| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: sm.de - wie werde ich das wieder los?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.05.2015, 11:07
| #16 |
 |  sm.de - wie werde ich das wieder los? Nun geht es weiter, vielleicht sind wir nun auf dem richtigen Pfad ;-) Habe die zoek-results.log aufgerufen, kopiert und hier eingefügt. Code:
ATTFilter Zoek.exe v5.0.0.0 Updated 23-04-2015
Tool run by Home on 03.05.2015 at 9:26:32,24.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Home\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
==== Empty Folders Check ======================
C:\Program Files\3CXPhone deleted successfully
C:\Program Files\ABBYY deleted successfully
C:\Program Files\Aimersoft deleted successfully
C:\Program Files\Amazon deleted successfully
C:\Program Files\Apperson deleted successfully
C:\Program Files\Blender Foundation deleted successfully
C:\Program Files\CloneDVD 7 Ultimate deleted successfully
C:\Program Files\DirectVobSub deleted successfully
C:\Program Files\DSP-worx deleted successfully
C:\Program Files\Elaborate Bytes deleted successfully
C:\Program Files\Free M4a to MP3 Converter deleted successfully
C:\Program Files\FreeGamePick.com deleted successfully
C:\Program Files\IMSIDesign deleted successfully
C:\Program Files\Java deleted successfully
C:\Program Files\Malwarebytes' Anti-Malware deleted successfully
C:\Program Files\Winnydows deleted successfully
C:\Program Files\Common Files\Designer deleted successfully
C:\Program Files\Common Files\Nero deleted successfully
C:\PROGRA~3\CanonEPP deleted successfully
C:\PROGRA~3\CanonIJEPPEX2 deleted successfully
C:\PROGRA~3\Eltima Software deleted successfully
C:\PROGRA~3\firebird deleted successfully
C:\PROGRA~3\FreePDF deleted successfully
C:\PROGRA~3\IMSIDesign deleted successfully
C:\PROGRA~3\PDF Architect deleted successfully
C:\PROGRA~3\{53238C6C-48A3-4507-BBBB-C8A8D54603CF} deleted successfully
C:\Users\Home\AppData\Roaming\0C1I1L1R1J0C1F1G1G1P1R2Z deleted successfully
C:\Users\Home\AppData\Roaming\Amazon deleted successfully
C:\Users\Home\AppData\Roaming\Copernic deleted successfully
C:\Users\Home\AppData\Roaming\CustomStartUp deleted successfully
C:\Users\Home\AppData\Roaming\DMCache deleted successfully
C:\Users\Home\AppData\Roaming\FLV2MOV deleted successfully
C:\Users\Home\AppData\Roaming\FreePDF deleted successfully
C:\Users\Home\AppData\Roaming\IconEdit2 deleted successfully
C:\Users\Home\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Home\AppData\Roaming\mresreg deleted successfully
C:\Users\Home\AppData\Roaming\passport_photo deleted successfully
C:\Users\Home\AppData\Roaming\RDZIPTrackhound deleted successfully
C:\Users\Home\AppData\Roaming\RPPrivate deleted successfully
C:\Users\Home\AppData\Roaming\SafeStick deleted successfully
C:\Users\Home\AppData\Roaming\SanDisk deleted successfully
C:\Users\Home\AppData\Roaming\Vso deleted successfully
C:\Users\Home\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} deleted successfully
C:\Users\Home\AppData\Local\calibre-cache deleted successfully
C:\Users\Home\AppData\Local\Downloaded Installations deleted successfully
C:\Users\Home\AppData\Local\FreePDF_XP deleted successfully
C:\Users\Home\AppData\Local\WMTools Downloaded Files deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3719280737-1325245270-1685948379-1001\Software\Microsoft\Internet Explorer\SearchScopes\{EC9374F2-FD97-4838-9FB3-6C1B76EC6959} deleted successfully
HKEY_USERS\S-1-5-21-3719280737-1325245270-1685948379-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{EC9374F2-FD97-4838-9FB3-6C1B76EC6959} deleted successfully
HKEY_USERS\S-1-5-21-3719280737-1325245270-1685948379-501\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A836234-186C-41A0-9863-40BECDEDED9F} deleted successfully
HKEY_USERS\S-1-5-21-3719280737-1325245270-1685948379-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A836234-186C-41A0-9863-40BECDEDED9F} deleted successfully
HKEY_USERS\S-1-5-21-3719280737-1325245270-1685948379-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} deleted successfully
HKEY_USERS\S-1-5-21-3719280737-1325245270-1685948379-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} deleted successfully
HKEY_USERS\S-1-5-21-3719280737-1325245270-1685948379-501\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} deleted successfully
HKEY_USERS\S-1-5-21-3719280737-1325245270-1685948379-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} deleted successfully
HKEY_USERS\S-1-5-21-3719280737-1325245270-1685948379-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBD14654-ED0B-4910-B0A1-A70BAD074DD0} deleted successfully
