Win Vista: Virus oder Registry durcheinander? Gruppenrichtilien blockieren / Programme lassen sich nicht installieren

Meiner1er · 22.08.2014, 12:44

Hallo liebes Trojaner-Board-Team,

über eine Google-Suche bin ich auf dieses spannende Forum gestoßen. Nachdem ich selbst schon einiges probiert habe, hoffe ich, man kann mir hier weiterhelfen!

Ich benutze Windows Vista Home Premium. Zum Virenschutz ist McAfee aktiv. Während ich McAfee stets aktuell gehalten habe, habe ich andere Updates vernachlässigt, weil ich mich durch McAfee (irrtümlich?) bereits geschützt sah. Ich las jedoch hier im Forum, dass es unerlässlich ist, auch Java-, Acrobat-, Windows- und Co Updates zeitnah aufzuspielen. Das habe ich inzwischen zwar nachgeholt, aber das hilft rückwirkend natürlich wenig.

Das Elend begann vor etwas über einer Woche, als mir auffiel, dass meine McAfee Internet Security Suite nicht aktiv war. Versuchte ich sie zu starten, wurde dies mit der Meldung „Dieses Programm wurde durch eine Gruppenrichtlinie geblockt“ verhindert. Ich habe dann von McAfee ein zur Problemanalyse dienendes Tool namens „Virtual Technican“ geladen. Dieses Programm ließ sich im normalen Betrieb nicht starten – im abgesicherten Modus hingegen schon. Im abgesicherten Modus ließ sich auch die McAfee Suite starten.

Einige Tage zuvor hatte ich den CCCleaner mein System einmal wieder bereinigen lassen. Auch die Registry hatte ich ihn aufräumen lassen. Ob hier ein Zusammenhang besteht, kann ich nicht abschätzen.

Ich habe per Chat mit dem McAfee Support Kontakt aufgenommen. Dort hat man via Fernwartung meine Registry so aktualisiert, dass die McAfee Suite auch im normalen Windows-Betrieb wieder startete. Das ging alles so fix, dass ich nicht nachvollziehen konnte, was genau gemacht wurde. Anschließend habe ich einen kompletten Scan meines Systems durchgeführt. McAfee fand zahlreiche Viren – diese aber in Mails, die bereits im Junk-Mail-Ordner lagen (und darum auch nicht von mir geöffnet wurden).

Gänzlich behoben war das Problem damit aber noch nicht. So konnte und kann ich z.B. das Programm Sandboxie nicht mehr starten – erneut blockieren die Gruppenrichtlinien. Wie ich inzwischen gelernt habe, gibt es keinen Gruppenlinieneditor in Vista Home Premium. Und Anleitungen, an welchen Stellen die Registry gefixt werden muss, habe ich vergeblich gesucht.

Weil ein Unglück selten allein kommt, crashte mein Rechner am letzten Freitag. Ein langer und zwei kurze Piepstöne waren alles, was er beim Start von sich gab, was auf eine defekte Grafikkarte hindeutete. Einen Zusammenhang mit den eingangs geschilderten Problemen halte ich für unwahrscheinlich. Vermutlich dürfte eine Überhitzung des Rechners am Abend zuvor die Ursache sein (hatte ihn auf einem Stuhl mit einem Stoffbezug platziert, was wohl ungünstig für die Wärmeabfuhr war). Weil ich mein System möglichst schnell wieder haben wollte, bin ich einen ungewöhnlichen Weg gegangen: ich habe gebraucht ein Laptop der gleichen Marke gekauft (Acer Aspire 8730), was wegen des Alters des Geräts schneller und günstiger als jede professionelle Reparatur war. Dann habe ich die Festplatte meines alten Laptops in den neuen gebrauchten eingebaut. Das klappte nahezu problemlos. Der neue gebrauchte Laptop hat allerdings eine andere Grafikkarte (AMD Radeon HD 4650). Um diese richtig anzusteuern, habe ich die entsprechende „AMD Catalyst“ Software aus dem Netz geladen. Allerdings lässt sich diese nicht installieren. Die Installation läuft durch, meldet aber am Ende „es gab Probleme“, ohne diese näher zu spezifizieren. Die erhofften Tools sind auf dem System nicht zu finden. Ich kann mir vorstellen, dass hier erneut eine Schadsoftware und/oder falsche Gruppenrichtlinien die Installation verhindern. Daher muss ich aktuell mit einer niedrigen und vom Aspekt her verzerrten Auflösung vorlieb nehmen, da ich nur auf VGA-Standard-Treiber zurückgreifen kann.

Über eine Google-Suche des „Gruppenrichtlinien“-Problems bin ich auf dieses Forum gestoßen. Ich habe zunächst einige Beiträge gelesen, in der Hoffnung, direkt eine Lösung zu finden, ohne einen eigenen Thread aufmachen zu müssen. Weil dies an anderer Stelle vorgeschlagen wurde, habe ich „ Malwarebytes Anti-Malware “ geladen und durchlaufen lassen. Das Programm fand einige Bedrohungen und behob diese. Weil die Probleme (Sandboxie startet nicht, Grafik-Treiber lassen sich nicht installieren) jedoch weiter bestanden, habe ich anschließend den „AdwCleaner“ und das „Junkware Removal Tool“ durchlaufen lassen. Der AdwCleaner hat leider mein „Babylon Übersetzungs-Tool“ vom System entfernt. Ich hätte hier wohl etwas genauer hinschauen sollen, was der Cleaner alles zu säubern gedenkt. Die entsprechenden Logdateien der Programme füge ich an.

Als die Probleme meines Systems weiter bestanden, wurde mir langsam klar, dass ich das Elend nicht selbst in den Griff bekomme. Mir ist auch unklar, ob sich (noch) Schadsoftware auf meinem System befindet oder ob „nur“ einige Registry-Einträge vermurkst sind. Also habe ich der Board-Anleitung entsprechend Defogger, FRST und GMER angeworfen. Die Ergebnisse poste ich ebenfalls.

Ich wollte auch die Ergebnisse eines ESET Online Scans hier einfügen. Ich habe das Programm gestern Nachmittag gestartet. Gegen Mitternacht war es erst zu 50% fertig. Heute früh hatte der Rechner neu gestartet, so dass mir keine Ergebnisse dieses Tools vorliegen. Weil ich ungern einen weiteren Tag auf ein Ergebnis warten möchte, das vielleicht gar nicht vonnöten ist, spare ich mir diesen Scan fürs erste.

Ich bitte diese recht lang geratene Ausführung zu entschuldigen und hoffe, man kann mir an dieser Stelle weiterhelfen.

Im Voraus möchte ich mir bei jedem bedanken, der das Interesse und die Aufmerksamkeit bis zu diesem Punkt aufrecht halten konnte.

Liebe Grüße
Chris

----

Hier nun die LogFiles in der Reihenfolge, in der sie erstellt wurden:
(Manche Logfiles muss ich in einen zweiten Post setzen, weil dieser sonst zu lang wäre)

Malwarebytes Anti-Malware

Scan Log:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 21.08.2014
Scan Time: 10:17:45
Logfile: 
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.21.02
Rootkit Database: v2014.08.16.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: cek

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 403927
Time Elapsed: 14 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 30
PUP.Optional.VShareRedir, HKLM\SOFTWARE\CLASSES\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}, Quarantined, [d0661aaf314a11253fef8df957ab6d93], 
PUP.Optional.VShareRedir, HKLM\SOFTWARE\CLASSES\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}, Quarantined, [d0661aaf314a11253fef8df957ab6d93], 
PUP.Optional.VShareRedir, HKLM\SOFTWARE\CLASSES\TYPELIB\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}, Quarantined, [d0661aaf314a11253fef8df957ab6d93], 
PUP.Optional.VShareRedir, HKLM\SOFTWARE\CLASSES\INTERFACE\{3D782BB2-F2A5-11D3-BF4C-000000000000}, Quarantined, [d0661aaf314a11253fef8df957ab6d93], 
PUP.Optional.VShareRedir, HKLM\SOFTWARE\CLASSES\INTERFACE\{DB1F5554-582C-4F53-82CC-458D2C04A2F1}, Quarantined, [d0661aaf314a11253fef8df957ab6d93], 
PUP.Optional.VShareRedir, HKLM\SOFTWARE\CLASSES\MyNewsBarLauncher.IE5BarLauncher.1, Quarantined, [d0661aaf314a11253fef8df957ab6d93], 
PUP.Optional.VShareRedir, HKLM\SOFTWARE\CLASSES\MyNewsBarLauncher.IE5BarLauncher, Quarantined, [d0661aaf314a11253fef8df957ab6d93], 
PUP.Optional.VShareRedir, HKU\S-1-5-21-835989538-2903230966-4254504411-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}, Quarantined, [d0661aaf314a11253fef8df957ab6d93], 
PUP.Optional.VShareRedir, HKU\S-1-5-21-835989538-2903230966-4254504411-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}, Quarantined, [d0661aaf314a11253fef8df957ab6d93], 
PUP.Optional.VShareRedir, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}, Quarantined, [d0661aaf314a11253fef8df957ab6d93], 
PUP.Optional.VShareRedir, HKLM\SOFTWARE\CLASSES\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}\INPROCSERVER32, Quarantined, [d0661aaf314a11253fef8df957ab6d93], 
PUP.Optional.VShareRedir, HKLM\SOFTWARE\CLASSES\MyNewsBarLauncher.IE5BarLauncherBHO.1, Quarantined, [d0661aaf314a11253fef8df957ab6d93], 
PUP.Optional.VShareRedir, HKLM\SOFTWARE\CLASSES\MyNewsBarLauncher.IE5BarLauncherBHO, Quarantined, [d0661aaf314a11253fef8df957ab6d93], 
PUP.Optional.VShareRedir, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}, Quarantined, [d0661aaf314a11253fef8df957ab6d93], 
PUP.Optional.VShareRedir, HKU\S-1-5-21-835989538-2903230966-4254504411-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}, Quarantined, [d0661aaf314a11253fef8df957ab6d93], 
PUP.Optional.VShareRedir, HKU\S-1-5-21-835989538-2903230966-4254504411-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}, Quarantined, [d0661aaf314a11253fef8df957ab6d93], 
PUP.Optional.VShareRedir, HKU\S-1-5-21-835989538-2903230966-4254504411-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}, Quarantined, [d0661aaf314a11253fef8df957ab6d93], 
PUP.Optional.VShareRedir, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}, Quarantined, [d0661aaf314a11253fef8df957ab6d93], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [b87e43864f2c3402d5cc2f443cc68779], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [b87e43864f2c3402d5cc2f443cc68779], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [b87e43864f2c3402d5cc2f443cc68779], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\supWPM, Quarantined, [86b020a9502b2610481f00e3f50dfe02], 
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\sweet-pageSoftware, Quarantined, [ff374c7de09b92a487925be331d3bf41], 
PUP.Optional.NewTab.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pkndmigholgfjlniaohblojbhgjbkakn, Quarantined, [0333e4e5d6a53afca08afb150ef554ac], 
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [59dd7c4d2b5067cf8ea413225da75ba5], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB, Quarantined, [ea4cf2d74d2e5adc580ec71c857dd52b], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-835989538-2903230966-4254504411-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [a3939a2f93e853e364ed1ef57e85748c], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-835989538-2903230966-4254504411-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [0432844533481e187119dd4c26dea25e], 
PUP.Optional.Qone8, HKU\S-1-5-21-835989538-2903230966-4254504411-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [e056caff73088da94ce55adb6d977a86], 
PUP.Optional.Softonic.A, HKU\S-1-5-21-835989538-2903230966-4254504411-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [e5518d3c5c1fef47fa78d230f211b050], 

Registry Values: 7
PUP.Optional.VShareRedir, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}, VShareTB, Quarantined, [d0661aaf314a11253fef8df957ab6d93]
PUP.Optional.VShareRedir, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}, Quarantined, [61d58c3d42391422220b8600a2608d73], 
PUP.Optional.Lightning.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|lightningnewtab@gmail.com, C:\Users\cek\AppData\Roaming\Mozilla\Firefox\Profiles\mpq4xo1a.default-1388938982893\extensions\lightningnewtab@gmail.com.xpi, Quarantined, [4ceacdfc4f2c1b1b9c8f50c0d42fa25e]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB|ptid, cor, Quarantined, [ea4cf2d74d2e5adc580ec71c857dd52b]
Trojan.Agent.EV, HKU\S-1-5-21-835989538-2903230966-4254504411-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\CONTROL PANEL\DESKTOP|SCRNSAVE.EXE, "C:\Users\cek\AppData\Roaming\Microsoft\Windows\IEUpdate\MdSched.exe", Quarantined, [86b0b9109ae14beb2f1a12d225ddd927]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-835989538-2903230966-4254504411-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0V1D1S1R1D0V1O, Quarantined, [0432844533481e187119dd4c26dea25e]
Hijack.Autorun, HKU\S-1-5-21-835989538-2903230966-4254504411-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\COMMAND PROCESSOR|AutoRun, "C:\Users\cek\AppData\Roaming\Microsoft\Windows\IEUpdate\MdSched.exe", Quarantined, [270f10b92556ed49d24f4ac94bb88878]

Registry Data: 7
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.sweet-page.com/?type=sc&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.sweet-page.com/?type=sc&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727),Replaced,[04322c9d057600365e350dcda75d5aa6]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://www.sweet-page.com/web/?type=ds&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727&q={searchTerms}),Replaced,[8fa7e1e8502b73c383125981867eca36]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.sweet-page.com/web/?type=ds&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://www.sweet-page.com/web/?type=ds&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727&q={searchTerms}),Replaced,[e84e74556417f93d88edede21ce8768a]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.sweet-page.com/?type=hp&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727, Good: (www.google.com), Bad: (hxxp://www.sweet-page.com/?type=hp&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727),Replaced,[4de98a3f2457171fade75486ce3604fc]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[84b2ad1ca8d3c4723fef5f7b976d5da3]
PUP.Optional.SweetPage.A, HKU\S-1-5-21-835989538-2903230966-4254504411-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.sweet-page.com/?type=hp&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727, Good: (www.google.com), Bad: (hxxp://www.sweet-page.com/?type=hp&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727),Replaced,[f4429039661542f418784c8eb054b749]
Broken.OpenCommand, HKCR\regfile\shell\open\command, "regedit.exe" "Good: (regedit.exe "Bad: ("regedit.exe" "%1"),Replaced,[ffffffffffffffffffffffffffffffff]")", %4, %5

Folders: 3
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, Quarantined, [af8708c1750648eeb3e5b10d17eb9e62], 
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, Quarantined, [af8708c1750648eeb3e5b10d17eb9e62], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab, Quarantined, [c07612b7afccda5ca3999941847e30d0], 

Files: 9
PUP.Optional.VShareRedir, C:\Program Files\StartSearch plugin\BarLcher.dll, Quarantined, [d0661aaf314a11253fef8df957ab6d93], 
PUP.Optional.Softonic, C:\Users\cek\Downloads\SoftonicDownloader_fuer_dvd-flick.exe, Quarantined, [4de919b0c3b813233d638090ad543ec2], 
PUP.Optional.Softonic, C:\Users\cek\Downloads\SoftonicDownloader_fuer_sothink-movie-dvd-maker.exe, Quarantined, [65d1bd0ccead95a1d0d01bf554ada759], 
PUP.Optional.Softonic, C:\Users\cek\Downloads\SoftonicDownloader_fuer_treesize.exe, Quarantined, [1521d2f7710a39fda00042ceb64bb848], 
PUP.Optional.QuickStart.A, C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx, Quarantined, [ed4914b5a2d9d75f25b640a25aa8be42], 
PUP.Optional.SweetPage.A, C:\Program Files\Mozilla Firefox\browser\searchplugins\sweet-page.xml, Quarantined, [bb7b9237215ab77fd54378c624e020e0], 
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update\conf, Quarantined, [af8708c1750648eeb3e5b10d17eb9e62], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\SupTab.dll, Quarantined, [c07612b7afccda5ca3999941847e30d0], 
PUP.Optional.SweetPage.A, C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "hxxp://www.sweet-page.com/?type=hp&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727",), Replaced,[0c2af6d3710acb6b97fadd2f7b8a15eb]

Physical Sectors: 0
(No malicious items detected)


(end)

Daily Protection Log:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org


Protection, 21.08.2014 09:50:59, SYSTEM, HANAUMA_BAY, Protection, Malware Protection, Starting, 
Protection, 21.08.2014 09:50:59, SYSTEM, HANAUMA_BAY, Protection, Malware Protection, Started, 
Protection, 21.08.2014 09:50:59, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Starting, 
Protection, 21.08.2014 09:53:27, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Started, 
Update, 21.08.2014 10:16:00, SYSTEM, HANAUMA_BAY, Manual, Rootkit Database, 2014.2.20.1, 2014.8.16.1, 
Update, 21.08.2014 10:16:15, SYSTEM, HANAUMA_BAY, Manual, Malware Database, 2014.3.4.9, 2014.8.21.2, 
Protection, 21.08.2014 10:36:49, SYSTEM, HANAUMA_BAY, Protection, Malware Protection, Starting, 
Protection, 21.08.2014 10:36:50, SYSTEM, HANAUMA_BAY, Protection, Malware Protection, Started, 
Protection, 21.08.2014 10:36:50, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Starting, 
Protection, 21.08.2014 10:38:16, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Started, 
Protection, 21.08.2014 16:00:44, SYSTEM, HANAUMA_BAY, Protection, Malware Protection, Starting, 
Protection, 21.08.2014 16:00:44, SYSTEM, HANAUMA_BAY, Protection, Malware Protection, Started, 
Protection, 21.08.2014 16:00:45, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Starting, 
Protection, 21.08.2014 16:03:43, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Started, 
Update, 21.08.2014 16:41:03, SYSTEM, HANAUMA_BAY, Scheduler, Malware Database, 2014.8.21.2, 2014.8.21.4, 
Protection, 21.08.2014 16:41:13, SYSTEM, HANAUMA_BAY, Protection, Refresh, Starting, 
Protection, 21.08.2014 16:41:13, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Stopping, 
Protection, 21.08.2014 16:41:13, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Stopped, 
Protection, 21.08.2014 16:41:50, SYSTEM, HANAUMA_BAY, Protection, Refresh, Success, 
Protection, 21.08.2014 16:41:50, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Starting, 
Protection, 21.08.2014 16:42:03, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Started, 
Update, 21.08.2014 17:42:15, SYSTEM, HANAUMA_BAY, Scheduler, Malware Database, 2014.8.21.4, 2014.8.21.5, 
Protection, 21.08.2014 17:42:16, SYSTEM, HANAUMA_BAY, Protection, Refresh, Starting, 
Protection, 21.08.2014 17:42:16, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Stopping, 
Protection, 21.08.2014 17:42:16, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Stopped, 
Protection, 21.08.2014 17:42:55, SYSTEM, HANAUMA_BAY, Protection, Refresh, Success, 
Protection, 21.08.2014 17:42:55, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Starting, 
Protection, 21.08.2014 17:43:53, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Started, 
Update, 21.08.2014 19:45:56, SYSTEM, HANAUMA_BAY, Scheduler, Malware Database, 2014.8.21.5, 2014.8.21.6, 
Protection, 21.08.2014 19:45:57, SYSTEM, HANAUMA_BAY, Protection, Refresh, Starting, 
Protection, 21.08.2014 19:45:57, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Stopping, 
Protection, 21.08.2014 19:45:57, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Stopped, 
Protection, 21.08.2014 19:46:54, SYSTEM, HANAUMA_BAY, Protection, Refresh, Success, 
Protection, 21.08.2014 19:46:54, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Starting, 
Protection, 21.08.2014 19:47:39, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Started, 
Detection, 21.08.2014 20:31:57, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, IP, 93.115.81.237, serienjunkies.org, 0, Outbound, 
Protection, 21.08.2014 20:32:33, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Stopping, 
Protection, 21.08.2014 20:32:34, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Stopped, 
Protection, 21.08.2014 20:32:34, SYSTEM, HANAUMA_BAY, Protection, Malware Protection, Stopping, 
Protection, 21.08.2014 20:33:12, SYSTEM, HANAUMA_BAY, Protection, Malware Protection, Stopped, 
Protection, 21.08.2014 20:53:01, SYSTEM, HANAUMA_BAY, Protection, Malware Protection, Starting, 
Protection, 21.08.2014 20:53:01, SYSTEM, HANAUMA_BAY, Protection, Malware Protection, Started, 
Protection, 21.08.2014 20:53:01, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Starting, 
Update, 21.08.2014 20:53:31, SYSTEM, HANAUMA_BAY, Scheduler, Malware Database, 2014.8.21.6, 2014.8.21.7, 
Protection, 21.08.2014 20:54:33, SYSTEM, HANAUMA_BAY, Protection, Refresh, Starting, 
Protection, 21.08.2014 20:54:34, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Started, 
Protection, 21.08.2014 20:54:34, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Stopping, 
Protection, 21.08.2014 20:54:34, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Stopped, 
Protection, 21.08.2014 20:54:40, SYSTEM, HANAUMA_BAY, Protection, Refresh, Success, 
Protection, 21.08.2014 20:54:40, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Starting, 
Protection, 21.08.2014 20:54:40, SYSTEM, HANAUMA_BAY, Protection, Malicious Website Protection, Started, 

