YahooSearch and Trovi Search

Dominik H. · 20.08.2014, 10:32

Hallo zusammen,

ich bin mal wieder dabei meinen Rechner zu säubern. Bei einer Installation habe ich offenbar etwas übersehen.
Seit dem habe ich folgende Probleme:

A)
In jedem meiner Browser (Firefox, IE) werde ich bei Klicks auf Links unregelmäßig auf die Yahooseite gelenkt. Allerdings mit der Anzeige, dass es die gewünschte Seite nicht gäbe (was nicht der Fall ist!). Mal funktioniert die Weiterleitung einwandfrei, mal nicht.

B)
Im Suchfenster von Firefox ist die TroviSearch eingestellt. Das selbe gilt für neue Tabs.
Habe die gängigen Einstellungen im Browser bereits umgestellt. Ohne erfolgreiches Resultat.

Würde mich sehr über eure Hilfe freuen!!
Viele Grüße
Dominik

schrauber · 20.08.2014, 11:16

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Dominik H. · 20.08.2014, 11:47

Hey,

hier die gewünschten Inhalte.
Schon mal ein ganz fettes Dankeschön für die direkte Hilfe. Ich finde es einfach unschlagbar, wie Ihr hier geduldig und mit Fachwissen den Leuten helft. Wenn ich irgendwie "Spenden" kann, bin ich gerne dazu bereit!!

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by user (administrator) on USER-PC on 20-08-2014 12:40:40
Running from C:\Dominik\Programme\Virenschutz\Farbar Recovery Scan Tool
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files\Cold Turkey\CTService.exe
(Cisco Systems, Inc.) C:\Dominik\Programme\ciscoclient\cvpnd.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
() C:\Program Files\Cold Turkey\CTConfigServer.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(PC Utilities Software Limited) C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Alexander Roshal) C:\Dominik\Programme\Winrar\WinRAR.exe
(Mozilla Corporation) C:\Dominik\Programme\Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-3705937506-1407253618-1579061599-1000\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [146888 2014-07-29] (PC Utilities Software Limited)
HKU\S-1-5-21-3705937506-1407253618-1579061599-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-3705937506-1407253618-1579061599-1000\...\MountPoints2: {67163cc8-5fa5-11e3-a50e-806e6f6e6963} - D:\DriverPackSolution.exe
HKU\S-1-5-21-3705937506-1407253618-1579061599-1000\...\MountPoints2: {db50e0e4-5fa5-11e3-8c7e-f1cba68166a2} - E:\LaunchU3.exe -a
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [232896 2014-08-06] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [187328 2014-08-06] (Client Connect LTD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=M7F092E0D-6A76-417A-AB83-06E7737A94DE&SearchSource=58&CUI=&UM=6&UP=SPD92F3851-3728-4B6F-A727-7F5255D9E2C7&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=M7F092E0D-6A76-417A-AB83-06E7737A94DE&SearchSource=58&CUI=&UM=6&UP=SPD92F3851-3728-4B6F-A727-7F5255D9E2C7&q={searchTerms}&SSPV=
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4sl4qryr.default
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3321848&octid=EB_ORIGINAL_CTID&ISID=M21317D00-5A08-4230-B13E-7DD05C51FF66&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP58E33E98-3937-4FAD-8A1C-709105855BE0
FF DefaultSearchEngine: Trovi search
FF SelectedSearchEngine: Trovi search
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4sl4qryr.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: British English Dictionary (Updated) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4sl4qryr.default\Extensions\en-gb@flyingtophat.co.uk [2014-01-21]
FF Extension: WOT - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4sl4qryr.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-01-16]
FF Extension: ReminderFox - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4sl4qryr.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2014-04-19]
FF Extension: Ghostery - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4sl4qryr.default\Extensions\firefox@ghostery.com.xpi [2014-01-15]
FF Extension: Gesture Translate - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4sl4qryr.default\Extensions\gesture-translate@pablocantero.com.xpi [2014-01-21]
FF Extension: Grooveshark Unblocker - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4sl4qryr.default\Extensions\grooveshark-unblocker@4ley.addons.mozilla.org.xpi [2014-03-18]
FF Extension: Status-4-Evar - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4sl4qryr.default\Extensions\status4evar@caligonstudios.com.xpi [2014-01-21]
FF Extension: All-in-One Sidebar - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4sl4qryr.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2014-01-21]
FF Extension: NoScript - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4sl4qryr.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-15]
FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4sl4qryr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-15]
FF Extension: DownThemAll! - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4sl4qryr.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-01-21]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-08-01]