HKEY_USERS\S-1-5-21-3719280737-1325245270-1685948379-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBD14654-ED0B-4910-B0A1-A70BAD074DD0} deleted successfully
HKEY_USERS\S-1-5-21-3719280737-1325245270-1685948379-501\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBD14654-ED0B-4910-B0A1-A70BAD074DD0} deleted successfully
HKEY_USERS\S-1-5-21-3719280737-1325245270-1685948379-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBD14654-ED0B-4910-B0A1-A70BAD074DD0} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87D18029-FEAD-4634-9750-FFC4F7EE7E6D} deleted successfully
HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87D18029-FEAD-4634-9750-FFC4F7EE7E6D} deleted successfully
HKEY_USERS\S-1-5-21-3719280737-1325245270-1685948379-501\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87D18029-FEAD-4634-9750-FFC4F7EE7E6D} deleted successfully
HKEY_USERS\S-1-5-21-3719280737-1325245270-1685948379-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87D18029-FEAD-4634-9750-FFC4F7EE7E6D} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-3719280737-1325245270-1685948379-501\Software\Microsoft\Internet Explorer\Approved Extensions\{9B6B03F1-16CF-4491-BBBB-E872802DD717} deleted successfully
HKEY_USERS\S-1-5-21-3719280737-1325245270-1685948379-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Approved Extensions\{9B6B03F1-16CF-4491-BBBB-E872802DD717} deleted successfully
HKEY_USERS\S-1-5-21-3719280737-1325245270-1685948379-501\Software\Microsoft\Internet Explorer\Approved Extensions\{2A836234-186C-41A0-9863-40BECDEDED9F} deleted successfully
HKEY_USERS\S-1-5-21-3719280737-1325245270-1685948379-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Approved Extensions\{2A836234-186C-41A0-9863-40BECDEDED9F} deleted successfully
HKEY_USERS\S-1-5-21-3719280737-1325245270-1685948379-501\Software\Microsoft\Internet Explorer\Approved Extensions\{A66261FC-B82E-4EC7-9F6D-C2F36B871DF0} deleted successfully
HKEY_USERS\S-1-5-21-3719280737-1325245270-1685948379-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Approved Extensions\{A66261FC-B82E-4EC7-9F6D-C2F36B871DF0} deleted successfully
HKEY_USERS\S-1-5-21-3719280737-1325245270-1685948379-501\Software\Microsoft\Internet Explorer\Approved Extensions\{4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7} deleted successfully
HKEY_USERS\S-1-5-21-3719280737-1325245270-1685948379-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Approved Extensions\{4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{ABDE892B-13A8-4d1b-88E6-365A6E755758} deleted successfully
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Home\AppData\Roaming\Haufe Mediengruppe\iDesk Browser\Profiles\xnnu7pch.default\prefs.js:
Added to C:\Users\Home\AppData\Roaming\Haufe Mediengruppe\iDesk Browser\Profiles\xnnu7pch.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\g49l6ldz.default\prefs.js:
Added to C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\g49l6ldz.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.de/?gws_rd=ssl");
user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml");
user_pref("browser.search.defaultenginename", "SuchMaschine");
user_pref("browser.search.selectedEngine", "Yahoo!");
user_pref("browser.search.suggest.enabled", false);
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471\prefs.js:
Deleted from C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\yctv7ti5.default\prefs.js:
Added to C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\yctv7ti5.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\Home\AppData\Roaming\Thunderbird\Profiles\igxb2gug.default\prefs.js:
Added to C:\Users\Home\AppData\Roaming\Thunderbird\Profiles\igxb2gug.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\3t3kljhj.default\prefs.js:
Added to C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\3t3kljhj.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\Home\AppData\Roaming\Haufe Mediengruppe\iDesk Browser\Profiles\xnnu7pch.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs__1003_.backup
ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\g49l6ldz.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs__1003_.backup
ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs__1003_.backup
ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\yctv7ti5.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs__1003_.backup
ProfilePath: C:\Users\Home\AppData\Roaming\Thunderbird\Profiles\igxb2gug.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs__1003_.backup
