8A73EF28} URL = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> {6B1D1FB7-7233-4F7C-802C-21A1DDB12754} URL = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> {833BB9C0-5FE7-4DF9-9705-E7160106147D} URL = hxxp://suche.gmx.net/search/web/?su={searchTerms}&origin=searchplugin
SearchScopes: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> {892BD02F-3625-446B-A532-15841A4B06CA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> {8D27B32E-89EE-460e-82D2-5FC354078EAD} URL = hxxp://go.gmx.net/br/ie9_search_produkte/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> {DCE59F23-A446-45a5-9459-E68FDC0DE38D} URL = hxxp://go.gmx.net/br/ie9_search_maps/?su={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: GMX Toolbar BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: GMX Konfiguration -> {17166733-40EA-4432-A85C-AE672FF0E236} -> C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll (pdfforge GmbH)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: GMX Toolbar BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - No Name - {79a2b609-bbc0-4d16-9925-70cb98a6490d} -  No File
Toolbar: HKLM-x32 - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll (pdfforge GmbH)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {9E89BECE-D23F-4782-8397-242E78C042D1}
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
Handler-x32: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52272 2010-02-05] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.0 -> C:\Program Files (x86)\GameTreat Player\npExentControl.dll (Exent Technologies Ltd.)
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
FF Plugin-x32: @exent.com/npExentWidget,version=0.9.0.0 -> C:\Program Files (x86)\GameTreat Player\npExentWidget.dll (Exent Technologies Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/npracplug;version=1.0.0.0 -> C:\Program Files (x86)\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-107307583-39740663-3650351078-1001: @tools.google.com/Google Update;version=3 -> C:\Users\ola\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-107307583-39740663-3650351078-1001: @tools.google.com/Google Update;version=9 -> C:\Users\ola\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-12-03]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-11-23]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-11-23]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-11-23]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-11-23]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-11-23]
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension
FF Extension: PDF Architect 2 Creator - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension [2015-01-12]
FF HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR Profile: C:\Users\ola\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19]
CHR Extension: (Google Search) - C:\Users\ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19]
CHR Extension: (Kaspersky Protection) - C:\Users\ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-11-23]
CHR Extension: (No Name) - C:\Users\ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmcplcebggimminoiheibhndgamccdgl [2011-08-09]
CHR Extension: (Google Wallet) - C:\Users\ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-03-02]
StartMenuInternet: Google Chrome - C:\Users\ola\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-01-24] (Adobe Systems) [File not signed]
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-12-08] (WildTangent)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-11-23] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-11-23] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [116264 2008-05-27] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [19496 2008-05-27] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [159784 2008-05-27] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [138792 2008-05-27] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [34856 2008-05-27] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [137768 2008-05-27] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [153128 2008-05-27] (MCCI Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2008-01-09] (Sony Ericsson Mobile Communications)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1071616 2010-02-11] (Vimicro Corporation)
R2 X5XSEx_Pr146; C:\Program Files (x86)\GameTreat Player\X5XSEx.Sys [55328 2010-03-10] (Exent Technologies Ltd.)
S2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-24 14:25 - 2015-02-24 14:25 - 00064297 _____ () C:\Users\ola\Desktop\FRST_1.txt
2015-02-24 14:24 - 2015-02-24 14:24 - 00001422 _____ () C:\Users\ola\Desktop\AdwCleaner[S0].txt
2015-02-24 14:22 - 2015-02-24 14:22 - 00000623 _____ () C:\Users\ola\Desktop\JRT.txt
2015-02-24 14:14 - 2015-02-24 14:14 - 00001994 _____ () C:\Users\ola\Desktop\anleitung.txt
2015-02-24 14:09 - 2015-02-24 14:14 - 00000000 ____D () C:\AdwCleaner
2015-02-24 14:06 - 2015-02-24 14:06 - 01388274 _____ (Thisisu) C:\Users\ola\Desktop\JRT.exe
2015-02-24 14:05 - 2015-02-24 14:05 - 02126848 _____ () C:\Users\ola\Desktop\AdwCleaner_4.111.exe
2015-02-24 12:45 - 2015-02-24 13:41 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-24 12:45 - 2015-02-24 13:17 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-24 12:43 - 2015-02-24 13:17 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-24 12:42 - 2015-02-24 13:41 - 00000000 ____D () C:\Users\ola\Desktop\mbar
2015-02-24 12:42 - 2015-02-24 12:42 - 16502728 _____ (Malwarebytes Corp.) C:\Users\ola\Desktop\mbar-1.09.1.1004.exe
2015-02-24 12:17 - 2015-02-24 15:11 - 00031844 _____ () C:\Users\ola\Desktop\FRST.txt
2015-02-24 12:17 - 2015-02-24 11:55 - 00075549 _____ () C:\Users\ola\Desktop\Addition.txt
2015-02-24 12:17 - 2015-02-24 11:51 - 02087424 _____ (Farbar) C:\Users\ola\Desktop\FRST64.exe
2015-02-24 11:54 - 2015-02-24 11:55 - 00075549 _____ () C:\Users\ola\Downloads\Addition.txt
2015-02-24 11:52 - 2015-02-24 11:52 - 00112554 _____ () C:\Users\ola\Desktop\Hilfe!!! Internet öffnet selbstständig Fenster. - Trojaner-Board.html
2015-02-24 11:52 - 2015-02-24 11:52 - 00000000 ____D () C:\Users\ola\Desktop\Hilfe!!! Internet öffnet selbstständig Fenster. - Trojaner-Board_files
2015-02-24 11:51 - 2015-02-24 15:11 - 00000000 ____D () C:\FRST
2015-02-24 11:51 - 2015-02-24 11:55 - 00063378 _____ () C:\Users\ola\Downloads\FRST.txt
2015-02-24 11:51 - 2015-02-24 11:51 - 02087424 _____ (Farbar) C:\Users\ola\Downloads\FRST64.exe
2015-02-24 11:51 - 2015-02-24 11:51 - 02087424 _____ (Farbar) C:\Users\ola\Downloads\FRST64 (1).exe
2015-02-24 11:50 - 2015-02-24 11:50 - 01127424 _____ (Farbar) C:\Users\ola\Downloads\FRST.exe
2015-02-24 11:16 - 2015-02-24 11:16 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\ola\Downloads\revosetup95.exe
2015-02-24 11:16 - 2015-02-24 11:16 - 00001222 _____ () C:\Users\ola\Desktop\Revo Uninstaller.lnk
2015-02-24 11:16 - 2015-02-24 11:16 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-23 17:36 - 2015-02-23 17:36 - 00000000 ____D () C:\Users\Public\CyberLink
2015-02-23 17:35 - 2015-02-23 17:36 - 00001594 _____ () C:\Windows\VPNUnInstall.MIF
2015-02-23 17:23 - 2015-02-23 17:23 - 00000045 _____ () C:\error.log
2015-02-23 17:05 - 2015-02-23 17:27 - 00000000 ____D () C:\Users\ola\Desktop\MUSIK ALLES
2015-02-23 17:05 - 2015-02-23 17:07 - 00000000 ____D () C:\Users\ola\Desktop\FOTOS ALLES
2015-02-23 13:01 - 2015-02-23 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2015-02-23 12:47 - 2015-02-23 12:47 - 07778632 _____ () C:\Users\ola\Downloads\Infigo_setup.exe
2015-02-23 11:34 - 2015-02-24 12:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-23 11:32 - 2015-02-23 11:33 - 01388274 _____ (Thisisu) C:\Users\ola\Downloads\JRT42.exe
2015-02-23 11:31 - 2015-02-23 11:32 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\ola\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-22 15:16 - 2015-02-22 15:16 - 00000040 _____ () C:\Users\Public\Documents\_rgpl
2015-02-22 13:40 - 2015-02-22 14:41 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-22 13:40 - 2015-02-22 13:41 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-22 13:40 - 2015-02-22 13:40 - 00001349 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-22 13:40 - 2015-02-22 13:40 - 00001337 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-02-22 13:40 - 2015-02-22 13:40 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-02-22 13:40 - 2015-02-22 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-22 13:40 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-02-22 13:32 - 2015-02-22 13:32 - 00001175 _____ () C:\Users\ola\Desktop\spybot-2.4.40 - Verknüpfung.lnk
2015-02-22 13:24 - 2015-02-22 13:26 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\ola\Downloads\spybot-2.4.40.exe
2015-02-21 11:18 - 2015-02-21 11:18 - 00000000 ____D () C:\Users\ola\AppData\Roaming\AdobeUM
2015-02-17 16:06 - 2015-02-17 16:07 - 00000000 ____D () C:\Program Files (x86)\Burger Bustle
2015-02-17 16:06 - 2015-02-17 16:06 - 00000000 ____D () C:\Users\ola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Burger Bustle
2015-02-17 16:06 - 2015-02-17 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Burger Bustle
2015-02-17 15:59 - 2015-02-17 15:59 - 00237568 _____ (Big Fish Games) C:\Users\ola\Downloads\bigfishgames_p230064518_s2_l2.exe
2015-02-15 12:44 - 2015-02-15 12:44 - 00014653 _____ () C:\Users\ola\Downloads\WG Celle (1).xlsx
2015-02-15 12:26 - 2015-02-15 12:26 - 00012427 _____ () C:\Users\ola\Downloads\WG 15A (2).xlsx
2015-02-14 18:55 - 2015-02-14 18:55 - 00012427 _____ () C:\Users\ola\Downloads\WG 15A (1).xlsx
2015-02-14 18:54 - 2015-02-14 18:54 - 00014653 _____ () C:\Users\ola\Downloads\WG Celle.xlsx
2015-02-14 18:53 - 2015-02-14 18:53 - 00012427 _____ () C:\Users\ola\Downloads\WG 15A.xlsx
2015-02-14 14:03 - 2015-02-23 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jewelleria
2015-02-14 14:03 - 2015-02-14 14:03 - 00001875 _____ () C:\Users\Public\Desktop\Play Jewelleria.lnk
2015-02-14 14:03 - 2015-02-14 14:03 - 00000000 ____D () C:\Program Files (x86)\Jewelleria
2015-02-14 14:01 - 2015-02-14 14:01 - 00237568 _____ (Big Fish Games) C:\Users\ola\Downloads\bigfishgames_p229860281_s2_l2.exe
2015-02-14 12:46 - 2015-02-14 12:48 - 66714384 _____ (INTENIUM GmbH) C:\Users\ola\Downloads\GreenRanch.exe
2015-02-14 11:09 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-14 11:09 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-14 11:09 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-14 11:09 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 18:55 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-12 18:55 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-12 18:55 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-12 18:55 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-12 18:55 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-12 18:55 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-12 18:55 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-12 18:55 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-12 18:55 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-12 18:55 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-12 18:55 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-12 18:55 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-12 18:55 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-12 18:55 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-12 18:55 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-12 18:55 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-12 18:55 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-12 18:55 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-12 18:55 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-12 18:55 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-12 18:55 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-12 18:55 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-12 18:55 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-12 18:55 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-12 18:55 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-12 18:55 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-12 18:55 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-12 18:55 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-12 18:55 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-12 18:55 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-12 18:55 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-12 18:55 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-12 18:55 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-12 18:55 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-12 18:55 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-12 18:54 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-12 18:54 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-12 18:54 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-12 18:54 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-12 18:54 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-12 18:54 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-12 18:54 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-12 18:54 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-12 18:54 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-12 18:54 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-12 18:54 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-12 18:54 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-12 18:54 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-12 18:54 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-12 18:54 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-12 18:54 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-12 18:54 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-12 18:49 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-12 18:49 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-12 18:49 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-12 18:49 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-12 18:49 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-12 18:49 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-12 18:49 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-12 18:49 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-12 18:49 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-12 18:49 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-12 18:49 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-12 18:49 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-12 18:49 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-12 18:49 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-12 18:49 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-12 18:49 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-12 18:49 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-12 18:49 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-12 18:49 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-12 18:49 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-12 18:49 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-12 18:49 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-12 18:45 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-12 18:45 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 18:45 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-12 18:45 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-12 18:45 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-12 18:45 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-12 18:45 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-12 18:45 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-12 18:45 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-12 18:45 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-12 18:45 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-12 18:45 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-12 18:45 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-12 18:45 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-12 18:45 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-12 18:45 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-12 18:45 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-12 18:45 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-12 18:44 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-12 18:44 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-12 18:44 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-12 18:44 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-12 18:44 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-12 18:44 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-12 18:43 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 18:43 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-12 18:41 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 18:41 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-12 18:41 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-12 18:41 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-12 18:41 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-12 18:40 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-12 18:40 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-12 18:40 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-12 18:40 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-12 18:40 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-12 18:40 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-12 18:40 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-12 18:40 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-12 18:40 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-12 18:38 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-12 18:05 - 2015-02-12 18:05 - 00000000 ____D () C:\Users\ola\Documents\Simply Super Software
2015-02-12 18:05 - 2015-02-12 18:05 - 00000000 ____D () C:\ProgramData\Licenses
2015-02-12 18:04 - 2015-02-12 18:04 - 00001097 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2015-02-12 18:04 - 2015-02-12 18:04 - 00000000 ____D () C:\ProgramData\Simply Super Software
2015-02-12 18:04 - 2015-02-12 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2015-02-12 18:04 - 2015-02-12 18:04 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2015-02-12 18:02 - 2015-02-12 18:04 - 31390952 _____ (Simply Super Software ) C:\Users\ola\Downloads\trjsetup691.exe
2015-02-09 15:43 - 2015-02-09 15:43 - 00000000 ____D () C:\Users\ola\AppData\Roaming\MMFApplications
2015-02-09 13:06 - 2015-02-09 13:15 - 361382144 _____ (INTENIUM GmbH) C:\Users\ola\Downloads\Delicious10Sammleredition.exe
2015-02-05 11:37 - 2015-02-05 11:37 - 00000000 ____D () C:\Users\ola\AppData\Local\TuneUp Software
2015-02-05 11:36 - 2015-02-05 11:36 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-02-05 11:35 - 2015-02-05 11:35 - 00001490 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2015-02-05 11:35 - 2015-02-05 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-02-05 11:34 - 2015-02-05 11:35 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-02-05 11:34 - 2015-02-05 11:34 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-02-05 11:32 - 2015-02-05 11:33 - 34792128 _____ (DVDVideoSoft Ltd. ) C:\Users\ola\Downloads\FreeYouTubeToMP354Converter.exe
2015-02-04 16:56 - 2015-02-04 16:56 - 00014927 _____ () C:\Users\ola\Downloads\Steckbrief.odt
2015-01-31 10:44 - 2015-01-31 10:44 - 00000000 __SHD () C:\found.001