(end)

AdwCleaner
AdwCleaner[R0].txt

Code:

ATTFilter

# AdwCleaner v3.308 - Bericht erstellt am 21/08/2014 um 10:54:36
# Aktualisiert 20/08/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : cek - HANAUMA_BAY
# Gestartet von : D:\___________\adwcleaner_3.308.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Program Files\Mozilla Firefox\Plugins\npvsharetvplg.dll
Datei Gefunden : C:\Users\cek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk
Datei Gefunden : C:\Users\cek\AppData\Roaming\Mozilla\Firefox\Profiles\mpq4xo1a.default-1388938982893\Extensions\jid1-0xtMKhXFEs4jIg@jetpack.xpi
Datei Gefunden : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\pj8ad90r.default\.autoreg
Ordner Gefunden : C:\Program Files\Babylon
Ordner Gefunden : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gefunden : C:\Program Files\Convesoft
Ordner Gefunden : C:\Program Files\StartSearch plugin
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\WPM
Ordner Gefunden : C:\Users\cek\AppData\Local\Babylon
Ordner Gefunden : C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj
Ordner Gefunden : C:\Users\cek\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\Chris\AppData\Local\Babylon
Ordner Gefunden : C:\Users\Chris\AppData\Local\Temp\Babylon
Ordner Gefunden : C:\Users\Chris\AppData\Roaming\Babylon

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****

Verknüpfung Gefunden : C:\Users\Public\Desktop\Google Chrome.lnk ( hxxp://www.sweet-page.com/?type=sc&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727 )
Verknüpfung Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( hxxp://www.sweet-page.com/?type=sc&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727 )
Verknüpfung Gefunden : C:\Users\cek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www.sweet-page.com/?type=sc&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727 )
Verknüpfung Gefunden : C:\Users\cek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.sweet-page.com/?type=sc&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727 )

***** [ Registrierungsdatenbank ] *****

Daten Gefunden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\SAFARI.EXE\shell\open\command [(Default)] - "C:\Program Files\Safari\Safari.exe" hxxp://www.sweet-page.com/?type=sc&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727
Schlüssel Gefunden : HKCU\Software\Babylon
Schlüssel Gefunden : HKCU\Software\Microsoft\Office\Powerpoint\Addins\babylonofficeaddin.officeaddin
Schlüssel Gefunden : HKCU\Software\Microsoft\Office\Word\Addins\babylonofficeaddin.officeaddin
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Babylon
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A26ABCF0-1C8F-46E7-A67C-0489DC21B9CC}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\StartSearch
Schlüssel Gefunden : HKCU\Software\STool
Schlüssel Gefunden : HKCU\Software\vShare.tv
Schlüssel Gefunden : HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\.bdc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\.bgl
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\.bof
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BabyDict
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BabyGloss
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BabyOptFile
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\074A36B543391D44FA16C62EBD65A59E
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\074A36B543391D44FA16C62EBD65A59E
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A26ABCF0-1C8F-46E7-A67C-0489DC21B9CC}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\074A36B543391D44FA16C62EBD65A59E
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16457


-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\cek\AppData\Roaming\Mozilla\Firefox\Profiles\mpq4xo1a.default-1388938982893\prefs.js ]


[ Datei : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\pj8ad90r.default\prefs.js ]


-\\ Google Chrome v36.0.1985.143

[ Datei : C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gefunden [Search Provider] : hxxp://www.sweet-page.com/web/?type=ds&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727&q={searchTerms}
Gefunden [Search Provider] : hxxp://www.sweet-page.com/web/?type=ds&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727&q={searchTerms}
Gefunden [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Gefunden [Extension] : kpionmjnkbpcdpcflammlgllecmejgjj
Gefunden [Extension] : pkndmigholgfjlniaohblojbhgjbkakn

*************************

AdwCleaner[R0].txt - [8245 octets] - [21/08/2014 10:54:36]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8305 octets] ##########

AdwCleaner[S0].txt

Code:

ATTFilter

# AdwCleaner v3.308 - Bericht erstellt am 21/08/2014 um 11:03:34
# Aktualisiert 20/08/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : cek - HANAUMA_BAY
# Gestartet von : D:\___________\adwcleaner_3.308.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files\Babylon
Ordner Gelöscht : C:\Program Files\Convesoft
Ordner Gelöscht : C:\Program Files\StartSearch plugin
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\cek\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\cek\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Chris\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Chris\AppData\Local\Temp\Babylon
Ordner Gelöscht : C:\Users\Chris\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj
Datei Gelöscht : C:\Users\cek\AppData\Roaming\Mozilla\Firefox\Profiles\mpq4xo1a.default-1388938982893\Extensions\jid1-0xtMKhXFEs4jIg@jetpack.xpi
Datei Gelöscht : C:\Users\cek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk
Datei Gelöscht : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\pj8ad90r.default\.autoreg
Datei Gelöscht : C:\Program Files\Mozilla Firefox\Plugins\npvsharetvplg.dll

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\cek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\cek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj
Schlüssel Gelöscht : HKCU\Software\Microsoft\Office\Powerpoint\Addins\babylonofficeaddin.officeaddin
Schlüssel Gelöscht : HKCU\Software\Microsoft\Office\Word\Addins\babylonofficeaddin.officeaddin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\.bdc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\.bgl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\.bof
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabyDict
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabyGloss
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabyOptFile
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A26ABCF0-1C8F-46E7-A67C-0489DC21B9CC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A26ABCF0-1C8F-46E7-A67C-0489DC21B9CC}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\SAFARI.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\Babylon
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\STool
Schlüssel Gelöscht : HKCU\Software\vShare.tv
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\074A36B543391D44FA16C62EBD65A59E
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\074A36B543391D44FA16C62EBD65A59E
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\074A36B543391D44FA16C62EBD65A59E

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16457


-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\cek\AppData\Roaming\Mozilla\Firefox\Profiles\mpq4xo1a.default-1388938982893\prefs.js ]


[ Datei : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\pj8ad90r.default\prefs.js ]


-\\ Google Chrome v36.0.1985.143

[ Datei : C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://www.sweet-page.com/web/?type=ds&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727&q={searchTerms}
Gelöscht [Search Provider] : hxxp://www.sweet-page.com/web/?type=ds&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727&q={searchTerms}
Gelöscht [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Gelöscht [Extension] : kpionmjnkbpcdpcflammlgllecmejgjj
Gelöscht [Extension] : pkndmigholgfjlniaohblojbhgjbkakn

*************************

AdwCleaner[R0].txt - [8385 octets] - [21/08/2014 10:54:36]
AdwCleaner[S0].txt - [7739 octets] - [21/08/2014 11:03:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7799 octets] ##########