Chrome: 
=======
CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-12]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-12]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-12]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-12]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-15]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 70e6ca8c; c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [3475912 2014-08-01] ()
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2982336 2014-08-06] (Client Connect LTD)
R2 CTService; C:\Program Files\Cold Turkey\CTService.exe [62976 2013-12-08] () [File not signed]
R2 CVPND; C:\Dominik\Programme\ciscoclient\cvpnd.exe [1529856 2011-03-04] (Cisco Systems, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 atmeltpm; C:\Windows\System32\DRIVERS\atmeltpm64.sys [19456 2011-08-05] (Atmel, Inc.)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-31] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 TPPWRIF; C:\Dominik\Programme\Lenovo Battery Utility 2014\TPPWR64V.sys [20736 2014-03-05] (Lenovo Group Limited)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-20 12:40 - 2014-08-20 12:40 - 00000000 ____D () C:\FRST
2014-08-19 23:17 - 2014-08-19 23:17 - 00001041 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tiberian Sun.lnk
2014-08-19 22:37 - 2014-08-19 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Command & Conquer Tiberian Sun
2014-08-19 22:33 - 2014-08-19 22:35 - 151838355 _____ (Command & Conquer Communications Center ) C:\Users\user\Downloads\TSinstaller12.exe
2014-08-19 22:31 - 2014-08-19 22:31 - 00001230 _____ () C:\Users\user\Desktop\Die Installation von Command & Conquer Tiberian Sun fortsetzen.lnk
2014-08-19 22:29 - 2014-08-19 22:29 - 00812968 _____ ( ) C:\Users\user\Downloads\OfficialCnCTiberianSun_CB-DL-Manager.exe
2014-08-19 22:01 - 2014-08-19 22:01 - 00000954 _____ () C:\Users\Public\Desktop\ZDaemon Game Launcher.lnk
2014-08-19 22:01 - 2014-08-19 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZDaemon
2014-08-19 20:22 - 2014-08-19 20:22 - 00010486 _____ () C:\Users\user\Desktop\finanzenneu.ods
2014-08-19 17:10 - 2014-08-19 17:10 - 03230584 _____ () C:\Users\user\Downloads\secret-of-monkey-island.zip
2014-08-19 16:15 - 2014-08-19 16:15 - 00126794 _____ () C:\Users\user\Downloads\EdHarvey_Effects.zip
2014-08-19 16:14 - 2014-08-19 16:14 - 00186386 _____ () C:\Users\user\Downloads\EdHarvey_Effects.exe
2014-08-19 11:03 - 2014-08-19 16:16 - 00000000 ____D () C:\Users\user\Desktop\Beg
2014-08-15 20:24 - 2014-08-15 20:24 - 02872771 _____ () C:\Users\user\Downloads\ET
2014-08-15 12:59 - 2014-08-15 11:39 - 00017788 _____ () C:\Users\user\Documents\Übersicht%20Anbieter%20Komposttoiletten.xls_0.ods
2014-08-14 23:31 - 2014-08-14 23:31 - 656280137 _____ () C:\Windows\MEMORY.DMP
2014-08-14 23:31 - 2014-08-14 23:31 - 00291392 _____ () C:\Windows\Minidump\081414-89170-01.dmp
2014-08-14 23:31 - 2014-08-14 23:31 - 00000000 ____D () C:\Windows\Minidump
2014-08-14 23:25 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 23:25 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 23:25 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 23:25 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 23:25 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 23:25 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 23:25 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 23:25 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 08:29 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 08:29 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 08:29 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 08:29 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 08:29 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 08:29 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 08:29 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 08:29 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 08:29 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 08:29 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 08:29 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 08:29 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 08:29 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 08:29 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 08:29 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 08:29 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 08:29 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 08:29 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 08:29 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 08:29 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 08:29 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 08:29 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 08:29 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 08:29 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 08:29 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 08:29 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 08:29 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 08:29 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 08:29 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 08:29 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 08:29 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 08:29 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 08:29 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 08:29 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 08:29 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 08:29 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 08:29 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 08:29 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 08:29 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 08:29 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 08:29 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 08:29 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 08:29 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 08:29 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 08:29 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 08:29 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 08:29 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 08:29 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 08:29 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 08:29 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 08:29 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 08:29 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 08:29 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 08:29 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 08:29 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 08:29 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 08:29 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-14 08:29 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 08:29 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-14 08:29 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 08:29 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-14 08:29 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 08:29 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 08:29 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 08:29 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 08:29 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 08:29 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 08:29 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 08:29 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 08:27 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 08:27 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-11 23:37 - 2014-08-13 00:22 - 00000207 _____ () C:\Users\user\Desktop\apfelsaftwasichbrauche.txt