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-24 15:11 - 2010-11-08 13:17 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-24 14:50 - 2010-09-08 14:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-24 14:35 - 2013-02-27 22:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-24 14:26 - 2010-10-16 19:21 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-107307583-39740663-3650351078-1001UA.job
2015-02-24 14:23 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-24 14:23 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-24 14:19 - 2010-05-14 19:24 - 01809233 _____ () C:\Windows\WindowsUpdate.log
2015-02-24 14:18 - 2010-10-17 10:13 - 00000000 ____D () C:\Users\ola\AppData\Roaming\Skype
2015-02-24 14:16 - 2010-09-08 14:51 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-24 14:15 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-24 14:15 - 2009-07-14 05:51 - 00225750 _____ () C:\Windows\setupact.log
2015-02-24 13:26 - 2010-10-16 19:21 - 00001060 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-107307583-39740663-3650351078-1001Core.job
2015-02-24 10:53 - 2010-12-12 15:30 - 00000000 ____D () C:\GameHouse Games
2015-02-24 10:50 - 2010-09-09 18:33 - 01146558 _____ () C:\Windows\PFRO.log
2015-02-24 02:36 - 2013-08-29 15:17 - 00000000 ____D () C:\Users\ola\Desktop\Gruppenleitung
2015-02-24 00:39 - 2010-02-05 19:06 - 00000000 ____D () C:\ProgramData\Temp
2015-02-24 00:28 - 2010-11-19 15:55 - 00000000 ____D () C:\Users\ola\AppData\Local\CrashDumps
2015-02-23 19:07 - 2009-10-15 15:15 - 00000000 ____D () C:\Users\ola\Desktop\Jessi´s Daten
2015-02-23 18:50 - 2010-02-06 03:50 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2015-02-23 18:50 - 2010-02-06 03:50 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2015-02-23 18:50 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-23 18:46 - 2013-06-05 00:09 - 00000000 ____D () C:\Users\ola\Desktop\Kreatives und Merke dir es
2015-02-23 18:37 - 2014-09-20 10:58 - 00000000 ____D () C:\Users\ola\AppData\Roaming\Samsung
2015-02-23 18:37 - 2014-09-20 10:58 - 00000000 ____D () C:\Users\ola\AppData\Local\Samsung
2015-02-23 18:37 - 2014-09-20 10:53 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-02-23 18:36 - 2014-09-20 10:53 - 00000000 ____D () C:\ProgramData\Samsung
2015-02-23 18:36 - 2010-02-05 19:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-23 18:19 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-23 18:12 - 2010-12-12 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameHouse
2015-02-23 18:12 - 2010-12-12 15:25 - 00000000 ____D () C:\Program Files (x86)\RealArcade
2015-02-23 18:06 - 2010-11-27 16:18 - 00000000 ____D () C:\Program Files (x86)\DEUTSCHLAND SPIELT
2015-02-23 17:55 - 2011-11-12 18:50 - 00000000 ____H () C:\ProgramData\PKP_DLdw.DAT
2015-02-23 17:55 - 2011-11-12 18:50 - 00000000 _____ () C:\Users\ola\AppData\Roaming\Database
2015-02-23 17:38 - 2010-02-05 19:06 - 00000000 ____D () C:\Program Files (x86)\Cyberlink
2015-02-23 17:26 - 2011-11-12 18:48 - 00000000 ____D () C:\Program Files (x86)\Nikon
2015-02-23 17:26 - 2011-11-12 18:47 - 00000000 ____H () C:\ProgramData\PKP_DLdu.DAT
2015-02-23 17:26 - 2011-11-12 18:47 - 00000000 _____ () C:\Users\ola\AppData\Roaming\Dance
2015-02-23 17:16 - 2010-09-08 14:33 - 00000000 ____D () C:\Users\ola
2015-02-23 17:00 - 2010-11-17 12:14 - 00000000 ____D () C:\Program Files\DivX
2015-02-23 17:00 - 2010-11-17 12:13 - 00000000 ____D () C:\Program Files (x86)\DivX
2015-02-23 17:00 - 2010-11-17 12:12 - 00000000 ____D () C:\ProgramData\DivX
2015-02-23 16:47 - 2015-01-22 10:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dancing Craze
2015-02-23 16:46 - 2015-01-23 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Keeper 2
2015-02-23 13:00 - 2010-09-08 14:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-02-23 12:37 - 2010-09-08 14:51 - 00000000 ____D () C:\Program Files\Google
2015-02-23 12:37 - 2010-09-08 14:51 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-23 12:34 - 2010-09-08 14:51 - 00000000 ____D () C:\Users\ola\AppData\Local\Google
2015-02-23 12:34 - 2010-09-08 14:51 - 00000000 ____D () C:\ProgramData\Google
2015-02-23 12:20 - 2010-09-18 12:10 - 00209930 _____ () C:\Windows\DPINST.LOG
2015-02-23 12:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Branding
2015-02-23 11:39 - 2010-11-12 10:42 - 00000000 ____D () C:\ProgramData\Alawar Stargaze
2015-02-23 11:26 - 2010-02-05 19:32 - 00000000 ____D () C:\ProgramData\Norton
2015-02-22 13:28 - 2011-05-30 09:37 - 00000000 ____D () C:\Users\TEMP
2015-02-21 10:29 - 2010-10-16 19:21 - 00002344 _____ () C:\Users\ola\Desktop\Google Chrome.lnk
2015-02-20 11:07 - 2010-12-16 13:07 - 00000000 ____D () C:\Users\ola\AppData\Roaming\HP Support Assistant
2015-02-20 11:07 - 2010-09-09 18:38 - 00000000 ____D () C:\Users\ola\AppData\Roaming\HpUpdate
2015-02-18 14:09 - 2013-07-10 14:21 - 00000000 ____D () C:\BigFishCache
2015-02-15 17:23 - 2010-12-05 15:21 - 00001885 _____ () C:\Users\ola\Documents\DancingCraze.log
2015-02-15 13:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-15 10:59 - 2014-03-04 18:16 - 00000000 ____D () C:\Users\ola\AppData\Roaming\Juliette's Fashion Empire DE
2015-02-14 12:54 - 2013-11-30 20:41 - 00000000 ____D () C:\Users\ola\AppData\Roaming\Palaplay
2015-02-14 12:53 - 2014-12-10 17:31 - 00001089 _____ () C:\Users\Public\Desktop\GAME CENTER.lnk
2015-02-14 11:44 - 2014-08-18 08:44 - 00000000 ____D () C:\Users\ola\AppData\Local\com.gamehouse.acid
2015-02-14 10:44 - 2009-07-14 05:45 - 00460736 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-14 10:42 - 2014-12-11 03:42 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-14 10:42 - 2014-05-06 09:24 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-13 01:39 - 2010-09-16 19:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-13 01:27 - 2013-08-14 09:51 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-13 00:13 - 2010-10-08 20:49 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-12 18:00 - 2013-10-23 16:12 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-12 17:59 - 2013-07-12 10:13 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-12 17:56 - 2014-11-24 12:08 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-02-12 17:56 - 2014-11-24 12:08 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-02-12 17:56 - 2014-11-24 12:08 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-02-12 17:56 - 2014-11-24 12:08 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-12 17:56 - 2014-11-24 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-09 13:21 - 2010-10-16 19:21 - 00004078 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-107307583-39740663-3650351078-1001UA
2015-02-09 13:21 - 2010-10-16 19:21 - 00003682 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-107307583-39740663-3650351078-1001Core
2015-02-05 12:36 - 2013-02-27 22:11 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 12:36 - 2013-02-27 22:11 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 12:36 - 2011-05-18 15:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 11:40 - 2012-06-25 12:20 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-05 11:37 - 2012-06-25 12:20 - 00000000 ____D () C:\Users\ola\AppData\Roaming\TuneUp Software
2015-02-05 11:35 - 2011-07-28 17:56 - 00000000 ____D () C:\Users\ola\AppData\Roaming\DVDVideoSoft
2015-02-04 10:45 - 2010-09-08 14:51 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 10:45 - 2010-09-08 14:51 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2010-11-16 13:57 - 2010-11-16 13:57 - 0774144 _____ (RealNetworks, Inc.) C:\Program Files (x86)\RngInterstitial.dll
2011-11-12 18:47 - 2015-02-23 17:26 - 0000000 _____ () C:\Users\ola\AppData\Roaming\Dance
2011-11-12 18:50 - 2015-02-23 17:55 - 0000000 _____ () C:\Users\ola\AppData\Roaming\Database
2011-06-05 17:42 - 2011-06-15 12:03 - 0000011 _____ () C:\Users\ola\AppData\Roaming\log.txt
2014-06-16 10:04 - 2014-06-16 10:04 - 0000216 _____ () C:\Users\ola\AppData\Roaming\wklnhst.dat
2011-01-08 02:14 - 2011-01-08 02:18 - 0022016 _____ () C:\Users\ola\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-11-16 14:02 - 2010-12-06 16:45 - 0000198 _____ () C:\Users\ola\AppData\Local\DownloadLog.txt
2012-01-02 10:07 - 2012-01-02 11:07 - 0153043 _____ () C:\Users\ola\AppData\Local\log.txt
2011-05-19 13:03 - 2011-05-19 13:03 - 0006474 _____ () C:\Users\ola\AppData\Local\tmp148996_172999622712932_100000086862591_620133_4604791_S.0
2011-05-19 13:03 - 2011-05-19 13:03 - 0006419 _____ () C:\Users\ola\AppData\Local\tmp148996_172999622712932_100000086862591_620133_4604791_S.JPG
2010-12-03 15:20 - 2014-11-14 05:07 - 0014983 _____ () C:\ProgramData\hpzinstall.log
2011-11-12 18:47 - 2015-02-23 17:26 - 0000000 ____H () C:\ProgramData\PKP_DLdu.DAT
2011-11-12 18:50 - 2015-02-23 17:55 - 0000000 ____H () C:\ProgramData\PKP_DLdw.DAT

Files to move or delete:
====================
C:\Users\ola\cudart32_30_14.dll
C:\Users\ola\vedFramework.dll
C:\Users\ola\XMLWrapper.dll


Some content of TEMP:
====================
C:\Users\ola\AppData\Local\Temp\AdobeUpdater12345.exe
C:\Users\ola\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\ola\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\ola\AppData\Local\Temp\ose00000.exe
C:\Users\ola\AppData\Local\Temp\Quarantine.exe
C:\Users\ola\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\ola\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\ola\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-23 13:42

==================== End Of Log ============================
--- --- ---

ola_123 24.02.2015 15:16
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2015
Ran by ola at 2015-02-24 15:12:22
Running from C:\Users\ola\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0.1 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe Acrobat 7.0 Professional - English, Français, Deutsch (HKLM-x32\...\Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V) (Version: 7.0.0 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader 8.3.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A83000000003}) (Version: 8.3.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
AIO_CDA_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Amazon Music (HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC)
ATI Catalyst Install Manager (HKLM\...\{67CA5B4D-32DA-B54C-1851-F68ECD83262E}) (Version: 3.0.754.0 - ATI Technologies, Inc.)
Bauern-Spass (HKLM-x32\...\{08C06EC7-FD54-4C4E-9FED-1E8DA7367BE3}) (Version: 1.00.0000 - Intenium GmbH)
Bauern-Spaß (HKLM-x32\...\Bauern-Spaß) (Version: 1.0.0.0 - INTENIUM GmbH)
Beach Party Craze Deluxe (HKLM-x32\...\ab25efd7edca8068e25022a8dcb023bc) (Version:  - Zylom)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Burger Bustle (HKLM-x32\...\BFG-Burger Bustle) (Version:  - )
C5100 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
c5100_Help (x32 Version: 82.0.256.000 - Hewlett-Packard) Hidden
Cake Mania Main Street (HKLM-x32\...\BFG-Cake Mania Main Street) (Version:  - )
Cake Mania: Lights, Camera, Action! (HKLM-x32\...\BFG-Cake Mania - Lights, Camera, Action) (Version:  - )
ccc-core-static (x32 Version: 2009.1201.2247.40849 - Ihr Firmenname) Hidden
Chicken Invaders 4 – Weihnachtsedition (HKLM-x32\...\Chicken Invaders 4 – Weihnachtsedition) (Version: 1.0.0.0 - INTENIUM GmbH)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Dancing Craze (HKLM-x32\...\BFG-Dancing Craze) (Version:  - )
Delicious: Emily und die Traumhochzeit Sammleredition (HKLM-x32\...\Delicious: Emily und die Traumhochzeit Sammleredition) (Version: 0.0.0.0 - INTENIUM GmbH)
Der Bau der Chinesischen Mauer (HKLM-x32\...\Der Bau der Chinesischen Mauer) (Version:  - )
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
Deutschland Spielt - Spiele Post (HKLM-x32\...\Deutschland Spielt - Spiele Post) (Version: 1.0.4.38 - INTENIUM GmbH)
DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\{D2B31FE6-127F-4E79-8186-F080A282FBC7}) (Version: 1.0.0.46 - Intenium GmbH)
DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 2.4.2.14 - INTENIUM GmbH)
DEUTSCHLAND SPIELT Spiele Post (HKLM-x32\...\DEUTSCHLAND SPIELT Spiele Post) (Version: 1.0.3.0 - INTENIUM GmbH)
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
Die FreeRide Games Bar Toolbar (HKLM-x32\...\Die_FreeRide_Games_Bar Toolbar) (Version: 6.5.2.8 - Die FreeRide Games Bar)
Die Legende von Atlantis - Exodus (HKLM-x32\...\{AB49EB53-CEA8-40F1-828B-7DE5D7D158F0}) (Version: 1.00.0000 - Intenium GmbH)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 5.1.7 - CEWE Stiftung u Co. KGaA)
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Double Pack SuperMarket Management Deluxe (HKLM-x32\...\7283d44070835c6bc64e323b40b6ec9f) (Version:  - Zylom)
Dragon Keeper 2 (HKLM-x32\...\BFG-Dragon Keeper 2) (Version:  - )
DragonStone (HKLM-x32\...\BFG-DragonStone) (Version:  - )
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
Farm Mania Hot Vacation (HKLM-x32\...\Farm Mania Hot Vacation_is1) (Version:  - Realore Studios)
Farmscapes (HKLM-x32\...\BFG-Farmscapes) (Version:  - )
Farmscapes (HKLM-x32\...\Farmscapes_is1) (Version:  - Playrix Entertainment)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Free Audio CD Burner version 1.4.8 (HKLM-x32\...\Free Audio CD Burner_is1) (Version:  - DVDVideoSoft Limited.)
Free YouTube to MP3 Converter version 3.12.54.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.54.128 - DVDVideoSoft Ltd.)
GameCatalog42.2013 (x32 Version: 1.00.0000 - Intenium GmbH) Hidden
GameTreat Player (HKLM-x32\...\{AC323D63-F1B1-4FA6-88B1-72E74025036E}) (Version:  - )
GMX Internet Explorer Addon (HKLM-x32\...\1&1 Mail & Media GmbH 1und1InternetExplorerAddon) (Version: 1.0.1.0 - 1&1 Mail & Media GmbH)
GMX Softwareaktualisierung (HKLM-x32\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 2.0.1.5 - 1&1 Mail & Media GmbH)
GMX Toolbar für Internet Explorer (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 1.7.2.0 - 1&1 Mail & Media GmbH)
GMX Toolbar MSVC100 CRT x64 (Version: 1.0.0 - 1&1 Mail & Media GmbH) Hidden
GMX Toolbar MSVC100 CRT x86 (x32 Version: 1.0.0 - 1&1 Mail & Media GmbH) Hidden
Google Chrome (HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Grave Mania: Zombiefieber (HKLM-x32\...\BFG-Grave Mania - Zombiefieber) (Version:  - )
Hardwarediagnosetools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
Hello Venice (HKLM-x32\...\{6B19A215-DFA2-440D-B972-08CEEB77F078}) (Version: 1.00.0000 - Intenium GmbH)
Hello Venice (HKLM-x32\...\BFG-Hello Venice) (Version:  - )
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3422 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photosmart All-In-One Driver Software 13.0 Rel. A (HKLM\...\{17016DA1-F040-4032-BD36-34DD317BC9D5}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}) (Version: 5.1.10.7 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HydraVision (x32 Version: 4.2.128.0 - ATI Technologies Inc.) Hidden
Insaniquarium Deluxe (HKLM-x32\...\9a14c916588716e1e4a91a4414907685) (Version:  - Zylom)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
Island Tribe (HKLM-x32\...\Island Tribe_is1) (Version:  - Realore Studios)
Island Tribe 2 (HKLM-x32\...\BFG-Island Tribe 2) (Version:  - )
Island Tribe 2 (HKLM-x32\...\Island Tribe 2_is1) (Version:  - Realore Studios)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Jet Set Go (HKLM-x32\...\Jet Set Go) (Version: 1.0.0.0 - INTENIUM GmbH)
Jewelleria (HKLM-x32\...\BFG-Jewelleria) (Version:  - )
Juliettes Mode-Imperium (HKLM-x32\...\Juliettes Mode-Imperium) (Version: 1.0.0.0 - INTENIUM GmbH)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Katy + Bob (HKLM-x32\...\Katy + Bob) (Version:  - )
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version:  - EasyBits Software AS)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mein eigener Bauernhof (HKLM-x32\...\Mein eigener Bauernhof_is1) (Version:  - Realore Studios)
Mein eigener Bauernhof 2 (HKLM-x32\...\Mein eigener Bauernhof 2_is1) (Version:  - Realore Studios)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\MyFreeCodec) (Version:  - )
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
OpenOffice.org 3.2 (HKLM-x32\...\{8D1E61D1-1395-4E97-997F-D002DB3A5074}) (Version: 3.2.9502 - OpenOffice.org)
Paradise Beach 2 (HKLM-x32\...\{63C716AA-D7E0-4ED4-AC70-84F255F2AD55}) (Version: 1.00.0000 - Intenium GmbH)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.51.17865 - pdfforge GmbH)
PDF Architect 2 Create Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDF Architect 2 Edit Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDF Architect 2 View Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
Pet Show Craze Deluxe (HKLM-x32\...\7d89a1ed80d764888be08d8ed2b7ddbb) (Version:  - Zylom)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3405 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3405 - CyberLink Corp.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5938 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Ritter Arthur 4 (HKLM-x32\...\Ritter Arthur 4) (Version: 1.0.0.0 - INTENIUM GmbH)
Ritter Arthur III (HKLM-x32\...\Ritter Arthur III) (Version: 1.0.0.0 - INTENIUM GmbH)
Roads Of Rome (HKLM-x32\...\Roads Of Rome_is1) (Version:  - Realore Studios)
Roads of Rome 3 (HKLM-x32\...\Roads of Rome 3) (Version: 32.0.0.0 - Shockwave.com)
Royal Envoy (HKLM-x32\...\Royal Envoy_is1) (Version:  - Playrix Entertainment)
Royal Envoy 2 (HKLM-x32\...\Royal Envoy 2_is1) (Version:  - Playrix Entertainment)
Sally's Quick Clips (HKLM-x32\...\c59fb4f519ae3f5779eefbda2291335c) (Version:  - Zylom)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.10.9560 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Trojan Remover 6.9.1 (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.1 - Simply Super Software)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Viking Saga (HKLM-x32\...\b084798fee4191843dbe5cdb90c900ef) (Version:  - GameHouse)
Viking Saga (HKLM-x32\...\BFG-Viking Saga) (Version:  - )
viking saga (HKLM-x32\...\viking saga_is1) (Version:  - Realore Studios)
VLC media player 1.1.5 (HKLM-x32\...\VLC media player) (Version: 1.1.5 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Wedding Salon Deluxe (HKLM-x32\...\3866c7ce7716fadf1b53a2ff8d90be59) (Version:  - Zylom)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.10.20 - WildTangent)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Youda Farmer (HKLM-x32\...\Youda Farmer) (Version:  - )
Youda Farmer 3: Jahreszeiten (HKLM-x32\...\Youda Farmer 3: Jahreszeiten) (Version: 1.0.0.0 - INTENIUM GmbH)
Zylom Games Player Plugin (HKLM-x32\...\Zylom Games Player Plugin) (Version:  - Zylom Games)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-107307583-39740663-3650351078-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\ola\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-107307583-39740663-3650351078-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\ola\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-107307583-39740663-3650351078-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\ola\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-107307583-39740663-3650351078-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\ola\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-107307583-39740663-3650351078-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\ola\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-107307583-39740663-3650351078-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\ola\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-107307583-39740663-3650351078-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\ola\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