Junkware Removal Tool

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by cek on 21.08.2014 at 11:20:07,93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Program Files\adobe\reader 10.0\reader\plug_ins\babylon\babylonrpi.api"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\cek\AppData\Roaming\thinstall"



~~~ FireFox

Emptied folder: C:\Users\cek\AppData\Roaming\mozilla\firefox\profiles\mpq4xo1a.default-1388938982893\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.08.2014 at 11:26:29,25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:
FRST.txt

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:19-08-2014
Ran by cek (administrator) on HANAUMA_BAY on 22-08-2014 10:08:56
Running from D:\___________
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apache Software Foundation) D:\xampp\apache\bin\apache.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files\FileZilla Server\FileZilla server.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\AntiVirus\ Malwarebytes Anti-Malware \mbamscheduler.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Acer\Mobility Center\MobilityService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() D:\xampp\mysql\bin\mysqld.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
(Apache Software Foundation) D:\xampp\apache\bin\apache.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(CyberLink) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
(Avid Technology, Inc.) C:\Windows\System32\M-AudioTaskBarIcon.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(BitTorrent Inc.) C:\Users\cek\AppData\Roaming\uTorrent\uTorrent.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Realtek Semiconductor Corp.) C:\Users\cek\AppData\Local\Temp\RtkBtMnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
() D:\___________\Defogger.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6294048 2008-09-19] (Realtek Semiconductor)
HKLM\...\Run: [ePower_DMC] => C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [417792 2008-11-28] (Acer Inc.)
HKLM\...\Run: [eDataSecurity Loader] => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-07-29] (Egis Incorporated)
HKLM\...\Run: [eAudio] => C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-09-11] (Acer Incorporated)
HKLM\...\Run: [ArcadeDeluxeAgent] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [147456 2008-10-08] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [173352 2009-03-18] (CyberLink)
HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [M-Audio Taskbar Icon] => C:\Windows\System32\M-AudioTaskBarIcon.exe [356864 2008-05-15] (Avid Technology, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM Group Policy restriction on software: C:\Program Files\Sandboxie <====== ATTENTION
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-835989538-2903230966-4254504411-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-835989538-2903230966-4254504411-1000\...\Run: [uTorrent] => C:\Users\cek\AppData\Roaming\uTorrent\uTorrent.exe [1322832 2014-07-03] (BitTorrent Inc.)
HKU\S-1-5-21-835989538-2903230966-4254504411-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-835989538-2903230966-4254504411-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-835989538-2903230966-4254504411-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-835989538-2903230966-4254504411-1000\...\MountPoints2: {8971c6a0-972b-11de-bcaf-00216b684c4c} - G:\QsSetup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc.)
BootExecute: autocheck autochk /p \??\F:autocheck autochk * 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: 38.80.72.216:2066
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GGLL_de
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GGLL_de
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: FG2CatchUrl -> {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} -> C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll (FlashGet)
BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} ->  No File
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: FDMIECookiesBHO Class -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files\Free Download Manager\iefdm2.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\Program Files\Zend\ZendStudioClient-5.1.0\bin\ZendIEToolbar.dll ()
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\cek\AppData\Roaming\Mozilla\Firefox\Profiles\mpq4xo1a.default-1388938982893
FF NewTab: chrome://lightning/content/newtab.html
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @mcafee.com/MVT -> C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\cek\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\cek\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\cek\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\cek\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\cek\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\cek\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\cek\AppData\Roaming\Mozilla\Firefox\Profiles\mpq4xo1a.default-1388938982893\Extensions\1391865204_xpi [2014-02-08]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-03]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2010-10-26]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-06-30]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2010-10-26]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "hxxp://google.de/"
CHR DefaultSearchKeyword: sweet-page
CHR DefaultSearchURL: hxxp://www.sweet-page.com/web/?type=ds&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727&q={searchTerms}
CHR DefaultSuggestURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (vShare.tv plug-in) - C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\cek\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\cek\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\cek\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U11) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-09]
CHR Extension: (Google Drive) - C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-09]
CHR Extension: (YouTube) - C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-09]
CHR Extension: (Google-Suche) - C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-09]
CHR Extension: (SiteAdvisor) - C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-03-09]
CHR Extension: (EditThisCookie) - C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2013-03-09]
CHR Extension: (Premium Cookie Injector (Multi-Server)) - C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hglhnookgghcefjamdoakhhfamnhodpd [2013-03-09]
CHR Extension: (No Name) - C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj [2013-03-09]
CHR Extension: (Google Wallet) - C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-09]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-03-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apache2.2; d:\xampp\apache\bin\apache.exe [24636 2008-12-10] (Apache Software Foundation) [File not signed]
R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [69632 2008-10-04] () [File not signed]
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-11-28] () [File not signed]
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [860160 2008-10-16] (Intel(R) Corporation) [File not signed]
R2 FileZilla Server; C:\Program Files\FileZilla Server\FileZilla Server.exe [531968 2006-01-11] () [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2009-04-05] (Macrovision Europe Ltd.) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\AntiVirus\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\AntiVirus\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-06-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed]
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mysql; d:\xampp\mysql\bin\mysqld.exe [6447744 2008-11-15] ()
R2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed]
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed]
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-10-16] (Intel(R) Corporation) [File not signed]
R2 RichVideo; c:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [85776 2012-08-25] (SANDBOXIE L.T.D)
S2 WiseBootAssistant; C:\Program Files\Wise\Wise Care 365\BootTime.exe [580232 2013-05-13] (WiseCleaner.com)
S2 TeamViewer9; "C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [28256 2011-06-26] (Applian Technologies Inc.)
R3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [28256 2011-06-26] (Applian Technologies Inc.)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)
R3 CLEDX; C:\Windows\System32\DRIVERS\cledx.sys [33792 2005-05-09] (Team H2O) [File not signed]
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [26024 2009-12-18] (Elaborate Bytes AG)
S3 gtstusbser; C:\Windows\System32\DRIVERS\gtstusbser.sys [103552 2008-11-18] (Option N.V.)
R3 hidshim; C:\Windows\System32\DRIVERS\hidshim.sys [5632 2008-10-08] (Windows (R) Codename Longhorn DDK provider)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
S3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [54328 2009-12-23] (PACE Anti-Piracy, Inc.)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [94336 2010-02-03] (ITE                      )
S3 LoopBeMidi1; C:\Windows\System32\drivers\loopbe1.sys [10880 2008-01-27] (nerds.de) [File not signed]
S3 MADFU003; C:\Windows\System32\DRIVERS\MADFU003.sys [75912 2008-03-14] (M-Audio)
S3 MAUSBAP; C:\Windows\System32\DRIVERS\mausbap.sys [143624 2008-03-14] (Avid Technology, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-22] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [349192 2014-06-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81296 2014-06-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217224 2014-06-20] (McAfee, Inc.)
R3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [62544 2011-10-21] ()
R3 nuvotonhidgeneric; C:\Windows\System32\DRIVERS\nuvotonhidgeneric.sys [22528 2008-10-08] (Nuvoton Technology Corporation)
S3 RDID1027; C:\Windows\System32\Drivers\rdwm1027.sys [56832 2007-01-22] (Roland Corporation)
S4 RsFx0102; C:\Windows\System32\DRIVERS\RsFx0102.sys [242712 2008-07-10] (Microsoft Corporation)
R2 RVIEG01; C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys [187992 2001-04-13] (Roland) [File not signed]
R2 RVIEGVST; C:\Program Files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [188276 2001-04-13] (Roland) [File not signed]
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [157776 2012-08-25] (SANDBOXIE L.T.D)
R0 TPkd; C:\Windows\system32\Drivers\TPkd.sys [86016 2009-12-23] (PACE Anti-Piracy, Inc.) [File not signed]
S3 USBNP4X4; C:\Windows\System32\drivers\usbnp4x4.sys [29000 2008-03-14] (Doug Fetter Software Wizardry)
S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbw.sys [33736 2009-08-04] (Yamaha Corporation)
S3 gbxavs; System32\Drivers\gbxavs.sys [X]
S3 gbxusb; System32\Drivers\gbxusb.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 WisINT15; \??\C:\Elements\1stboot\WisINT15.SYS [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-22 10:08 - 2014-08-22 10:09 - 00000000 ____D () C:\FRST
2014-08-22 10:04 - 2014-08-22 10:04 - 00000000 _____ () C:\Users\cek\defogger_reenable
2014-08-22 03:22 - 2014-08-22 03:22 - 00135464 _____ () C:\Windows\Minidump\Mini082214-03.dmp
2014-08-22 02:56 - 2014-08-22 02:56 - 00135464 _____ () C:\Windows\Minidump\Mini082214-02.dmp
2014-08-22 02:42 - 2014-08-22 02:42 - 00141640 _____ () C:\Windows\Minidump\Mini082214-01.dmp
2014-08-21 12:11 - 2014-08-21 12:11 - 00000000 ____D () C:\Program Files\ESET
2014-08-21 11:47 - 2010-02-18 09:18 - 00037944 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdiox86.sys
2014-08-21 11:26 - 2014-08-21 11:26 - 00000958 _____ () C:\Users\cek\Desktop\JRT.txt
2014-08-21 11:20 - 2014-08-21 11:20 - 00000000 ____D () C:\Windows\ERUNT
2014-08-21 10:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-08-21 10:54 - 2014-08-21 11:04 - 00000000 ____D () C:\AdwCleaner
2014-08-21 09:50 - 2014-08-22 00:14 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-21 09:50 - 2014-08-21 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-21 09:49 - 2014-08-21 09:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-21 09:49 - 2014-08-21 09:49 - 00000000 ____D () C:\Program Files\AntiVirus
2014-08-21 09:49 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-21 09:49 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-21 09:49 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-19 14:07 - 2014-08-21 11:49 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-08-19 13:57 - 2014-08-19 13:57 - 00000000 ____D () C:\ATI
2014-08-19 13:55 - 2014-08-19 13:57 - 65077648 _____ (Advanced Micro Devices, Inc.) C:\Users\cek\Desktop\11-8_vista32_win7_32_dd_ccc_ocl.exe
2014-08-19 12:39 - 2014-08-19 12:39 - 00135264 _____ () C:\Windows\Minidump\Mini081914-01.dmp
2014-08-19 12:38 - 2014-08-19 11:58 - 00000000 ____D () C:\Program Files\SIWPortable
2014-08-19 11:54 - 2014-08-19 11:54 - 00000000 ____D () C:\Program Files\AMD APP
2014-08-19 11:52 - 2014-08-19 11:52 - 00000000 ____D () C:\Program Files\ATI
2014-08-19 11:50 - 2014-08-19 11:50 - 00000000 ____D () C:\AMD
2014-08-19 11:42 - 2014-01-30 09:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-08-14 09:56 - 2014-08-14 09:56 - 00000000 ____D () C:\Program Files\Citrix
2014-08-14 09:55 - 2014-08-14 09:55 - 00103832 _____ () C:\Users\cek\GoToAssistDownloadHelper.exe
2014-08-14 09:55 - 2014-08-14 09:55 - 00000000 ____D () C:\Users\cek\AppData\Local\Citrix
2014-08-13 18:15 - 2014-08-21 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-13 12:47 - 2014-08-13 12:47 - 01056768 _____ () C:\Windows\system32\defltbase.sdb
2014-08-13 10:29 - 2014-08-13 10:30 - 00000000 ____D () C:\Program Files\QuickTime
2014-08-13 10:29 - 2014-08-13 10:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-08-13 10:18 - 2014-08-13 10:17 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-13 10:17 - 2014-08-13 10:17 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-13 10:13 - 2014-08-13 10:18 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-13 10:13 - 2014-08-13 10:13 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-13 10:12 - 2014-08-13 10:17 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-13 10:12 - 2014-08-13 10:17 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-13 10:12 - 2014-08-13 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-12 01:30 - 2014-08-12 01:30 - 00000512 _____ () C:\Users\cek\Documents\0C014300
2014-08-10 14:11 - 2014-08-11 09:40 - 00000000 ____D () C:\ProgramData\IjjaWikna
2014-08-10 10:38 - 2014-08-10 10:37 - 04635304 _____ () C:\Users\cek\Downloads\gunsetup_CB-DL-Manager [1].exe
2014-07-23 10:21 - 2014-07-23 10:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-22 10:13 - 2013-08-01 18:08 - 00000000 ____D () C:\Users\cek\AppData\Roaming\uTorrent
2014-08-22 10:09 - 2014-08-22 10:08 - 00000000 ____D () C:\FRST
2014-08-22 10:04 - 2014-08-22 10:04 - 00000000 _____ () C:\Users\cek\defogger_reenable
2014-08-22 10:04 - 2009-04-03 14:39 - 00000000 ____D () C:\Users\cek
2014-08-22 10:02 - 2013-05-19 17:12 - 01332425 _____ () C:\Windows\WindowsUpdate.log
2014-08-22 09:42 - 2014-01-19 19:51 - 00008268 _____ () C:\Users\cek\AppData\Local\d3d9caps.dat
2014-08-22 09:42 - 2013-05-19 14:18 - 00000000 ____D () C:\Users\cek\AppData\Roaming\Wise Care 365
2014-08-22 09:40 - 2010-02-05 14:46 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-22 09:39 - 2014-06-08 23:50 - 01371778 _____ () C:\Windows\PFRO.log
2014-08-22 09:39 - 2009-01-22 20:14 - 00000147 _____ () C:\Windows\system32\agent.log
2014-08-22 09:39 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-22 09:39 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-22 09:39 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-22 09:25 - 2014-06-17 05:20 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-835989538-2903230966-4254504411-1000UA1cf89db1459b420.job
2014-08-22 09:25 - 2014-05-08 14:14 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6ab7b355e00.job
2014-08-22 05:25 - 2014-05-08 20:14 - 00001060 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-835989538-2903230966-4254504411-1000Core1cf6ae95534ed90.job
2014-08-22 03:22 - 2014-08-22 03:22 - 00135464 _____ () C:\Windows\Minidump\Mini082214-03.dmp
2014-08-22 03:22 - 2014-07-15 00:56 - 290107590 _____ () C:\Windows\MEMORY.DMP
2014-08-22 03:22 - 2009-05-13 13:18 - 00000000 ____D () C:\Windows\Minidump
2014-08-22 02:56 - 2014-08-22 02:56 - 00135464 _____ () C:\Windows\Minidump\Mini082214-02.dmp
2014-08-22 02:42 - 2014-08-22 02:42 - 00141640 _____ () C:\Windows\Minidump\Mini082214-01.dmp
2014-08-22 02:02 - 2009-04-05 13:11 - 00000000 ____D () C:\Users\cek\AppData\Local\Adobe
2014-08-22 00:14 - 2014-08-21 09:50 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-21 23:39 - 2012-01-26 01:29 - 00096768 _____ () C:\Users\cek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-21 23:39 - 2009-04-30 12:51 - 00000000 ____D () C:\Users\cek\AppData\Roaming\vlc
2014-08-21 22:04 - 2014-02-08 15:14 - 00000000 ____D () C:\Users\cek\AppData\Local\JDownloader v2.0
2014-08-21 21:46 - 2014-08-13 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-21 20:40 - 2009-06-04 13:27 - 00444928 _____ () C:\Users\cek\Documents\tv2.xls
2014-08-21 15:14 - 2006-11-02 12:33 - 01747560 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-21 14:22 - 2013-04-02 18:10 - 00000000 ____D () C:\Users\cek\Documents\Rechnungen 2013
2014-08-21 13:48 - 2012-10-08 19:53 - 00000000 ____D () C:\ProgramData\Protexis
2014-08-21 12:11 - 2014-08-21 12:11 - 00000000 ____D () C:\Program Files\ESET
2014-08-21 11:59 - 2006-11-02 15:01 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-21 11:49 - 2014-08-19 14:07 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-08-21 11:26 - 2014-08-21 11:26 - 00000958 _____ () C:\Users\cek\Desktop\JRT.txt
2014-08-21 11:20 - 2014-08-21 11:20 - 00000000 ____D () C:\Windows\ERUNT
2014-08-21 11:04 - 2014-08-21 10:54 - 00000000 ____D () C:\AdwCleaner
2014-08-21 11:03 - 2013-03-09 14:37 - 00001071 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-21 11:03 - 2013-03-09 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-21 11:03 - 2010-06-27 12:08 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-08-21 11:03 - 2009-04-03 14:42 - 00000975 _____ () C:\Users\cek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-21 10:36 - 2006-11-02 13:18 - 00000000 ___RD () C:\Windows\Offline Web Pages
2014-08-21 10:10 - 2009-06-27 19:30 - 00000000 ____D () C:\Users\cek\AppData\Roaming\dvdcss
2014-08-21 09:50 - 2014-08-21 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-21 09:49 - 2014-08-21 09:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-21 09:49 - 2014-08-21 09:49 - 00000000 ____D () C:\Program Files\AntiVirus
2014-08-21 09:45 - 2009-01-22 20:12 - 00001024 ___RH () C:\Users\Public\Documents\NTIMP3.dll
2014-08-20 15:19 - 2014-01-07 13:23 - 00000000 ____D () C:\Users\cek\Documents\Rechnungen 2014
2014-08-19 17:25 - 2013-09-17 00:04 - 00001456 _____ () C:\Users\cek\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-08-19 14:33 - 2014-06-30 11:56 - 00002087 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2014-08-19 14:33 - 2014-06-30 11:56 - 00001926 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2014-08-19 14:33 - 2014-06-30 11:55 - 00002437 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2014-08-19 13:57 - 2014-08-19 13:57 - 00000000 ____D () C:\ATI
2014-08-19 13:57 - 2014-08-19 13:55 - 65077648 _____ (Advanced Micro Devices, Inc.) C:\Users\cek\Desktop\11-8_vista32_win7_32_dd_ccc_ocl.exe
2014-08-19 13:13 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-19 12:39 - 2014-08-19 12:39 - 00135264 _____ () C:\Windows\Minidump\Mini081914-01.dmp
2014-08-19 11:58 - 2014-08-19 12:38 - 00000000 ____D () C:\Program Files\SIWPortable
2014-08-19 11:54 - 2014-08-19 11:54 - 00000000 ____D () C:\Program Files\AMD APP
2014-08-19 11:52 - 2014-08-19 11:52 - 00000000 ____D () C:\Program Files\ATI
2014-08-19 11:50 - 2014-08-19 11:50 - 00000000 ____D () C:\AMD
2014-08-15 00:43 - 2009-04-03 16:24 - 00086015 _____ () C:\ProgramData\nvModes.001
2014-08-15 00:19 - 2009-04-03 16:24 - 00086015 _____ () C:\ProgramData\nvModes.dat
2014-08-14 09:56 - 2014-08-14 09:56 - 00000000 ____D () C:\Program Files\Citrix
2014-08-14 09:55 - 2014-08-14 09:55 - 00103832 _____ () C:\Users\cek\GoToAssistDownloadHelper.exe
2014-08-14 09:55 - 2014-08-14 09:55 - 00000000 ____D () C:\Users\cek\AppData\Local\Citrix
2014-08-13 23:11 - 2009-07-04 17:31 - 00000984 _____ () C:\Users\cek\AppData\Local\7F68A003.il
2014-08-13 23:11 - 2009-07-04 17:31 - 00000280 _____ () C:\Users\cek\AppData\Local\IndexIE_7F68A003.il
2014-08-13 14:42 - 2010-10-26 14:04 - 00000000 ____D () C:\Program Files\McAfee
2014-08-13 14:42 - 2010-10-26 13:46 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-13 12:47 - 2014-08-13 12:47 - 01056768 _____ () C:\Windows\system32\defltbase.sdb
2014-08-13 10:30 - 2014-08-13 10:29 - 00000000 ____D () C:\Program Files\QuickTime
2014-08-13 10:29 - 2014-08-13 10:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-08-13 10:18 - 2014-08-13 10:13 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-13 10:17 - 2014-08-13 10:18 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-13 10:17 - 2014-08-13 10:17 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-13 10:17 - 2014-08-13 10:12 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-13 10:17 - 2014-08-13 10:12 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-13 10:13 - 2014-08-13 10:13 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-13 10:12 - 2014-08-13 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-13 09:20 - 2009-04-03 18:34 - 00000000 ____D () C:\Users\cek\ZDE
2014-08-12 10:33 - 2010-11-13 14:52 - 00106776 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-08-12 10:30 - 2010-11-13 14:51 - 00008224 _____ () C:\Users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-12 10:29 - 2010-11-13 14:51 - 00000948 _____ () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-08-12 01:30 - 2014-08-12 01:30 - 00000512 _____ () C:\Users\cek\Documents\0C014300
2014-08-12 01:23 - 2012-02-09 16:38 - 00000000 ____D () C:\Program Files\PS3 Media Server