2014-08-05 23:46 - 2014-08-05 23:46 - 00001176 _____ () C:\Users\Public\Desktop\paint.net.lnk
2014-08-05 23:41 - 2014-08-05 23:41 - 00770556 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-08-02 11:05 - 2014-08-02 11:05 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-08-01 16:40 - 2014-08-01 16:40 - 00003238 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-08-01 16:40 - 2014-08-01 16:40 - 00000000 ____D () C:\Users\user\Documents\Optimizer Pro
2014-08-01 16:40 - 2014-08-01 16:40 - 00000000 ____D () C:\Users\user\AppData\Roaming\Optimizer Pro
2014-08-01 16:35 - 2014-08-01 16:35 - 00001066 _____ () C:\Users\user\Desktop\Optimizer Pro.lnk
2014-08-01 16:35 - 2014-08-01 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-08-01 16:35 - 2014-08-01 16:35 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-08-01 16:33 - 2014-08-12 14:34 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-08-01 16:33 - 2014-08-01 16:33 - 00001391 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-08-01 16:33 - 2014-08-01 16:33 - 00000000 ____D () C:\Users\user\AppData\Roaming\OpenCandy
2014-08-01 16:33 - 2014-08-01 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-08-01 16:32 - 2014-08-01 16:34 - 00000000 ____D () C:\Users\user\AppData\Roaming\DVDVideoSoft
2014-08-01 16:32 - 2014-08-01 16:32 - 29527272 _____ (DVDVideoSoft Ltd. ) C:\Users\user\Downloads\FreeYouTubeToMP3Converter-3.12.42.716.exe
2014-08-01 10:27 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 10:27 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 10:27 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 10:27 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 10:27 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 10:27 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 10:27 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-01 10:27 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 10:27 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 10:27 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 10:27 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 10:27 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 10:27 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 10:27 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-29 22:24 - 2014-07-29 22:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-23 19:14 - 2014-07-23 19:14 - 00000000 ____D () C:\Users\user\Documents\Adobe
2014-07-23 19:04 - 2014-07-23 19:04 - 00001866 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.4 64-Bit.lnk
2014-07-23 19:04 - 2014-07-23 19:04 - 00001846 _____ () C:\Users\Public\Desktop\Lightroom 5.4 64-Bit.lnk
2014-07-23 19:04 - 2014-07-23 19:04 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-07-22 15:14 - 2014-07-22 15:14 - 00137376 _____ (Microsoft Corporation) C:\Windows\system32\vcomp120.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-20 12:40 - 2014-08-20 12:40 - 00000000 ____D () C:\FRST
2014-08-20 12:38 - 2013-12-08 02:15 - 01074954 _____ () C:\Windows\WindowsUpdate.log
2014-08-20 12:37 - 2014-01-16 09:01 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-20 11:47 - 2014-01-15 20:26 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype
2014-08-20 10:41 - 2014-01-16 09:01 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-19 23:17 - 2014-08-19 23:17 - 00001041 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tiberian Sun.lnk
2014-08-19 23:04 - 2014-01-15 20:25 - 00000000 ____D () C:\ProgramData\Mozilla
2014-08-19 22:37 - 2014-08-19 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Command & Conquer Tiberian Sun
2014-08-19 22:35 - 2014-08-19 22:33 - 151838355 _____ (Command & Conquer Communications Center ) C:\Users\user\Downloads\TSinstaller12.exe
2014-08-19 22:31 - 2014-08-19 22:31 - 00001230 _____ () C:\Users\user\Desktop\Die Installation von Command & Conquer Tiberian Sun fortsetzen.lnk
2014-08-19 22:29 - 2014-08-19 22:29 - 00812968 _____ ( ) C:\Users\user\Downloads\OfficialCnCTiberianSun_CB-DL-Manager.exe
2014-08-19 22:01 - 2014-08-19 22:01 - 00000954 _____ () C:\Users\Public\Desktop\ZDaemon Game Launcher.lnk
2014-08-19 22:01 - 2014-08-19 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZDaemon
2014-08-19 20:22 - 2014-08-19 20:22 - 00010486 _____ () C:\Users\user\Desktop\finanzenneu.ods
2014-08-19 17:11 - 2014-01-18 07:17 - 00000000 ____D () C:\Dominik
2014-08-19 17:10 - 2014-08-19 17:10 - 03230584 _____ () C:\Users\user\Downloads\secret-of-monkey-island.zip
2014-08-19 16:16 - 2014-08-19 11:03 - 00000000 ____D () C:\Users\user\Desktop\Beg
2014-08-19 16:15 - 2014-08-19 16:15 - 00126794 _____ () C:\Users\user\Downloads\EdHarvey_Effects.zip
2014-08-19 16:14 - 2014-08-19 16:14 - 00186386 _____ () C:\Users\user\Downloads\EdHarvey_Effects.exe
2014-08-19 16:14 - 2013-12-08 02:14 - 00000000 ____D () C:\Users\user\AppData\Local\VirtualStore
2014-08-19 06:25 - 2009-07-14 06:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-19 06:25 - 2009-07-14 06:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-19 06:18 - 2014-04-10 11:59 - 00000000 ___RD () C:\Users\user\Dropbox
2014-08-19 06:18 - 2014-04-10 11:55 - 00000000 ____D () C:\Users\user\AppData\Roaming\Dropbox
2014-08-19 06:17 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-19 06:17 - 2009-07-14 06:51 - 00051540 _____ () C:\Windows\setupact.log
2014-08-19 06:17 - 2009-07-14 06:45 - 00293176 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-18 16:58 - 2014-03-12 17:33 - 00000000 ____D () C:\Users\user\Desktop\Aktuell
2014-08-18 15:22 - 2009-07-14 07:13 - 00781334 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-17 12:50 - 2014-01-18 09:16 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc
2014-08-15 20:24 - 2014-08-15 20:24 - 02872771 _____ () C:\Users\user\Downloads\ET
2014-08-15 11:39 - 2014-08-15 12:59 - 00017788 _____ () C:\Users\user\Documents\Übersicht%20Anbieter%20Komposttoiletten.xls_0.ods
2014-08-15 08:29 - 2013-12-08 03:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 08:27 - 2013-12-08 03:11 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-15 08:23 - 2014-04-10 11:59 - 00001013 _____ () C:\Users\user\Desktop\Dropbox.lnk
2014-08-15 08:23 - 2014-04-10 11:57 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-14 23:31 - 2014-08-14 23:31 - 656280137 _____ () C:\Windows\MEMORY.DMP
2014-08-14 23:31 - 2014-08-14 23:31 - 00291392 _____ () C:\Windows\Minidump\081414-89170-01.dmp
2014-08-14 23:31 - 2014-08-14 23:31 - 00000000 ____D () C:\Windows\Minidump
2014-08-14 23:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 00:22 - 2014-08-11 23:37 - 00000207 _____ () C:\Users\user\Desktop\apfelsaftwasichbrauche.txt