19-02-2015 10:17:20 Windows Update
23-02-2015 13:00:22 Windows Update
23-02-2015 16:54:54 TuneUp Utilities 2014 wird entfernt
23-02-2015 16:57:13 TuneUp Utilities 2014 (de-DE) wird entfernt
23-02-2015 17:15:48 Entfernt Panorama Maker
23-02-2015 17:23:41 Entfernt MediaImpression
23-02-2015 17:25:48 Removed Nikon Transfer
23-02-2015 17:35:06 Removed Cisco Systems VPN Client 5.0.07.0290
23-02-2015 17:37:17 Konfiguriert PowerStarter
23-02-2015 17:43:03 Removed Die Ratten.
23-02-2015 17:51:57 Removed File Uploader
23-02-2015 17:52:36 Removed File Uploader
23-02-2015 17:53:14 Removed Nikon Message Center
23-02-2015 17:53:32 Removed Picture Control Utility
23-02-2015 17:54:15 Removed ViewNX
23-02-2015 17:55:52 Removed File Uploader
23-02-2015 17:56:30 Removed Picture Control Utility
23-02-2015 18:03:42 Removed The Clockmaker - Die Stunde des Uhrmachers.
23-02-2015 18:34:51 Removed Samsung Kies
24-02-2015 13:07:56 Malwarebytes Anti-Rootkit Restore Point
24-02-2015 13:57:30 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0ADCF13C-D003-4C8D-94D7-EE901DA4A609} - System32\Tasks\{440C16AE-EFF7-4451-9E33-E04BFA205354} => Chrome.exe
Task: {222EB722-32B4-4C08-A2A1-67E2C6283CC2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {2CF4D595-4B23-416F-88CA-2861FD7D3B76} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {3B847ADD-D18A-42AB-B426-0774014E7014} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {42BF959D-4F51-4743-BF0E-ACD9096DECDA} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {43F46D89-5F6B-4D5D-AB7F-A404A7B51100} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {48C7550E-5201-4279-A0F1-2C60B8B60BB0} - System32\Tasks\{5F0472E8-4636-4748-8486-5A34D579AEB8} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {52BAA416-89BB-4321-B717-345162D64B72} - System32\Tasks\{DDDAEAD7-D45D-41AA-8A89-B0F818DE02C4} => pcalua.exe -a "C:\Program Files (x86)\Shockwave.com\Camp Funshine - Carrie the Caregiver 3\Camp Funshine - Carrie the Caregiver 3.exe" -d C:\Users\ola\Desktop
Task: {56DB60FE-FFCB-467B-93F0-6FF5E9A07FF9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {584CA625-7C99-4E0E-BE5F-9CDB3F94CE91} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {5FB1A7E7-2BF3-4A45-80B1-B8F6FA877477} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-107307583-39740663-3650351078-1001Core => C:\Users\ola\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {724F7291-CE40-41A1-A9A0-924316DE2390} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-10-22] (CyberLink)
Task: {85DA9ABF-C6C3-448C-B5BE-8A01C40C2840} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {94621FE4-1114-43E4-A95C-B112540CE59C} - System32\Tasks\1und1 Konfiguration => C:\ProgramData\1und1InternetExplorerAddon\ConfigTask.exe [2011-04-19] (1und1 Mail und Media GmbH)
Task: {9605CCA3-7C86-4ACC-90A5-3EBFA29BDB3B} - System32\Tasks\{AF6F217A-6557-4705-A11D-D8705CE52A49} => pcalua.exe -a "C:\Users\ola\Downloads\DancingCraze (1).exe" -d C:\Users\ola\Downloads
Task: {AA7B0780-C9B8-4CAD-95CC-371756F5B285} - System32\Tasks\{CAF7B480-2A56-4CF5-BEA1-D717E2B4F1AF} => pcalua.exe -a "C:\Users\ola\Downloads\InstallCakeMania2 (1).exe" -d C:\Users\ola\Downloads
Task: {AD1C7FB3-7C40-4FBA-ABB5-76BF963ECE99} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-11-15] (Hewlett-Packard Company)
Task: {B50C9F2D-9499-4AB6-A724-C8AC8FA222D3} - System32\Tasks\{996E5C7A-CCAE-4656-8D5D-89BE152FD3E4} => pcalua.exe -a C:\Users\ola\Desktop\DiamondDrop2.exe -d C:\Users\ola\Desktop
Task: {B609AA2B-B181-43D3-84EC-B660DC3C01EC} - System32\Tasks\{208FEADB-A1A9-4840-8445-2DE9903BAFDA} => pcalua.exe -a "C:\Users\ola\Downloads\RitterArthur4 (1).exe" -d C:\Users\ola\Downloads
Task: {B9BFC3EB-5A7E-43D6-83AF-E11CDD19DDA2} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2011-06-08] (1&1 Mail & Media GmbH)
Task: {C1EA5B84-2B14-43D4-A295-95C026651C8F} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)
Task: {C6409590-4B9B-4502-8AF5-0B8C7D0C9E64} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-11-15] (Hewlett-Packard Company)
Task: {C675942D-5330-49A1-9E19-48953EF659E6} - System32\Tasks\ExtendedServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {D08BC7DE-3204-457E-9541-091F2EEE1449} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-107307583-39740663-3650351078-1001UA => C:\Users\ola\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {E056F0DF-D200-4A05-AD81-BBA7BAC162FB} - System32\Tasks\{2FA90A2F-3E1B-4BDC-980B-0704EA92DA79} => pcalua.exe -a "C:\Users\ola\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZLAXA7BL\DiamondDrop2[1].exe" -d C:\Users\ola\Desktop
Task: {F7874B80-5184-4793-9FE4-3165B5525F41} - System32\Tasks\{0CF927CB-81C6-4D35-B425-FA96E1EA5DF3} => pcalua.exe -a "C:\Users\ola\Downloads\DieSpurensucher (1).exe" -d C:\Users\ola\Downloads
Task: {F78C369F-738B-4EDA-841C-520FA6C0878B} - System32\Tasks\{9B58D4A6-80C8-4626-96C0-D2D146DBFF74} => pcalua.exe -a "J:\maren\Office 2007 - Deutsch + seriell\setup.exe" -d "J:\maren\Office 2007 - Deutsch + seriell"
Task: {F8496263-A388-4A62-8EA8-52DA054C5770} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-107307583-39740663-3650351078-1001Core.job => C:\Users\ola\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-107307583-39740663-3650351078-1001UA.job => C:\Users\ola\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe5-fh scripts\monthly.xml