ProfilePath: C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\3t3kljhj.default
user.js not found
---- FireFox user.js and prefs.js backups ----
==== Deleting Files \ Folders ======================
C:\Program Files\VIDEO DVR not found
C:\Program Files\3CXPhone not found
C:\Program Files\ABBYY not found
C:\Program Files\Aimersoft not found
C:\Program Files\Amazon not found
C:\Program Files\Apperson not found
C:\Program Files\Blender Foundation not found
C:\Program Files\CloneDVD 7 Ultimate not found
C:\Program Files\DirectVobSub not found
C:\Program Files\DSP-worx not found
C:\Program Files\Elaborate Bytes not found
C:\Program Files\Free M4a to MP3 Converter not found
C:\Program Files\FreeGamePick.com not found
C:\Program Files\IMSIDesign not found
C:\Program Files\Java not found
C:\Program Files\Winnydows not found
C:\PROGRA~3\{53238C6C-48A3-4507-BBBB-C8A8D54603CF} not found
C:\Program Files\Gemeinsame Dateien deleted
C:\Users\Home\AppData\Roaming\calibre deleted
C:\Users\Home\AppData\Roaming\ProtectDisc deleted
C:\Program Files\UltraMixer deleted
C:\Program Files\Copernic Desktop Search - Home deleted
C:\Program Files\ProtectDisc Driver Installer deleted
C:\Program Files\Max Uninstaller deleted
C:\Program Files\Common Files\DVDVideoSoft\bin deleted
C:\Program Files\Yahoo! deleted
C:\UNWISE.EXE deleted
C:\logFile.txt deleted
C:\found.000 deleted
C:\User Data deleted
C:\Users\Home\ChromeExtensions deleted
C:\Users\Home\AppData\Roaming\WB.CFG deleted
C:\Users\Home\AppData\Roaming\dlg deleted
C:\Users\Home\AppData\Roaming\Nico Mak Computing\WinZip Malware Protector deleted
C:\Users\Home\AppData\Roaming\Wondershare deleted
C:\Users\Home\AppData\Roaming\burnaware.ini deleted
C:\Users\Home\AppData\Roaming\cdr.ini deleted
C:\Users\Home\AppData\Roaming\pcouffin.log deleted
C:\Users\Home\AppData\Roaming\Safer-Networking.log deleted
C:\Users\Home\AppData\Roaming\GetRightToGo deleted
C:\PROGRA~3\Nico Mak Computing\WinZip Malware Protector deleted
C:\PROGRA~3\Wondershare Video Converter Ultimate deleted
C:\PROGRA~3\UAB deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Gast\AppData\Local\Wondershare deleted
C:\Users\Home\AppData\Local\Wondershare deleted
C:\Windows\system32\config\systemprofile\AppData\Local\ICSharpCode.net deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Systweak PhotoStudio deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted
C:\Users\Home\AppData\LocalLow\store-pp.jbs deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\Windows\wininit.ini deleted
C:\Windows\system32\wsusnative32.exe deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Windows\system32\GroupPolicy\Machine deleted
C:\Windows\system32\GroupPolicy\User deleted
C:\Windows\system32\GroupPolicy\gpt.ini deleted
C:\Windows\System32\cnm32D3.tmp deleted
C:\Windows\System32\cnm6660.tmp deleted
C:\Windows\System32\cnmD2F8.tmp deleted
C:\Windows\System32\InstallUtil.InstallLog deleted
C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\g49l6ldz.default\extensions\staged deleted
C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471\jetpack deleted
C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\yctv7ti5.default\extensions\staged deleted
C:\Users\Home\AppData\Roaming\Imgburn.exe deleted
C:\Users\Home\AppData\Roaming\yuvcodecs-1.3.exe deleted
C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\g49l6ldz.default\extensions\jid1-l6V8exwLVv1lBw@jetpack deleted
C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\yctv7ti5.default\extensions\jid1-l6V8exwLVv1lBw@jetpack deleted
"C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll" deleted
"C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll" deleted
"C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll" deleted
"C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" deleted
"C:\Program Files\Wondershare" deleted
"C:\Program Files\Common Files\Wondershare" deleted
"C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact" deleted
==== System Specs ======================
Windows: Windows 7 Professional Edition Service Pack 1 (Build 7601)
Memory (RAM): 2047 MB
CPU Info: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
CPU Speed: 2496,0 MHz
Sound Card: Lautsprecher (Realtek High Defi |
Lautsprecher (Apowersoft_AudioD |
Lautsprecher (Bluetooth AV Audi |
Lautsprecher (Bluetooth SCO Aud |
Display Adapters: ATI Radeon HD 3400 Series | ATI Radeon HD 3400 Series | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; SyncMaster 226BW(Analog) |
Screen Resolution: 1680 X 1050 - 32 bit
Network: Network Present