2014-08-12 14:34 - 2014-08-01 16:33 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-08-06 09:37 - 2014-02-01 13:02 - 00000000 ____D () C:\Users\user\AppData\Local\Paint.NET
2014-08-06 08:38 - 2010-11-21 05:47 - 00130018 _____ () C:\Windows\PFRO.log
2014-08-05 23:46 - 2014-08-05 23:46 - 00001176 _____ () C:\Users\Public\Desktop\paint.net.lnk
2014-08-05 23:46 - 2014-02-01 13:02 - 00001188 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2014-08-05 23:46 - 2014-02-01 13:02 - 00000000 ____D () C:\Program Files\Paint.NET
2014-08-05 23:41 - 2014-08-05 23:41 - 00770556 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-08-05 20:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-03 10:29 - 2014-01-15 20:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-02 11:05 - 2014-08-02 11:05 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-08-01 16:40 - 2014-08-01 16:40 - 00003238 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-08-01 16:40 - 2014-08-01 16:40 - 00000000 ____D () C:\Users\user\Documents\Optimizer Pro
2014-08-01 16:40 - 2014-08-01 16:40 - 00000000 ____D () C:\Users\user\AppData\Roaming\Optimizer Pro
2014-08-01 16:35 - 2014-08-01 16:35 - 00001066 _____ () C:\Users\user\Desktop\Optimizer Pro.lnk
2014-08-01 16:35 - 2014-08-01 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-08-01 16:35 - 2014-08-01 16:35 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-08-01 16:34 - 2014-08-01 16:32 - 00000000 ____D () C:\Users\user\AppData\Roaming\DVDVideoSoft
2014-08-01 16:33 - 2014-08-01 16:33 - 00001391 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-08-01 16:33 - 2014-08-01 16:33 - 00000000 ____D () C:\Users\user\AppData\Roaming\OpenCandy
2014-08-01 16:33 - 2014-08-01 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-08-01 16:32 - 2014-08-01 16:32 - 29527272 _____ (DVDVideoSoft Ltd. ) C:\Users\user\Downloads\FreeYouTubeToMP3Converter-3.12.42.716.exe
2014-08-01 01:41 - 2014-08-14 08:29 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-14 08:29 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-31 20:11 - 2014-04-23 23:55 - 00009577 _____ () C:\Users\user\Desktop\LP.ods
2014-07-29 22:25 - 2014-07-29 22:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-26 09:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-25 16:52 - 2014-08-14 08:29 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 16:02 - 2014-08-14 08:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 16:01 - 2014-08-14 08:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 15:51 - 2014-08-14 08:29 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 15:30 - 2014-08-14 08:29 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 15:28 - 2014-08-14 08:29 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 15:28 - 2014-08-14 08:29 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 15:25 - 2014-08-14 08:29 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 15:25 - 2014-08-14 08:29 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 15:11 - 2014-08-14 08:29 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 15:10 - 2014-08-14 08:29 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 15:04 - 2014-08-14 08:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 15:03 - 2014-08-14 08:29 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 15:00 - 2014-08-14 08:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 15:00 - 2014-08-14 08:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 14:59 - 2014-08-14 08:29 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 14:47 - 2014-08-14 08:29 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 14:40 - 2014-08-14 08:29 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 14:34 - 2014-08-14 08:29 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 14:34 - 2014-08-14 08:29 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 14:33 - 2014-08-14 08:29 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 14:30 - 2014-08-14 08:29 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 14:28 - 2014-08-14 08:29 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 14:28 - 2014-08-14 08:29 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 14:21 - 2014-08-14 08:29 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 14:19 - 2014-08-14 08:29 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 14:18 - 2014-08-14 08:29 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 14:17 - 2014-08-14 08:29 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 14:17 - 2014-08-14 08:29 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 14:12 - 2014-08-14 08:29 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 14:10 - 2014-08-14 08:29 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 14:10 - 2014-08-14 08:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 14:08 - 2014-08-14 08:29 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 14:06 - 2014-08-14 08:29 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 13:52 - 2014-08-14 08:29 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 13:47 - 2014-08-14 08:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 13:43 - 2014-08-14 08:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 13:42 - 2014-08-14 08:29 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 13:39 - 2014-08-14 08:29 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 13:39 - 2014-08-14 08:29 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 13:36 - 2014-08-14 08:29 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 13:34 - 2014-08-14 08:29 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 13:29 - 2014-08-14 08:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 13:23 - 2014-08-14 08:29 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 13:13 - 2014-08-14 08:29 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 13:07 - 2014-08-14 08:29 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 13:07 - 2014-08-14 08:29 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 13:03 - 2014-08-14 08:29 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 12:52 - 2014-08-14 08:29 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 12:26 - 2014-08-14 08:29 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 12:17 - 2014-08-14 08:29 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 12:09 - 2014-08-14 08:29 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 12:05 - 2014-08-14 08:29 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 12:00 - 2014-08-14 08:29 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-24 00:14 - 2013-12-08 04:14 - 00000000 ____D () C:\Users\user\AppData\Roaming\Adobe
2014-07-23 19:14 - 2014-07-23 19:14 - 00000000 ____D () C:\Users\user\Documents\Adobe
2014-07-23 19:13 - 2014-01-15 20:36 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2014-07-23 19:04 - 2014-07-23 19:04 - 00001866 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.4 64-Bit.lnk
2014-07-23 19:04 - 2014-07-23 19:04 - 00001846 _____ () C:\Users\Public\Desktop\Lightroom 5.4 64-Bit.lnk
2014-07-23 19:04 - 2014-07-23 19:04 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-07-23 19:04 - 2013-12-08 02:41 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-23 18:45 - 2014-05-21 14:22 - 00000310 _____ () C:\Users\user\Desktop\ToDo.txt
2014-07-22 15:14 - 2014-07-22 15:14 - 00137376 _____ (Microsoft Corporation) C:\Windows\system32\vcomp120.dll