2014-08-11 09:40 - 2014-08-10 14:11 - 00000000 ____D () C:\ProgramData\IjjaWikna
2014-08-10 14:25 - 2012-10-08 19:05 - 00002032 _____ () C:\Windows\Sandboxie.ini
2014-08-10 11:28 - 2014-02-01 15:44 - 00000000 ____D () C:\_BURN_ME
2014-08-10 11:07 - 2009-07-06 10:38 - 00000000 ____D () C:\Users\cek\AppData\Local\QuickPar
2014-08-10 10:44 - 2012-04-22 16:51 - 00000000 ____D () C:\_download
2014-08-10 10:37 - 2014-08-10 10:38 - 04635304 _____ () C:\Users\cek\Downloads\gunsetup_CB-DL-Manager [1].exe
2014-08-10 09:55 - 2010-10-28 00:05 - 00011078 _____ () C:\Users\cek\Documents\Dokument2.txt
2014-08-09 23:55 - 2006-11-02 14:47 - 03991080 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-09 23:52 - 2014-07-17 21:14 - 00000024 _____ () C:\Windows\5D90C6C72EA89A63.log
2014-08-09 19:23 - 2010-08-18 00:58 - 00000085 ___SH () C:\ProgramData\.zreglib
2014-08-08 14:55 - 2009-04-03 20:47 - 00000000 ____D () C:\Users\cek\AppData\Roaming\BPFTP
2014-08-08 14:28 - 2009-04-03 14:41 - 00106776 _____ () C:\Users\cek\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-27 18:50 - 2010-10-26 14:04 - 00000000 ____D () C:\Program Files\Common Files\Mcafee
2014-07-25 12:25 - 2012-05-30 17:03 - 00000000 ____D () C:\_cek
2014-07-24 16:25 - 2012-04-26 14:24 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-23 10:21 - 2014-07-23 10:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\cek\AppData\Local\Temp\proxy_vole5865047882025749136.dll
C:\Users\cek\AppData\Local\Temp\Quarantine.exe
C:\Users\cek\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Chris\AppData\Local\Temp\RtkBtMnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-22 09:47

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Meiner1er · 22.08.2014, 12:44

FRST
Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version:19-08-2014
Ran by cek at 2014-08-22 10:14:28
Running from D:\___________
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)
Acer Arcade Deluxe (HKLM\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 2.0.5817 - CyberLink Corp.)
Acer Arcade Deluxe (Version: 2.0.5817 - CyberLink Corp.) Hidden
Acer Crystal Eye webcam Ver:1.1.57.409 (HKLM\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.57.409 - Chicony Electronics Co.,Ltd.)
Acer eAudio Management (HKLM\...\{57265292-228A-41FA-9AEC-4620CBCC2739}) (Version: 3.0.3009 - CyberLink Corp.)
Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 3.0.3065 - Egis Inc.)
Acer Empowering Technology (HKLM\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3013 - Acer Incorporated)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 3.0.3016 - Acer Incorporated)
Acer eSettings Management (HKLM\...\{13D85C14-2B85-419F-AC41-C7F21E68B25D}) (Version: 3.0.3007 - Acer Incorporated)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 3.0.3000 - Acer Inc.)
Acer Product Registration (HKLM\...\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}) (Version: 3.0.0.10 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.02.1111 - Acer Incorporated)
Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.08 - Adobe Systems)
Adobe After Effects CS3 Presets (Version: 8 - Adobe Systems Incorporated) Hidden
Adobe AIR (Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe BridgeTalk Plugin CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 3 Master Collection (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen (HKLM\...\Adobe_67a7fb1e97aa14ee9ef0950eb6fd757) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS3 (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS3 Icon Handler (Version: 5.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe MotionPicture Color Files (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (HKLM\...\Adobe_719d6f144d0c086a0dfa7ff76bb9ac1) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS3 Functional Content (Version: 8 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS3 Third Party Content (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.4) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Adobe SING CS3 (Version: 0.1 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Video Profiles (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe WAS CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP DVA Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Agatha Christie Peril at End House (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113848220}) (Version:  - Oberon Media)
AGT Pro - Betfair (HKLM\...\{A61559F3-BD03-4FF3-9C21-2A3D2CAB4B43}) (Version: 1.2.0 - The Geek)
AHV content for Acrobat and Flash (Version: 1 - Adobe Systems Incorporated) Hidden
Alice Greenfingers (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
Alien Shooter (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110082360}) (Version:  - Oberon Media)
Amazon Cloud Drive (HKLM\...\{036D99DD-6C5E-444D-8C18-B034BB6E433D}) (Version: 0.8.10.1 - Amazon.com)
AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{B448BC74-1CB7-7A57-3313-5E075AFB413E}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
Antares Autotune VST v5.09 (HKLM\...\Antares Autotune VST_is1) (Version:  - )
Antares AVOX Bundle VST RTAS v1.1.3 (HKLM\...\Antares AVOX Bundle VST RTAS_is1) (Version:  - Team AiR 2007)
Antares AVOX Evo VST RTAS v3.0.2 (HKLM\...\Antares AVOX Evo VST RTAS_is1) (Version:  - )
Apple Application Support (HKLM\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArtsAcoustic Reverb 1.5.0.5 (HKLM\...\ArtsAcoustic Reverb) (Version: 1.5.0.5 - ArtsAcoustic Vertrieb GbR)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version:  - )
Audio Bro LA Scoring Strings (HKLM\...\Audio Bro LA Scoring Strings) (Version:  - Audio Bro)
Audio Bro LA Scoring Strings (Version: 1.0.0.001 - Audio Bro) Hidden
Audiophile USB (HKLM\...\{3F96519F-E1CF-4914-8181-B06F9CD799DA}) (Version: 5.10.00.5120v2 - M-Audio)
AVOX Evo VST (HKLM\...\{65AA5B18-A330-4F35-BCDF-EA85EC888906}) (Version: 3.0.2.1 - Antares Audio Technologies)
AVS Disc Creator 5 (HKLM\...\AVS Disc Creator_is1) (Version: 5.0.6.520 - Online Media Technologies Ltd.)
AVS Screen Capture version 2.0.1 (HKLM\...\AVS Screen Capture_is1) (Version:  - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 8 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version: 8.3.2.533 - Online Media Technologies Ltd.)
AVS Video Editor 6 (HKLM\...\AVS Video Editor_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Recorder 2.5 (HKLM\...\AVS Video Recorder_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Beatscape 1.0 (HKLM\...\Cakewalk Beatscape_is1) (Version: 1.0 - Cakewalk Music Software)
Beatscape 1.0.2 (HKLM\...\Cakewalk Beatscape 1.0.2_is1) (Version: 1.0.2 - Cakewalk Music Software)
Beetle Junior (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110052107}) (Version:  - Oberon Media)
Bet Angel - Basic (HKLM\...\{5ECF7A71-2B21-422B-92CE-A88BD78229D1}) (Version: 2.0.1 - Bet Angel Limited)
Bet Angel (BETDAQ) (HKLM\...\{4404A7AB-8FBB-45F0-BF73-4ACF7B116E90}) (Version: 1.23.1 - Bet Angel Limited)
Bet Angel (BETDAQ) (HKLM\...\{55A5B622-54AE-49AE-BA7A-5F79A95ED339}) (Version: 1.23.2 - Bet Angel Limited)
Bfexplorer PRO (HKLM\...\{E7B0FD2F-E316-407F-8AB7-BFA853520D06}) (Version: 1.0.0 - BeloSoft)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BrainMaker Professional (HKLM\...\BrainMaker Professional) (Version:  - )
Brainworx BX XL Mastering Limiter VST RTAS v1.0 (HKLM\...\Brainworx BX XL Mastering Limiter_is1) (Version:  - )
Bricks of Egypt (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}) (Version:  - Oberon Media)
BulletProof FTP (HKLM\...\BulletProof FTP_is1) (Version:  - )
C:\Program Files\Acer GameZone\GameConsole (HKLM\...\{71C2828F-2678-4675-BDEC-895424861262}_is1) (Version: 2.0.1.2 - Oberon Media, Inc.)
Cake Mania (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version:  - Oberon Media)
CANTOR 2 (HKLM\...\{0EF0223B-1EE2-4D79-8668-9E1FE7E23C50}) (Version: 2.0.0 - VirSyn Software Synthesizer)
Captcha Brotherhood (HKLM\...\{CCD438F0-5D72-4945-9E72-6560C7E5E0D0}) (Version: 1.1.9 - Brotherhood Software)
Catalyst Control Center Graphics Previews Common (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.00 - Piriform)
Chicken Invaders 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version:  - Oberon Media)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
CloneDVD2 (HKLM\...\CloneDVD2) (Version:  - Elaborate Bytes)
Cognitone Synfire Pro 1 (HKLM\...\Synfire Pro 1) (Version:  - Cognitone GmbH)
Collab (HKLM\...\Collab) (Version:  - Image-Line bvba)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Corel Graphics - Windows Shell Extension (HKLM\...\_{761B6C00-A23A-4F17-9D23-CB7E48307314}) (Version: 16.1.0.843 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 16.1.843 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 12 (HKLM\...\{505AFDC0-5E72-4928-8368-5DEA385E3647}) (Version: 12.0.0.458 - Corel Corporation)
CorelDRAW Graphics Suite X6 - Capture (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - DE (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Photozoom Plugin (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (Version: 16.1 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (HKLM\...\_{511DE7EA-AA68-4D7A-A2E3-0E7B5186B822}) (Version: 16.1.0.843 - Corel Corporation)
CorelDRAW Graphics Suite X6 (Version: 16.1 - Corel Corporation) Hidden
Cradle of Rome (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11219217}) (Version:  - Oberon Media)
Crazy Browser version 1.05 (HKLM\...\Crazy Browser_is1) (Version:  - )
Crazy Browser version 3.0.0 RC2 (HKLM\...\Crazy Browser 3.0.0 RC2_is1) (Version:  - )
Crazy Browser version 3.0.3 (HKLM\...\Crazy Browser 3.0.3_is1) (Version:  - )
CrySonic SPECTRA-Q 1.0 VST (HKLM\...\CrySonic SPECTRA-Q 1.0 VST) (Version:  - )
Crystal Reports for Visual Studio (Version: 12.51.0.240 - SAP) Hidden
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.3023d - CyberLink Corp.)
CyberLink PowerDirector (Version: 6.5.3023d - CyberLink Corp.) Hidden
db audioware Sidechain Compressor VST v1.1.0 (HKLM\...\db audioware Sidechain Compressor VST v1.1.0) (Version:  - )
db audioware Sidechain Gate VST v1.1.0 (HKLM\...\db audioware Sidechain Gate VST v1.1.0) (Version:  - )
Dimension Pro (HKLM\...\Cakewalk Dimension Pro_is1) (Version: 1.0 - Cakewalk Music Software)
DiskAid 4.1 (HKLM\...\DiskAid_is1) (Version: 4.1 - DigiDNA)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
Dream Day First Home (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
DreamStation DXi2 (HKLM\...\DreamStation DXi2) (Version:  - )
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version:  - )
East West Symphonic Choirs (HKLM\...\East West Symphonic Choirs) (Version:  - )
Easy Video Splitter 1.28 (HKLM\...\Easy Video Splitter_is1) (Version:  - DoEasier Tech Inc)
EDIROL PCR Driver (HKLM\...\RolandRDID0027) (Version:  - Roland Corporation)
ElastikVst (HKLM\...\{92F027CB-BDF9-4047-A654-13A050908158}) (Version: 1.05.0203 - ueberschall sample service GmbH)
ElastikVst (Version: 1.00.0000 - ueberschall sample service GmbH) Hidden
eLicenser Control (HKLM\...\eLicenser Control) (Version:  - Steinberg Media Technologies GmbH)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
eSobi v2 (HKLM\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.3.000201 - esobi Inc.)
eSobi v2 (Version: 2.0.3.000201 - esobi Inc.) Hidden
FabFilter Pro-Q VST RTAS v1.00 (HKLM\...\FabFilter Pro-Q VST RTAS_is1) (Version:  - TEAM AiR)
ffdshow v1.1.3949 [2011-07-25] (HKLM\...\ffdshow_is1) (Version: 1.1.3949.0 - )
FileZilla Server (remove only) (HKLM\...\FileZilla Server) (Version:  - )
FL Studio 8 (HKLM\...\FL Studio 8) (Version:  - Image-Line bvba)
FlashGet 2.0 (HKLM\...\FlashGet 2.0) (Version: 2.11.0.1188 - hxxp://www.FlashGet.com)
FormatFactory 2.70 (HKLM\...\FormatFactory) (Version: 2.70 - Free Time)
Free Audio CD Burner version 1.3 (HKLM\...\Free Audio CD Burner_is1) (Version:  - DVDVideoSoft Limited.)
Free Download Manager 3.0 (HKLM\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
Free M4a to MP3 Converter 7.1 (HKLM\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free YouTube to MP3 Converter version 3.5 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version:  - DVDVideoSoft Limited.)
Galapago (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version:  - Oberon Media)
Ghostscript GPL 8.64 (Msi Setup) (HKLM\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (Version: 8.64 - Corel Corporation) Hidden
Go-Go Gourmet (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}) (Version:  - Oberon Media)
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version:  - )
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM\...\{8E87B944-4815-3C5E-947F-5035C9F64362}.KB947789) (Version: 1 - Microsoft Corporation)
iCON 210 (HKLM\...\{395AB8C5-F3A8-4380-8718-7A11EC5829F6}) (Version: 1.00.0000 - Mobile Partner Manager)
iExplorer 2.2.1.3 (HKLM\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant, LLC)
IL Download Manager (HKLM\...\IL Download Manager) (Version:  - Image-Line bvba)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) C++ Redistributables for Windows* on IA-32 (HKLM\...\{1E958728-CFA3-454A-A2D6-42A9FF718480}) (Version: 11.1.048 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{35C0A1E4-D02A-412C-841F-266DBB116ABB}) (Version: 12.02.0000 - Intel(R) Corporation)
Interlok driver setup x32 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.8.13 - PACE Anti-Piracy)
iPhone-Konfigurationsprogramm (HKLM\...\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}) (Version: 2.1.0.163 - Apple Inc.)
IsoBuster 2.5.5 (HKLM\...\IsoBuster_is1) (Version: 2.5.5 - Smart Projects)
iTunes (HKLM\...\{616445AF-BBCF-41C1-A4D6-8CFF171C182D}) (Version: 11.1.4.62 - Apple Inc.)
iZotope Alloy (HKLM\...\iZotope Alloy_is1) (Version: 1.00 - iZotope, Inc.)
iZotope Nectar (HKLM\...\iZotope Nectar_is1) (Version: 1.12 - iZotope, Inc.)
iZotope Ozone 4 (HKLM\...\iZotope Ozone 4_is1) (Version: 4.00 - iZotope, Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java(TM) 6 Update 29 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216013FF}) (Version: 6.0.290 - Sun Microsystems, Inc.)
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
KPT(R) Collection (HKLM\...\KPT Collection) (Version:  - )
Launch Manager (HKLM\...\LManager) (Version:  - )
LightScribe  1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Live-Styler 10 (HKLM\...\Live-Styler_is1) (Version:  - Norbert Stellberg)
LoopBe1 - Internal MIDI Port (HKLM\...\LoopBe1) (Version:  - )
Magic Farm (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114717227}) (Version:  - Oberon Media)
Magic Match Adventures (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11408540}) (Version:  - Oberon Media)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Internet Security Suite (HKLM\...\MSC) (Version: 12.8.958 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee Virtual Technician (HKLM\...\McAfee Virtual Technician) (Version: 7.5.0.3093 - McAfee, Inc.)
Melodyne 3.1 (HKLM\...\{A1F143D1-1F0D-44FB-A44B-71D4367D16DE}) (Version: 3.1.0200 - Celemony Software GmbH)
Melodyne 3.1 (Version: 3.1.0200 - Celemony Software GmbH) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM\...\{1803A630-3C38-4D2B-9B9A-0CB37243539C}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM\...\{91110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 (Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Services (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Native Client (HKLM\...\{C91C4EF4-63E1-41EE-AE6A-5152628FDC21}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM\...\{0DDCEC37-369C-484B-B16D-B4413FD42FB9}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM\...\{E5AE9031-79A5-4627-9641-BEFA82819B08}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM\...\{78C3657E-742C-40B1-9F53-E5A921D40F17}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Setup Support Files (English) (HKLM\...\{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008-Browser (HKLM\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 (Deutsch) (HKLM\...\{FA440BE8-EC2F-4478-A01A-077DA0606501}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch) (HKLM\...\{738B0934-6676-44F6-AB52-32F4E60DCA7F}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{D074DC76-F6C9-440E-A1D0-1DE958417FDB}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x86) (HKLM\...\{C6DD625F-4B61-4561-8286-87CA0275CEA1}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM\...\{97CE8B73-AA5A-4987-A1BE-50DD1A187478}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x86) (HKLM\...\{F990B526-8F7C-46E0-B1F1-6C893A8B478F}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) (HKLM\...\{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x86) (Version: 7.1.00.00 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x86) German (Version: 7.1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319 (HKLM\...\{6A86554B-8928-30E4-A53C-D7337689134D}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Office Developer Tools (x86) (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Professional - ENU (HKLM\...\Microsoft Visual Studio 2010 Professional - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Professional - ENU (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 SharePoint Developer Tools (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual Studio Macro Tools (HKLM\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM\...\{8E87B944-4815-3C5E-947F-5035C9F64362}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (HKLM\...\{76DAEC83-AF7B-333C-8A53-83D7C7D39199}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu (HKLM\...\{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}) (Version: 3.5.30729 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (HKLM\...\{044F9133-B8D7-4d11-BF39-803FA20F5C8B}) (Version: 6.1.5295.17011 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
MicroTrends NinjaTrader Framework 7 7.0.1.47 (HKLM\...\{6B84A934-9323-4998-B4AC-22D2B0905215}) (Version: 7.0.1.47 - MicroTrends)
MidiPlayer (C:\Program Files\MidiPlayer\) (HKLM\...\ST6UNST #2) (Version:  - )
MidiPlayer (HKLM\...\ST6UNST #1) (Version:  - )
MKVToolNix 5.3.0 (HKLM\...\MKVToolNix) (Version: 5.3.0 - Moritz Bunkus)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mp3tag v2.43 (HKLM\...\Mp3tag) (Version: v2.43 - Florian Heidenreich)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MusicLab RealGuitar 2.0 (HKLM\...\{1864B4F0-7777-4A57-9930-C2B307597966}) (Version:  - MusicLab, Inc.)
MySQL Connector Net 6.5.4 (HKLM\...\{92E19B5A-1985-49BF-9022-9CF4AD652C72}) (Version: 6.5.4 - Oracle)
Mystery Solitaire - Secret Island (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}) (Version:  - Oberon Media)
Mythic Mahjong (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113919217}) (Version:  - Oberon Media)
Native Instruments Abbey Road 60s Drums Vintage (HKLM\...\Native Instruments Abbey Road 60s Drums Vintage) (Version:  - Native Instruments)
Native Instruments Abbey Road 60s Drums Vintage (Version: 1.0.0.001 - Native Instruments) Hidden
Native Instruments Absynth 5 (HKLM\...\Native Instruments Absynth 5) (Version:  - Native Instruments)
Native Instruments Absynth 5 (Version: 5.0.0.829 - Native Instruments) Hidden
Native Instruments Battery 3 (HKLM\...\Native Instruments Battery 3) (Version:  - Native Instruments)
Native Instruments Battery 3 (Version: 3.0.5.23 - Native Instruments) Hidden
Native Instruments Berlin Concert Grand (HKLM\...\Native Instruments Berlin Concert Grand) (Version:  - Native Instruments)
Native Instruments Berlin Concert Grand (Version: 1.0.0.001 - Native Instruments) Hidden
Native Instruments Controller Editor (HKLM\...\Native Instruments Controller Editor) (Version:  - Native Instruments)
Native Instruments Controller Editor (Version: 1.4.0.801 - Native Instruments) Hidden
Native Instruments FM8 (HKLM\...\Native Instruments FM8) (Version:  - Native Instruments)
Native Instruments FM8 (Version: 1.0.4.879 - Native Instruments) Hidden
Native Instruments George Duke Soul Treasures (HKLM\...\Native Instruments George Duke Soul Treasures) (Version:  - Native Instruments)
Native Instruments George Duke Soul Treasures (Version: 1.0.0.002 - Native Instruments) Hidden
Native Instruments Guitar Rig 4 (HKLM\...\Native Instruments Guitar Rig 4) (Version:  - Native Instruments)
Native Instruments Guitar Rig 4 (Version: 4.0.7.960 - Native Instruments) Hidden
Native Instruments Guitar Rig 5 (HKLM\...\Native Instruments Guitar Rig 5) (Version:  - Native Instruments)
Native Instruments Guitar Rig 5 (Version: 5.0.1.2447 - Native Instruments) Hidden
Native Instruments GuitarRig Mobile IO Driver (HKLM\...\Native Instruments GuitarRig Mobile IO Driver) (Version:  - Native Instruments)
Native Instruments GuitarRig Mobile IO Driver (Version: 2.0.10.001 - Native Instruments) Hidden
Native Instruments Komplete 6 (HKLM\...\Native Instruments Komplete 6) (Version:  - Native Instruments)
Native Instruments Komplete 6 (Version: 6.0.0.001 - Native Instruments) Hidden
Native Instruments Komplete Elements (HKLM\...\Native Instruments Komplete Elements) (Version:  - Native Instruments)
Native Instruments Komplete Elements (Version: 7.0.0.001 - Native Instruments) Hidden
Native Instruments Kontakt 3 (HKLM\...\Native Instruments Kontakt 3) (Version:  - Native Instruments)
Native Instruments Kontakt 3 (Version: 3.5.0.025 - Native Instruments) Hidden
Native Instruments Kontakt 4 (HKLM\...\Native Instruments Kontakt 4) (Version:  - Native Instruments)
Native Instruments Kontakt 4 (Version: 4.1.3.4125 - Native Instruments) Hidden
Native Instruments Kontakt Elements Selection R2 (HKLM\...\Native Instruments Kontakt Elements Selection R2) (Version:  - Native Instruments)
Native Instruments Kontakt Elements Selection R2 (Version: 1.0.0.002 - Native Instruments) Hidden
Native Instruments Kore 2 (HKLM\...\Native Instruments Kore 2) (Version:  - )
Native Instruments Maschine (HKLM\...\Native Instruments Maschine) (Version:  - Native Instruments)
Native Instruments Maschine (Version: 1.1.0.25 - Native Instruments) Hidden
Native Instruments Maschine (Version: 1.7.1.7666 - Native Instruments) Hidden