Network Adapters: Bluetooth PAN Network Adapter | Broadcom NetLink (TM) Gigabit Ethernet
CD / DVD Drives: 2x (D: | E: | ) D: HL-DT-STDVDRAM GH22NS40 | E: HEN BG92NGH2
Ports: COM19 | COM20 | COM21 | COM13 | COM14 | COM15 | COM16 | COM17 | COM18 | COM1 LPT Port NOT Present.
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C: 149,0GB | F: 1397,3GB | G: 1397,3GB | H: 76,7GB | I: 48,8GB | N: 146,5GB | O: 97,7GB | P: 146,5GB | Q: 24,4GB | R: 68,4GB | S: 24,4GB | T: 146,5GB | U: 24,4GB | V: 87,9GB | W: 91,7GB | X: 24,4GB
Hard Disks - Free: C: 27,1GB | F: 1266,3GB | G: 1278,8GB | H: 13,0GB | I: 48,7GB | N: 75,3GB | O: 69,9GB | P: 53,0GB | Q: 13,8GB | R: 60,1GB | S: 22,1GB | T: 84,6GB | U: 9,6GB | V: 35,8GB | W: 57,1GB | X: 23,2GB
Manufacturer *: FUJITSU SIEMENS // Phoenix Technologies Ltd.
BIOS Info: AT/AT COMPATIBLE | 03/13/09 | FSC - 60000
Time Zone: Mitteleuropäische Zeit
Motherboard *: FUJITSU SIEMENS D2840-A1
Country: Deutschland
Language: DEU
==== System Specs (Software) ======================
Anti-Virus: Kaspersky Internet Security On-access scanning disabled (Outdated)
Anti-Spyware: Kaspersky Internet Security disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Spybot - Search and Destroy disabled (Outdated)
Firewall: Kaspersky Internet Security disabled
Default Browser: Firefox 36.0.4
Internet Explorer Version: 11.0.9600.17728
Mozilla Firefox version: 36.0.4 (x86 de)
Google Chrome version: 42.0.2311.135
Adobe Reader version: 11.0.10.32
Flash Player version: 17.0.0.169
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Home\AppData\Roaming\Haufe Mediengruppe\iDesk Browser\Profiles\xnnu7pch.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\g49l6ldz.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\yctv7ti5.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\Home\AppData\Roaming\Thunderbird\Profiles\igxb2gug.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\3t3kljhj.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}"="C:\Program Files\Wondershare\Video Converter Ultimate\SVRFirefoxExt" []
==== Firefox Extensions ======================
ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\g49l6ldz.default
- Undetermined - %ProfilePath%\extensions\amazon-icon@giga.de
- Amazon-Icon - %ProfilePath%\extensions\amazon-icon@winload.de
- StumbleUpon - %ProfilePath%\extensions\toolbar@stumbleupon.com
ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471
- WEB.DE MailCheck - %ProfilePath%\extensions\toolbar@web.de
- Garmin Communicator - %ProfilePath%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
- Easy Youtube Video Downloader Express - %ProfilePath%\extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi
- Video DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\yctv7ti5.default
- Undetermined - %ProfilePath%\extensions\amazon-icon@giga.de
- Amazon-Icon - %ProfilePath%\extensions\amazon-icon@winload.de
- StumbleUpon - %ProfilePath%\extensions\toolbar@stumbleupon.com
ProfilePath: C:\Users\Home\AppData\Roaming\Thunderbird\Profiles\igxb2gug.default
- Deutsches Wrterbuch - %ProfilePath%\extensions\de-DE@dictionaries.addons.mozilla.org
- Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi
ProfilePath: C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\3t3kljhj.default
- StumbleUpon - %ProfilePath%\extensions\toolbar@stumbleupon.com
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471
8966391A882D09FF16414EE40A80DB95 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.6
CAB3D1031652677A565D8630D54A0DD6 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.6
B01CA260BDC78EEEDF69707EAC959DF0 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.6
60DF9CF8826FA431057E5D2F7D3E33EE - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.6
AB6697E8AB8FF1F0C36A7B94724933E0 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.6
0806948270D853B709CCBBF38AF167E4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
9DF0C4F0CEF60158614EDD1B3AB441EE - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
52CE0DBFD9738AE528CF525A0367EBEB - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
98137411B9C632095F919E2CE70B288A - C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll - Google Update
E32771B0AE3F18CEFFC12D682025238A - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll - RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)
555E65306A5D3A5978BE74E1DD62CDD9 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll - RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)
D58EDF8F7D43984BCDE18C03D57B6CE4 - C:\Program Files\Common Files\mpDRM\NPMPDRM.dll - fluxDVD Browser Plugin