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6rgtkx.dll
C:\Users\user\AppData\Local\Temp\i4jdel0.exe
C:\Users\user\AppData\Local\Temp\ICReinstall_OfficialCnCTiberianSun_CB-DL-Manager.exe
C:\Users\user\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\user\AppData\Local\Temp\nsg8EE4.exe
C:\Users\user\AppData\Local\Temp\nsgD5E7.exe
C:\Users\user\AppData\Local\Temp\nsl9876.exe
C:\Users\user\AppData\Local\Temp\nslCC45.exe
C:\Users\user\AppData\Local\Temp\optprosetup.exe
C:\Users\user\AppData\Local\Temp\paint.net.4.0.3.install.exe
C:\Users\user\AppData\Local\Temp\sdanircmdc.exe
C:\Users\user\AppData\Local\Temp\sdapskill.exe
C:\Users\user\AppData\Local\Temp\sdaspwn.exe
C:\Users\user\AppData\Local\Temp\SHSetup.exe
C:\Users\user\AppData\Local\Temp\SPSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-17 21:25

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by user at 2014-08-20 12:41:56
Running from C:\Dominik\Programme\Virenschutz\Farbar Recovery Scan Tool
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DMark06 (HKLM-x32\...\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}) (Version: 1.2.1 - Futuremark Corporation)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.4 64-bit (HKLM\...\{558B5965-CC1B-4AF1-BA07-5D6832404050}) (Version: 5.4.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
CDisplayEx 1.10.18 (HKLM-x32\...\CDisplayEx_is1) (Version:  - cdisplayex.com)
Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
Clonk Planet (HKLM-x32\...\Clonk Planet) (Version: 4.65 - RedWolf Design)
Cold Turkey version 0.9 (HKLM\...\{6498E673-B9C2-4544-A722-1E854B5B573E}_is1) (Version: 0.9 - Felix Belzile)
Command & Conquer Tiberian Sun (HKLM-x32\...\{52F25D7D-DEE1-42E7-AB48-D0F014E1F795}_is1) (Version:  - Command & Conquer Communications Center)
Conexant 20585 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.95.49.53 - Conexant)
Dia (nur entfernen) (HKLM-x32\...\Dia) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
Free YouTube to MP3 Converter version 3.12.42.716 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.42.716 - DVDVideoSoft Ltd.)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.15.0 - Futuremark Corporation)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GPL Ghostscript 8.71 (HKLM\...\GPL Ghostscript 8.71) (Version:  - )
GSview 5.0 (HKLM\...\GSview 5.0) (Version: 5.0 - Ghostgum Software Pty Ltd)
InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Lenovo Battery Utility 2014 1.2 (HKLM-x32\...\{62D5A67D-E5CC-4D79-8998-DDFDB7750346}_is1) (Version: 1.2 - Lenovo Corp)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.03.13 - )
MAGIX FunPix Maker 1.0.0.0 (D) (HKLM-x32\...\MAGIX FunPix Maker D) (Version: 1.0.0.0 - MAGIX AG)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MatchWare MindView 5.0 (HKLM-x32\...\{C849BEF2-0216-45E5-841B-F0F2F4FDE319}) (Version: 5.0.168 - MatchWare A/S)
Metro 2033 Demo (HKLM-x32\...\{74027A70-698F-49B4-969D-AA64BE2A8D8B}_is1) (Version:  - THQ)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Version: 4.5.51209 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.2.0 (x86 de)) (Version: 24.2.0 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 de) (HKCU\...\Mozilla Thunderbird 24.3.0 (x86 de)) (Version: 24.3.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKCU\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Control Panel 327.23 (Version: 327.23 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.902 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{54194F60-988C-4D03-B922-C2B00EFDA39A}) (Version: 9.10.0222 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
OpenProj (HKLM-x32\...\{13702021-43FB-480C-912F-D9B74A538288}) (Version: 1.4.0 - Serena Software Inc.)
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version:  - ) <==== ATTENTION
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
QGIS Dufour 2.0.1 Dufour (HKLM\...\QGIS Dufour) (Version:  - QGIS Development Team)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.16.20.192 - Client Connect LTD) <==== ATTENTION
SereneScreen Marine Aquarium 2 (HKLM-x32\...\SereneScreen Marine Aquarium 2_is1) (Version: 2.0 - Prolific Publishing, Inc.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SpyHunter (HKLM\...\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
TeXnicCenter Version 2.02 Stable (HKLM\...\TeXnicCenter_is1) (Version: 2.02 Stable - The TeXnicCenter Team)
Tinypic 3.18 (HKLM-x32\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.18 - E. Fiedler)
VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)
WAV To MP3 V2 (HKLM-x32\...\WAV To MP3_is1) (Version:  - hxxp://www.WAVMP3.net)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
yEd Graph Editor 3.11.1 (HKLM-x32\...\3309-7404-0599-8908) (Version: 3.11.1 - yWorks GmbH)
ZDaemon (remove only) (HKLM-x32\...\ZDaemon) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3705937506-1407253618-1579061599-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3705937506-1407253618-1579061599-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3705937506-1407253618-1579061599-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3705937506-1407253618-1579061599-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3705937506-1407253618-1579061599-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3705937506-1407253618-1579061599-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3705937506-1407253618-1579061599-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3705937506-1407253618-1579061599-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3705937506-1407253618-1579061599-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