Native Instruments Maschine Controller (HKLM\...\Native Instruments Maschine Controller) (Version:  - Native Instruments)
Native Instruments Maschine Controller (Version: 2.9.4.433 - Native Instruments) Hidden
Native Instruments Maschine Factory Content (HKLM\...\Native Instruments Maschine Factory Content) (Version:  - Native Instruments)
Native Instruments Maschine Factory Content (Version: 1.1.0.001 - Native Instruments) Hidden
Native Instruments Maschine Factory Content 1.5 (HKLM\...\Native Instruments Maschine Factory Content 1.5) (Version:  - Native Instruments)
Native Instruments Maschine Factory Content 1.5 (Version: 1.5.0.001 - Native Instruments) Hidden
Native Instruments Massive (HKLM\...\Native Instruments Massive) (Version:  - Native Instruments)
Native Instruments Massive (Version: 1.1.4.1901 - Native Instruments) Hidden
Native Instruments New York Concert Grand (HKLM\...\Native Instruments New York Concert Grand) (Version:  - Native Instruments)
Native Instruments New York Concert Grand (Version: 1.0.0.001 - Native Instruments) Hidden
Native Instruments Reaktor 5 (HKLM\...\Native Instruments Reaktor 5) (Version:  - Native Instruments)
Native Instruments Reaktor 5 (Version: 5.1.5.2 - Native Instruments) Hidden
Native Instruments Reaktor Elements Selection (HKLM\...\Native Instruments Reaktor Elements Selection) (Version:  - Native Instruments)
Native Instruments Reaktor Elements Selection (Version: 1.0.0.002 - Native Instruments) Hidden
Native Instruments Reaktor Spark R2 (HKLM\...\Native Instruments Reaktor Spark R2) (Version:  - Native Instruments)
Native Instruments Reaktor Spark R2 (Version: 1.0.0.001 - Native Instruments) Hidden
Native Instruments Rig Kontrol 3 Driver (HKLM\...\Native Instruments Rig Kontrol 3 Driver) (Version:  - Native Instruments)
Native Instruments Rig Kontrol 3 Driver (Version: 2.0.10.001 - Native Instruments) Hidden
Native Instruments Service Center (HKLM\...\Native Instruments Service Center) (Version:  - Native Instruments)
Native Instruments Service Center (Version: 2.2.6.676 - Native Instruments) Hidden
Native Instruments Session IO Driver (HKLM\...\Native Instruments Session IO Driver) (Version:  - Native Instruments)
Native Instruments Session IO Driver (Version: 2.0.10.001 - Native Instruments) Hidden
Native Instruments Solid Bus Comp (HKLM\...\Native Instruments Solid Bus Comp) (Version:  - Native Instruments)
Native Instruments Solid Bus Comp (Version: 1.0.0.003 - Native Instruments) Hidden
Native Instruments Spektral Delay (HKLM\...\Native Instruments Spektral Delay) (Version:  - )
Native Instruments The Mouth (HKLM\...\Native Instruments The Mouth) (Version:  - Native Instruments)
Native Instruments The Mouth (Version: 1.0.0.002 - Native Instruments) Hidden
Native Instruments True School (HKLM\...\Native Instruments True School) (Version:  - Native Instruments)
Native Instruments True School (Version: 1.0.0.002 - Native Instruments) Hidden
Native Instruments Upright Piano (HKLM\...\Native Instruments Upright Piano) (Version:  - Native Instruments)
Native Instruments Upright Piano (Version: 1.0.0.002 - Native Instruments) Hidden
Native Instruments Vienna Concert Grand (HKLM\...\Native Instruments Vienna Concert Grand) (Version:  - Native Instruments)
Native Instruments Vienna Concert Grand (Version: 1.0.0.002 - Native Instruments) Hidden
Native Instruments Vokator (HKLM\...\Native Instruments Vokator) (Version:  - )
NewBlue Stabilizer for Windows (HKLM\...\NewBlue Stabilizer for Windows) (Version: 1.4 - NewBlue)
NewsLeecher v3.9 Final (HKLM\...\NewsLeecher_is1) (Version:  - )
NinjaTrader 6.5 (HKLM\...\{53846028-98E3-457D-9A12-7A5F02FF06D2}) (Version: 6.5.1019 - NinjaTrader)
NinjaTrader 7 (HKLM\...\{BB2338E5-3156-49D3-B539-7E6EF5BC3ECF}) (Version: 7.0.1011 - NinjaTrader)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.606 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.606 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6329 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.2.6329 - NewTech Infosystems) Hidden
Nuvoton EC Generic HID Driver (HKLM\...\{302E9B7B-2B6A-4C29-9A02-9F2110649779}) (Version: 7.80.5000 - Nuvoton Technology Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - NVIDIA Corporation)
OEBackup - Outlook Express Datensicherung (Vollversion) (HKLM\...\OutlookExpressDatensicherung) (Version:  - )
One Man Band Essentials Demo (HKLM\...\One Man Band Essentials demo_is1) (Version:  - )
One Man Band v10.2.1 (HKLM\...\ST5UNST #1) (Version:  - )
OrangeVocoder v2.0-OxYGeN (HKLM\...\OrangeVocoder v2.0-OxYGeN) (Version:  - )
Orion (HKLM\...\{5B63A470-9334-44D1-AF61-6CE2DB565AE9}) (Version: 2.0.1 - Convesoft)
PC Inspector File Recovery (HKLM\...\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}) (Version: 4.0 - )
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
PG Music DirectX Plugins 2.0.0.0 (HKLM\...\PG Music DirectX Plugins_is1) (Version:  - PG Music Inc.)
PG Music DirectX Plugins 2.0.0.0 (HKLM\...\PG_DX_Plugins_is1) (Version:  - PG Music Inc.)
PhotoNow! (HKLM\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.4619 - CyberLink Corp.)
PoiZone (HKLM\...\PoiZone) (Version:  - Image-Line bvba)
Poser 7 (HKLM\...\Poser 7) (Version:  - )
proDAD Mercalli 2.0 (HKLM\...\proDAD-Mercalli-2.0) (Version: 2.0 - proDAD GmbH)
PS3 Media Server (HKLM\...\PS3 Media Server) (Version: 1.50.1 - PS3 Media Server)
QuantSports (HKLM\...\{28518792-DF27-42F1-B3F3-3B18B5CC023C}) (Version: 1.1.8 - QuantSports)
QuickPar 0.9 (HKLM\...\QuickPar) (Version: 0.9 - Peter B. Clements)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
ratDVD 0.78.1444 (HKLM\...\ratDVD) (Version: 0.78.1444 - ratDVD)
RealGuitar Demo (HKLM\...\{29039698-6914-444F-923C-B1049750C55C}) (Version: 2.2.1 - MusicLab)
RealPlayer (HKLM\...\RealPlayer 6.0) (Version:  - RealNetworks)
RealStrat 1.0 (HKLM\...\{58206080-3E1F-4418-8117-D190FC71BF58}) (Version:  - MusicLab)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5704 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 3.0.1.3 - Realtek Semiconductor Corp.)
Reason 4.0.1 (HKLM\...\Reason4_is1) (Version: 4.0.1 - Propellerhead Software AB)
RebelBetting 4.4 (HKLM\...\RebelBetting) (Version: 4.4 - ClaroBet AB)
reFX Nexus VSTi RTAS v2.2.0 (HKLM\...\reFX Nexus_is1) (Version:  - )
Registry-Dompteur (HKLM\...\RegDom) (Version: 3.14 - Horst Schmid)
Replay Media Catcher 3.0 (HKLM\...\Replay Media Catcher 3.0) (Version: 3.0 - Applian Technologies Inc.)
Replay Media Catcher 4 (4.4.5) (HKLM\...\Replay Media Catcher 4) (Version: 4.4.5 - Applian Technologies)
Rob Papen Albino 3 (HKLM\...\Rob Papen Albino 3) (Version:  - )
Rob Papen BLUE Version 1.7.0 (HKLM\...\Rob Papen BLUE Version 1.7.0_is1) (Version:  - RPCX)
Rob Papen RG 1.5 Multi-core (HKLM\...\RG_is1) (Version:  - RPCX)
Rob Papen RP-Verb 1.0.3 Multi-Core (HKLM\...\Rob Papen RP-Verb_is1) (Version:  - RP-Verb)
Rob Papen SubBoomBass 1.0.5 Multi-core (HKLM\...\SubBoomBass_is1) (Version:  - RPCX)
Roger Nichols Digital SIGNATURE Bundle VST RTAS v1.9.3 (HKLM\...\Roger Nichols Digital SIGNATURE Bundle VST RTAS_is1) (Version:  - )
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Sandboxie 3.74 (32-bit) (HKLM\...\Sandboxie) (Version: 3.74 - SANDBOXIE L.T.D)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Sonalksis Plug-Ins for Windows 2.06 (HKLM\...\Sonalksis Plug-Ins for Windows_is1) (Version:  - Sonalksis)
SONAR 8.0 Producer Edition (HKLM\...\SONAR8Producer_is1) (Version: 17.0 - Cakewalk Music Software)
Sonnox Oxford Inflator Native VST v1.5.1 (HKLM\...\Sonnox Oxford Inflator Native VST_is1) (Version:  - Team AiR 2007)
Sonnox Oxford Limiter Native VST v1.1.1 (HKLM\...\Sonnox Oxford Limiter Native VST_is1) (Version:  - Team AiR 2007)
Sonnox Oxford R3 Dynamics Native VST v1.3.1 (HKLM\...\Sonnox Oxford R3 Dynamics Native VST_is1) (Version:  - Team AiR 2007)
Sonnox Oxford R3 EQ Native VST v1.6.1 (HKLM\...\Sonnox Oxford R3 EQ Native VST_is1) (Version:  - Team AiR 2007)
Sonnox Oxford Reverb Native VST v1.0 (HKLM\...\Sonnox Oxford Reverb Native VST_is1) (Version:  - Team AiR 2007)
Sonnox Oxford TransMod Native VST v1.3.1 (HKLM\...\Sonnox Oxford TransMod Native VST_is1) (Version:  - Team AiR 2007)
Sql Server Customer Experience Improvement Program (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Steinberg WaveLab 5.01b (HKLM\...\Steinberg WaveLab 5.01b) (Version:  - )
Stereoscopic Player (HKLM\...\{9C20C313-D587-447C-BE2B-26B136C832A0}) (Version: 1.7.8 - 3dtv.at)
SUPER © Version 2009.bld.36 (June 10, 2009) (HKLM\...\SUPER ©) (Version: Version 2009.bld.36 (June 10, 2009) - eRightSoft)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.4.0 - Synaptics)
TextPad 5 (HKLM\...\{B6EC7388-E277-4A5B-8C8F-71067A41BA64}) (Version: 5.2.0 - Helios)
The Rise of Atlantis (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112548397}) (Version:  - Oberon Media)
Tiks Texas Hold em (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110422467}) (Version:  - Oberon Media)
Toxic Biohazard (HKLM\...\Toxic Biohazard) (Version:  - Image-Line bvba)
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version:  - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939v3) (Version: 3 - Microsoft Corporation)
UseNeXT (HKLM\...\UseNeXT_is1) (Version:  - Tangysoft Ltd.)
Vir2 Electri6ity (HKLM\...\Vir2 Electri6ity) (Version:  - Vir2)
Vir2 Electri6ity (Version: 1.0.0.001 - Vir2) Hidden
Vir2 Mojo Horn Section (HKLM\...\Vir2 Mojo Horn Section) (Version:  - Vir2)
Vir2 Mojo Horn Section (Version: 1.0.0.001 - Vir2) Hidden
Virtual Sound Canvas DXi (HKLM\...\{745877DC-8FFE-4E4C-ABBC-589B887A47D1}) (Version:  - )
Virtual Sound Canvas VST (HKLM\...\{DA22A6BB-10B5-4595-BD59-1AD4023C8536}) (Version:  - )
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN)
VOCALOID Editor V1.1.1.0 (HKLM\...\{B123B3B1-C2A0-47E7-AAAB-D1E2DBE259CB}) (Version: 0.0.0.1 - )
VOCALOID Expression DB (Leon) (HKLM\...\{2154AF92-3049-42C5-A4C0-83AE99436752}) (Version: 0.0.0.1 - )
VOCALOID Expression DB (Miriam) (HKLM\...\{44F77FBE-828D-4B04-A02B-C70426F65C86}) (Version: 0.0.0.1 - )
VOCALOID Expression DB (Standard) (HKLM\...\{9B89EB0D-68C3-4E5D-A705-CD8D37DABF50}) (Version: 0.0.0.1 - )
VOCALOID SKIN (Crypton KAITO) (HKLM\...\{A0D08A19-EC76-441B-A264-0E71A8F5ABF8}) (Version: 0.0.0.1 - )
VOCALOID SKIN (Zero-G LEON) (HKLM\...\{C7904010-6875-4843-8B82-9FC49B2CCC2E}) (Version: 0.0.0.1 - )
VOCALOID SKIN (Zero-G MIRIAM) (HKLM\...\{8BBB3758-6759-4086-835B-1D665DBE979F}) (Version: 0.0.0.1 - )
VOCALOID Voice DB (Kaito) (HKLM\...\{F3292D16-6363-4AB8-85AF-75B61544B678}) (Version: 0.0.0.1 - )
VOCALOID Voice DB (Leon) (HKLM\...\{9F3B5588-E05C-4D99-AA2C-459AA6C5F31E}) (Version: 0.0.0.1 - )
VOCALOID Voice DB (Miriam) (HKLM\...\{146303B2-EA46-4BFB-8054-FC75A0D0088B}) (Version: 0.0.0.1 - )
VOCALOID VSTi V1.1.1.0 (HKLM\...\{FAC611DA-E445-4D7A-8311-7389C627FA32}) (Version: 0.0.0.1 - )
VOCALOID2 Editor V2.0.12.2J (HKLM\...\{F1C1C21B-F56E-400B-B0B0-270D817889F3}) (Version: 0.0.0.1 - Yamaha Corporation)
VOCALOID2 Expression DB (Standard) (HKLM\...\{B6588186-9657-486C-AEB1-F57D8E160F19}) (Version: 0.0.0.1 - Yamaha Corporation)
VOCALOID2 Voice DB (Megpoid) (HKLM\...\{E155C75A-DE68-4C86-950C-315B5128662E}) (Version: 0.0.0.1 - INTERNET Co.,Ltd.)
VOCALOID2 Voice DB (SweetANN) (HKLM\...\{B7197A7E-AE3B-4575-90CA-6820EC7E7631}) (Version: 0.0.0.1 - PowerFX Systems AB)
VOCALOID2 VSTi V2.0.12.3 (HKLM\...\{A95FF0B9-5CFB-497E-8872-3A5F41AD9D4F}) (Version: 0.0.0.1 - Yamaha Corporation)
vShare plugin 1.3 (HKLM\...\vShare plugin) (Version: 1.3 - vShare.tv, Inc.)
Waldorf Largo (HKLM\...\Waldorf Largo) (Version:  - )
WaveMachine Labs Drumagog Platinum VST.RTAS.v5.0.1 (HKLM\...\WaveMachine Labs Drumagog Platinum_is1) (Version:  - )
Waves Mercury Bundle (HKLM\...\Waves Mercury Bundle) (Version: 5.0 - Team AiR)
Waves Vocal Bundle v1.1 (HKLM\...\Waves Vocal Bundle v1.1) (Version:  - )
WBPIDownloadManager (HKLM\...\WBPIDownloadManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1) (Version: v1.05 - Warner Bros. Entertainment Inc.)
WBPIDownloadManager (Version: 1.05 - Warner Bros. Entertainment Inc.) Hidden
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
Winamp (HKLM\...\Winamp) (Version: 5.552  - Nullsoft, Inc)
Winamp Remote (HKLM\...\Orb) (Version: 2.2008.0508.1530 - Orb Networks)
Windows Live Anmelde-Assistent (HKLM\...\{B5BCBD49-202F-4238-8398-D83D423A48B4}) (Version: 5.000.817.1 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8051.1204 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinMorph™ 3.01 (HKLM\...\WinMorph_is1) (Version:  - Satish Kumar)
WinRAR 5.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wise Care 365 version 2.45 (HKLM\...\{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1) (Version: 2.45 - WiseCleaner.com, Inc.)
WISO Steuer-Sparbuch 2011 (HKLM\...\{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}) (Version: 18.00.6928 - Buhl Data Service GmbH)
WordBuilder (HKLM\...\{B7DAD844-34CD-456B-83CC-88065323DD69}) (Version: 1.1.21 - East West)
WordBuilder (HKLM\...\{E201E642-C8C2-46D2-9286-29C3BFAE3679}) (Version: 1.0.10 - East West)
XAMPP 1.7.0 (HKLM\...\xampp) (Version:  - )
XMedia Recode 2.1.4.8 (HKLM\...\XMedia Recode) (Version: 2.1.4.8 - Sebastian Dörfler)
YAMAHA File Utility (HKLM\...\{DD14942A-625A-11D6-A35E-000476CE4CF1}) (Version:  - )
Yamaha USB-MIDI Driver (HKLM\...\{271A659B-A7D3-405E-AE31-3086133BE0B7}) (Version: 3.0.4.2 - Ihr Firmenname)
ZendStudioClient-5.1.0 (HKLM\...\ZendStudioClient-5.1.0) (Version: 5.0.0.0 - Zend Technologies)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-835989538-2903230966-4254504411-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\cek\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-835989538-2903230966-4254504411-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\cek\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-835989538-2903230966-4254504411-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\cek\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-835989538-2903230966-4254504411-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\cek\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-835989538-2903230966-4254504411-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\cek\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-835989538-2903230966-4254504411-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\cek\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-835989538-2903230966-4254504411-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\cek\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-835989538-2903230966-4254504411-1000_Classes\CLSID\{ABECE8A0-FF84-4efb-82AE-9B3181CE097D}\InprocServer32 -> C:\Program Files\TextPad 5\System\shellext32.dll (Helios Software Solutions)
CustomCLSID: HKU\S-1-5-21-835989538-2903230966-4254504411-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\cek\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-835989538-2903230966-4254504411-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\cek\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-835989538-2903230966-4254504411-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\cek\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-835989538-2903230966-4254504411-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\cek\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-06-30 11:53 - 2014-07-03 23:59 - 00000156 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 activate.adobe.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {16714657-FF3C-4D9C-9F97-AC3C32C1D6B5} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6ab7b355e00 => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-05] (Google Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1DFF4026-EA87-47E2-81CE-6C97E4DFB51D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-835989538-2903230966-4254504411-1000Core1cf6ae95534ed90 => C:\Users\cek\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-02] (Google Inc.)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {5F8DDA15-E453-4ABF-BD36-5D4053ABD115} - System32\Tasks\AdobeAAMUpdater-1.0-Hanauma_Bay-cek => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {C0F435E3-B110-4C60-8861-FEAD5FF3DABA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-835989538-2903230966-4254504411-1000UA1cf89db1459b420 => C:\Users\cek\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-02] (Google Inc.)
Task: {E33B2417-1DE5-4639-AD23-08D775C8B858} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-05] (Google Inc.)
Task: {E47E146C-C721-4421-9240-7ADD531DAEB2} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6ab7b355e00.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-835989538-2903230966-4254504411-1000Core1cf6ae95534ed90.job => C:\Users\cek\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-835989538-2903230966-4254504411-1000UA1cf89db1459b420.job => C:\Users\cek\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2006-12-04 01:25 - 2006-12-04 01:25 - 00022723 _____ () C:\Windows\System32\sugs2l3.dll
2008-10-16 16:57 - 2008-10-16 16:57 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2008-01-18 01:17 - 2008-01-18 01:17 - 00073782 _____ () d:\xampp\apache\bin\zlib1.dll
2007-02-04 11:14 - 2007-02-04 11:14 - 00020687 _____ () D:\xampp\php\zendOptimizer\lib\ZendExtensionManager.dll
2008-12-08 20:33 - 2008-12-08 20:33 - 00166912 _____ () d:\xampp\apache\bin\libmcrypt.dll
2008-12-17 20:48 - 2008-12-17 20:48 - 01646592 _____ () d:\xampp\apache\bin\LIBMYSQL.dll
2008-12-08 20:33 - 2008-12-08 20:33 - 00464172 _____ () d:\xampp\apache\bin\LIBPQ.dll
2007-10-25 10:34 - 2007-10-25 10:34 - 00163840 _____ () d:\xampp\apache\bin\pslib.dll
2007-10-30 14:28 - 2007-10-30 14:28 - 00086016 _____ () d:\xampp\apache\bin\pxlib.dll
2008-01-07 17:47 - 2008-01-07 17:47 - 00721095 _____ () D:\xampp\php\zendOptimizer\lib\Optimizer\php-5.2.x\ZendOptimizer.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2007-06-24 20:09 - 2007-06-24 20:09 - 01024000 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
2007-06-24 20:09 - 2007-06-24 20:09 - 00098304 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
2007-06-24 20:09 - 2007-06-24 20:09 - 00061440 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
2009-02-11 19:45 - 2008-10-04 05:09 - 00069632 _____ () C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
2009-01-22 20:28 - 2008-11-28 11:56 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2009-01-22 20:28 - 2009-01-22 20:28 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3013.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2009-01-22 20:28 - 2009-01-22 20:28 - 00020480 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3013.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2009-01-22 20:28 - 2009-01-22 20:28 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3013.0__3036420f80dd6947\Framework.Library.dll
2009-01-22 20:28 - 2009-01-22 20:28 - 00028672 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3013.0__672b450de5a7e94a\Framework.Host.dll
2009-01-22 20:28 - 2009-01-22 20:28 - 00016384 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3013.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2009-02-11 19:43 - 2008-09-11 22:20 - 00016384 ____N () C:\Program Files\Acer\Empowering Technology\eAudio\eAudioSrvPlugin.dll
2009-02-11 19:42 - 2008-05-26 15:40 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.ServicePlugin.dll
2009-02-11 19:42 - 2008-05-26 15:37 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Logger.dll
2009-02-11 19:42 - 2008-05-26 15:39 - 00143360 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Model.Computer.dll
2009-02-11 19:42 - 2008-05-26 15:37 - 00036864 _____ () C:\Program Files\Acer\Empowering Technology\Service\eSettings.Model.ComputerInterface.dll
2006-01-11 14:32 - 2006-01-11 14:32 - 00531968 _____ () C:\Program Files\FileZilla Server\FileZilla Server.exe
2009-01-22 20:29 - 2007-12-06 17:15 - 00110592 ____N () C:\Acer\Mobility Center\MobilityService.exe
2009-01-22 20:29 - 2007-11-27 16:08 - 00032768 ____N () C:\Acer\Mobility Center\MobilityInterface.dll
2008-11-15 06:53 - 2008-11-15 06:53 - 06447744 _____ () d:\xampp\mysql\bin\mysqld.exe
2008-04-25 22:36 - 2008-04-25 22:36 - 00131072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2009-01-22 20:16 - 2007-01-09 20:25 - 00272024 _____ () c:\Program Files\Cyberlink\Shared files\RichVideo.exe
2008-01-18 01:17 - 2008-01-18 01:17 - 00073782 _____ () D:\xampp\apache\bin\zlib1.dll
2008-12-08 20:33 - 2008-12-08 20:33 - 00166912 _____ () D:\xampp\apache\bin\libmcrypt.dll
2008-12-17 20:48 - 2008-12-17 20:48 - 01646592 _____ () D:\xampp\apache\bin\LIBMYSQL.dll
2008-12-08 20:33 - 2008-12-08 20:33 - 00464172 _____ () D:\xampp\apache\bin\LIBPQ.dll
2007-10-25 10:34 - 2007-10-25 10:34 - 00163840 _____ () D:\xampp\apache\bin\pslib.dll
2007-10-30 14:28 - 2007-10-30 14:28 - 00086016 _____ () D:\xampp\apache\bin\pxlib.dll
2003-07-11 02:09 - 2003-07-11 02:09 - 00048192 _____ () C:\Program Files\Common Files\Microsoft Shared\Web Folders\1031\nsextint.dll
2009-01-22 20:28 - 2009-01-22 20:28 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3013.0__4df5dcab8860d239\Framework.Utility.dll
2008-07-29 18:52 - 2008-07-29 18:52 - 00227888 _____ () C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
2009-03-18 10:43 - 2009-03-18 10:43 - 00841000 ____N () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
2009-03-18 10:43 - 2009-03-18 10:43 - 00013096 ____N () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 00010240 _____ () C:\Program Files\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu
2010-10-26 14:09 - 2014-04-22 12:55 - 00170776 _____ () c:\Program Files\McAfee\MSK\mskoeplg.dll
2014-07-23 10:21 - 2014-07-23 10:21 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-05-08 15:49 - 2014-05-08 15:49 - 00133120 _____ () C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Locale\de_de\PDFMaker\PDFMOfficeAddin.DEU
2014-08-22 10:01 - 2014-08-22 10:01 - 00050477 _____ () D:\___________\Defogger.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Program Files\Common Files\System:7VPDIb8FxYqoItx6m4yJCtWvh
AlternateDataStreams: C:\ProgramData\Microsoft:cPOXechDCBCGK9jemFe6
AlternateDataStreams: C:\ProgramData\Microsoft:CwUku9MqWSmvAI6l1x4cD7