==================== Loaded Modules (whitelisted) ==============

2009-09-14 16:17 - 2009-09-14 16:17 - 00610360 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2014-09-12 18:39 - 2014-09-06 01:54 - 06281536 _____ () C:\Users\ola\AppData\Local\Amazon Music\Amazon Music Helper.exe
2009-06-26 11:25 - 2009-06-26 11:25 - 00098304 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-02-05 19:04 - 2010-02-05 19:04 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2015-02-22 13:40 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-22 13:40 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-22 13:40 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-02-22 13:40 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-02-22 13:40 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2010-02-05 19:03 - 2009-10-02 12:18 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2010-05-04 15:36 - 2010-05-04 15:36 - 00970752 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2009-10-22 18:50 - 2009-10-22 18:50 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2015-02-21 10:29 - 2015-02-17 23:44 - 01117512 _____ () C:\Users\ola\AppData\Local\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-21 10:29 - 2015-02-17 23:44 - 00211272 _____ () C:\Users\ola\AppData\Local\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-21 10:29 - 2015-02-17 23:44 - 09171272 _____ () C:\Users\ola\AppData\Local\Google\Chrome\Application\40.0.2214.115\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\ola:zylomtest
AlternateDataStreams: C:\Users\ola:zylomtr{0000278T-TT9K-T8DU-07LG-28DG94S2MVRH}
AlternateDataStreams: C:\Users\ola:zylomtr{0000278T-TT9K-T8DU-07LG-28DG94S2MVTH}
AlternateDataStreams: C:\Users\ola:zylomtr{00013KEU-UKQE-K6V0-70L9-2A8RJ1B4CV71}
AlternateDataStreams: C:\Users\ola:zylomtr{00013KEU-UKQE-K6V0-70L9-2A8RJ1B4CVL4}
AlternateDataStreams: C:\Users\ola:zylomtr{00013KEU-UKQE-K6V0-9MH3-29NVUQ9IEVPR}
AlternateDataStreams: C:\Users\ola:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVIC}
AlternateDataStreams: C:\Users\ola:zylomtr{00013KEU-UKQE-K6V0-QFBF-26K1JL6KQVVO}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG1-1VH8-28I0EFCC2VOB}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG1-1VH8-28I0EFCC2VVP}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG1-3BG4-281NL05DCVTO}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG1-6E2T-2B6FMQRBGVRR}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG1-6E2T-2B6FMQRBGVTH}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG1-7LLS-22TDACKJ0VU4}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG1-J24H-293SB52ICVVS}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG2-CB1H-264U84BSAVVN}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG2-LKCU-2AJQPJA4AVIR}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG2-LKCU-2AJQPJA4AVPQ}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG2-LKCU-2AJQPJA4AVQQ}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG2-LKCU-2AJQPJA4AVUC}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG2-V08M-26E8LC4K2VVR}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG3-1EMN-28M5NPU00VQH}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG3-1EMN-295K77I0IVVI}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG3-40QI-27REBT9KOVVK}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG3-7U7M-26FBSL48IVVJ}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG3-8AT4-258NF6K78VST}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG3-L1G2-28QRSPMS6VVH}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG3-L4Q0-290ETKLEB000}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG3-O5NG-26MTF54NEVSV}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG3-S3H7-2A5PQROOQVT8}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG3-S3H7-2A5PQROOQVVP}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG4-3S8E-27J3AJ6UT000}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG4-5TO3-2831TOKLCVUL}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG4-74E3-28689HMLOVUP}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG4-US8E-26I93FV2MVV4}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG5-8A6T-26VOTC6OMVND}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVKL}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVLH}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVML}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVOE}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG6-64CA-2ASVQDAHMVP0}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG6-64CA-2ASVQDAHMVS3}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG7-5P29-2A14KFREQVPV}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG7-9H53-25QU2TIGSVVL}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG7-FCUD-27Q18NRLP000}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG7-FCUD-28A45N46SVTT}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG7-FCUD-28A45N46SVVI}
AlternateDataStreams: C:\Users\ola:zylomtr{1000278T-TT9K-T8DU-1KFV-23O5NTEJMVRJ}
AlternateDataStreams: C:\ProgramData\Temp:00F3978A
AlternateDataStreams: C:\ProgramData\Temp:014BC3B4
AlternateDataStreams: C:\ProgramData\Temp:02B823FE
AlternateDataStreams: C:\ProgramData\Temp:02DD996C
AlternateDataStreams: C:\ProgramData\Temp:059167AF
AlternateDataStreams: C:\ProgramData\Temp:06B8FE62
AlternateDataStreams: C:\ProgramData\Temp:073139EC
AlternateDataStreams: C:\ProgramData\Temp:07C99568
AlternateDataStreams: C:\ProgramData\Temp:07D9FF25
AlternateDataStreams: C:\ProgramData\Temp:0915A718
AlternateDataStreams: C:\ProgramData\Temp:0988A428
AlternateDataStreams: C:\ProgramData\Temp:09CD1DC6
AlternateDataStreams: C:\ProgramData\Temp:0ACF1AF5
AlternateDataStreams: C:\ProgramData\Temp:0AE2C68F
AlternateDataStreams: C:\ProgramData\Temp:0AF6266B
AlternateDataStreams: C:\ProgramData\Temp:0BABC4C8
AlternateDataStreams: C:\ProgramData\Temp:0BF4DA47
AlternateDataStreams: C:\ProgramData\Temp:0C2A17F2
AlternateDataStreams: C:\ProgramData\Temp:0C2F9CC7
AlternateDataStreams: C:\ProgramData\Temp:0CCCEDA1
AlternateDataStreams: C:\ProgramData\Temp:0CDF8C3D
AlternateDataStreams: C:\ProgramData\Temp:0DFE2AE1
AlternateDataStreams: C:\ProgramData\Temp:0E5CFA74
AlternateDataStreams: C:\ProgramData\Temp:0E61938B
AlternateDataStreams: C:\ProgramData\Temp:0FC68B9A
AlternateDataStreams: C:\ProgramData\Temp:10094A5D
AlternateDataStreams: C:\ProgramData\Temp:104A718B
AlternateDataStreams: C:\ProgramData\Temp:109BD730
AlternateDataStreams: C:\ProgramData\Temp:10D45FC3
AlternateDataStreams: C:\ProgramData\Temp:10D98D98
AlternateDataStreams: C:\ProgramData\Temp:120E44A4
AlternateDataStreams: C:\ProgramData\Temp:122B409D
AlternateDataStreams: C:\ProgramData\Temp:1297FF3C
AlternateDataStreams: C:\ProgramData\Temp:12A012A1
AlternateDataStreams: C:\ProgramData\Temp:1419F1F4
AlternateDataStreams: C:\ProgramData\Temp:14FA5E46
AlternateDataStreams: C:\ProgramData\Temp:15381DB9
AlternateDataStreams: C:\ProgramData\Temp:1656EE95
AlternateDataStreams: C:\ProgramData\Temp:165AF2C6
AlternateDataStreams: C:\ProgramData\Temp:169E7AC5
AlternateDataStreams: C:\ProgramData\Temp:16A4620C
AlternateDataStreams: C:\ProgramData\Temp:16C16B18
AlternateDataStreams: C:\ProgramData\Temp:16F42F1F
AlternateDataStreams: C:\ProgramData\Temp:175721D5
AlternateDataStreams: C:\ProgramData\Temp:17F7AEA3
AlternateDataStreams: C:\ProgramData\Temp:18345E10
AlternateDataStreams: C:\ProgramData\Temp:193CB03B
AlternateDataStreams: C:\ProgramData\Temp:197DD5C6
AlternateDataStreams: C:\ProgramData\Temp:1ADC4BD5
AlternateDataStreams: C:\ProgramData\Temp:1B3549F2
AlternateDataStreams: C:\ProgramData\Temp:1D4A17AE
AlternateDataStreams: C:\ProgramData\Temp:1D8551A3
AlternateDataStreams: C:\ProgramData\Temp:1E288DA3
AlternateDataStreams: C:\ProgramData\Temp:1E7308B6
AlternateDataStreams: C:\ProgramData\Temp:1EAB6298
AlternateDataStreams: C:\ProgramData\Temp:1FF82161
AlternateDataStreams: C:\ProgramData\Temp:206470A5
AlternateDataStreams: C:\ProgramData\Temp:217A2A36
AlternateDataStreams: C:\ProgramData\Temp:2216A431
AlternateDataStreams: C:\ProgramData\Temp:23622B8B
AlternateDataStreams: C:\ProgramData\Temp:2487D1DA
AlternateDataStreams: C:\ProgramData\Temp:24F08129
AlternateDataStreams: C:\ProgramData\Temp:258D2F8B
AlternateDataStreams: C:\ProgramData\Temp:2640C43F
AlternateDataStreams: C:\ProgramData\Temp:268A5068
AlternateDataStreams: C:\ProgramData\Temp:269C0B5C
AlternateDataStreams: C:\ProgramData\Temp:274516E7
AlternateDataStreams: C:\ProgramData\Temp:2775F9E2
AlternateDataStreams: C:\ProgramData\Temp:282CE153
AlternateDataStreams: C:\ProgramData\Temp:28819F45
AlternateDataStreams: C:\ProgramData\Temp:28CCFEFB
AlternateDataStreams: C:\ProgramData\Temp:29C0641D
AlternateDataStreams: C:\ProgramData\Temp:2C14DBD1
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:2CDB9CA3
AlternateDataStreams: C:\ProgramData\Temp:2CED8825
AlternateDataStreams: C:\ProgramData\Temp:2D0DFF22
AlternateDataStreams: C:\ProgramData\Temp:2D1AE3BE
AlternateDataStreams: C:\ProgramData\Temp:2D3CB929
AlternateDataStreams: C:\ProgramData\Temp:2EB79F01
AlternateDataStreams: C:\ProgramData\Temp:2F7C40B6
AlternateDataStreams: C:\ProgramData\Temp:30E0D641
AlternateDataStreams: C:\ProgramData\Temp:3113BD8B
AlternateDataStreams: C:\ProgramData\Temp:3118E26B
AlternateDataStreams: C:\ProgramData\Temp:31F2397C
AlternateDataStreams: C:\ProgramData\Temp:329BA65B
AlternateDataStreams: C:\ProgramData\Temp:32AA69ED
AlternateDataStreams: C:\ProgramData\Temp:32AE8659
AlternateDataStreams: C:\ProgramData\Temp:346337E3
AlternateDataStreams: C:\ProgramData\Temp:3487C53E
AlternateDataStreams: C:\ProgramData\Temp:349E5B74
AlternateDataStreams: C:\ProgramData\Temp:34FDB459
AlternateDataStreams: C:\ProgramData\Temp:35629AE6
AlternateDataStreams: C:\ProgramData\Temp:36608448
AlternateDataStreams: C:\ProgramData\Temp:366B74CA
AlternateDataStreams: C:\ProgramData\Temp:37994DBE
AlternateDataStreams: C:\ProgramData\Temp:385E2CFD
AlternateDataStreams: C:\ProgramData\Temp:38A0E181
AlternateDataStreams: C:\ProgramData\Temp:38FF076E
AlternateDataStreams: C:\ProgramData\Temp:393F7B1E
AlternateDataStreams: C:\ProgramData\Temp:395F6776
AlternateDataStreams: C:\ProgramData\Temp:3991CD7D
AlternateDataStreams: C:\ProgramData\Temp:3AC0ED43
AlternateDataStreams: C:\ProgramData\Temp:3B07E6F4
AlternateDataStreams: C:\ProgramData\Temp:3BAD65EA
AlternateDataStreams: C:\ProgramData\Temp:3C0F646D
AlternateDataStreams: C:\ProgramData\Temp:3C6860C5
AlternateDataStreams: C:\ProgramData\Temp:3D033DEC
AlternateDataStreams: C:\ProgramData\Temp:3D67D093
AlternateDataStreams: C:\ProgramData\Temp:3DF63AD7
AlternateDataStreams: C:\ProgramData\Temp:3FE1A827
AlternateDataStreams: C:\ProgramData\Temp:41289DF0
AlternateDataStreams: C:\ProgramData\Temp:41884BBE
AlternateDataStreams: C:\ProgramData\Temp:426D1496
AlternateDataStreams: C:\ProgramData\Temp:432EC713
AlternateDataStreams: C:\ProgramData\Temp:4363DE71
AlternateDataStreams: C:\ProgramData\Temp:439E3411
AlternateDataStreams: C:\ProgramData\Temp:43C9D140
AlternateDataStreams: C:\ProgramData\Temp:43E95997
AlternateDataStreams: C:\ProgramData\Temp:44E16D4A
AlternateDataStreams: C:\ProgramData\Temp:450ABF8D
AlternateDataStreams: C:\ProgramData\Temp:4573A78F
AlternateDataStreams: C:\ProgramData\Temp:45F3AD49
AlternateDataStreams: C:\ProgramData\Temp:46A2F27B
AlternateDataStreams: C:\ProgramData\Temp:4709F39D
AlternateDataStreams: C:\ProgramData\Temp:474D8B37
AlternateDataStreams: C:\ProgramData\Temp:483AC68A
AlternateDataStreams: C:\ProgramData\Temp:490BCC52
AlternateDataStreams: C:\ProgramData\Temp:49B217F7
AlternateDataStreams: C:\ProgramData\Temp:4A03F06E
AlternateDataStreams: C:\ProgramData\Temp:4A0829E0
AlternateDataStreams: C:\ProgramData\Temp:4A5CFD3B
AlternateDataStreams: C:\ProgramData\Temp:4A966CC2
AlternateDataStreams: C:\ProgramData\Temp:4B70A9FA
AlternateDataStreams: C:\ProgramData\Temp:4C16B46B
AlternateDataStreams: C:\ProgramData\Temp:4C3504B5
AlternateDataStreams: C:\ProgramData\Temp:4C71A42B
AlternateDataStreams: C:\ProgramData\Temp:4EF94CF3
AlternateDataStreams: C:\ProgramData\Temp:512336B9
AlternateDataStreams: C:\ProgramData\Temp:5279F7BF
AlternateDataStreams: C:\ProgramData\Temp:52B3B2D1
AlternateDataStreams: C:\ProgramData\Temp:5335CE76
AlternateDataStreams: C:\ProgramData\Temp:54531C7D
AlternateDataStreams: C:\ProgramData\Temp:554C6431
AlternateDataStreams: C:\ProgramData\Temp:56699AAF
AlternateDataStreams: C:\ProgramData\Temp:56C17A93
AlternateDataStreams: C:\ProgramData\Temp:56C66609
AlternateDataStreams: C:\ProgramData\Temp:57173DB4
AlternateDataStreams: C:\ProgramData\Temp:5742B6F5
AlternateDataStreams: C:\ProgramData\Temp:574F975B
AlternateDataStreams: C:\ProgramData\Temp:57619D72
AlternateDataStreams: C:\ProgramData\Temp:57CC1FDC
AlternateDataStreams: C:\ProgramData\Temp:57EE48CA
AlternateDataStreams: C:\ProgramData\Temp:592D7272
AlternateDataStreams: C:\ProgramData\Temp:59846E5E
AlternateDataStreams: C:\ProgramData\Temp:5A068EE1
AlternateDataStreams: C:\ProgramData\Temp:5A437AC3
AlternateDataStreams: C:\ProgramData\Temp:5C0940F1
AlternateDataStreams: C:\ProgramData\Temp:5C3ED5BB
AlternateDataStreams: C:\ProgramData\Temp:5C4A588B
AlternateDataStreams: C:\ProgramData\Temp:5CE2502D
AlternateDataStreams: C:\ProgramData\Temp:5D1BA9DE
AlternateDataStreams: C:\ProgramData\Temp:5DB4FD98
AlternateDataStreams: C:\ProgramData\Temp:5E05F78B
AlternateDataStreams: C:\ProgramData\Temp:5E209A50
AlternateDataStreams: C:\ProgramData\Temp:5E24C78B
AlternateDataStreams: C:\ProgramData\Temp:5ED747B8
AlternateDataStreams: C:\ProgramData\Temp:5FB7A2BD
AlternateDataStreams: C:\ProgramData\Temp:600F6768
AlternateDataStreams: C:\ProgramData\Temp:60AC3BC3
AlternateDataStreams: C:\ProgramData\Temp:60E0AB2A
AlternateDataStreams: C:\ProgramData\Temp:61C6B926
AlternateDataStreams: C:\ProgramData\Temp:61FEC5E3
AlternateDataStreams: C:\ProgramData\Temp:6301CE40
AlternateDataStreams: C:\ProgramData\Temp:639BB5E9
AlternateDataStreams: C:\ProgramData\Temp:640DDEFF
AlternateDataStreams: C:\ProgramData\Temp:64996B1C
AlternateDataStreams: C:\ProgramData\Temp:65484F45
AlternateDataStreams: C:\ProgramData\Temp:663B62CA
AlternateDataStreams: C:\ProgramData\Temp:6677D85A
AlternateDataStreams: C:\ProgramData\Temp:66AA0486
AlternateDataStreams: C:\ProgramData\Temp:67396145
AlternateDataStreams: C:\ProgramData\Temp:67421CB3
AlternateDataStreams: C:\ProgramData\Temp:67842DB7
AlternateDataStreams: C:\ProgramData\Temp:68FC22BD
AlternateDataStreams: C:\ProgramData\Temp:696F7DA7
AlternateDataStreams: C:\ProgramData\Temp:69F562A6
AlternateDataStreams: C:\ProgramData\Temp:69FE2EE4
AlternateDataStreams: C:\ProgramData\Temp:6AD65294
AlternateDataStreams: C:\ProgramData\Temp:6B28173C
AlternateDataStreams: C:\ProgramData\Temp:6C13E971
AlternateDataStreams: C:\ProgramData\Temp:6DDFD746
AlternateDataStreams: C:\ProgramData\Temp:6E3C585B
AlternateDataStreams: C:\ProgramData\Temp:6F57F1D1
AlternateDataStreams: C:\ProgramData\Temp:6FA346B6
AlternateDataStreams: C:\ProgramData\Temp:6FD36C4B
AlternateDataStreams: C:\ProgramData\Temp:6FDE1666
AlternateDataStreams: C:\ProgramData\Temp:716C3D9F
AlternateDataStreams: C:\ProgramData\Temp:723E56EC
AlternateDataStreams: C:\ProgramData\Temp:72C99D4E
AlternateDataStreams: C:\ProgramData\Temp:73461BFA
AlternateDataStreams: C:\ProgramData\Temp:73B78E79
AlternateDataStreams: C:\ProgramData\Temp:7425C891
AlternateDataStreams: C:\ProgramData\Temp:77E239B1
AlternateDataStreams: C:\ProgramData\Temp:7804B508
AlternateDataStreams: C:\ProgramData\Temp:78794301
AlternateDataStreams: C:\ProgramData\Temp:79C6A9CE
AlternateDataStreams: C:\ProgramData\Temp:7B8AF9AA
AlternateDataStreams: C:\ProgramData\Temp:7BB584AA
AlternateDataStreams: C:\ProgramData\Temp:7BBC3CCD
AlternateDataStreams: C:\ProgramData\Temp:7E4E56EA
AlternateDataStreams: C:\ProgramData\Temp:7E979BC9
AlternateDataStreams: C:\ProgramData\Temp:7EABF26C
AlternateDataStreams: C:\ProgramData\Temp:7ECD9621
AlternateDataStreams: C:\ProgramData\Temp:7F4DB476
AlternateDataStreams: C:\ProgramData\Temp:800FE171
AlternateDataStreams: C:\ProgramData\Temp:806E55F5
AlternateDataStreams: C:\ProgramData\Temp:80BFDE16
AlternateDataStreams: C:\ProgramData\Temp:80E965A3
AlternateDataStreams: C:\ProgramData\Temp:81067530
AlternateDataStreams: C:\ProgramData\Temp:8247A199
AlternateDataStreams: C:\ProgramData\Temp:82756AB7
AlternateDataStreams: C:\ProgramData\Temp:82EAE27C
AlternateDataStreams: C:\ProgramData\Temp:82FF14B1
AlternateDataStreams: C:\ProgramData\Temp:83BAA24B
AlternateDataStreams: C:\ProgramData\Temp:84C07F6B
AlternateDataStreams: C:\ProgramData\Temp:84FA02E7
AlternateDataStreams: C:\ProgramData\Temp:85345626
AlternateDataStreams: C:\ProgramData\Temp:87452B14
AlternateDataStreams: C:\ProgramData\Temp:87E3D720
AlternateDataStreams: C:\ProgramData\Temp:880F0FEF
AlternateDataStreams: C:\ProgramData\Temp:8967C154
AlternateDataStreams: C:\ProgramData\Temp:896E1EFF
AlternateDataStreams: C:\ProgramData\Temp:896FF808
AlternateDataStreams: C:\ProgramData\Temp:89FC8EEB
AlternateDataStreams: C:\ProgramData\Temp:8AA99C0C
AlternateDataStreams: C:\ProgramData\Temp:8AC20936
AlternateDataStreams: C:\ProgramData\Temp:8B3C3098
AlternateDataStreams: C:\ProgramData\Temp:8B69E3C3
AlternateDataStreams: C:\ProgramData\Temp:8C12CFCD
AlternateDataStreams: C:\ProgramData\Temp:8C81B36D
AlternateDataStreams: C:\ProgramData\Temp:8CCDAB14
AlternateDataStreams: C:\ProgramData\Temp:8DD36B71
AlternateDataStreams: C:\ProgramData\Temp:8F00BFC0
AlternateDataStreams: C:\ProgramData\Temp:908A1B53
AlternateDataStreams: C:\ProgramData\Temp:90C5140C
AlternateDataStreams: C:\ProgramData\Temp:9124663C
AlternateDataStreams: C:\ProgramData\Temp:9256664B
AlternateDataStreams: C:\ProgramData\Temp:928DF32E
AlternateDataStreams: C:\ProgramData\Temp:933D54A9
AlternateDataStreams: C:\ProgramData\Temp:94F67F32
AlternateDataStreams: C:\ProgramData\Temp:95D421DF
AlternateDataStreams: C:\ProgramData\Temp:96646EC1
AlternateDataStreams: C:\ProgramData\Temp:96838F8A
AlternateDataStreams: C:\ProgramData\Temp:968CA408
AlternateDataStreams: C:\ProgramData\Temp:969C0C96
AlternateDataStreams: C:\ProgramData\Temp:96C05DC7
AlternateDataStreams: C:\ProgramData\Temp:971DCCE2
AlternateDataStreams: C:\ProgramData\Temp:97B3B270
AlternateDataStreams: C:\ProgramData\Temp:98AE08EA
AlternateDataStreams: C:\ProgramData\Temp:98CF1A39
AlternateDataStreams: C:\ProgramData\Temp:993185CB
AlternateDataStreams: C:\ProgramData\Temp:99A29126
AlternateDataStreams: C:\ProgramData\Temp:9B3B8E95
AlternateDataStreams: C:\ProgramData\Temp:9B711F92
AlternateDataStreams: C:\ProgramData\Temp:9B721CFF
AlternateDataStreams: C:\ProgramData\Temp:9C206FB0
AlternateDataStreams: C:\ProgramData\Temp:9C337CCE
AlternateDataStreams: C:\ProgramData\Temp:9C5EEE30
AlternateDataStreams: C:\ProgramData\Temp:9D03192E
AlternateDataStreams: C:\ProgramData\Temp:9D2DE4B4
AlternateDataStreams: C:\ProgramData\Temp:9D91E651
AlternateDataStreams: C:\ProgramData\Temp:9E0656EC
AlternateDataStreams: C:\ProgramData\Temp:9E519D0B
AlternateDataStreams: C:\ProgramData\Temp:9EBE2014
AlternateDataStreams: C:\ProgramData\Temp:9F2C8DF4
AlternateDataStreams: C:\ProgramData\Temp:A0A7408F
AlternateDataStreams: C:\ProgramData\Temp:A0C7D68A
AlternateDataStreams: C:\ProgramData\Temp:A17CCD03
AlternateDataStreams: C:\ProgramData\Temp:A1A86E40
AlternateDataStreams: C:\ProgramData\Temp:A2B3764A
AlternateDataStreams: C:\ProgramData\Temp:A3840F5B
AlternateDataStreams: C:\ProgramData\Temp:A43B789A
AlternateDataStreams: C:\ProgramData\Temp:A561576B
AlternateDataStreams: C:\ProgramData\Temp:A6345BDA
AlternateDataStreams: C:\ProgramData\Temp:A6A65B80
AlternateDataStreams: C:\ProgramData\Temp:A6B07419
AlternateDataStreams: C:\ProgramData\Temp:A7856354
AlternateDataStreams: C:\ProgramData\Temp:A7964713
AlternateDataStreams: C:\ProgramData\Temp:A7BB14DF
AlternateDataStreams: C:\ProgramData\Temp:A899E64E
AlternateDataStreams: C:\ProgramData\Temp:A8BF0AE2
AlternateDataStreams: C:\ProgramData\Temp:A9356284
AlternateDataStreams: C:\ProgramData\Temp:A97C6729
AlternateDataStreams: C:\ProgramData\Temp:A97FF73C
AlternateDataStreams: C:\ProgramData\Temp:A9ABA3FF
AlternateDataStreams: C:\ProgramData\Temp:AA004D25
AlternateDataStreams: C:\ProgramData\Temp:AA18FA3A
AlternateDataStreams: C:\ProgramData\Temp:AA559E17
AlternateDataStreams: C:\ProgramData\Temp:AA60673F
AlternateDataStreams: C:\ProgramData\Temp:AB82C54F
AlternateDataStreams: C:\ProgramData\Temp:AC733A73
AlternateDataStreams: C:\ProgramData\Temp:AC95B5ED
AlternateDataStreams: C:\ProgramData\Temp:ACCEFF0E
AlternateDataStreams: C:\ProgramData\Temp:AE289451
AlternateDataStreams: C:\ProgramData\Temp:AE2EA3C2
AlternateDataStreams: C:\ProgramData\Temp:AE9351E0
AlternateDataStreams: C:\ProgramData\Temp:B059B88E
AlternateDataStreams: C:\ProgramData\Temp:B093E177
AlternateDataStreams: C:\ProgramData\Temp:B1997945
AlternateDataStreams: C:\ProgramData\Temp:B1E64E47
AlternateDataStreams: C:\ProgramData\Temp:B2112CA5
AlternateDataStreams: C:\ProgramData\Temp:B21F2857
AlternateDataStreams: C:\ProgramData\Temp:B285A50E
AlternateDataStreams: C:\ProgramData\Temp:B2D32F1D
AlternateDataStreams: C:\ProgramData\Temp:B2EDDE72
AlternateDataStreams: C:\ProgramData\Temp:B3942462
AlternateDataStreams: C:\ProgramData\Temp:B3D50E25
AlternateDataStreams: C:\ProgramData\Temp:B42826C8
AlternateDataStreams: C:\ProgramData\Temp:B4530133
AlternateDataStreams: C:\ProgramData\Temp:B504E4C2
AlternateDataStreams: C:\ProgramData\Temp:B61767F5
AlternateDataStreams: C:\ProgramData\Temp:B6285236
AlternateDataStreams: C:\ProgramData\Temp:B65E763D
AlternateDataStreams: C:\ProgramData\Temp:B722BCE5
AlternateDataStreams: C:\ProgramData\Temp:B72454C6
AlternateDataStreams: C:\ProgramData\Temp:B761039D
AlternateDataStreams: C:\ProgramData\Temp:B86642C5
AlternateDataStreams: C:\ProgramData\Temp:B91EDB04
AlternateDataStreams: C:\ProgramData\Temp:BA24E689
AlternateDataStreams: C:\ProgramData\Temp:BA5EEDA7
AlternateDataStreams: C:\ProgramData\Temp:BB0F4AA4
AlternateDataStreams: C:\ProgramData\Temp:BBF60A29
AlternateDataStreams: C:\ProgramData\Temp:BC064EDB
AlternateDataStreams: C:\ProgramData\Temp:BCDC6E07
AlternateDataStreams: C:\ProgramData\Temp:BD414E4B
AlternateDataStreams: C:\ProgramData\Temp:BD50071F
AlternateDataStreams: C:\ProgramData\Temp:BE0BAFE1
AlternateDataStreams: C:\ProgramData\Temp:BF2225C8
AlternateDataStreams: C:\ProgramData\Temp:BF6C4AAC
AlternateDataStreams: C:\ProgramData\Temp:C118E02A
AlternateDataStreams: C:\ProgramData\Temp:C36F1B98
AlternateDataStreams: C:\ProgramData\Temp:C43C957E
AlternateDataStreams: C:\ProgramData\Temp:C45094A1
AlternateDataStreams: C:\ProgramData\Temp:C458CC0A
AlternateDataStreams: C:\ProgramData\Temp:C54A1A57
AlternateDataStreams: C:\ProgramData\Temp:C695B256
AlternateDataStreams: C:\ProgramData\Temp:C69BA1D0
AlternateDataStreams: C:\ProgramData\Temp:C7B98566
AlternateDataStreams: C:\ProgramData\Temp:C8182692
AlternateDataStreams: C:\ProgramData\Temp:C87C3E2C
AlternateDataStreams: C:\ProgramData\Temp:C946EBB2
AlternateDataStreams: C:\ProgramData\Temp:C98828D3
AlternateDataStreams: C:\ProgramData\Temp:C9B27A06
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9
AlternateDataStreams: C:\ProgramData\Temp:CB3667AF
AlternateDataStreams: C:\ProgramData\Temp:CB959782
AlternateDataStreams: C:\ProgramData\Temp:CC386FD2
AlternateDataStreams: C:\ProgramData\Temp:CC45913B
AlternateDataStreams: C:\ProgramData\Temp:CC7382F6
AlternateDataStreams: C:\ProgramData\Temp:CC7738DB
AlternateDataStreams: C:\ProgramData\Temp:CD5D93E7
AlternateDataStreams: C:\ProgramData\Temp:CDB75348
AlternateDataStreams: C:\ProgramData\Temp:CE707633
AlternateDataStreams: C:\ProgramData\Temp:CE8A42A3
AlternateDataStreams: C:\ProgramData\Temp:CEE4A457
AlternateDataStreams: C:\ProgramData\Temp:CF33321C
AlternateDataStreams: C:\ProgramData\Temp:CFDE7852
AlternateDataStreams: C:\ProgramData\Temp:D01ACC06
AlternateDataStreams: C:\ProgramData\Temp:D0944474
AlternateDataStreams: C:\ProgramData\Temp:D2397415
AlternateDataStreams: C:\ProgramData\Temp:D254266B
AlternateDataStreams: C:\ProgramData\Temp:D3331ADB
AlternateDataStreams: C:\ProgramData\Temp:D46D2E5A
AlternateDataStreams: C:\ProgramData\Temp:D4D38596
AlternateDataStreams: C:\ProgramData\Temp:D51F4BAE
AlternateDataStreams: C:\ProgramData\Temp:D61EB62D
AlternateDataStreams: C:\ProgramData\Temp:D696AA12
AlternateDataStreams: C:\ProgramData\Temp:D7C0213D
AlternateDataStreams: C:\ProgramData\Temp:D7DA89B1
AlternateDataStreams: C:\ProgramData\Temp:D8DB81DC
AlternateDataStreams: C:\ProgramData\Temp:D994162E
AlternateDataStreams: C:\ProgramData\Temp:D9987109
AlternateDataStreams: C:\ProgramData\Temp:D9E6828A
AlternateDataStreams: C:\ProgramData\Temp:DA11DA54
AlternateDataStreams: C:\ProgramData\Temp:DA18D4E3
AlternateDataStreams: C:\ProgramData\Temp:DBB979D4
AlternateDataStreams: C:\ProgramData\Temp:DC9915D2
AlternateDataStreams: C:\ProgramData\Temp:DCA79AB3
AlternateDataStreams: C:\ProgramData\Temp:DCB27118
AlternateDataStreams: C:\ProgramData\Temp:DD95E6D9
AlternateDataStreams: C:\ProgramData\Temp:E00A6A60
AlternateDataStreams: C:\ProgramData\Temp:E06963C0
AlternateDataStreams: C:\ProgramData\Temp:E07EA07E
AlternateDataStreams: C:\ProgramData\Temp:E153075C
AlternateDataStreams: C:\ProgramData\Temp:E1ABC2C7
AlternateDataStreams: C:\ProgramData\Temp:E1CC2D5E
AlternateDataStreams: C:\ProgramData\Temp:E1D818F7
AlternateDataStreams: C:\ProgramData\Temp:E21987F7
AlternateDataStreams: C:\ProgramData\Temp:E2295807
AlternateDataStreams: C:\ProgramData\Temp:E41267F2
AlternateDataStreams: C:\ProgramData\Temp:E412AAF2
AlternateDataStreams: C:\ProgramData\Temp:E47BBD7B
AlternateDataStreams: C:\ProgramData\Temp:E4BC4A41
AlternateDataStreams: C:\ProgramData\Temp:E5816AB5
AlternateDataStreams: C:\ProgramData\Temp:E5BA9ADD
AlternateDataStreams: C:\ProgramData\Temp:E5CD413B
AlternateDataStreams: C:\ProgramData\Temp:E6537A16
AlternateDataStreams: C:\ProgramData\Temp:E8FC771D
AlternateDataStreams: C:\ProgramData\Temp:E96D894A
AlternateDataStreams: C:\ProgramData\Temp:EB5BDBB0
AlternateDataStreams: C:\ProgramData\Temp:EB68CA55
AlternateDataStreams: C:\ProgramData\Temp:EC0279DC
AlternateDataStreams: C:\ProgramData\Temp:EC752217
AlternateDataStreams: C:\ProgramData\Temp:EC7C9796
AlternateDataStreams: C:\ProgramData\Temp:ECC979BD
AlternateDataStreams: C:\ProgramData\Temp:ED796303
AlternateDataStreams: C:\ProgramData\Temp:ED9B661E
AlternateDataStreams: C:\ProgramData\Temp:EE0ABC44
AlternateDataStreams: C:\ProgramData\Temp:EE445D7C
AlternateDataStreams: C:\ProgramData\Temp:EE7A6A39
AlternateDataStreams: C:\ProgramData\Temp:EE7AAC75
AlternateDataStreams: C:\ProgramData\Temp:EEF1584F
AlternateDataStreams: C:\ProgramData\Temp:EF4FB3C5
AlternateDataStreams: C:\ProgramData\Temp:EFECABA9
AlternateDataStreams: C:\ProgramData\Temp:F123F8B9
AlternateDataStreams: C:\ProgramData\Temp:F2327E82
AlternateDataStreams: C:\ProgramData\Temp:F2AF86D9
AlternateDataStreams: C:\ProgramData\Temp:F3029A65
AlternateDataStreams: C:\ProgramData\Temp:F3591DDB
AlternateDataStreams: C:\ProgramData\Temp:F35AE645
AlternateDataStreams: C:\ProgramData\Temp:F3F9AB21
AlternateDataStreams: C:\ProgramData\Temp:F4362715
AlternateDataStreams: C:\ProgramData\Temp:F53B274A
AlternateDataStreams: C:\ProgramData\Temp:F5E30F6A
AlternateDataStreams: C:\ProgramData\Temp:F5FC5DCE
AlternateDataStreams: C:\ProgramData\Temp:F67AAFC5
AlternateDataStreams: C:\ProgramData\Temp:F6910DB1
AlternateDataStreams: C:\ProgramData\Temp:F6C0CA66
AlternateDataStreams: C:\ProgramData\Temp:F6CDA594
AlternateDataStreams: C:\ProgramData\Temp:F6DA3F39
AlternateDataStreams: C:\ProgramData\Temp:F78CC2A2
AlternateDataStreams: C:\ProgramData\Temp:F7B0AE93
AlternateDataStreams: C:\ProgramData\Temp:F81E7082
AlternateDataStreams: C:\ProgramData\Temp:F8E188F6
AlternateDataStreams: C:\ProgramData\Temp:F9283DA1
AlternateDataStreams: C:\ProgramData\Temp:F9E46E4C
AlternateDataStreams: C:\ProgramData\Temp:F9EE38AE
AlternateDataStreams: C:\ProgramData\Temp:FBA79096
AlternateDataStreams: C:\ProgramData\Temp:FBE5FDB9
AlternateDataStreams: C:\ProgramData\Temp:FBF21B24
AlternateDataStreams: C:\ProgramData\Temp:FC414D14
AlternateDataStreams: C:\ProgramData\Temp:FC4B020F
AlternateDataStreams: C:\ProgramData\Temp:FD774C83
AlternateDataStreams: C:\ProgramData\Temp:FE058F1D
AlternateDataStreams: C:\ProgramData\Temp:FEB0595A
AlternateDataStreams: C:\ProgramData\Temp:FEE00EB9
AlternateDataStreams: C:\ProgramData\Temp:FEEEFFAD
AlternateDataStreams: C:\ProgramData\Temp:FF747CFB