27-07-2014 08:05:58 Windows Update
30-07-2014 18:18:40 Windows Update
01-08-2014 08:27:26 Windows Update
03-08-2014 13:28:47 Windows Update
05-08-2014 21:45:43 paint.net 4.0.3
06-08-2014 21:20:38 Windows Update
10-08-2014 11:11:22 Windows Update
13-08-2014 19:48:52 Windows Update
14-08-2014 21:24:52 Windows Update
15-08-2014 06:25:02 Windows Update
18-08-2014 13:18:47 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-08-08 13:30 - 00003851 ____R C:\Windows\system32\Drivers\etc\hosts
















































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00F4E794-D4F3-42B5-A7FA-9734977BFC20} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [2014-07-29] (PC Utilities Software Limited) <==== ATTENTION
Task: {04712F0A-80A9-4E6E-9427-C074355C6E52} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2014-01-09] (Enigma Software Group USA, LLC.)
Task: {343FA0EC-472E-4898-A351-72A150107C9E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-16] (Google Inc.)
Task: {E2EB2F22-B9FF-4D3D-996D-5D06AD57806A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-16] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-12-28 23:48 - 2013-09-12 09:25 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-30 23:58 - 2013-12-08 02:04 - 00062976 _____ () C:\Program Files\Cold Turkey\CTService.exe
2014-01-30 23:58 - 2012-12-21 17:54 - 00006656 _____ () C:\Program Files\Cold Turkey\NetworkTime.dll
2014-01-30 23:58 - 2013-10-27 11:04 - 00557056 _____ () C:\Program Files\Cold Turkey\CTConfigServer.exe
2014-08-01 16:35 - 2014-08-01 16:35 - 03475912 _____ () c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll
2011-03-04 13:49 - 2011-03-04 13:49 - 00202752 _____ () C:\Dominik\Programme\ciscoclient\vpnapi.dll
2014-08-19 06:18 - 2014-08-19 06:18 - 00043008 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6rgtkx.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\libcef.dll
2014-06-12 13:24 - 2014-06-12 13:24 - 03022960 _____ () C:\Dominik\Programme\Thunderbird\mozjs.dll
2014-06-12 13:24 - 2014-06-12 13:24 - 00158832 _____ () C:\Dominik\Programme\Thunderbird\NSLDAP32V60.dll
2014-06-12 13:24 - 2014-06-12 13:24 - 00023152 _____ () C:\Dominik\Programme\Thunderbird\NSLDAPPR32V60.dll
2014-07-29 22:24 - 2014-07-29 22:25 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/20/2014 00:45:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Tiberian Sun.exe, version: 1.0.0.1, time stamp: 0x393c1b12
Faulting module name: xts.dll, version: 0.0.0.0, time stamp: 0x50c1f48c
Exception code: 0xc0000417
Fault offset: 0x0002a763
Faulting process id: 0x3ddc
Faulting application start time: 0xTiberian Sun.exe0
Faulting application path: Tiberian Sun.exe1
Faulting module path: Tiberian Sun.exe2
Report Id: Tiberian Sun.exe3