AlternateDataStreams: C:\ProgramData\Microsoft:G58rXqkLfWrVKlrGanSu
AlternateDataStreams: C:\ProgramData\Microsoft:hbExkBNEkYHyC3M2
AlternateDataStreams: C:\ProgramData\Microsoft:o6rndvoEPjIflRkSIrG7
AlternateDataStreams: C:\ProgramData\Microsoft:PsFafFE6Sru5MyFKU87AOrOG
AlternateDataStreams: C:\Users\cek\Cookies:5uP9siuRuTHCdYzPN3cz5eyAk2
AlternateDataStreams: C:\Users\cek\Cookies:WhaFJaCrAhuwRLh06pCHP6d9
AlternateDataStreams: C:\Users\cek\Lokale Einstellungen:So1QifzHUzTdJTqtWWWjhqaLFv
AlternateDataStreams: C:\Users\cek\AppData\Local:So1QifzHUzTdJTqtWWWjhqaLFv
AlternateDataStreams: C:\Users\cek\AppData\Local\3X02evIpOUR8:DQmaJkGr935Bc5eyFKJf
AlternateDataStreams: C:\Users\cek\AppData\Local\Anwendungsdaten:So1QifzHUzTdJTqtWWWjhqaLFv

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LoopBe1 Monitor.lnk => C:\Windows\pss\LoopBe1 Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^cek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Adobe_ID0EYTHM => C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
MSCONFIG\startupreg: Amazon Cloud Drive => C:\Users\cek\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: BkupTray => "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
MSCONFIG\startupreg: CorelDRAW Graphics Suite 11b => C:\Program Files\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=060909 serial=DR12CNC-8322248-NFT lang=DE
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: FileZilla Server Interface => "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: Google Update => "C:\Users\cek\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: H2O => C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LManager => C:\PROGRA~1\LAUNCH~1\LManager.exe
MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
MSCONFIG\startupreg: PlayMovie => "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
MSCONFIG\startupreg: PLFSetI => C:\Windows\PLFSetI.exe
MSCONFIG\startupreg: ProductReg => "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skytel => Skytel.exe
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

==================== Faulty Device Manager Devices =============

Name: isatap.{9B833F6C-2088-4CB0-AA99-F8C34B8058DB}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: isatap.{9B833F6C-2088-4CB0-AA99-F8C34B8058DB}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: isatap.{9B833F6C-2088-4CB0-AA99-F8C34B8058DB}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: isatap.{9B833F6C-2088-4CB0-AA99-F8C34B8058DB}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: isatap.{9B833F6C-2088-4CB0-AA99-F8C34B8058DB}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun-Miniportadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun-Miniportadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun-Miniportadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Standard-VGA-Grafikkarte
Description: Standard-VGA-Grafikkarte
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardgrafikkartentypen)
Service: vga
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/22/2014 10:14:46 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (08/22/2014 10:14:46 AM) (Source: VSS) (EventID: 40) (User: )
Description: Volumeschattenkopie-Dienst-Fehler: Der Dienst "Microsoft-Softwareschattenkopie-Anbieter" 
(SWPRV) ist deaktiviert. Aktivieren Sie den Dienst, und wiederholen Sie den Vorgang.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (08/22/2014 09:40:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2014 03:23:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2014 03:04:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2014 03:01:03 AM) (Source: VsJITDebugger) (EventID: 4096) (User: NT-AUTORITÄT)
Description: An unhandled exception ('System.TypeInitializationException') occurred in ETService.exe [1236]. Just-In-Time debugging this exception failed with the following error: Debugger could not be started because no user is logged on.

Check the documentation index for 'Just-in-time debugging, errors' for more information.

Error: (08/22/2014 03:00:57 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "C:\Windows\System32\wlanmsm.dll" zugegriffen werden: 
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten 
Speichertreibern; oder der Datenträger fehlt. 
Das Programm Hostprozess für Windows-Dienste wurde wegen dieses Fehlers geschlossen.

Programm: Hostprozess für Windows-Dienste
Datei: C:\Windows\System32\wlanmsm.dll

Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut. 
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2. 
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
	- diese sich im Netzwerk befindet, 
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
	- diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in der Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt. 
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.

Zusätzliche Daten
Fehlerwert: C0000185
Datenträgertyp: 3

Error: (08/22/2014 03:00:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel 0x47918b89, fehlerhaftes Modul WLANMSM.DLL, Version 6.0.6002.18064, Zeitstempel 0x4a58e1c5, Ausnahmecode 0xc0000006, Fehleroffset 0x000255a1,
Prozess-ID 0x500, Anwendungsstartzeit svchost.exe0.

Error: (08/22/2014 02:49:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2014 02:49:22 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 17058) (User: )
Description: initerrlog: Die Fehlerprotokolldatei 'c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Log\ERRORLOG' konnte nicht geöffnet werden. Betriebssystemfehler = 1117(Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.).


System errors:
=============
Error: (08/22/2014 09:46:13 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Windows Update

Error: (08/22/2014 09:44:41 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (08/22/2014 09:40:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: TeamViewer 9%%2

Error: (08/22/2014 09:40:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (08/22/2014 09:40:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: NVIDIA Display Driver Servicenvlddmkm%%1058

Error: (08/22/2014 09:39:44 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 22.08.2014 um 03:39:31 unerwartet heruntergefahren.

Error: (08/22/2014 03:34:01 AM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (08/22/2014 03:34:01 AM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (08/22/2014 03:34:01 AM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (08/22/2014 03:34:01 AM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.


Microsoft Office Sessions:
=========================
Error: (08/22/2014 10:14:46 AM) (Source: VSS) (EventID: 12292) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422

Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (08/22/2014 10:14:46 AM) (Source: VSS) (EventID: 40) (User: )
Description: Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (08/22/2014 09:40:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2014 03:23:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2014 03:04:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2014 03:01:03 AM) (Source: VsJITDebugger) (EventID: 4096) (User: NT-AUTORITÄT)
Description: An unhandled exception ('System.TypeInitializationException') occurred in ETService.exe [1236]. Just-In-Time debugging this exception failed with the following error: Debugger could not be started because no user is logged on.

Check the documentation index for 'Just-in-time debugging, errors' for more information.

Error: (08/22/2014 03:00:57 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\Windows\System32\wlanmsm.dllHostprozess für Windows-DiensteC00001853

Error: (08/22/2014 03:00:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.0.6001.1800047918b89WLANMSM.DLL6.0.6002.180644a58e1c5c0000006000255a150001cfbda3f5cb3f98

Error: (08/22/2014 02:49:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2014 02:49:22 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 17058) (User: )
Description: c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Log\ERRORLOG1117(Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.)


CodeIntegrity Errors:
===================================
  Date: 2014-08-22 10:13:08.863
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-22 10:13:08.660
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-22 10:13:08.442
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-22 10:13:08.223
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-22 10:13:07.631
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-22 10:13:07.412
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-22 10:13:07.194
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-22 10:13:06.882
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-22 10:11:10.722
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-22 10:11:10.254
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 70%
Total physical RAM: 3065.93 MB
Available physical RAM: 919.39 MB
Total Pagefile: 6334.08 MB
Available Pagefile: 4178.03 MB
Total Virtual: 2047.88 MB
Available Virtual: 1909.58 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:225.99 GB) (Free:17.69 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:226.03 GB) (Free:8.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0E265B8C)
Partition 1: (Not Active) - (Size=10.7 GB) - (Type=27)
Partition 2: (Active) - (Size=226 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=226 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3 GB) - (Type=12)

==================== End Of Log ============================

GMER
Erste Ausführung wurde von Systemabsturz (BlueScreen) unterbrochen. Nach dem Neustart des Systems klappte es dann.

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-22 13:13:56
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BEVT-22ZAT0 rev.01.01A01 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\cek\AppData\Local\Temp\kwdoqkow.sys


---- System - GMER 2.1 ----

Code            A2F80BFC                                                                                              ZwTraceEvent
Code            A2F80BFB                                                                                              NtTraceEvent

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!NtTraceEvent                                                                             84071316 5 Bytes  JMP A2F80C00 
PAGE            ntkrnlpa.exe!NtRequestPort + 2                                                                        842523A2 5 Bytes  JMP A2F80CA0 
PAGE            ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 2                                                            84283B64 5 Bytes  JMP A2F80DE0 
PAGE            ntkrnlpa.exe!NtRequestWaitReplyPort + 2                                                               8428A134 5 Bytes  JMP A2F80D40 

---- User code sections - GMER 2.1 ----

.text           C:\Windows\Explorer.EXE[3672] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5                            76E0B37C 2 Bytes  [00, 26] {ADD [ESI], AH}
.text           C:\Windows\Explorer.EXE[3672] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C8                            76E0B37F 1 Byte  [10]
.text           C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe[5276] kernel32.dll!LoadLibraryW  762593F0 5 Bytes  JMP 6705B470 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll
.text           C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe[5276] kernel32.dll!LoadLibraryA  7625956C 1 Byte  [E9]
.text           C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe[5276] kernel32.dll!LoadLibraryA  7625956C 5 Bytes  JMP 6705B370 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                               Wdf01000.sys
AttachedDevice  \Driver\tdx \Device\Tcp                                                                               mfewfpk.sys
AttachedDevice  \Driver\tdx \Device\Udp                                                                               mfewfpk.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                                              fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LogName                             C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy437.gthr
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LogNumber                           438
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@SecondaryLogName                    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy438.gthr
Reg             HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version                            
Reg             HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version                    0x24 0x7D 0x53 0x6C ...

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                                 unknown MBR code

---- EOF - GMER 2.1 ----

Vielen Dank für jede Form der Hilfe im Voraus!

Bootsektor · 22.08.2014, 12:45

Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem
Führe bitte nur Scans durch zu denen Du von mir aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
Poste die Logfiles direkt in deinen Thread in Code-Tags.
Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 2 Tagen nichts von mir hörst, dann schreibe mir bitte eine PM.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist.

Schritt 1
Bitte schau noch einmal bei Malwarebytes nach, du hast das Schutzprotokolllog gepostet.

Starte Malwarebytes
Gehe nun oben auf Verlauf
links findest du nun die Auswahl Quarantäne und Anwendungsprotokolle
Gehe auf Anwendungsprotokolle
suche hier das letzte Suchlaufsprotokoll und wähle das aus
nun gehe oben auf Ansicht, das Protokoll öffnet sich
unten links steht exportieren, wähle das aus und klicke auf Textdatei
speichere nun das Log unter mbam.txt ab
öffne das Log mit deinem Texteditor
poste mir den Inhalt

Meiner1er · 22.08.2014, 12:55

Hallo liebe Sandra,

vielen Dank für die (unglaublich schnelle) Antwort!

Sorry, dass ich die falsche Malwarebytes-Datei gepostet habe. Hier kommt hoffentlich die richtige:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 21.08.2014
Suchlauf-Zeit: 10:17:45
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.08.21.02
Rootkit Datenbank: v2014.08.16.01
Lizenz: Testversion
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: cek

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 403927
Verstrichene Zeit: 14 Min, 56 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 30
PUP.Optional.VShareRedir, HKLM\SOFTWARE\CLASSES\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}, In Quarantäne, [d0661aaf314a11253fef8df957ab6d93], 
PUP.Optional.VShareRedir, HKLM\SOFTWARE\CLASSES\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}, In Quarantäne, [d0661aaf314a11253fef8df957ab6d93], 
PUP.Optional.VShareRedir, HKLM\SOFTWARE\CLASSES\TYPELIB\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}, In Quarantäne, [d0661aaf314a11253fef8df957ab6d93], 
PUP.Optional.VShareRedir, HKLM\SOFTWARE\CLASSES\INTERFACE\{3D782BB2-F2A5-11D3-BF4C-000000000000}, In Quarantäne, [d0661aaf314a11253fef8df957ab6d93], 
PUP.Optional.VShareRedir, HKLM\SOFTWARE\CLASSES\INTERFACE\{DB1F5554-582C-4F53-82CC-458D2C04A2F1}, In Quarantäne, [d0661aaf314a11253fef8df957ab6d93], 
PUP.Optional.VShareRedir, HKLM\SOFTWARE\CLASSES\MyNewsBarLauncher.IE5BarLauncher.1, In Quarantäne, [d0661aaf314a11253fef8df957ab6d93], 
PUP.Optional.VShareRedir, HKLM\SOFTWARE\CLASSES\MyNewsBarLauncher.IE5BarLauncher, In Quarantäne, [d0661aaf314a11253fef8df957ab6d93], 
PUP.Optional.VShareRedir, HKU\S-1-5-21-835989538-2903230966-4254504411-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}, In Quarantäne, [d0661aaf314a11253fef8df957ab6d93], 
PUP.Optional.VShareRedir, HKU\S-1-5-21-835989538-2903230966-4254504411-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}, In Quarantäne, [d0661aaf314a11253fef8df957ab6d93], 
PUP.Optional.VShareRedir, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}, In Quarantäne, [d0661aaf314a11253fef8df957ab6d93], 
PUP.Optional.VShareRedir, HKLM\SOFTWARE\CLASSES\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}\INPROCSERVER32, In Quarantäne, [d0661aaf314a11253fef8df957ab6d93], 
PUP.Optional.VShareRedir, HKLM\SOFTWARE\CLASSES\MyNewsBarLauncher.IE5BarLauncherBHO.1, In Quarantäne, [d0661aaf314a11253fef8df957ab6d93], 
PUP.Optional.VShareRedir, HKLM\SOFTWARE\CLASSES\MyNewsBarLauncher.IE5BarLauncherBHO, In Quarantäne, [d0661aaf314a11253fef8df957ab6d93], 
PUP.Optional.VShareRedir, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}, In Quarantäne, [d0661aaf314a11253fef8df957ab6d93], 
PUP.Optional.VShareRedir, HKU\S-1-5-21-835989538-2903230966-4254504411-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}, In Quarantäne, [d0661aaf314a11253fef8df957ab6d93], 
PUP.Optional.VShareRedir, HKU\S-1-5-21-835989538-2903230966-4254504411-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}, In Quarantäne, [d0661aaf314a11253fef8df957ab6d93], 
PUP.Optional.VShareRedir, HKU\S-1-5-21-835989538-2903230966-4254504411-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}, In Quarantäne, [d0661aaf314a11253fef8df957ab6d93], 
PUP.Optional.VShareRedir, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}, In Quarantäne, [d0661aaf314a11253fef8df957ab6d93], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [b87e43864f2c3402d5cc2f443cc68779], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [b87e43864f2c3402d5cc2f443cc68779], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [b87e43864f2c3402d5cc2f443cc68779], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\supWPM, In Quarantäne, [86b020a9502b2610481f00e3f50dfe02], 
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\sweet-pageSoftware, In Quarantäne, [ff374c7de09b92a487925be331d3bf41], 
PUP.Optional.NewTab.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pkndmigholgfjlniaohblojbhgjbkakn, In Quarantäne, [0333e4e5d6a53afca08afb150ef554ac], 
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [59dd7c4d2b5067cf8ea413225da75ba5], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB, In Quarantäne, [ea4cf2d74d2e5adc580ec71c857dd52b], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-835989538-2903230966-4254504411-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [a3939a2f93e853e364ed1ef57e85748c], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-835989538-2903230966-4254504411-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [0432844533481e187119dd4c26dea25e], 
PUP.Optional.Qone8, HKU\S-1-5-21-835989538-2903230966-4254504411-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [e056caff73088da94ce55adb6d977a86], 
PUP.Optional.Softonic.A, HKU\S-1-5-21-835989538-2903230966-4254504411-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [e5518d3c5c1fef47fa78d230f211b050], 

Registrierungswerte: 7
PUP.Optional.VShareRedir, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}, VShareTB, In Quarantäne, [d0661aaf314a11253fef8df957ab6d93]
PUP.Optional.VShareRedir, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}, In Quarantäne, [61d58c3d42391422220b8600a2608d73], 
PUP.Optional.Lightning.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|lightningnewtab@gmail.com, C:\Users\cek\AppData\Roaming\Mozilla\Firefox\Profiles\mpq4xo1a.default-1388938982893\extensions\lightningnewtab@gmail.com.xpi, In Quarantäne, [4ceacdfc4f2c1b1b9c8f50c0d42fa25e]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB|ptid, cor, In Quarantäne, [ea4cf2d74d2e5adc580ec71c857dd52b]
Trojan.Agent.EV, HKU\S-1-5-21-835989538-2903230966-4254504411-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\CONTROL PANEL\DESKTOP|SCRNSAVE.EXE, "C:\Users\cek\AppData\Roaming\Microsoft\Windows\IEUpdate\MdSched.exe", In Quarantäne, [86b0b9109ae14beb2f1a12d225ddd927]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-835989538-2903230966-4254504411-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0V1D1S1R1D0V1O, In Quarantäne, [0432844533481e187119dd4c26dea25e]
Hijack.Autorun, HKU\S-1-5-21-835989538-2903230966-4254504411-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\COMMAND PROCESSOR|AutoRun, "C:\Users\cek\AppData\Roaming\Microsoft\Windows\IEUpdate\MdSched.exe", In Quarantäne, [270f10b92556ed49d24f4ac94bb88878]

Registrierungsdaten: 7
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.sweet-page.com/?type=sc&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.sweet-page.com/?type=sc&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727),Ersetzt,[04322c9d057600365e350dcda75d5aa6]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727&q={searchTerms}),Ersetzt,[8fa7e1e8502b73c383125981867eca36]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.sweet-page.com/web/?type=ds&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727&q={searchTerms}),Ersetzt,[e84e74556417f93d88edede21ce8768a]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.sweet-page.com/?type=hp&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/?type=hp&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727),Ersetzt,[4de98a3f2457171fade75486ce3604fc]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[84b2ad1ca8d3c4723fef5f7b976d5da3]
PUP.Optional.SweetPage.A, HKU\S-1-5-21-835989538-2903230966-4254504411-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.sweet-page.com/?type=hp&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/?type=hp&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727),Ersetzt,[f4429039661542f418784c8eb054b749]
Broken.OpenCommand, HKCR\regfile\shell\open\command, "regedit.exe" "Gut: (regedit.exe "Schlecht: ("regedit.exe" "%1"),Ersetzt,[ffffffffffffffffffffffffffffffff]")", %4, %5

Ordner: 3
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, In Quarantäne, [af8708c1750648eeb3e5b10d17eb9e62], 
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, In Quarantäne, [af8708c1750648eeb3e5b10d17eb9e62], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab, In Quarantäne, [c07612b7afccda5ca3999941847e30d0], 

Dateien: 9
PUP.Optional.VShareRedir, C:\Program Files\StartSearch plugin\BarLcher.dll, In Quarantäne, [d0661aaf314a11253fef8df957ab6d93], 
PUP.Optional.Softonic, C:\Users\cek\Downloads\SoftonicDownloader_fuer_dvd-flick.exe, In Quarantäne, [4de919b0c3b813233d638090ad543ec2], 