0D80C49D9A4A3E096296C67BD015F614 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery
893BF7D2261C56C24F813405D9D018E0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In
87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies
0289477CB4D6543B49448CD54366B4B5 - C:\Program Files\Videoload Manager\NPWMDRMWrapper.dll - fluxDVD Placeholder Plugin
6E594B2243C3F218A51234F18E7F36C1 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll - DivX Plus Web Player
79039398587F475ADA606D1A3B740A63 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll - DivX VOD Helper Plug-in
9AE02005247DA91AB1743F5208DBEF76 - C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll - Shockwave Flash
8DA2ED6B04EA33F2EAE8BA883F903729 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight
==== Chromium Look ======================
Google Chrome Version: 42.0.2311.135 (Possible outdated, latest Stable version: , Mac and Linux. A list of changes is available in the <a href="https://chromium.googlesource.com/chromium/src/+log/42.0.2311.90..42.0.2311.135?pretty=fuller&n=10000">log</a>.<br />)
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
chgdeabpmphfhkoemjjglmilajldekbp - C:\Program Files\Wondershare\Video Converter Ultimate\SVRChromePlugin.crx[]
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx[14.12.2012 13:48]
edaibbiobngpbmeonadpbfafbkimjbdd - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx[04.11.2012 18:45]
hakdifolhalapjijoafobooafbilfakh - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx[14.12.2012 13:48]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx[14.12.2012 13:48]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx[17.02.2015 11:19]
ngnjhfpfhadncgafgbneeljaginimmmk - C:\Users\Home\AppData\Local\Temp\tbch.crx[]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx[14.12.2012 13:48]
Logitech SetPoint - Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd
Chrome In-App Payments service - Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.de/"
"Search Page"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Default_Search_URL"="hxxp://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="hxxp://www.google.com"
"SearchAssistant"="hxxp://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://www.google.com"
"SearchAssistant"="hxxp://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://www.google.de/"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="hxxp://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Reset Google Chrome ======================
C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3719280737-1325245270-1685948379-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} deleted successfully
HKEY_USERS\S-1-5-21-3719280737-1325245270-1685948379-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} deleted successfully
HKEY_USERS\S-1-5-21-3719280737-1325245270-1685948379-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} deleted successfully
HKEY_USERS\S-1-5-21-3719280737-1325245270-1685948379-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{8D150B8F-EFE8-45a3-A4A3-053020F48FAC} deleted successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\chgdeabpmphfhkoemjjglmilajldekbp deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EBD0EE76-2CFC-4EE5-AFE6-7EEAA3B14332} deleted successfully
==== Empty IE Cache ======================
C:\Users\Classic .NET AppPool\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\CLASSI~1.NET\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Home\AppData\Local\Mozilla\Firefox\Profiles\hl47song.default-1391114288471\cache2 emptied successfully
==== Empty Chrome Cache ======================
No Chrome Cache found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=3020 folders=312 878810912 bytes)
==== Empty Temp Folders ======================
C:\Users\Classic .NET AppPool\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\DefaultAppPool\AppData\Local\Temp emptied successfully
C:\Users\Gast\AppData\Local\Temp emptied successfully
C:\Users\Home\AppData\Local\Temp will be emptied at reboot
C:\Users\CLASSI~1.NET\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Home\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
C:\RECYCLER successfully emptied
==== Deleting Files / Folders ======================
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not found
==== EOF on 03.05.2015 at 11:23:10,96 ======================
|
|
03.05.2015, 11:17
| #17 |
| /// TB-Ausbilder /// Anleitungs-Guru  | sm.de - wie werde ich das wieder los? Genau.