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\S-1-5-21-107307583-39740663-3650351078-1001\Software\Classes\.exe:  =>  <===== ATTENTION!

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-107307583-39740663-3650351078-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ola\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-107307583-39740663-3650351078-500 - Administrator - Disabled)
Gast (S-1-5-21-107307583-39740663-3650351078-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-107307583-39740663-3650351078-1002 - Limited - Enabled)
ola (S-1-5-21-107307583-39740663-3650351078-1001 - Administrator - Enabled) => C:\Users\ola

==================== Faulty Device Manager Devices =============

Name: X5XSEx
Description: X5XSEx
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: X5XSEx
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (05/14/2014 01:15:24 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3439 seconds with 2820 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-02-15 10:25:26.544
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-15 10:25:26.474
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-12 10:54:00.680
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-12 10:54:00.500
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-12 10:35:49.107
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-12 10:35:48.937
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-23 17:12:50.013
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-23 17:12:50.013
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-23 17:12:18.996
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-23 17:12:18.965
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz
Percentage of memory in use: 52%
Total physical RAM: 3959.08 MB
Available physical RAM: 1894.99 MB
Total Pagefile: 7916.34 MB
Available Pagefile: 5198.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:918.39 GB) (Free:683.39 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.02 GB) (Free:1.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Iomega_HDD) (Fixed) (Total:465.76 GB) (Free:139.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=918.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: C94041C3)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus 24.02.2015 15:24
FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-107307583-39740663-3650351078-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: HKLM-x32 - (No Name) - {79a2b609-bbc0-4d16-9925-70cb98a6490d} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM-x32 - No Name - {79a2b609-bbc0-4d16-9925-70cb98a6490d} -  No File
Toolbar: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {9E89BECE-D23F-4782-8397-242E78C042D1}
C:\Users\ola\cudart32_30_14.dll
C:\Users\ola\vedFramework.dll
C:\Users\ola\XMLWrapper.dll
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLdw.DAT
C:\ProgramData\Temp
EmptyTemp:
Hosts:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


ola_123 24.02.2015 15:44
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-02-2015
Ran by ola at 2015-02-24 15:36:40 Run:2
Running from C:\Users\ola\Desktop
Loaded Profiles: ola (Available profiles: ola)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-107307583-39740663-3650351078-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: HKLM-x32 - (No Name) - {79a2b609-bbc0-4d16-9925-70cb98a6490d} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM-x32 - No Name - {79a2b609-bbc0-4d16-9925-70cb98a6490d} -  No File
Toolbar: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {9E89BECE-D23F-4782-8397-242E78C042D1}
C:\Users\ola\cudart32_30_14.dll
C:\Users\ola\vedFramework.dll
C:\Users\ola\XMLWrapper.dll
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLdw.DAT
C:\ProgramData\Temp
EmptyTemp:
Hosts:
       
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKU\S-1-5-21-107307583-39740663-3650351078-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{79a2b609-bbc0-4d16-9925-70cb98a6490d} => Value not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{79a2b609-bbc0-4d16-9925-70cb98a6490d} => Value not found.
HKCR\Wow6432Node\CLSID\{79a2b609-bbc0-4d16-9925-70cb98a6490d} => Key not found.
HKU\S-1-5-21-107307583-39740663-3650351078-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value not found.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
HKU\S-1-5-21-107307583-39740663-3650351078-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value not found.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKU\S-1-5-21-107307583-39740663-3650351078-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Value not found.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{4FF78044-96B4-4312-A5B7-FDA3CB328095} => Key not found.
HKCR\Wow6432Node\CLSID\{4FF78044-96B4-4312-A5B7-FDA3CB328095} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{6A060448-60F9-11D5-A6CD-0002B31F7455} => Key not found.
HKCR\Wow6432Node\CLSID\{6A060448-60F9-11D5-A6CD-0002B31F7455} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{9E89BECE-D23F-4782-8397-242E78C042D1} => Key not found.
HKCR\Wow6432Node\CLSID\{9E89BECE-D23F-4782-8397-242E78C042D1} => Key not found.
"C:\Users\ola\cudart32_30_14.dll" => File/Directory not found.
"C:\Users\ola\vedFramework.dll" => File/Directory not found.
"C:\Users\ola\XMLWrapper.dll" => File/Directory not found.
"C:\ProgramData\PKP_DLdu.DAT" => File/Directory not found.
"C:\ProgramData\PKP_DLdw.DAT" => File/Directory not found.
"C:\ProgramData\Temp" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 6.8 MB temporary data.


The system needed a reboot.