PUP.Optional.Softonic, C:\Users\cek\Downloads\SoftonicDownloader_fuer_sothink-movie-dvd-maker.exe, In Quarantäne, [65d1bd0ccead95a1d0d01bf554ada759], 
PUP.Optional.Softonic, C:\Users\cek\Downloads\SoftonicDownloader_fuer_treesize.exe, In Quarantäne, [1521d2f7710a39fda00042ceb64bb848], 
PUP.Optional.QuickStart.A, C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx, In Quarantäne, [ed4914b5a2d9d75f25b640a25aa8be42], 
PUP.Optional.SweetPage.A, C:\Program Files\Mozilla Firefox\browser\searchplugins\sweet-page.xml, In Quarantäne, [bb7b9237215ab77fd54378c624e020e0], 
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update\conf, In Quarantäne, [af8708c1750648eeb3e5b10d17eb9e62], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab\SupTab.dll, In Quarantäne, [c07612b7afccda5ca3999941847e30d0], 
PUP.Optional.SweetPage.A, C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (   "homepage": "hxxp://www.sweet-page.com/?type=hp&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727",), Ersetzt,[0c2af6d3710acb6b97fadd2f7b8a15eb]

Physische Sektoren: 0
(No malicious items detected)


(end)

Viele Grüße
Chris

Bootsektor · 22.08.2014, 13:06

Hallo Chris,

es gibt ein Problem mit den Einträgen in deiner Host-Datei, bzw. mit den Adobe-Produkten auf deinem Rechner.

Zitat:

127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 activate.adobe.com

Die von mir gelisteten Einträge deuten stark darauf hin, dass auf diesem Rechner Software benutzt wird, die nicht legal erworben wurde.

Supportunterbrechung

Lesestoff:

Wir haben uns hier auf dem Board darauf geeinigt, dass wir an dieser Stelle solange nicht weiter bereinigen, bis die Software entfernt wurde. Hinzu kommt, dass wir dich in unserer Anleitung und auch in diesem Wichtig-Thema unmissverständlich darauf hingewiesen haben, wie wir damit umgehen werden. Saubere, gute Software hat seinen Preis und die Softwarefirmen leben von diesen Einnahmen.

Bitte entscheide Dich also, wie Du weiter vorgehen möchtest und teile mir dieses hier in Deinem Thread mit.
Unsere Hilfe beschränkt sich, wenn Du diese Software nicht entfernst, nur auf das Neuaufsetzen und Absichern deines Systems.
Fragen dazu beantworten wir dir aber weiterhin gerne und zwar in unserem Forum.

Meiner1er · 22.08.2014, 14:05

Anhang 69006Doch, meine Software ist legal erworben. Ich gebe allerdings zu, dass BEVOR ich viel Geld für eine Software ausgegeben habe, ich zunächst "Testversionen" geladen hatte, die nicht immer ganz koscher waren. Wer die Preise für manche Programme kennt, wird mir das hoffentlich nachsehen. Meine Adobe-Programme sind "nachgekauft" (bzw. "nachersteigert"). Dann gibt's noch ein paar Tools (z.B. "Textpad"), die eigentlich gekauft werden wollen, wenn man sie länger verwendet. Da sie dies aber nur sporadisch anmahnen ohne ihre Funktionalität einzuschränken, habe ich das bislang noch nicht gemacht, weil aktuell das Geld nicht mehr so locker sitzt wie noch vor einiger Zeit. Ich hoffe auf bessere Zeiten. Und auch auf Hilfe hier im Board!

Edit: Schau mal in den Anhang. Adobe hat sich sogar dafür bedankt, dass ich so ein netter Kerl bin. (Ok, nicht persönlich, aber immerhin)

Bootsektor · 22.08.2014, 23:12

Ok.

In welchem Ordner befand sich denn dein Babylon? Du kannst das aus dem Adwarecleaner wieder dequarantinieren. Gehe dazu auf die Menüleiste und wähle aus dem Menüpunkt Tools den Quarantinemanager aus, da solltest du dann entsprechende Einträge wieder herstellen können, falls du dir unsicher bist, was zu was gehört, frag bitte hier nach

Schritt 1
Bitte deinstalliere folgende Programme:

Java(TM) 6 Update 29
McAfee Security Scan Plus

Dazu gehe auf
Start --> Systemsteuerung -- > Programme --> Programme deinstallieren --> suche das Programm in der Liste --> entfernen

Falls du ein Programm nicht deinstallieren kannst, lade dir von hier den Revo-uninstaller herunter und deinstalliere es damit, wähle dabei den moderaten Modus.

Schritt 2

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKLM Group Policy restriction on software: C:\Program Files\Sandboxie <====== ATTENTION
hosts:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 3
Lade dir bitte Emsisoft MBR Master herunter und speichere es auf den Desktop.

Führe die mbrmastr.exe aus.
Drücke auf Backup MBR und speichere es als emsi auf den Desktop.
Schliesse dann das Programm wieder.
Packe die erstellte emsi.mbr in ein zip-Archiv (Rechtsklick -> Senden an -> Zip-komprimierten Ordner) und hänge die Datei hier an.
Auf dem Desktop wird ebenfalls eine Textdatei MBRMastr_<date>_<time>.txt erstellt. Poste deren Inhalt bitte hier.

Schritt 4
Lade dir von Hier das Tool Speccy herunter, installiere es, führe es aus, schaue was dort unter Grafik angezeigt wird und poste mir dieses hier

Schritt 5
Teste, ob du deine Sandbox wieder starten kannst

Schritt 6
Bitte mach noch einen neuen Scan mit FRST

Meiner1er · 23.08.2014, 09:58

Hallo Sandra,

vielen Dank für Deine Antwort!!

Als erstes habe ich versucht, Babylon aus der Quarantäne zu befreien. Es gab tatsächlich zig im Adwarecleaner gelistete Dateien, die zu Babylon gehörten. Ich habe sie alle wiederhergestellt. Das Programm lässt sich trotzdem nicht mehr starten (Fehlermeldung: „Storage initialization failed (Error 3“)). Daran änderte auch ein Neustart nichts. Das ist aber nicht weiter dramatisch. Ich habe für dieses Programm vor Jahren einmal eine Lifetime-Lizenz erworben. Die gilt zwar nur für diese ältere Version und nicht für die aktuell angebotene, aber ich denke, mithilfe von Babylon sollte ich das schon wieder installiert bekommen. Und wenn nicht, kann ich das auch verschmerzen.

Die von Dir vorgegebenen Schritte habe ich alle der Reihe nach durchgeführt.

Schritt 1: die Programme ließen sich deinstallieren.

Schritt 2: Fixlog.txt

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:22-08-2014
Ran by cek at 2014-08-23 10:27:33 Run:1
Running from C:\Users\cek\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Program Files\Sandboxie <====== ATTENTION
hosts:
         
*****************

HKLM => Group Policy Restriction on software restored successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

==== End of Fixlog ====

Schritt 3: emsi.mbr habe ich gezippt und angehängt. Hier ist MBRMastr_2014.08.23_10.32.09:

Code:

ATTFilter

Detected Windows version: 6.0 Build 6002 Service Pack 2
Installing direct disk access driver ...
Driver connection handle: 0x000000D4
1 valid drive(s) found.

Details for Disk 0 - WDC WD5000BEVT-22ZAT0 Rev 01.01A01:
  Device name              : \\.\PhysicalDrive0
  Geometry (C/H/S)         : 60801/255/63
  Boot loader reputation   : Unknown
  Cross view comparison    : Passed
  Partition table integrity: Passed

  Boot loader hashes
    SHA-1                  : 2EC369C37C7F79F0CBA18E64243AD0066D1AE535
    MD5                    : F79EF1FA2A5761BF6A7B3A858FC003EE

Schritt 4: Das wird unter Grafik angezeigt:

Code:

ATTFilter

Grafik
		Bildschirm
			Name	Standard Monitor on
			Aktuelle Auflösung	1400x1050 Pixel
			Arbeitsauflösung	1400x1020 Pixel
			Status	Aktiviert, Primär
			Monitor Breite	1400
			Monitor Höhe	1050
			Monitor BpP	32 Bits pro Pixel
			Monitor Frequenz	1 Hz
			Gerät	\\.\DISPLAY1
		ATI Standard-VGA-Grafikkarte
			Hersteller	ATI
			Modell	Standard-VGA-Grafikkarte
			GPU	M96
			Geräte ID	1002-9480
			Sub Hersteller	Acer Incorporated [ALI] (1025)
			Aktuelle Leistungsstufe	Level 0
			Technologie	55 nm
			DIE Größe	145 mm²
			Transistoren	514 M
			Erscheinungsdatum	2009
			DirectX Unterstützung	10.1
			DirectX Shader Modell	4.1
			OpenGL Unterstützung	2.1
			BIOS Kerntakt	550,00
			BIOS Speichertakt	500,00
			Treiberversion	6.0.6001.18000
			ROPs	8
			Shader	320 einheitlich
			Speichertyp	DDR2
			Busbreite	64x2 (128 bit)
			Noise Level	Moderate
			Max Power Draw	48 Watts
				Leistungsstufen: 1
					Level 1

Schritt 5: Sandboxie startet wieder! SUPER! HURRA!

Schritt 6: Hier die Log-Datei von FRST:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-08-2014
Ran by cek (administrator) on HANAUMA_BAY on 23-08-2014 10:35:55
Running from D:\___________
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apache Software Foundation) D:\xampp\apache\bin\apache.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files\FileZilla Server\FileZilla server.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Acer\Mobility Center\MobilityService.exe
(Apache Software Foundation) D:\xampp\apache\bin\apache.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(CyberLink) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
(Avid Technology, Inc.) C:\Windows\System32\M-AudioTaskBarIcon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe
() D:\xampp\mysql\bin\mysqld.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
(Realtek Semiconductor Corp.) C:\Users\cek\AppData\Local\Temp\RtkBtMnt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Malwarebytes Corporation) C:\Program Files\AntiVirus\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieCtrl.exe
(Helios Software Solutions) C:\Program Files\TextPad 5\TextPad.exe
(Piriform Ltd) C:\Program Files\Speccy\Speccy.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6294048 2008-09-19] (Realtek Semiconductor)
HKLM\...\Run: [ePower_DMC] => C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [417792 2008-11-28] (Acer Inc.)
HKLM\...\Run: [eDataSecurity Loader] => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-07-29] (Egis Incorporated)
HKLM\...\Run: [eAudio] => C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-09-11] (Acer Incorporated)
HKLM\...\Run: [ArcadeDeluxeAgent] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [147456 2008-10-08] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [173352 2009-03-18] (CyberLink)
HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [M-Audio Taskbar Icon] => C:\Windows\System32\M-AudioTaskBarIcon.exe [356864 2008-05-15] (Avid Technology, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-835989538-2903230966-4254504411-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-835989538-2903230966-4254504411-1000\...\Run: [uTorrent] => C:\Users\cek\AppData\Roaming\uTorrent\uTorrent.exe [1322832 2014-07-03] (BitTorrent Inc.)
HKU\S-1-5-21-835989538-2903230966-4254504411-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-835989538-2903230966-4254504411-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-835989538-2903230966-4254504411-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-835989538-2903230966-4254504411-1000\...\MountPoints2: {8971c6a0-972b-11de-bcaf-00216b684c4c} - G:\QsSetup.exe
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc.)
BootExecute: autocheck autochk /p \??\F:autocheck autochk * 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: 38.80.72.216:2066
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GGLL_de
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GGLL_de
BHO: FG2CatchUrl -> {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} -> C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll (FlashGet)
BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} ->  No File
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: FDMIECookiesBHO Class -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files\Free Download Manager\iefdm2.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\Program Files\Zend\ZendStudioClient-5.1.0\bin\ZendIEToolbar.dll ()
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\cek\AppData\Roaming\Mozilla\Firefox\Profiles\mpq4xo1a.default-1388938982893
FF NewTab: chrome://lightning/content/newtab.html
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @mcafee.com/MVT -> C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\cek\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\cek\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\cek\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\cek\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\cek\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\cek\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\cek\AppData\Roaming\Mozilla\Firefox\Profiles\mpq4xo1a.default-1388938982893\Extensions\1391865204_xpi [2014-02-08]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-03]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2010-10-26]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-06-30]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2010-10-26]

Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "hxxp://google.de/"
CHR DefaultSearchKeyword: sweet-page
CHR DefaultSearchURL: hxxp://www.sweet-page.com/web/?type=ds&ts=1391865190&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXNY08LW3727W3727&q={searchTerms}
CHR DefaultSuggestURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (vShare.tv plug-in) - C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\cek\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\cek\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\cek\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U11) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-09]
CHR Extension: (Google Drive) - C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-09]
CHR Extension: (YouTube) - C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-09]
CHR Extension: (Google-Suche) - C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-09]
CHR Extension: (SiteAdvisor) - C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-03-09]
CHR Extension: (EditThisCookie) - C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2013-03-09]
CHR Extension: (Premium Cookie Injector (Multi-Server)) - C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hglhnookgghcefjamdoakhhfamnhodpd [2013-03-09]
CHR Extension: (No Name) - C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj [2013-03-09]
CHR Extension: (Google Wallet) - C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\cek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-09]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-03-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apache2.2; d:\xampp\apache\bin\apache.exe [24636 2008-12-10] (Apache Software Foundation) [File not signed]
R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [69632 2008-10-04] () [File not signed]
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-11-28] () [File not signed]
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [860160 2008-10-16] (Intel(R) Corporation) [File not signed]
R2 FileZilla Server; C:\Program Files\FileZilla Server\FileZilla Server.exe [531968 2006-01-11] () [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2009-04-05] (Macrovision Europe Ltd.) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S2 MBAMScheduler; C:\Program Files\AntiVirus\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\AntiVirus\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-06-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed]
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mysql; d:\xampp\mysql\bin\mysqld.exe [6447744 2008-11-15] ()
R2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed]
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed]
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-10-16] (Intel(R) Corporation) [File not signed]
R2 RichVideo; c:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [85776 2012-08-25] (SANDBOXIE L.T.D)
S2 WiseBootAssistant; C:\Program Files\Wise\Wise Care 365\BootTime.exe [580232 2013-05-13] (WiseCleaner.com)
S2 TeamViewer9; "C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [28256 2011-06-26] (Applian Technologies Inc.)
R3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [28256 2011-06-26] (Applian Technologies Inc.)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)
R3 CLEDX; C:\Windows\System32\DRIVERS\cledx.sys [33792 2005-05-09] (Team H2O) [File not signed]
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [26024 2009-12-18] (Elaborate Bytes AG)
S3 gtstusbser; C:\Windows\System32\DRIVERS\gtstusbser.sys [103552 2008-11-18] (Option N.V.)
R3 hidshim; C:\Windows\System32\DRIVERS\hidshim.sys [5632 2008-10-08] (Windows (R) Codename Longhorn DDK provider)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
S3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [54328 2009-12-23] (PACE Anti-Piracy, Inc.)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [94336 2010-02-03] (ITE                      )
S3 LoopBeMidi1; C:\Windows\System32\drivers\loopbe1.sys [10880 2008-01-27] (nerds.de) [File not signed]
S3 MADFU003; C:\Windows\System32\DRIVERS\MADFU003.sys [75912 2008-03-14] (M-Audio)
S3 MAUSBAP; C:\Windows\System32\DRIVERS\mausbap.sys [143624 2008-03-14] (Avid Technology, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [349192 2014-06-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81296 2014-06-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217224 2014-06-20] (McAfee, Inc.)
R3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [62544 2011-10-21] ()
R3 nuvotonhidgeneric; C:\Windows\System32\DRIVERS\nuvotonhidgeneric.sys [22528 2008-10-08] (Nuvoton Technology Corporation)
S3 RDID1027; C:\Windows\System32\Drivers\rdwm1027.sys [56832 2007-01-22] (Roland Corporation)
S4 RsFx0102; C:\Windows\System32\DRIVERS\RsFx0102.sys [242712 2008-07-10] (Microsoft Corporation)
R2 RVIEG01; C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys [187992 2001-04-13] (Roland) [File not signed]
R2 RVIEGVST; C:\Program Files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [188276 2001-04-13] (Roland) [File not signed]
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [157776 2012-08-25] (SANDBOXIE L.T.D)
R0 TPkd; C:\Windows\system32\Drivers\TPkd.sys [86016 2009-12-23] (PACE Anti-Piracy, Inc.) [File not signed]
S3 USBNP4X4; C:\Windows\System32\drivers\usbnp4x4.sys [29000 2008-03-14] (Doug Fetter Software Wizardry)
S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbw.sys [33736 2009-08-04] (Yamaha Corporation)
R3 cpuz136; \??\C:\Users\cek\AppData\Local\Temp\cpuz136\cpuz136_x32.sys [X]
S3 gbxavs; System32\Drivers\gbxavs.sys [X]
S3 gbxusb; System32\Drivers\gbxusb.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 WisINT15; \??\C:\Elements\1stboot\WisINT15.SYS [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-23 10:34 - 2014-08-23 10:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2014-08-23 10:34 - 2014-08-23 10:34 - 00000000 ____D () C:\Program Files\Speccy
2014-08-23 10:32 - 2014-08-23 10:32 - 00000588 _____ () C:\Users\cek\Desktop\MBRMastr_2014.08.23_10.32.09.txt
2014-08-23 10:30 - 2014-08-23 10:30 - 00000512 _____ () C:\Users\cek\Desktop\emsi.mbr
2014-08-23 10:29 - 2014-08-23 10:29 - 00788728 _____ (Emsisoft GmbH) C:\Users\cek\Desktop\mbrmastr.exe
2014-08-23 10:27 - 2014-08-23 10:27 - 00000000 ____D () C:\Users\cek\Desktop\FRST-OlderVersion
2014-08-23 10:18 - 2014-08-13 10:17 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-23 10:18 - 2014-08-13 10:17 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-23 10:18 - 2014-08-13 10:17 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-23 10:08 - 2014-08-23 10:27 - 01094656 _____ (Farbar) C:\Users\cek\Desktop\FRST.exe
2014-08-23 09:47 - 2014-08-23 10:10 - 00000000 ____D () C:\ProgramData\Babylon
2014-08-23 09:47 - 2014-08-23 09:48 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Babylon
2014-08-23 09:47 - 2014-08-23 09:47 - 00000000 ____D () C:\Users\Chris\AppData\Local\Babylon
2014-08-23 09:47 - 2014-08-23 09:47 - 00000000 ____D () C:\Users\cek\AppData\Roaming\Babylon
2014-08-23 09:47 - 2014-08-23 09:47 - 00000000 ____D () C:\Users\cek\AppData\Local\Babylon
2014-08-23 09:47 - 2014-08-23 09:47 - 00000000 ____D () C:\Program Files\Babylon
2014-08-22 13:53 - 2014-08-22 13:53 - 00012237 _____ () C:\Users\cek\Desktop\mbam.txt
2014-08-22 13:13 - 2014-08-22 13:13 - 00003764 _____ () C:\Users\cek\Desktop\Gmer.txt
2014-08-22 11:18 - 2014-08-22 11:18 - 00139960 _____ () C:\Windows\Minidump\Mini082214-04.dmp
2014-08-22 10:41 - 2013-07-04 06:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-08-22 10:41 - 2013-03-08 05:52 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-08-22 10:39 - 2013-07-03 04:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2014-08-22 10:39 - 2013-07-03 04:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-08-22 10:39 - 2013-03-08 05:53 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-08-22 10:37 - 2013-10-22 09:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-08-22 10:37 - 2013-10-11 04:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-08-22 10:37 - 2013-10-11 04:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-08-22 10:37 - 2013-10-11 02:39 - 00218228 _____ () C:\Windows\system32\WFP.TMF
2014-08-22 10:37 - 2013-06-27 01:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-08-22 10:37 - 2013-06-27 01:01 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-08-22 10:37 - 2013-06-27 01:01 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2014-08-22 10:36 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2014-08-22 10:36 - 2013-06-04 06:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-08-22 10:36 - 2013-06-04 03:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-08-22 10:36 - 2013-02-12 03:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2014-08-22 10:13 - 2013-07-09 14:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-08-22 10:13 - 2013-07-08 06:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-08-22 10:13 - 2013-07-08 06:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-08-22 10:13 - 2013-03-09 05:45 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-08-22 10:13 - 2013-03-09 03:28 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-08-22 10:08 - 2014-08-23 10:36 - 00000000 ____D () C:\FRST
2014-08-22 10:04 - 2014-08-22 10:04 - 00000000 _____ () C:\Users\cek\defogger_reenable
2014-08-22 03:22 - 2014-08-22 03:22 - 00135464 _____ () C:\Windows\Minidump\Mini082214-03.dmp
2014-08-22 02:56 - 2014-08-22 02:56 - 00135464 _____ () C:\Windows\Minidump\Mini082214-02.dmp
2014-08-22 02:42 - 2014-08-22 02:42 - 00141640 _____ () C:\Windows\Minidump\Mini082214-01.dmp
2014-08-21 12:11 - 2014-08-21 12:11 - 00000000 ____D () C:\Program Files\ESET