__________________
__________________ |
|
03.05.2015, 11:29
| #18 |
| | sm.de - wie werde ich das wieder los? Ich hoffe, dass es nun richtig wird. Ich öffne die beiden Log-txt und kopiere den Inhalt hier hinein... Zuerst die FRST.txt
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-04-2015 01
Ran by Home (administrator) on HOME-OFFICE on 03-05-2015 12:07:52
Running from C:\Users\Home\Desktop
Loaded Profiles: Home (Available profiles: Home & Gast & Classic .NET AppPool & DefaultAppPool)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\Lexware\AAVUpdateManager\aavus.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Bayer Healthcare LLC) C:\Program Files\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe
(DATA BECKER GmbH & Co KG) C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(StarWind Software) C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
() C:\Windows\System32\CmWatch.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [CmCardRun] => C:\Windows\system32\CmWatch.exe [229376 2003-09-16] ()
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-15] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AMD AVT] => C:\Program Files\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-28] (DivX, LLC)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
HKLM\...\Run: [BrowserPlugInHelper] => C:\Program Files\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2012-10-01] (Logitech, Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoDriveAutoRun] 0x0000
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\2015_Termine.xls - Verknüpfung.lnk [2015-04-15]
ShortcutTarget: 2015_Termine.xls - Verknüpfung.lnk -> O:\~Termine\Termine_nach_Jahren\2015_Termine.xls ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kalenderchen 5.lnk [2015-04-15]
ShortcutTarget: Kalenderchen 5.lnk -> C:\Program Files\Kalenderchen\Kalenderchen.exe (Daniel Manger Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3719280737-1325245270-1685948379-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-12-10] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-05-19] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-10] (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll [2013-12-10] (Kaspersky Lab ZAO)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Toolbar: HKU\.DEFAULT -> No Name - {266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6} - No File
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Handler: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax [2009-07-16] ()
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: WSWSVCUchrome - No CLSID Value -
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: SuchMaschine
FF Homepage: google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2014-06-03] (DivX, LLC)
FF Plugin: @fluxdvd.com/NPWMDRMWrapper -> C:\Program Files\Videoload Manager\NPWMDRMWrapper.dll [2010-02-04] ( )
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll No File
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll No File
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2010-03-21] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin: @protectdisc.com/NPMPDRM -> C:\Program Files\Common Files\mpDRM\NPMPDRM.dll [2010-02-03] ( )
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-10-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-10-12] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @protectdisc.com/NPPDLicenseHelper -> C:\Windows\system32\config\systemprofile\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll [2009-06-25] ( )
FF Plugin HKU\S-1-5-21-3719280737-1325245270-1685948379-1001: @doubletwist.com/NPPodcast -> C:\Program Files\Common Files\doubleTwist\NPPodcast.dll No File
FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471\searchplugins\suchmaschine.xml [2015-04-30]
FF Extension: WEB.DE MailCheck - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471\Extensions\toolbar@web.de [2015-04-19]
FF Extension: Garmin Communicator - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-10-29]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-12-07]
FF Extension: Video DownloadHelper - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-16]
FF Extension: Adblock Plus - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-15]
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-01-30]
FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013-04-05]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013-04-05]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013-04-05]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013-04-05]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013-04-05]
Chrome:
=======
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-23]
CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-23]
CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-23]
CHR Extension: (Google Search) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-23]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-10-23]