==== End of Fixlog 15:37:36 ====

cosinus 24.02.2015 15:47
Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken

http://saved.im/mtg0mjy4yjlu/2014-04...ryscantool.png

ola_123 24.02.2015 15:52
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2015
Ran by ola (administrator) on OLA-PC on 24-02-2015 15:48:59
Running from C:\Users\ola\Desktop
Loaded Profiles: ola (Available profiles: ola)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Intenium) C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe
() C:\Users\ola\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Simply Super Software) C:\Program Files (x86)\Trojan Remover\Trjscan.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqgpc01.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Users\ola\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ola\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ola\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe
(Google Inc.) C:\Users\ola\AppData\Local\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()
HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-25] (Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [60464 2009-09-02] (EasyBits Software AS)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.)
HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1791856 2014-10-16] (Simply Super Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Run: [Google Update] => C:\Users\ola\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-19] (Google Inc.)
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Run: [Spiele Post] => C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe [483400 2013-12-06] (Intenium)
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Run: [GameXN GO] => "C:\ProgramData\GameXN\GameXNGO.exe" /startup
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Run: [GoogleChromeAutoLaunch_7AF6FE48D09771C69065DE049B362851] => C:\Users\ola\AppData\Local\Google\Chrome\Application\chrome.exe [843592 2015-02-17] (Google Inc.)
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Run: [Alamandi tray notifier] => c:\program files (x86)\deutschland spielt\alamandi\TaskBarNotifier.exe
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Run: [Amazon Music] => C:\Users\ola\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-06] ()
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\ola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\ola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-107307583-39740663-3650351078-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/br/ie9_startpage
SearchScopes: HKLM -> {892BD02F-3625-446B-A532-15841A4B06CA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {892BD02F-3625-446B-A532-15841A4B06CA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-107307583-39740663-3650351078-1001 -> {892BD02F-3625-446B-A532-15841A4B06CA} URL =
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: GMX Toolbar BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: GMX Konfiguration -> {17166733-40EA-4432-A85C-AE672FF0E236} -> C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll (pdfforge GmbH)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: GMX Toolbar BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll (pdfforge GmbH)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
Handler-x32: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52272 2010-02-05] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.0 -> C:\Program Files (x86)\GameTreat Player\npExentControl.dll (Exent Technologies Ltd.)
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
FF Plugin-x32: @exent.com/npExentWidget,version=0.9.0.0 -> C:\Program Files (x86)\GameTreat Player\npExentWidget.dll (Exent Technologies Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/npracplug;version=1.0.0.0 -> C:\Program Files (x86)\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-107307583-39740663-3650351078-1001: @tools.google.com/Google Update;version=3 -> C:\Users\ola\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-107307583-39740663-3650351078-1001: @tools.google.com/Google Update;version=9 -> C:\Users\ola\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-12-03]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-11-23]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-11-23]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-11-23]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-11-23]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-11-23]
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension
FF Extension: PDF Architect 2 Creator - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension [2015-01-12]
FF HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR Profile: C:\Users\ola\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19]
CHR Extension: (Google Search) - C:\Users\ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19]
CHR Extension: (Kaspersky Protection) - C:\Users\ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-11-23]
CHR Extension: (No Name) - C:\Users\ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmcplcebggimminoiheibhndgamccdgl [2011-08-09]
CHR Extension: (Google Wallet) - C:\Users\ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-03-02]
StartMenuInternet: Google Chrome - C:\Users\ola\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-01-24] (Adobe Systems) [File not signed]
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-12-08] (WildTangent)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-11-23] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-11-23] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [116264 2008-05-27] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [19496 2008-05-27] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [159784 2008-05-27] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [138792 2008-05-27] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [34856 2008-05-27] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [137768 2008-05-27] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [153128 2008-05-27] (MCCI Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2008-01-09] (Sony Ericsson Mobile Communications)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1071616 2010-02-11] (Vimicro Corporation)
R2 X5XSEx_Pr146; C:\Program Files (x86)\GameTreat Player\X5XSEx.Sys [55328 2010-03-10] (Exent Technologies Ltd.)
S2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-24 14:25 - 2015-02-24 14:25 - 00064297 _____ () C:\Users\ola\Desktop\FRST_1.txt
2015-02-24 14:24 - 2015-02-24 14:24 - 00001422 _____ () C:\Users\ola\Desktop\AdwCleaner[S0].txt
2015-02-24 14:22 - 2015-02-24 14:22 - 00000623 _____ () C:\Users\ola\Desktop\JRT.txt
2015-02-24 14:14 - 2015-02-24 14:14 - 00001994 _____ () C:\Users\ola\Desktop\anleitung.txt
2015-02-24 14:09 - 2015-02-24 14:14 - 00000000 ____D () C:\AdwCleaner
2015-02-24 14:06 - 2015-02-24 14:06 - 01388274 _____ (Thisisu) C:\Users\ola\Desktop\JRT.exe
2015-02-24 14:05 - 2015-02-24 14:05 - 02126848 _____ () C:\Users\ola\Desktop\AdwCleaner_4.111.exe
2015-02-24 12:45 - 2015-02-24 13:41 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-24 12:45 - 2015-02-24 13:17 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-24 12:43 - 2015-02-24 13:17 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-24 12:42 - 2015-02-24 13:41 - 00000000 ____D () C:\Users\ola\Desktop\mbar
2015-02-24 12:42 - 2015-02-24 12:42 - 16502728 _____ (Malwarebytes Corp.) C:\Users\ola\Desktop\mbar-1.09.1.1004.exe
2015-02-24 12:17 - 2015-02-24 15:49 - 00029432 _____ () C:\Users\ola\Desktop\FRST.txt
2015-02-24 12:17 - 2015-02-24 15:12 - 00069255 _____ () C:\Users\ola\Desktop\Addition.txt
2015-02-24 12:17 - 2015-02-24 11:51 - 02087424 _____ (Farbar) C:\Users\ola\Desktop\FRST64.exe
2015-02-24 11:54 - 2015-02-24 11:55 - 00075549 _____ () C:\Users\ola\Downloads\Addition.txt
2015-02-24 11:52 - 2015-02-24 11:52 - 00112554 _____ () C:\Users\ola\Desktop\Hilfe!!! Internet öffnet selbstständig Fenster. - Trojaner-Board.html
2015-02-24 11:52 - 2015-02-24 11:52 - 00000000 ____D () C:\Users\ola\Desktop\Hilfe!!! Internet öffnet selbstständig Fenster. - Trojaner-Board_files
2015-02-24 11:51 - 2015-02-24 15:49 - 00000000 ____D () C:\FRST
2015-02-24 11:51 - 2015-02-24 11:55 - 00063378 _____ () C:\Users\ola\Downloads\FRST.txt
2015-02-24 11:51 - 2015-02-24 11:51 - 02087424 _____ (Farbar) C:\Users\ola\Downloads\FRST64.exe
2015-02-24 11:51 - 2015-02-24 11:51 - 02087424 _____ (Farbar) C:\Users\ola\Downloads\FRST64 (1).exe
2015-02-24 11:50 - 2015-02-24 11:50 - 01127424 _____ (Farbar) C:\Users\ola\Downloads\FRST.exe
2015-02-24 11:16 - 2015-02-24 11:16 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\ola\Downloads\revosetup95.exe
2015-02-24 11:16 - 2015-02-24 11:16 - 00001222 _____ () C:\Users\ola\Desktop\Revo Uninstaller.lnk
2015-02-24 11:16 - 2015-02-24 11:16 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-23 17:36 - 2015-02-23 17:36 - 00000000 ____D () C:\Users\Public\CyberLink
2015-02-23 17:35 - 2015-02-23 17:36 - 00001594 _____ () C:\Windows\VPNUnInstall.MIF
2015-02-23 17:23 - 2015-02-23 17:23 - 00000045 _____ () C:\error.log
2015-02-23 17:05 - 2015-02-23 17:27 - 00000000 ____D () C:\Users\ola\Desktop\MUSIK ALLES
2015-02-23 17:05 - 2015-02-23 17:07 - 00000000 ____D () C:\Users\ola\Desktop\FOTOS ALLES
2015-02-23 13:01 - 2015-02-23 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2015-02-23 12:47 - 2015-02-23 12:47 - 07778632 _____ () C:\Users\ola\Downloads\Infigo_setup.exe
2015-02-23 11:34 - 2015-02-24 12:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-23 11:32 - 2015-02-23 11:33 - 01388274 _____ (Thisisu) C:\Users\ola\Downloads\JRT42.exe
2015-02-23 11:31 - 2015-02-23 11:32 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\ola\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-22 15:16 - 2015-02-22 15:16 - 00000040 _____ () C:\Users\Public\Documents\_rgpl
2015-02-22 13:40 - 2015-02-22 14:41 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-22 13:40 - 2015-02-22 13:41 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-22 13:40 - 2015-02-22 13:40 - 00001349 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-22 13:40 - 2015-02-22 13:40 - 00001337 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-02-22 13:40 - 2015-02-22 13:40 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-02-22 13:40 - 2015-02-22 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-22 13:40 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-02-22 13:32 - 2015-02-22 13:32 - 00001175 _____ () C:\Users\ola\Desktop\spybot-2.4.40 - Verknüpfung.lnk
2015-02-22 13:24 - 2015-02-22 13:26 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\ola\Downloads\spybot-2.4.40.exe
2015-02-21 11:18 - 2015-02-21 11:18 - 00000000 ____D () C:\Users\ola\AppData\Roaming\AdobeUM
2015-02-17 16:06 - 2015-02-17 16:07 - 00000000 ____D () C:\Program Files (x86)\Burger Bustle
2015-02-17 16:06 - 2015-02-17 16:06 - 00000000 ____D () C:\Users\ola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Burger Bustle
2015-02-17 16:06 - 2015-02-17 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Burger Bustle
2015-02-17 15:59 - 2015-02-17 15:59 - 00237568 _____ (Big Fish Games) C:\Users\ola\Downloads\bigfishgames_p230064518_s2_l2.exe
2015-02-15 12:44 - 2015-02-15 12:44 - 00014653 _____ () C:\Users\ola\Downloads\WG Celle (1).xlsx
2015-02-15 12:26 - 2015-02-15 12:26 - 00012427 _____ () C:\Users\ola\Downloads\WG 15A (2).xlsx
2015-02-14 18:55 - 2015-02-14 18:55 - 00012427 _____ () C:\Users\ola\Downloads\WG 15A (1).xlsx
2015-02-14 18:54 - 2015-02-14 18:54 - 00014653 _____ () C:\Users\ola\Downloads\WG Celle.xlsx
2015-02-14 18:53 - 2015-02-14 18:53 - 00012427 _____ () C:\Users\ola\Downloads\WG 15A.xlsx
2015-02-14 14:03 - 2015-02-23 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jewelleria
2015-02-14 14:03 - 2015-02-14 14:03 - 00001875 _____ () C:\Users\Public\Desktop\Play Jewelleria.lnk
2015-02-14 14:03 - 2015-02-14 14:03 - 00000000 ____D () C:\Program Files (x86)\Jewelleria
2015-02-14 14:01 - 2015-02-14 14:01 - 00237568 _____ (Big Fish Games) C:\Users\ola\Downloads\bigfishgames_p229860281_s2_l2.exe
2015-02-14 12:46 - 2015-02-14 12:48 - 66714384 _____ (INTENIUM GmbH) C:\Users\ola\Downloads\GreenRanch.exe
2015-02-14 11:09 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-14 11:09 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-14 11:09 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-14 11:09 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 18:55 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-12 18:55 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-12 18:55 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-12 18:55 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-12 18:55 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-12 18:55 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-12 18:55 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-12 18:55 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-12 18:55 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-12 18:55 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-12 18:55 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-12 18:55 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-12 18:55 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-12 18:55 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-12 18:55 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-12 18:55 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-12 18:55 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-12 18:55 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-12 18:55 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-12 18:55 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-12 18:55 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-12 18:55 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-12 18:55 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-12 18:55 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-12 18:55 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-12 18:55 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-12 18:55 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-12 18:55 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-12 18:55 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-12 18:55 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-12 18:55 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-12 18:55 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-12 18:55 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-12 18:55 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-12 18:55 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-12 18:54 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-12 18:54 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-12 18:54 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-12 18:54 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-12 18:54 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-12 18:54 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-12 18:54 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-12 18:54 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-12 18:54 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-12 18:54 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-12 18:54 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-12 18:54 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-12 18:54 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-12 18:54 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-12 18:54 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-12 18:54 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-12 18:54 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-12 18:49 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-12 18:49 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-12 18:49 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-12 18:49 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-12 18:49 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-12 18:49 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-12 18:49 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-12 18:49 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-12 18:49 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-12 18:49 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-12 18:49 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-12 18:49 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-12 18:49 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-12 18:49 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-12 18:49 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-12 18:49 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-12 18:49 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-12 18:49 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-12 18:49 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-12 18:49 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-12 18:49 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-12 18:49 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-12 18:45 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-12 18:45 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 18:45 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-12 18:45 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-12 18:45 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-12 18:45 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-12 18:45 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-12 18:45 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-12 18:45 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-12 18:45 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-12 18:45 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-12 18:45 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-12 18:45 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-12 18:45 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-12 18:45 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-12 18:45 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-12 18:45 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-12 18:45 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-12 18:44 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-12 18:44 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-12 18:44 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-12 18:44 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-12 18:44 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-12 18:44 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-12 18:43 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 18:43 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-12 18:41 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 18:41 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-12 18:41 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-12 18:41 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-12 18:41 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-12 18:40 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-12 18:40 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-12 18:40 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-12 18:40 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-12 18:40 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-12 18:40 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-12 18:40 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-12 18:40 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-12 18:40 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-12 18:38 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-12 18:05 - 2015-02-12 18:05 - 00000000 ____D () C:\Users\ola\Documents\Simply Super Software
2015-02-12 18:05 - 2015-02-12 18:05 - 00000000 ____D () C:\ProgramData\Licenses
2015-02-12 18:04 - 2015-02-12 18:04 - 00001097 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2015-02-12 18:04 - 2015-02-12 18:04 - 00000000 ____D () C:\ProgramData\Simply Super Software
2015-02-12 18:04 - 2015-02-12 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2015-02-12 18:04 - 2015-02-12 18:04 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2015-02-12 18:02 - 2015-02-12 18:04 - 31390952 _____ (Simply Super Software ) C:\Users\ola\Downloads\trjsetup691.exe
2015-02-09 15:43 - 2015-02-09 15:43 - 00000000 ____D () C:\Users\ola\AppData\Roaming\MMFApplications
2015-02-09 13:06 - 2015-02-09 13:15 - 361382144 _____ (INTENIUM GmbH) C:\Users\ola\Downloads\Delicious10Sammleredition.exe
2015-02-05 11:37 - 2015-02-05 11:37 - 00000000 ____D () C:\Users\ola\AppData\Local\TuneUp Software
2015-02-05 11:36 - 2015-02-05 11:36 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-02-05 11:35 - 2015-02-05 11:35 - 00001490 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2015-02-05 11:35 - 2015-02-05 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-02-05 11:34 - 2015-02-05 11:35 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-02-05 11:34 - 2015-02-05 11:34 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-02-05 11:32 - 2015-02-05 11:33 - 34792128 _____ (DVDVideoSoft Ltd. ) C:\Users\ola\Downloads\FreeYouTubeToMP354Converter.exe
2015-02-04 16:56 - 2015-02-04 16:56 - 00014927 _____ () C:\Users\ola\Downloads\Steckbrief.odt
2015-01-31 10:44 - 2015-01-31 10:44 - 00000000 __SHD () C:\found.001