2014-08-21 11:47 - 2010-02-18 09:18 - 00037944 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdiox86.sys
2014-08-21 11:26 - 2014-08-21 11:26 - 00000958 _____ () C:\Users\cek\Desktop\JRT.txt
2014-08-21 11:20 - 2014-08-21 11:20 - 00000000 ____D () C:\Windows\ERUNT
2014-08-21 10:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-08-21 10:54 - 2014-08-21 11:04 - 00000000 ____D () C:\AdwCleaner
2014-08-21 09:50 - 2014-08-23 10:19 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-21 09:50 - 2014-08-21 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-21 09:49 - 2014-08-23 10:25 - 00000000 ____D () C:\Program Files\AntiVirus
2014-08-21 09:49 - 2014-08-21 09:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-21 09:49 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-21 09:49 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-21 09:49 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-19 14:07 - 2014-08-21 11:49 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-08-19 13:57 - 2014-08-19 13:57 - 00000000 ____D () C:\ATI
2014-08-19 13:55 - 2014-08-19 13:57 - 65077648 _____ (Advanced Micro Devices, Inc.) C:\Users\cek\Desktop\11-8_vista32_win7_32_dd_ccc_ocl.exe
2014-08-19 12:39 - 2014-08-19 12:39 - 00135264 _____ () C:\Windows\Minidump\Mini081914-01.dmp
2014-08-19 12:38 - 2014-08-19 11:58 - 00000000 ____D () C:\Program Files\SIWPortable
2014-08-19 11:54 - 2014-08-19 11:54 - 00000000 ____D () C:\Program Files\AMD APP
2014-08-19 11:53 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-08-19 11:53 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-08-19 11:53 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-08-19 11:53 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-08-19 11:52 - 2014-08-19 11:52 - 00000000 ____D () C:\Program Files\ATI
2014-08-19 11:50 - 2014-08-19 11:50 - 00000000 ____D () C:\AMD
2014-08-19 11:42 - 2014-01-30 09:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-08-14 09:56 - 2014-08-14 09:56 - 00000000 ____D () C:\Program Files\Citrix
2014-08-14 09:55 - 2014-08-14 09:55 - 00103832 _____ () C:\Users\cek\GoToAssistDownloadHelper.exe
2014-08-14 09:55 - 2014-08-14 09:55 - 00000000 ____D () C:\Users\cek\AppData\Local\Citrix
2014-08-13 18:15 - 2014-08-22 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-13 12:47 - 2014-08-13 12:47 - 01056768 _____ () C:\Windows\system32\defltbase.sdb
2014-08-13 10:29 - 2014-08-13 10:30 - 00000000 ____D () C:\Program Files\QuickTime
2014-08-13 10:29 - 2014-08-13 10:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-08-13 10:17 - 2014-08-13 10:17 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-13 10:13 - 2014-08-13 10:18 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-13 10:13 - 2014-08-13 10:13 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-13 10:12 - 2014-08-13 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-12 01:30 - 2014-08-12 01:30 - 00000512 _____ () C:\Users\cek\Documents\0C014300
2014-08-10 14:11 - 2014-08-11 09:40 - 00000000 ____D () C:\ProgramData\IjjaWikna
2014-08-10 10:38 - 2014-08-10 10:37 - 04635304 _____ () C:\Users\cek\Downloads\gunsetup_CB-DL-Manager [1].exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-23 10:36 - 2014-08-22 10:08 - 00000000 ____D () C:\FRST
2014-08-23 10:34 - 2014-08-23 10:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2014-08-23 10:34 - 2014-08-23 10:34 - 00000000 ____D () C:\Program Files\Speccy
2014-08-23 10:32 - 2014-08-23 10:32 - 00000588 _____ () C:\Users\cek\Desktop\MBRMastr_2014.08.23_10.32.09.txt
2014-08-23 10:31 - 2013-05-19 17:12 - 01780190 _____ () C:\Windows\WindowsUpdate.log
2014-08-23 10:30 - 2014-08-23 10:30 - 00000512 _____ () C:\Users\cek\Desktop\emsi.mbr
2014-08-23 10:29 - 2014-08-23 10:29 - 00788728 _____ (Emsisoft GmbH) C:\Users\cek\Desktop\mbrmastr.exe
2014-08-23 10:27 - 2014-08-23 10:27 - 00000000 ____D () C:\Users\cek\Desktop\FRST-OlderVersion
2014-08-23 10:27 - 2014-08-23 10:08 - 01094656 _____ (Farbar) C:\Users\cek\Desktop\FRST.exe
2014-08-23 10:26 - 2014-06-17 05:20 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-835989538-2903230966-4254504411-1000UA1cf89db1459b420.job
2014-08-23 10:26 - 2014-05-08 14:14 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6ab7b355e00.job
2014-08-23 10:25 - 2014-08-21 09:49 - 00000000 ____D () C:\Program Files\AntiVirus
2014-08-23 10:25 - 2012-11-23 12:42 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-08-23 10:19 - 2014-08-21 09:50 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-23 10:18 - 2014-07-23 10:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-23 10:18 - 2009-04-05 13:11 - 00000000 ____D () C:\Users\cek\AppData\Local\Adobe
2014-08-23 10:10 - 2014-08-23 09:47 - 00000000 ____D () C:\ProgramData\Babylon
2014-08-23 10:07 - 2013-08-01 18:08 - 00000000 ____D () C:\Users\cek\AppData\Roaming\uTorrent
2014-08-23 10:03 - 2014-01-19 19:51 - 00008268 _____ () C:\Users\cek\AppData\Local\d3d9caps.dat
2014-08-23 10:03 - 2013-05-19 14:18 - 00000000 ____D () C:\Users\cek\AppData\Roaming\Wise Care 365
2014-08-23 10:01 - 2010-02-05 14:46 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-23 10:00 - 2014-06-08 23:50 - 01383074 _____ () C:\Windows\PFRO.log
2014-08-23 10:00 - 2009-01-22 20:14 - 00000147 _____ () C:\Windows\system32\agent.log
2014-08-23 10:00 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-23 10:00 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-23 10:00 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-23 09:59 - 2006-11-02 15:01 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-23 09:48 - 2014-08-23 09:47 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Babylon
2014-08-23 09:47 - 2014-08-23 09:47 - 00000000 ____D () C:\Users\Chris\AppData\Local\Babylon
2014-08-23 09:47 - 2014-08-23 09:47 - 00000000 ____D () C:\Users\cek\AppData\Roaming\Babylon
2014-08-23 09:47 - 2014-08-23 09:47 - 00000000 ____D () C:\Users\cek\AppData\Local\Babylon
2014-08-23 09:47 - 2014-08-23 09:47 - 00000000 ____D () C:\Program Files\Babylon
2014-08-23 09:41 - 2006-11-02 12:33 - 01747560 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-22 20:29 - 2014-02-08 15:14 - 00000000 ____D () C:\Users\cek\AppData\Local\JDownloader v2.0
2014-08-22 18:56 - 2012-01-26 01:29 - 00102912 _____ () C:\Users\cek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-22 13:53 - 2014-08-22 13:53 - 00012237 _____ () C:\Users\cek\Desktop\mbam.txt
2014-08-22 13:13 - 2014-08-22 13:13 - 00003764 _____ () C:\Users\cek\Desktop\Gmer.txt
2014-08-22 11:41 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2014-08-22 11:28 - 2014-08-13 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-22 11:18 - 2014-08-22 11:18 - 00139960 _____ () C:\Windows\Minidump\Mini082214-04.dmp
2014-08-22 11:18 - 2009-05-13 13:18 - 00000000 ____D () C:\Windows\Minidump
2014-08-22 11:16 - 2014-07-15 00:56 - 330052182 _____ () C:\Windows\MEMORY.DMP
2014-08-22 11:01 - 2006-11-02 14:47 - 03991080 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-22 10:47 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-08-22 10:04 - 2014-08-22 10:04 - 00000000 _____ () C:\Users\cek\defogger_reenable
2014-08-22 10:04 - 2009-04-03 14:39 - 00000000 ____D () C:\Users\cek
2014-08-22 05:25 - 2014-05-08 20:14 - 00001060 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-835989538-2903230966-4254504411-1000Core1cf6ae95534ed90.job
2014-08-22 03:22 - 2014-08-22 03:22 - 00135464 _____ () C:\Windows\Minidump\Mini082214-03.dmp
2014-08-22 02:56 - 2014-08-22 02:56 - 00135464 _____ () C:\Windows\Minidump\Mini082214-02.dmp
2014-08-22 02:42 - 2014-08-22 02:42 - 00141640 _____ () C:\Windows\Minidump\Mini082214-01.dmp
2014-08-21 23:39 - 2009-04-30 12:51 - 00000000 ____D () C:\Users\cek\AppData\Roaming\vlc
2014-08-21 20:40 - 2009-06-04 13:27 - 00444928 _____ () C:\Users\cek\Documents\tv2.xls
2014-08-21 14:22 - 2013-04-02 18:10 - 00000000 ____D () C:\Users\cek\Documents\Rechnungen 2013
2014-08-21 13:48 - 2012-10-08 19:53 - 00000000 ____D () C:\ProgramData\Protexis
2014-08-21 12:11 - 2014-08-21 12:11 - 00000000 ____D () C:\Program Files\ESET
2014-08-21 11:49 - 2014-08-19 14:07 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-08-21 11:26 - 2014-08-21 11:26 - 00000958 _____ () C:\Users\cek\Desktop\JRT.txt
2014-08-21 11:20 - 2014-08-21 11:20 - 00000000 ____D () C:\Windows\ERUNT
2014-08-21 11:04 - 2014-08-21 10:54 - 00000000 ____D () C:\AdwCleaner
2014-08-21 11:03 - 2013-03-09 14:37 - 00001071 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-21 11:03 - 2013-03-09 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-21 11:03 - 2010-06-27 12:08 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-08-21 11:03 - 2009-04-03 14:42 - 00000975 _____ () C:\Users\cek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-21 10:36 - 2006-11-02 13:18 - 00000000 ___RD () C:\Windows\Offline Web Pages
2014-08-21 10:10 - 2009-06-27 19:30 - 00000000 ____D () C:\Users\cek\AppData\Roaming\dvdcss
2014-08-21 09:50 - 2014-08-21 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-21 09:49 - 2014-08-21 09:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-21 09:45 - 2009-01-22 20:12 - 00001024 ___RH () C:\Users\Public\Documents\NTIMP3.dll
2014-08-20 15:19 - 2014-01-07 13:23 - 00000000 ____D () C:\Users\cek\Documents\Rechnungen 2014
2014-08-19 17:25 - 2013-09-17 00:04 - 00001456 _____ () C:\Users\cek\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-08-19 14:33 - 2014-06-30 11:56 - 00002087 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2014-08-19 14:33 - 2014-06-30 11:56 - 00001926 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2014-08-19 14:33 - 2014-06-30 11:55 - 00002437 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2014-08-19 13:57 - 2014-08-19 13:57 - 00000000 ____D () C:\ATI
2014-08-19 13:57 - 2014-08-19 13:55 - 65077648 _____ (Advanced Micro Devices, Inc.) C:\Users\cek\Desktop\11-8_vista32_win7_32_dd_ccc_ocl.exe
2014-08-19 13:13 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-19 12:39 - 2014-08-19 12:39 - 00135264 _____ () C:\Windows\Minidump\Mini081914-01.dmp
2014-08-19 11:58 - 2014-08-19 12:38 - 00000000 ____D () C:\Program Files\SIWPortable
2014-08-19 11:54 - 2014-08-19 11:54 - 00000000 ____D () C:\Program Files\AMD APP
2014-08-19 11:52 - 2014-08-19 11:52 - 00000000 ____D () C:\Program Files\ATI
2014-08-19 11:50 - 2014-08-19 11:50 - 00000000 ____D () C:\AMD
2014-08-15 00:43 - 2009-04-03 16:24 - 00086015 _____ () C:\ProgramData\nvModes.001
2014-08-15 00:19 - 2009-04-03 16:24 - 00086015 _____ () C:\ProgramData\nvModes.dat
2014-08-14 09:56 - 2014-08-14 09:56 - 00000000 ____D () C:\Program Files\Citrix
2014-08-14 09:55 - 2014-08-14 09:55 - 00103832 _____ () C:\Users\cek\GoToAssistDownloadHelper.exe
2014-08-14 09:55 - 2014-08-14 09:55 - 00000000 ____D () C:\Users\cek\AppData\Local\Citrix
2014-08-13 23:11 - 2009-07-04 17:31 - 00000984 _____ () C:\Users\cek\AppData\Local\7F68A003.il
2014-08-13 23:11 - 2009-07-04 17:31 - 00000280 _____ () C:\Users\cek\AppData\Local\IndexIE_7F68A003.il
2014-08-13 14:42 - 2010-10-26 14:04 - 00000000 ____D () C:\Program Files\McAfee
2014-08-13 14:42 - 2010-10-26 13:46 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-13 12:47 - 2014-08-13 12:47 - 01056768 _____ () C:\Windows\system32\defltbase.sdb
2014-08-13 10:30 - 2014-08-13 10:29 - 00000000 ____D () C:\Program Files\QuickTime
2014-08-13 10:29 - 2014-08-13 10:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-08-13 10:18 - 2014-08-13 10:13 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-13 10:17 - 2014-08-23 10:18 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-13 10:17 - 2014-08-23 10:18 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-13 10:17 - 2014-08-23 10:18 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-13 10:17 - 2014-08-13 10:17 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-13 10:13 - 2014-08-13 10:13 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-13 10:12 - 2014-08-13 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-13 09:20 - 2009-04-03 18:34 - 00000000 ____D () C:\Users\cek\ZDE
2014-08-12 10:33 - 2010-11-13 14:52 - 00106776 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-08-12 10:30 - 2010-11-13 14:51 - 00008224 _____ () C:\Users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-12 10:29 - 2010-11-13 14:51 - 00000948 _____ () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-08-12 01:30 - 2014-08-12 01:30 - 00000512 _____ () C:\Users\cek\Documents\0C014300
2014-08-12 01:23 - 2012-02-09 16:38 - 00000000 ____D () C:\Program Files\PS3 Media Server
2014-08-11 09:40 - 2014-08-10 14:11 - 00000000 ____D () C:\ProgramData\IjjaWikna
2014-08-10 14:25 - 2012-10-08 19:05 - 00002032 _____ () C:\Windows\Sandboxie.ini
2014-08-10 11:28 - 2014-02-01 15:44 - 00000000 ____D () C:\_BURN_ME
2014-08-10 11:07 - 2009-07-06 10:38 - 00000000 ____D () C:\Users\cek\AppData\Local\QuickPar
2014-08-10 10:44 - 2012-04-22 16:51 - 00000000 ____D () C:\_download
2014-08-10 10:37 - 2014-08-10 10:38 - 04635304 _____ () C:\Users\cek\Downloads\gunsetup_CB-DL-Manager [1].exe
2014-08-10 09:55 - 2010-10-28 00:05 - 00011078 _____ () C:\Users\cek\Documents\Dokument2.txt
2014-08-09 23:52 - 2014-07-17 21:14 - 00000024 _____ () C:\Windows\5D90C6C72EA89A63.log
2014-08-09 19:23 - 2010-08-18 00:58 - 00000085 ___SH () C:\ProgramData\.zreglib
2014-08-08 14:55 - 2009-04-03 20:47 - 00000000 ____D () C:\Users\cek\AppData\Roaming\BPFTP
2014-08-08 14:28 - 2009-04-03 14:41 - 00106776 _____ () C:\Users\cek\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-27 18:50 - 2010-10-26 14:04 - 00000000 ____D () C:\Program Files\Common Files\Mcafee
2014-07-25 12:25 - 2012-05-30 17:03 - 00000000 ____D () C:\_cek
2014-07-24 16:25 - 2012-04-26 14:24 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\cek\AppData\Local\Temp\proxy_vole1976889266444624521.dll
C:\Users\cek\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\cek\AppData\Local\Temp\speccycpuid.dll
C:\Users\Chris\AppData\Local\Temp\RtkBtMnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-23 10:09

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Eine neue "Addition.txt" wurde nicht erzeugt.

Noch einmal herzlichen Dank!

Soll ich nun noch einmal vesuchen, ob sich die Catalyst-Software installiert, die die Treiber der Grafikkarte mitbringen soll?

Liebe Grüße
Chris

Bootsektor · 23.08.2014, 11:41

Ok,

dein MBR sieht in ORdnung aus.

Leider sieht speccy da auch nur die Standardwerte.

Wo hast den Treiber her? Warst du schon auf der amd-Seite?

Schau dort nochmal nach: AMD

Bitte mache nun den Kontrollscan mit Eset (befindet sich ja auf deinem Rechner)
Schritt 1
Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

und ein neues FRST-log zum Abschluss
Schritt 1
Starte noch einmal FRST.

Setze den Haken bei addition.txt und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop (oder in dem Verzeichnis in dem FRST liegt) gespeichert.
Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.

Meiner1er · 23.08.2014, 12:05

Hallo Sandra,

vielen Dank für Deine Antwort!

Den Grafikkarten-Treiber hatte ich genau von der von Dir verlinkten Seite geladen. Es soll ein Catalyst Control Center installiert werden, aber das passiert einfach nicht. Das entsprechende Verzeichnis (C:\Programme\ATI Technologies) wird angelegt, aber keine Dateien installiert. Nach der Installation heißt es "Installation erfolgreich. Während der Installation kam es zu Warnungen. Detaillierte Informationen finden Sie im Protokoll". Ein Klick auf den Button "Protokoll anzeigen" gibt im Browser diese Information aus:

Code:

ATTFilter

Vorhandene PaketeAMD Catalyst-Installationsmanager 
AMD APP SDK Runtime 
 
Pakete für Installation
AMD Catalyst-InstallationsmanagerEndgültiger Status: Erfolgreich 
Version des Elements: 8.0.877.0 
Größe: 20 Mbytes 
 

Andere gefundene Geräte 

Fehlermeldungen

Wie ich gelesen habe, soll man nach erfolgreicher Installation auch über einen Rechtsklick auf den Desktop ein Menü der Grafikkarte angezeigt bekommen. Aber auch das ist nicht da.

Noch eine Frage zu ESET. Ich starte das Programm mit diesen -> http://www.trojaner-board.de/80603-e...ner-nod32.html <- Einstellungen, OK?

Viele Grüße
Chris

Bootsektor · 23.08.2014, 12:17

So wie in meiner Anleitung beschrieben, ja.

Was steht im Gerätemanager? Kannst du da auf Treiber aktualisieren gehen und von dort versuchen manuell zu installieren, ansonsten mal im abgesicherten Modus versuchen.

Meiner1er · 24.08.2014, 13:42

Hallo Sandra,

vielen Dank für Deine Unterstützung!

Leider hat der ESET Scanner seine Aufgabe erneut nicht zuende führen können. Heute gegen Mittag lief der Scan noch (inzwischen 22-23 Stunden). Ich meine, der Fortschrittsbalken wäre im 80er Bereich gewesen, bin mir aber nicht sicher. Es wurden einige Bedrohungen erkannt. Die habe ich mir aber nicht notiert. Als ich dann das nächste Mal checkte, hatte der Computer neu gestartet. Weil das auch beim ersten Scan passiert ist, frage ich mich, ob das ein Zufall sein kann. Ich habe ESET nun ein drittes Mal gestartet. Mit Ergebnissen ist wohl nicht vor morgen Nachmittag/Abend zu rechnen.

Im Gerätemanager wird unter Grafikkarte "Standard-VGA Grafikkarte" mit einem gelben Aurufungszeichnen-Warnschild gelistet. Ich habe Treiber aktualisieren gewählt, woraufhin online nach Software gesucht wurde. Das hat einige Minuten gedauert, bis die Meldung kam, für "Standard-VGA-Karte" sei bereits der optimale Treiber installiert.

Im abgesicherten Modus erklärt mir dieses spezielle CATALYST Setup-Programm, dass es nicht im abgesicherten Modus laufen könne.

Im Gerätemanager sehe ich, dass unter Netzwerkadapter 5x isatap.{#} und 3x Teredo Tunneling Pseudo-Interface aufgeführt wird, alles mit einem gelben Ausrufungszeichen-Warnhinweis versehen (wobei # eine lange kryptische Zahlen-Nummern-Kombination ist). Sollte ich mir darüber Sorgen machen?

Viele Grüße
Chris

Bootsektor · 25.08.2014, 00:01

Hattest du nach dem Befehl durch die Malware deine Passwörter geändert, nach den Symptomen die du mir schildertest, hattest du einen Passwortstehler auf dem Rechner. Ich seh den jetzt aber nicht in deinen Logs und auch Malwarebytes hat nichts davon gefunden. Es ist aber sicherlich angebracht sie zu ändern.

Probiere einmal mit diesem Tool hier AMD zu entfernen und mache dann nochmal eine neue Installation.

Probiere bitte ob du einen Scan mit HitmanPro durchführen kannst anstelle von Eset
Schritt 1
Downloade Dir HitmanPro
HitmanPro - 32 Bit
HitmanPro - 64 Bit

Starte die HitmanPro.exe
Klicke unten auf der Button-Leiste auf Einstellungen
Belasse die Standardeinstellungen und wähle nur bei "Nach potentiell unerwünschten Programmen suchen" als "Standardaktion" Löschen aus und bestätige mit Ok.
Klicke auf Weiter und akzeptiere die Lizenzbedingungen. Klicke auf Weiter.
Wähle "Nein, ich möchte nur einen Einmalscan zur Überprüfung dieses Computers ausführen" aus und klicke auf Weiter.
Lass am Ende des Suchlaufs alle auftretende Funde löschen und klicke auf Weiter.
Wähle "Nein, ich möchte nur einen Einmalscan zur Überprüfung dieses Computers ausführen" aus und klicke auf Weiter. Der Suchlauf beginnt.
Lass am Ende des Suchlaufs alle auftretende Funde löschen und klicke auf Weiter.
Klicke auf "Kostenlose Lizenz aktivieren" und gib deine E-Mailadresse ein.
Vergewissere dich, dass alle Funde gelöscht wurden, wähle im nächsten Fenster Logdatei speichern und speichere die Logdatei auf deinem Desktop.
Wähle unten links auf der Button-Leiste Logdatei speichern und speichere die Logdatei auf Deinem Desktop.
Schließe HitmanPro.

Bootsektor · 25.08.2014, 08:58

Hallo,

bitte beachte auch meinen Post hierüber

Welche Grafikkarte befand sich denn in deinem alten Laptop, war das auch eine AMD? Eventuell befinden sich auch noch Reste von dem alten GrakaTreiber auf dem Rechner und verhindern so eine Installation der AMD-Treiber.
Teile mir bitte mit, um was für eine Grafikkarte es sich bei dem alten Laptop handelte, danke

Meiner1er · 25.08.2014, 13:09

Hallo liebe Sandra,

erneut vielen Dank für Deine Unterstützung.

Der ESET-Scanner läuft noch. Er ist aktuell (nach etwas über 22 Stunden) bei 69%. Ich denke, wir geben ihm noch die Möglichkeit, den Scan zu beenden, was meinst Du? Der Scanner gibt an, 66 infizierte Dateien gefunden zu haben. Unter "Bedrohungen erkannt" wird "Phishing.gen Trojaner", "TrojanDownloader.Agent.NBR Trojaner" und "Phishing.Linkedln.A Trojaner" aufgeführt. Ich weiß aber nicht, inwiefern das Bedrohungen sind, die von anderen Scannern schon in die Quarantäne geschickt wurden. Nähere Infos gibt das Programm wohl erst, wenn der Scan abschlossen ist.

Meine Passwörter habe ich noch nicht geändert, weil mir nicht klar war, ob ich wirklich einen Virus/Trojaner auf dem System hatte. Das werde ich jetzt natürlich nachholen. Als erstes werde ich gleich mit meiner Bank telefonieren, weil ich auch Online-Banking mache!

Auf meinem alten Rechner war eine Grafiikarte von nvidia. Die genaue Bezeichnung weiß ich leider nicht. Meinen defekten Rechner habe ich übrigens an einen EBay-Bastler geschickt, der Grafikkartenreparaturen für kleines Geld anbietet. Aber es wird wohl noch eine ganze Weile dauern, bis sich klärt, ob das Gerät noch zu retten ist.

Es kann gut sein, dass noch Überreste dieses Treibers vorhanden sind, weil ich diesen nicht explizit entfernt habe, sondern versucht habe, einfach einen neuen Treiber zu installieren.

Vielen Dank und beste Grüße
Chris

Edit:

ich habe unter Software noch Treiber von nvdia gefunden. Diese habe ich jetzt deinstalliert. Die Änderungen werden aber erst wirksam, wenn das System neu gestartet wurde. Das kann ich natürlich erst machen, wenn der ESET-Scanner mit seinem Scan durch ist. Die Fortschrittsanzeige steht immer noch bei 69%, infizierte Dateien ist auf 78 gestiegen. Aktuell wird der mächtige Mail-Ordner durchsucht. Dort könnte im Junk-Mail-Ordner schon ein Biotop von Viren-Anhängen (die ich niemals öffnen würde) vorhanden sein.

Win Vista: Virus oder Registry durcheinander? Gruppenrichtilien blockieren / Programme lassen sich nicht installieren

Plagegeister aller Art und deren Bekämpfung: Win Vista: Virus oder Registry durcheinander? Gruppenrichtilien blockieren / Programme lassen sich nicht installieren