Error: (08/19/2014 06:17:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/18/2014 03:21:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Lightroom.exe version 5.4.0.10 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 70c

Start Time: 01cfbae75b8e9f12

Termination Time: 30

Application Path: C:\Dominik\Programme\Lightroom 5.0\Lightroom.exe

Report Id: 9dc41da7-26da-11e4-9f29-ec55f9de5f26

Error: (08/18/2014 09:50:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/17/2014 10:27:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/16/2014 09:49:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/15/2014 00:58:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/15/2014 08:21:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/14/2014 11:33:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/14/2014 08:45:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/15/2014 08:33:19 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.179.2953.0

	Update Source: %NT AUTHORITY59

	Update Stage: 4.5.0216.00

	Source Path: 4.5.0216.01

	Signature Type: %NT AUTHORITY602

	Update Type: %NT AUTHORITY604

	User: NT AUTHORITY\SYSTEM

	Current Engine Version: %NT AUTHORITY605

	Previous Engine Version: %NT AUTHORITY606

	Error code: %NT AUTHORITY607

	Error description: %NT AUTHORITY608

Error: (08/15/2014 08:33:19 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.179.2953.0

	Update Source: %NT AUTHORITY59

	Update Stage: 4.5.0216.00

	Source Path: 4.5.0216.01

	Signature Type: %NT AUTHORITY602

	Update Type: %NT AUTHORITY604

	User: NT AUTHORITY\SYSTEM

	Current Engine Version: %NT AUTHORITY605

	Previous Engine Version: %NT AUTHORITY606

	Error code: %NT AUTHORITY607

	Error description: %NT AUTHORITY608

Error: (08/15/2014 08:33:19 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.179.2953.0

	Update Source: %NT AUTHORITY59

	Update Stage: 4.5.0216.00

	Source Path: 4.5.0216.01

	Signature Type: %NT AUTHORITY602

	Update Type: %NT AUTHORITY604

	User: NT AUTHORITY\SYSTEM

	Current Engine Version: %NT AUTHORITY605

	Previous Engine Version: %NT AUTHORITY606

	Error code: %NT AUTHORITY607

	Error description: %NT AUTHORITY608

Error: (08/14/2014 11:33:22 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:32:00 PM on ‎8/‎14/‎2014 was unexpected.

Error: (08/10/2014 08:35:40 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The CTService service hung on starting.