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-24 15:50 - 2010-09-08 14:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-24 15:49 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-24 15:49 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-24 15:45 - 2010-05-14 19:24 - 01834223 _____ () C:\Windows\WindowsUpdate.log
2015-02-24 15:44 - 2010-11-08 13:17 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-24 15:42 - 2010-10-17 10:13 - 00000000 ____D () C:\Users\ola\AppData\Roaming\Skype
2015-02-24 15:41 - 2010-09-08 14:51 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-24 15:40 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-24 15:40 - 2009-07-14 05:51 - 00225862 _____ () C:\Windows\setupact.log
2015-02-24 15:35 - 2013-02-27 22:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-24 15:30 - 2010-09-09 18:33 - 01146948 _____ () C:\Windows\PFRO.log
2015-02-24 15:27 - 2010-09-08 14:33 - 00000000 ____D () C:\Users\ola
2015-02-24 15:26 - 2010-10-16 19:21 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-107307583-39740663-3650351078-1001UA.job
2015-02-24 13:26 - 2010-10-16 19:21 - 00001060 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-107307583-39740663-3650351078-1001Core.job
2015-02-24 10:53 - 2010-12-12 15:30 - 00000000 ____D () C:\GameHouse Games
2015-02-24 02:36 - 2013-08-29 15:17 - 00000000 ____D () C:\Users\ola\Desktop\Gruppenleitung
2015-02-24 00:28 - 2010-11-19 15:55 - 00000000 ____D () C:\Users\ola\AppData\Local\CrashDumps
2015-02-23 19:07 - 2009-10-15 15:15 - 00000000 ____D () C:\Users\ola\Desktop\Jessi´s Daten
2015-02-23 18:50 - 2010-02-06 03:50 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2015-02-23 18:50 - 2010-02-06 03:50 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2015-02-23 18:50 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-23 18:46 - 2013-06-05 00:09 - 00000000 ____D () C:\Users\ola\Desktop\Kreatives und Merke dir es
2015-02-23 18:37 - 2014-09-20 10:58 - 00000000 ____D () C:\Users\ola\AppData\Roaming\Samsung
2015-02-23 18:37 - 2014-09-20 10:58 - 00000000 ____D () C:\Users\ola\AppData\Local\Samsung
2015-02-23 18:37 - 2014-09-20 10:53 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-02-23 18:36 - 2014-09-20 10:53 - 00000000 ____D () C:\ProgramData\Samsung
2015-02-23 18:36 - 2010-02-05 19:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-23 18:19 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-23 18:12 - 2010-12-12 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameHouse
2015-02-23 18:12 - 2010-12-12 15:25 - 00000000 ____D () C:\Program Files (x86)\RealArcade
2015-02-23 18:06 - 2010-11-27 16:18 - 00000000 ____D () C:\Program Files (x86)\DEUTSCHLAND SPIELT
2015-02-23 17:55 - 2011-11-12 18:50 - 00000000 _____ () C:\Users\ola\AppData\Roaming\Database
2015-02-23 17:38 - 2010-02-05 19:06 - 00000000 ____D () C:\Program Files (x86)\Cyberlink
2015-02-23 17:26 - 2011-11-12 18:48 - 00000000 ____D () C:\Program Files (x86)\Nikon
2015-02-23 17:26 - 2011-11-12 18:47 - 00000000 _____ () C:\Users\ola\AppData\Roaming\Dance
2015-02-23 17:00 - 2010-11-17 12:14 - 00000000 ____D () C:\Program Files\DivX
2015-02-23 17:00 - 2010-11-17 12:13 - 00000000 ____D () C:\Program Files (x86)\DivX
2015-02-23 17:00 - 2010-11-17 12:12 - 00000000 ____D () C:\ProgramData\DivX
2015-02-23 16:47 - 2015-01-22 10:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dancing Craze
2015-02-23 16:46 - 2015-01-23 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Keeper 2
2015-02-23 13:00 - 2010-09-08 14:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-02-23 12:37 - 2010-09-08 14:51 - 00000000 ____D () C:\Program Files\Google
2015-02-23 12:37 - 2010-09-08 14:51 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-23 12:34 - 2010-09-08 14:51 - 00000000 ____D () C:\Users\ola\AppData\Local\Google
2015-02-23 12:34 - 2010-09-08 14:51 - 00000000 ____D () C:\ProgramData\Google
2015-02-23 12:20 - 2010-09-18 12:10 - 00209930 _____ () C:\Windows\DPINST.LOG
2015-02-23 12:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Branding
2015-02-23 11:39 - 2010-11-12 10:42 - 00000000 ____D () C:\ProgramData\Alawar Stargaze
2015-02-23 11:26 - 2010-02-05 19:32 - 00000000 ____D () C:\ProgramData\Norton
2015-02-22 13:28 - 2011-05-30 09:37 - 00000000 ____D () C:\Users\TEMP
2015-02-21 10:29 - 2010-10-16 19:21 - 00002344 _____ () C:\Users\ola\Desktop\Google Chrome.lnk
2015-02-20 11:07 - 2010-12-16 13:07 - 00000000 ____D () C:\Users\ola\AppData\Roaming\HP Support Assistant
2015-02-20 11:07 - 2010-09-09 18:38 - 00000000 ____D () C:\Users\ola\AppData\Roaming\HpUpdate
2015-02-18 14:09 - 2013-07-10 14:21 - 00000000 ____D () C:\BigFishCache
2015-02-15 17:23 - 2010-12-05 15:21 - 00001885 _____ () C:\Users\ola\Documents\DancingCraze.log
2015-02-15 13:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-15 10:59 - 2014-03-04 18:16 - 00000000 ____D () C:\Users\ola\AppData\Roaming\Juliette's Fashion Empire DE
2015-02-14 12:54 - 2013-11-30 20:41 - 00000000 ____D () C:\Users\ola\AppData\Roaming\Palaplay
2015-02-14 12:53 - 2014-12-10 17:31 - 00001089 _____ () C:\Users\Public\Desktop\GAME CENTER.lnk
2015-02-14 11:44 - 2014-08-18 08:44 - 00000000 ____D () C:\Users\ola\AppData\Local\com.gamehouse.acid
2015-02-14 10:44 - 2009-07-14 05:45 - 00460736 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-14 10:42 - 2014-12-11 03:42 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-14 10:42 - 2014-05-06 09:24 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-13 01:39 - 2010-09-16 19:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-13 01:27 - 2013-08-14 09:51 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-13 00:13 - 2010-10-08 20:49 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-12 18:00 - 2013-10-23 16:12 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-12 17:59 - 2013-07-12 10:13 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-12 17:56 - 2014-11-24 12:08 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-02-12 17:56 - 2014-11-24 12:08 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-02-12 17:56 - 2014-11-24 12:08 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-02-12 17:56 - 2014-11-24 12:08 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-12 17:56 - 2014-11-24 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-09 13:21 - 2010-10-16 19:21 - 00004078 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-107307583-39740663-3650351078-1001UA
2015-02-09 13:21 - 2010-10-16 19:21 - 00003682 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-107307583-39740663-3650351078-1001Core
2015-02-05 12:36 - 2013-02-27 22:11 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 12:36 - 2013-02-27 22:11 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 12:36 - 2011-05-18 15:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 11:40 - 2012-06-25 12:20 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-05 11:37 - 2012-06-25 12:20 - 00000000 ____D () C:\Users\ola\AppData\Roaming\TuneUp Software
2015-02-05 11:35 - 2011-07-28 17:56 - 00000000 ____D () C:\Users\ola\AppData\Roaming\DVDVideoSoft
2015-02-04 10:45 - 2010-09-08 14:51 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 10:45 - 2010-09-08 14:51 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2010-11-16 13:57 - 2010-11-16 13:57 - 0774144 _____ (RealNetworks, Inc.) C:\Program Files (x86)\RngInterstitial.dll
2011-11-12 18:47 - 2015-02-23 17:26 - 0000000 _____ () C:\Users\ola\AppData\Roaming\Dance
2011-11-12 18:50 - 2015-02-23 17:55 - 0000000 _____ () C:\Users\ola\AppData\Roaming\Database
2011-06-05 17:42 - 2011-06-15 12:03 - 0000011 _____ () C:\Users\ola\AppData\Roaming\log.txt
2014-06-16 10:04 - 2014-06-16 10:04 - 0000216 _____ () C:\Users\ola\AppData\Roaming\wklnhst.dat
2011-01-08 02:14 - 2011-01-08 02:18 - 0022016 _____ () C:\Users\ola\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-11-16 14:02 - 2010-12-06 16:45 - 0000198 _____ () C:\Users\ola\AppData\Local\DownloadLog.txt
2012-01-02 10:07 - 2012-01-02 11:07 - 0153043 _____ () C:\Users\ola\AppData\Local\log.txt
2011-05-19 13:03 - 2011-05-19 13:03 - 0006474 _____ () C:\Users\ola\AppData\Local\tmp148996_172999622712932_100000086862591_620133_4604791_S.0
2011-05-19 13:03 - 2011-05-19 13:03 - 0006419 _____ () C:\Users\ola\AppData\Local\tmp148996_172999622712932_100000086862591_620133_4604791_S.JPG
2010-12-03 15:20 - 2014-11-14 05:07 - 0014983 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-23 13:42

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2015
Ran by ola at 2015-02-24 15:50:49
Running from C:\Users\ola\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0.1 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe Acrobat 7.0 Professional - English, Français, Deutsch (HKLM-x32\...\Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V) (Version: 7.0.0 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader 8.3.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A83000000003}) (Version: 8.3.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
AIO_CDA_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Amazon Music (HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC)
ATI Catalyst Install Manager (HKLM\...\{67CA5B4D-32DA-B54C-1851-F68ECD83262E}) (Version: 3.0.754.0 - ATI Technologies, Inc.)
Bauern-Spass (HKLM-x32\...\{08C06EC7-FD54-4C4E-9FED-1E8DA7367BE3}) (Version: 1.00.0000 - Intenium GmbH)
Bauern-Spaß (HKLM-x32\...\Bauern-Spaß) (Version: 1.0.0.0 - INTENIUM GmbH)
Beach Party Craze Deluxe (HKLM-x32\...\ab25efd7edca8068e25022a8dcb023bc) (Version:  - Zylom)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Burger Bustle (HKLM-x32\...\BFG-Burger Bustle) (Version:  - )
C5100 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
c5100_Help (x32 Version: 82.0.256.000 - Hewlett-Packard) Hidden
Cake Mania Main Street (HKLM-x32\...\BFG-Cake Mania Main Street) (Version:  - )
Cake Mania: Lights, Camera, Action! (HKLM-x32\...\BFG-Cake Mania - Lights, Camera, Action) (Version:  - )
ccc-core-static (x32 Version: 2009.1201.2247.40849 - Ihr Firmenname) Hidden
Chicken Invaders 4 – Weihnachtsedition (HKLM-x32\...\Chicken Invaders 4 – Weihnachtsedition) (Version: 1.0.0.0 - INTENIUM GmbH)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Dancing Craze (HKLM-x32\...\BFG-Dancing Craze) (Version:  - )
Delicious: Emily und die Traumhochzeit Sammleredition (HKLM-x32\...\Delicious: Emily und die Traumhochzeit Sammleredition) (Version: 0.0.0.0 - INTENIUM GmbH)
Der Bau der Chinesischen Mauer (HKLM-x32\...\Der Bau der Chinesischen Mauer) (Version:  - )
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
Deutschland Spielt - Spiele Post (HKLM-x32\...\Deutschland Spielt - Spiele Post) (Version: 1.0.4.38 - INTENIUM GmbH)
DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\{D2B31FE6-127F-4E79-8186-F080A282FBC7}) (Version: 1.0.0.46 - Intenium GmbH)
DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 2.4.2.14 - INTENIUM GmbH)
DEUTSCHLAND SPIELT Spiele Post (HKLM-x32\...\DEUTSCHLAND SPIELT Spiele Post) (Version: 1.0.3.0 - INTENIUM GmbH)
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
Die FreeRide Games Bar Toolbar (HKLM-x32\...\Die_FreeRide_Games_Bar Toolbar) (Version: 6.5.2.8 - Die FreeRide Games Bar)
Die Legende von Atlantis - Exodus (HKLM-x32\...\{AB49EB53-CEA8-40F1-828B-7DE5D7D158F0}) (Version: 1.00.0000 - Intenium GmbH)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 5.1.7 - CEWE Stiftung u Co. KGaA)
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Double Pack SuperMarket Management Deluxe (HKLM-x32\...\7283d44070835c6bc64e323b40b6ec9f) (Version:  - Zylom)
Dragon Keeper 2 (HKLM-x32\...\BFG-Dragon Keeper 2) (Version:  - )
DragonStone (HKLM-x32\...\BFG-DragonStone) (Version:  - )
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
Farm Mania Hot Vacation (HKLM-x32\...\Farm Mania Hot Vacation_is1) (Version:  - Realore Studios)
Farmscapes (HKLM-x32\...\BFG-Farmscapes) (Version:  - )
Farmscapes (HKLM-x32\...\Farmscapes_is1) (Version:  - Playrix Entertainment)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Free Audio CD Burner version 1.4.8 (HKLM-x32\...\Free Audio CD Burner_is1) (Version:  - DVDVideoSoft Limited.)
Free YouTube to MP3 Converter version 3.12.54.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.54.128 - DVDVideoSoft Ltd.)
GameCatalog42.2013 (x32 Version: 1.00.0000 - Intenium GmbH) Hidden
GameTreat Player (HKLM-x32\...\{AC323D63-F1B1-4FA6-88B1-72E74025036E}) (Version:  - )
GMX Internet Explorer Addon (HKLM-x32\...\1&1 Mail & Media GmbH 1und1InternetExplorerAddon) (Version: 1.0.1.0 - 1&1 Mail & Media GmbH)
GMX Softwareaktualisierung (HKLM-x32\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 2.0.1.5 - 1&1 Mail & Media GmbH)
GMX Toolbar für Internet Explorer (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 1.7.2.0 - 1&1 Mail & Media GmbH)
GMX Toolbar MSVC100 CRT x64 (Version: 1.0.0 - 1&1 Mail & Media GmbH) Hidden
GMX Toolbar MSVC100 CRT x86 (x32 Version: 1.0.0 - 1&1 Mail & Media GmbH) Hidden
Google Chrome (HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Grave Mania: Zombiefieber (HKLM-x32\...\BFG-Grave Mania - Zombiefieber) (Version:  - )
Hardwarediagnosetools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
Hello Venice (HKLM-x32\...\{6B19A215-DFA2-440D-B972-08CEEB77F078}) (Version: 1.00.0000 - Intenium GmbH)
Hello Venice (HKLM-x32\...\BFG-Hello Venice) (Version:  - )
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3422 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photosmart All-In-One Driver Software 13.0 Rel. A (HKLM\...\{17016DA1-F040-4032-BD36-34DD317BC9D5}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}) (Version: 5.1.10.7 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HydraVision (x32 Version: 4.2.128.0 - ATI Technologies Inc.) Hidden
Insaniquarium Deluxe (HKLM-x32\...\9a14c916588716e1e4a91a4414907685) (Version:  - Zylom)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
Island Tribe (HKLM-x32\...\Island Tribe_is1) (Version:  - Realore Studios)
Island Tribe 2 (HKLM-x32\...\BFG-Island Tribe 2) (Version:  - )
Island Tribe 2 (HKLM-x32\...\Island Tribe 2_is1) (Version:  - Realore Studios)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Jet Set Go (HKLM-x32\...\Jet Set Go) (Version: 1.0.0.0 - INTENIUM GmbH)
Jewelleria (HKLM-x32\...\BFG-Jewelleria) (Version:  - )
Juliettes Mode-Imperium (HKLM-x32\...\Juliettes Mode-Imperium) (Version: 1.0.0.0 - INTENIUM GmbH)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Katy + Bob (HKLM-x32\...\Katy + Bob) (Version:  - )
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version:  - EasyBits Software AS)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mein eigener Bauernhof (HKLM-x32\...\Mein eigener Bauernhof_is1) (Version:  - Realore Studios)
Mein eigener Bauernhof 2 (HKLM-x32\...\Mein eigener Bauernhof 2_is1) (Version:  - Realore Studios)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-107307583-39740663-3650351078-1001\...\MyFreeCodec) (Version:  - )
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
OpenOffice.org 3.2 (HKLM-x32\...\{8D1E61D1-1395-4E97-997F-D002DB3A5074}) (Version: 3.2.9502 - OpenOffice.org)
Paradise Beach 2 (HKLM-x32\...\{63C716AA-D7E0-4ED4-AC70-84F255F2AD55}) (Version: 1.00.0000 - Intenium GmbH)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.51.17865 - pdfforge GmbH)
PDF Architect 2 Create Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDF Architect 2 Edit Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDF Architect 2 View Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
Pet Show Craze Deluxe (HKLM-x32\...\7d89a1ed80d764888be08d8ed2b7ddbb) (Version:  - Zylom)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3405 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3405 - CyberLink Corp.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5938 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Ritter Arthur 4 (HKLM-x32\...\Ritter Arthur 4) (Version: 1.0.0.0 - INTENIUM GmbH)
Ritter Arthur III (HKLM-x32\...\Ritter Arthur III) (Version: 1.0.0.0 - INTENIUM GmbH)
Roads Of Rome (HKLM-x32\...\Roads Of Rome_is1) (Version:  - Realore Studios)
Roads of Rome 3 (HKLM-x32\...\Roads of Rome 3) (Version: 32.0.0.0 - Shockwave.com)
Royal Envoy (HKLM-x32\...\Royal Envoy_is1) (Version:  - Playrix Entertainment)
Royal Envoy 2 (HKLM-x32\...\Royal Envoy 2_is1) (Version:  - Playrix Entertainment)
Sally's Quick Clips (HKLM-x32\...\c59fb4f519ae3f5779eefbda2291335c) (Version:  - Zylom)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.10.9560 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Trojan Remover 6.9.1 (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.1 - Simply Super Software)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Viking Saga (HKLM-x32\...\b084798fee4191843dbe5cdb90c900ef) (Version:  - GameHouse)
Viking Saga (HKLM-x32\...\BFG-Viking Saga) (Version:  - )
viking saga (HKLM-x32\...\viking saga_is1) (Version:  - Realore Studios)
VLC media player 1.1.5 (HKLM-x32\...\VLC media player) (Version: 1.1.5 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Wedding Salon Deluxe (HKLM-x32\...\3866c7ce7716fadf1b53a2ff8d90be59) (Version:  - Zylom)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.10.20 - WildTangent)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Youda Farmer (HKLM-x32\...\Youda Farmer) (Version:  - )
Youda Farmer 3: Jahreszeiten (HKLM-x32\...\Youda Farmer 3: Jahreszeiten) (Version: 1.0.0.0 - INTENIUM GmbH)
Zylom Games Player Plugin (HKLM-x32\...\Zylom Games Player Plugin) (Version:  - Zylom Games)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-107307583-39740663-3650351078-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\ola\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-107307583-39740663-3650351078-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\ola\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-107307583-39740663-3650351078-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\ola\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-107307583-39740663-3650351078-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\ola\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-107307583-39740663-3650351078-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\ola\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-107307583-39740663-3650351078-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\ola\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-107307583-39740663-3650351078-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\ola\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