CHR Extension: (Logitech SetPoint) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2013-10-23]
CHR Extension: (Safe Money) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-10-23]
CHR Extension: (Content Blocker) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-10-23]
CHR Extension: (Virtual Keyboard) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-10-23]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-23]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-10-23]
CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-23]
CHR Extension: (Anti-Banner) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-10-23]
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-12-14]
CHR HKLM\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-01-30]
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-12-14]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-12-14]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-12-14]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-12-14]
Opera:
=======
StartMenuInternet: (HKLM) Opera - H:\Opera-Browser\Opera.exe
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AAV UpdateService; C:\Program Files\Lexware\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)
R2 BayerHealthcareService; C:\Program Files\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe [135032 2013-12-05] (Bayer Healthcare LLC)
R2 DBService; C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe [187456 2011-01-13] (DATA BECKER GmbH & Co KG) [File not signed]
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2015-03-30] (Freemake) [File not signed]
S3 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [13824 2009-07-14] (Microsoft Corporation)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [254552 2012-12-21] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1529656 2013-12-11] (TuneUp Software)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [15968 2013-10-19] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [24832 2013-10-19] (Advanced Micro Devices, Inc.)
R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [26032 2013-06-02] (Wondershare)
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [77312 2013-09-24] (Advanced Micro Devices) [File not signed]
R3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [34576 2007-03-05] (IVT Corporation.)
R3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [27792 2007-03-05] (IVT Corporation.)
R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [18320 2007-03-05] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [39184 2007-03-05] (IVT Corporation.)
R0 BTHidEnum; C:\Windows\System32\Drivers\vbtenum.sys [20880 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\Windows\System32\Drivers\BTHidMgr.sys [35600 2007-03-05] (IVT Corporation.)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [225280 2011-07-19] (Intel Corporation)
S3 cvspydr2; C:\Windows\System32\DRIVERS\cvspydr2.sys [33024 2002-04-02] (Colorvision Inc)
S1 HCW88AUD; C:\Windows\System32\drivers\hcw88aud.sys [13440 2010-08-16] (Hauppauge Computer Works, Inc)
S3 hcw88bda; C:\Windows\System32\drivers\hcw88bda.sys [216576 2010-08-16] (Hauppauge Computer Works, Inc)
S3 hcw88rc5; C:\Windows\System32\Drivers\hcw88rc5.sys [12288 2010-08-16] (Hauppauge Computer Works, Inc.)
S3 HCW88TSE; C:\Windows\System32\drivers\hcw88tse.sys [321408 2010-08-16] (Hauppauge Computer Works, Inc)
S3 hcw88vid; C:\Windows\System32\drivers\hcw88vid.sys [396928 2010-08-16] (Hauppauge Computer Works, Inc)
S3 HCW88XBAR; C:\Windows\System32\drivers\HCW88BAR.sys [17920 2010-08-16] (Hauppauge Computer Works, Inc.)
S3 iBtFltCoex; C:\Windows\System32\DRIVERS\iBtFltCoex.sys [47104 2011-07-20] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-12-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [597600 2014-05-19] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-12-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-10-09] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-09] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-06-18] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145224 2015-02-17] (Kaspersky Lab ZAO)
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-05-03] (Malwarebytes Corporation)
S3 PAC7311; C:\Windows\System32\DRIVERS\PA707UCM.SYS [154752 2005-10-18] (PixArt Imaging Inc.)
S2 ROB_A; C:\Windows\System32\DRIVERS\rob_a.sys [17664 2003-02-10] (Pinnacle Systems GmbH)
S2 ROB_V; C:\Windows\System32\drivers\rob_v.sys [125568 2003-04-11] (Pinnacle Systems GmbH)
S3 SKYNET; C:\Windows\System32\DRIVERS\SkyNET.SYS [627288 2010-05-10] (TechniSat Digital, S.A.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [436792 2011-04-04] () [File not signed]
S3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1579144 2010-06-07] (Syntek)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [35592 2012-10-25] (Anchorfree Inc.)