Error: (08/07/2014 04:15:42 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (08/03/2014 10:39:41 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.179.1743.0

	Update Source: %NT AUTHORITY59

	Update Stage: 4.5.0216.00

	Source Path: 4.5.0216.01

	Signature Type: %NT AUTHORITY602

	Update Type: %NT AUTHORITY604

	User: NT AUTHORITY\SYSTEM

	Current Engine Version: %NT AUTHORITY605

	Previous Engine Version: %NT AUTHORITY606

	Error code: %NT AUTHORITY607

	Error description: %NT AUTHORITY608

Error: (08/03/2014 10:29:28 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:26:57 AM on ‎8/‎3/‎2014 was unexpected.

Error: (08/02/2014 11:45:05 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.179.1743.0

	Update Source: %NT AUTHORITY59

	Update Stage: 4.5.0216.00

	Source Path: 4.5.0216.01

	Signature Type: %NT AUTHORITY602

	Update Type: %NT AUTHORITY604

	User: NT AUTHORITY\SYSTEM

	Current Engine Version: %NT AUTHORITY605

	Previous Engine Version: %NT AUTHORITY606

	Error code: %NT AUTHORITY607

	Error description: %NT AUTHORITY608

Error: (08/02/2014 10:53:35 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.179.1743.0

	Update Source: %NT AUTHORITY59

	Update Stage: 4.5.0216.00

	Source Path: 4.5.0216.01

	Signature Type: %NT AUTHORITY602

	Update Type: %NT AUTHORITY604

	User: NT AUTHORITY\SYSTEM

	Current Engine Version: %NT AUTHORITY605

	Previous Engine Version: %NT AUTHORITY606

	Error code: %NT AUTHORITY607

	Error description: %NT AUTHORITY608


Microsoft Office Sessions:
=========================
Error: (08/20/2014 00:45:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Tiberian Sun.exe1.0.0.1393c1b12xts.dll0.0.0.050c1f48cc00004170002a7633ddc01cfbbf569fdebc6C:\Dominik\sonstiges\spiele\Tiberian Sun\Tiberian Sun.exeC:\Dominik\sonstiges\spiele\Tiberian Sun\xts.dll76b0537d-27f2-11e4-9bea-ec55f9de5f26

Error: (08/19/2014 06:17:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/18/2014 03:21:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Lightroom.exe5.4.0.1070c01cfbae75b8e9f1230C:\Dominik\Programme\Lightroom 5.0\Lightroom.exe9dc41da7-26da-11e4-9f29-ec55f9de5f26

Error: (08/18/2014 09:50:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/17/2014 10:27:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/16/2014 09:49:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/15/2014 00:58:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/15/2014 08:21:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/14/2014 11:33:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/14/2014 08:45:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-08-20 12:40:03.142
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64CQ17.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 12:40:00.982
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64CQ17.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 12:38:06.127
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64CQ17.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 12:38:01.207
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64CQ17.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 12:37:58.157
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64CQ17.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 11:47:53.132
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64CQ17.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 11:42:45.351
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64CQ17.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 11:42:40.091
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64CQ17.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 11:41:03.344
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64CQ17.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 11:40:40.861
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64CQ17.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz
Percentage of memory in use: 26%
Total physical RAM: 8051.67 MB
Available physical RAM: 5894.21 MB
Total Pagefile: 16101.52 MB
Available Pagefile: 13434.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:381.42 GB) (Free:47.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: DE2F4001)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=381.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=84.2 GB) - (Type=05)

==================== End Of Log ============================

schrauber · 21.08.2014, 08:02

Adware & Co. deinstallieren

Lade Dir bitte von hier Revo Uninstaller herunter.
Installiere und starte das Programm.
Suche im Uninstallerfeld nach den Programmen, die unter:

diesen Zusatz haben:
Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Dominik H. · 22.08.2014, 12:30

Hey,

ich habe die Schritte durchgeführt, bin aber zwischendurch auf verschiedene Probleme gestoßen:

Nach dem Start von Combofix ist - als der kleine blaue Bildstirm gestartet wurde - der Rechner abgeschmier. Message war in etwa "um Gefahren abzuwenden, wurde Windows beendet". Diese Nachricht habe ich übrigens neulich auch nach Installation des neuen Windowsupdates erhalten.

Momentan ist die TroviSearch weiterhin in Firefox eingestellt (im Suchfenster)

Ansonsten:
Im RevoUninstaller wird ein Programm nicht angezeigt (SpyHunter4). Allerdings taucht es auch nicht in der "AttentionList" auf, obwohl das Programm nicht gewünscht ist.

Danke und Grüße
Dominik

schrauber · 23.08.2014, 05:54

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

YahooSearch and Trovi Search

Plagegeister aller Art und deren Bekämpfung: YahooSearch and Trovi Search