19-02-2015 10:17:20 Windows Update
23-02-2015 13:00:22 Windows Update
23-02-2015 16:54:54 TuneUp Utilities 2014 wird entfernt
23-02-2015 16:57:13 TuneUp Utilities 2014 (de-DE) wird entfernt
23-02-2015 17:15:48 Entfernt Panorama Maker
23-02-2015 17:23:41 Entfernt MediaImpression
23-02-2015 17:25:48 Removed Nikon Transfer
23-02-2015 17:35:06 Removed Cisco Systems VPN Client 5.0.07.0290
23-02-2015 17:37:17 Konfiguriert PowerStarter
23-02-2015 17:43:03 Removed Die Ratten.
23-02-2015 17:51:57 Removed File Uploader
23-02-2015 17:52:36 Removed File Uploader
23-02-2015 17:53:14 Removed Nikon Message Center
23-02-2015 17:53:32 Removed Picture Control Utility
23-02-2015 17:54:15 Removed ViewNX
23-02-2015 17:55:52 Removed File Uploader
23-02-2015 17:56:30 Removed Picture Control Utility
23-02-2015 18:03:42 Removed The Clockmaker - Die Stunde des Uhrmachers.
23-02-2015 18:34:51 Removed Samsung Kies
24-02-2015 13:07:56 Malwarebytes Anti-Rootkit Restore Point
24-02-2015 13:57:30 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-02-24 15:36 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0ADCF13C-D003-4C8D-94D7-EE901DA4A609} - System32\Tasks\{440C16AE-EFF7-4451-9E33-E04BFA205354} => Chrome.exe
Task: {222EB722-32B4-4C08-A2A1-67E2C6283CC2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {2CF4D595-4B23-416F-88CA-2861FD7D3B76} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {3B847ADD-D18A-42AB-B426-0774014E7014} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {42BF959D-4F51-4743-BF0E-ACD9096DECDA} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {43F46D89-5F6B-4D5D-AB7F-A404A7B51100} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {48C7550E-5201-4279-A0F1-2C60B8B60BB0} - System32\Tasks\{5F0472E8-4636-4748-8486-5A34D579AEB8} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {52BAA416-89BB-4321-B717-345162D64B72} - System32\Tasks\{DDDAEAD7-D45D-41AA-8A89-B0F818DE02C4} => pcalua.exe -a "C:\Program Files (x86)\Shockwave.com\Camp Funshine - Carrie the Caregiver 3\Camp Funshine - Carrie the Caregiver 3.exe" -d C:\Users\ola\Desktop
Task: {56DB60FE-FFCB-467B-93F0-6FF5E9A07FF9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {584CA625-7C99-4E0E-BE5F-9CDB3F94CE91} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {5FB1A7E7-2BF3-4A45-80B1-B8F6FA877477} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-107307583-39740663-3650351078-1001Core => C:\Users\ola\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {724F7291-CE40-41A1-A9A0-924316DE2390} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-10-22] (CyberLink)
Task: {85DA9ABF-C6C3-448C-B5BE-8A01C40C2840} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {94621FE4-1114-43E4-A95C-B112540CE59C} - System32\Tasks\1und1 Konfiguration => C:\ProgramData\1und1InternetExplorerAddon\ConfigTask.exe [2011-04-19] (1und1 Mail und Media GmbH)
Task: {9605CCA3-7C86-4ACC-90A5-3EBFA29BDB3B} - System32\Tasks\{AF6F217A-6557-4705-A11D-D8705CE52A49} => pcalua.exe -a "C:\Users\ola\Downloads\DancingCraze (1).exe" -d C:\Users\ola\Downloads
Task: {AA7B0780-C9B8-4CAD-95CC-371756F5B285} - System32\Tasks\{CAF7B480-2A56-4CF5-BEA1-D717E2B4F1AF} => pcalua.exe -a "C:\Users\ola\Downloads\InstallCakeMania2 (1).exe" -d C:\Users\ola\Downloads
Task: {AD1C7FB3-7C40-4FBA-ABB5-76BF963ECE99} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-11-15] (Hewlett-Packard Company)
Task: {B50C9F2D-9499-4AB6-A724-C8AC8FA222D3} - System32\Tasks\{996E5C7A-CCAE-4656-8D5D-89BE152FD3E4} => pcalua.exe -a C:\Users\ola\Desktop\DiamondDrop2.exe -d C:\Users\ola\Desktop
Task: {B609AA2B-B181-43D3-84EC-B660DC3C01EC} - System32\Tasks\{208FEADB-A1A9-4840-8445-2DE9903BAFDA} => pcalua.exe -a "C:\Users\ola\Downloads\RitterArthur4 (1).exe" -d C:\Users\ola\Downloads
Task: {B9BFC3EB-5A7E-43D6-83AF-E11CDD19DDA2} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2011-06-08] (1&1 Mail & Media GmbH)
Task: {C1EA5B84-2B14-43D4-A295-95C026651C8F} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)
Task: {C6409590-4B9B-4502-8AF5-0B8C7D0C9E64} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-11-15] (Hewlett-Packard Company)
Task: {C675942D-5330-49A1-9E19-48953EF659E6} - System32\Tasks\ExtendedServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {D08BC7DE-3204-457E-9541-091F2EEE1449} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-107307583-39740663-3650351078-1001UA => C:\Users\ola\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {E056F0DF-D200-4A05-AD81-BBA7BAC162FB} - System32\Tasks\{2FA90A2F-3E1B-4BDC-980B-0704EA92DA79} => pcalua.exe -a "C:\Users\ola\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZLAXA7BL\DiamondDrop2[1].exe" -d C:\Users\ola\Desktop
Task: {F7874B80-5184-4793-9FE4-3165B5525F41} - System32\Tasks\{0CF927CB-81C6-4D35-B425-FA96E1EA5DF3} => pcalua.exe -a "C:\Users\ola\Downloads\DieSpurensucher (1).exe" -d C:\Users\ola\Downloads
Task: {F78C369F-738B-4EDA-841C-520FA6C0878B} - System32\Tasks\{9B58D4A6-80C8-4626-96C0-D2D146DBFF74} => pcalua.exe -a "J:\maren\Office 2007 - Deutsch + seriell\setup.exe" -d "J:\maren\Office 2007 - Deutsch + seriell"
Task: {F8496263-A388-4A62-8EA8-52DA054C5770} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-107307583-39740663-3650351078-1001Core.job => C:\Users\ola\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-107307583-39740663-3650351078-1001UA.job => C:\Users\ola\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe5-fh scripts\monthly.xml

==================== Loaded Modules (whitelisted) ==============

2009-09-14 16:17 - 2009-09-14 16:17 - 00610360 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2014-09-12 18:39 - 2014-09-06 01:54 - 06281536 _____ () C:\Users\ola\AppData\Local\Amazon Music\Amazon Music Helper.exe
2009-06-26 11:25 - 2009-06-26 11:25 - 00098304 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-02-05 19:04 - 2010-02-05 19:04 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2009-09-29 15:25 - 2009-09-29 15:25 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2010-05-04 15:36 - 2010-05-04 15:36 - 00970752 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2009-10-22 18:50 - 2009-10-22 18:50 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2015-02-22 13:40 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-22 13:40 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-22 13:40 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2010-02-05 19:03 - 2009-10-02 12:18 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-02-21 10:29 - 2015-02-17 23:44 - 01117512 _____ () C:\Users\ola\AppData\Local\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-21 10:29 - 2015-02-17 23:44 - 00211272 _____ () C:\Users\ola\AppData\Local\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-21 10:29 - 2015-02-17 23:44 - 09171272 _____ () C:\Users\ola\AppData\Local\Google\Chrome\Application\40.0.2214.115\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\ola:zylomtest
AlternateDataStreams: C:\Users\ola:zylomtr{0000278T-TT9K-T8DU-07LG-28DG94S2MVRH}
AlternateDataStreams: C:\Users\ola:zylomtr{0000278T-TT9K-T8DU-07LG-28DG94S2MVTH}
AlternateDataStreams: C:\Users\ola:zylomtr{00013KEU-UKQE-K6V0-70L9-2A8RJ1B4CV71}
AlternateDataStreams: C:\Users\ola:zylomtr{00013KEU-UKQE-K6V0-70L9-2A8RJ1B4CVL4}
AlternateDataStreams: C:\Users\ola:zylomtr{00013KEU-UKQE-K6V0-9MH3-29NVUQ9IEVPR}
AlternateDataStreams: C:\Users\ola:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVIC}
AlternateDataStreams: C:\Users\ola:zylomtr{00013KEU-UKQE-K6V0-QFBF-26K1JL6KQVVO}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG1-1VH8-28I0EFCC2VOB}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG1-1VH8-28I0EFCC2VVP}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG1-3BG4-281NL05DCVTO}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG1-6E2T-2B6FMQRBGVRR}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG1-6E2T-2B6FMQRBGVTH}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG1-7LLS-22TDACKJ0VU4}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG1-J24H-293SB52ICVVS}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG2-CB1H-264U84BSAVVN}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG2-LKCU-2AJQPJA4AVIR}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG2-LKCU-2AJQPJA4AVPQ}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG2-LKCU-2AJQPJA4AVQQ}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG2-LKCU-2AJQPJA4AVUC}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG2-V08M-26E8LC4K2VVR}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG3-1EMN-28M5NPU00VQH}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG3-1EMN-295K77I0IVVI}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG3-40QI-27REBT9KOVVK}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG3-7U7M-26FBSL48IVVJ}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG3-8AT4-258NF6K78VST}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG3-L1G2-28QRSPMS6VVH}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG3-L4Q0-290ETKLEB000}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG3-O5NG-26MTF54NEVSV}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG3-S3H7-2A5PQROOQVT8}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG3-S3H7-2A5PQROOQVVP}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG4-3S8E-27J3AJ6UT000}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG4-5TO3-2831TOKLCVUL}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG4-74E3-28689HMLOVUP}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG4-US8E-26I93FV2MVV4}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG5-8A6T-26VOTC6OMVND}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVKL}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVLH}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVML}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVOE}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG6-64CA-2ASVQDAHMVP0}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG6-64CA-2ASVQDAHMVS3}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG7-5P29-2A14KFREQVPV}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG7-9H53-25QU2TIGSVVL}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG7-FCUD-27Q18NRLP000}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG7-FCUD-28A45N46SVTT}
AlternateDataStreams: C:\Users\ola:zylomtr{000HQ7FF-AD7A-3FG7-FCUD-28A45N46SVVI}
AlternateDataStreams: C:\Users\ola:zylomtr{1000278T-TT9K-T8DU-1KFV-23O5NTEJMVRJ}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\S-1-5-21-107307583-39740663-3650351078-1001\Software\Classes\.exe:  =>  <===== ATTENTION!

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-107307583-39740663-3650351078-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ola\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-107307583-39740663-3650351078-500 - Administrator - Disabled)
Gast (S-1-5-21-107307583-39740663-3650351078-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-107307583-39740663-3650351078-1002 - Limited - Enabled)
ola (S-1-5-21-107307583-39740663-3650351078-1001 - Administrator - Enabled) => C:\Users\ola

==================== Faulty Device Manager Devices =============

Name: X5XSEx
Description: X5XSEx
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: X5XSEx
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (02/24/2015 03:42:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (02/24/2015 03:42:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (02/24/2015 03:42:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "X5XSEx" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error: (02/24/2015 03:41:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (02/24/2015 03:41:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (02/24/2015 03:30:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "X5XSEx" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3


Microsoft Office Sessions:
=========================
Error: (05/14/2014 01:15:24 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3439 seconds with 2820 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-02-15 10:25:26.544
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-15 10:25:26.474
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-12 10:54:00.680
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-12 10:54:00.500
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-12 10:35:49.107
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-12 10:35:48.937
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-23 17:12:50.013
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-23 17:12:50.013
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-23 17:12:18.996
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-23 17:12:18.965
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz
Percentage of memory in use: 50%
Total physical RAM: 3959.08 MB
Available physical RAM: 1960.87 MB
Total Pagefile: 7916.34 MB
Available Pagefile: 5387.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:918.39 GB) (Free:684.2 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.02 GB) (Free:1.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Iomega_HDD) (Fixed) (Total:465.76 GB) (Free:139.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=918.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: C94041C3)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus 24.02.2015 16:10
Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


ola_123 24.02.2015 22:08
Hier schon mal das erste....und das sieht schon super aus. Ich flippe aus. Danke dir.

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 24.02.2015
Suchlauf-Zeit: 16:17:30
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.24.04
Rootkit Datenbank: v2015.02.22.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: ola

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 383216
Verstrichene Zeit: 11 Min, 56 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
Das dauert etwas....er ist grad bei 22%

HALLELUJA

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=5bd68340bdfb4e4f9f074a4f2459d9be
# engine=22626
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-24 04:23:58
# local_time=2015-02-24 05:23:58 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1296 16777213 100 100 9771 28867720 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 8962 176424888 0 0
# scanned=121696
# found=4
# cleaned=0
# scan_time=2836
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Die_FreeRide_Games_Bar\Die_FreeRide_Games_BarToolbarHelper.exe"
sh=0497DEF079C91A14CC54EBDC7E9025BB245B78C0 ft=1 fh=3602d6868b043d08 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Die_FreeRide_Games_Bar\ldrtbDie_.dll"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Die_FreeRide_Games_Bar\prxtbDie_.dll"
sh=B5A8BD03570AD4B64DA1F3B99889A84DC2E8BF18 ft=1 fh=62cf372c5a341a16 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Die_FreeRide_Games_Bar\tbDie_.dll"

cosinus 25.02.2015 00:17
FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Program Files (x86)\Die_FreeRide_Games_Bar
EmptyTemp:
Hosts:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


ola_123 25.02.2015 09:42
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-02-2015
Ran by ola at 2015-02-25 09:32:47 Run:3
Running from C:\Users\ola\Desktop
Loaded Profiles: ola (Available profiles: ola)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\Die_FreeRide_Games_Bar
EmptyTemp:
Hosts:
       
*****************

C:\Program Files (x86)\Die_FreeRide_Games_Bar => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 17.1 MB temporary data.


The system needed a reboot.

==== End of Fixlog 09:33:58 ====

cosinus 25.02.2015 09:44
Sieht soweit ok aus :daumenhoc

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) empfehle ich die Erweiterung Ghostery, diese verhindert weitgehend Usertracking bzw. das Anzeigen von Werbebannern.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

ola_123 25.02.2015 09:49
Hey Cosinus,

soweit ich das beurteilen kann, läuft hier wieder alles rund.
VIELEN VIELEN DANK....auch wenn ich keine Ahnung habe, was wir (bzw. du) hier gemacht haben ;-)
"Ghostery" schaue ich mir gleich mal an, da ich nicht glaube, dass sich die WG an alles hält.
Du bist super - wirklich - vielen Dank!!!!

LG, Ola

PS: Kann ich hier irgendwo eine Bewertung abgeben?

cosinus 25.02.2015 10:19
Dann wären wir durch! :daumenhoc


Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board

Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden. Es empfiehlt sich Malwarebytes Anti-Malware zu behalten und damit wöchentlich nach Malware zu scannen.

Helfen kann dir dabei delfix:


Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.






Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:02 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132