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39048 2014-06-11] (RapidSolution Software AG)
R3 ttBudget2; C:\Windows\System32\drivers\ttBudget2.sys [457472 2009-01-16] (TechnoTrend GmbH)
S3 TTHID; C:\Windows\System32\DRIVERS\Cinergy_Hybrid-Stick_HID.sys [21752 2009-05-14] (DTV-DVB)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2013-10-15] (TuneUp Software)
S3 UDXTTM6010; C:\Windows\System32\DRIVERS\UDXTTM6010.sys [762232 2009-05-14] ()
S3 UMSSSTOR; C:\Windows\System32\DRIVERS\UMSS.SYS [48512 2004-07-13] (C-Media Corporation)
R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [34448 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [44304 2007-03-05] (IVT Corporation.)
S3 X86BDA; C:\Windows\System32\DRIVERS\OEMDrv.sys [195712 2011-06-08] ( )
U3 apzf6x0q; C:\Windows\system32\Drivers\apzf6x0q.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S3 cpuz132; No ImagePath
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2014-05-19] (Kaspersky Lab ZAO)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-03 12:07 - 2015-05-03 12:08 - 00025324 _____ () C:\Users\Home\Desktop\FRST.txt
2015-05-03 11:24 - 2015-05-03 11:24 - 00032621 _____ () C:\Users\Home\Desktop\zoek-results.txt
2015-05-03 10:22 - 2015-05-03 09:25 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-05-03 09:31 - 2015-05-03 11:23 - 00032621 ____C () C:\zoek-results.log
2015-05-03 09:25 - 2015-05-03 10:45 - 00000000 ___DC () C:\zoek_backup
2015-05-03 09:24 - 2015-05-03 09:22 - 01305600 _____ () C:\Users\Home\Desktop\zoek.exe
2015-05-03 09:22 - 2015-05-03 09:22 - 01305600 _____ () C:\Users\Home\Downloads\zoek.exe
2015-05-02 14:03 - 2015-05-02 14:03 - 00001067 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk
2015-05-02 14:03 - 2015-05-02 14:03 - 00001057 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealtimeSync.lnk
2015-05-02 14:03 - 2015-05-02 14:03 - 00001055 _____ () C:\Users\Public\Desktop\FreeFileSync.lnk
2015-05-02 14:03 - 2015-05-02 14:03 - 00001045 _____ () C:\Users\Public\Desktop\RealtimeSync.lnk
2015-05-02 14:03 - 2015-05-02 14:03 - 00000000 ____D () C:\Program Files\FreeFileSync
2015-05-02 14:01 - 2015-05-02 14:02 - 12027832 _____ (www.FreeFileSync.org) C:\Users\Home\Downloads\FreeFileSync_6.15_Windows_Setup.exe
2015-05-02 09:39 - 2015-05-02 09:39 - 02204160 _____ () C:\Users\Home\Desktop\adwcleaner_4.203.exe
2015-05-02 00:13 - 2015-05-02 00:15 - 00078826 _____ () C:\Users\Home\Downloads\Addition.txt
2015-05-02 00:12 - 2015-05-02 10:29 - 00065812 _____ () C:\Users\Home\Downloads\FRST.txt
2015-05-02 00:11 - 2015-05-02 00:11 - 01140736 _____ (Farbar) C:\Users\Home\Desktop\FRST.exe
2015-05-02 00:02 - 2015-05-02 17:45 - 00000000 ____D () C:\Users\Home\AppData\Roaming\vlc
2015-05-02 00:01 - 2015-05-02 00:01 - 00000994 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-05-02 00:01 - 2015-05-02 00:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-05-01 22:16 - 2015-05-01 22:16 - 00001087 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-01 22:16 - 2015-05-01 22:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-01 19:56 - 2015-05-01 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-05-01 19:56 - 2015-05-01 19:56 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2015-05-01 19:56 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-01 19:56 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-01 19:54 - 2015-05-03 08:51 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2015-05-01 19:54 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-01 18:18 - 2015-05-01 18:18 - 00000000 ____D () C:\ProgramData\GridinSoft
2015-04-30 17:21 - 2015-04-30 17:21 - 00001470 _____ () C:\Users\Home\Desktop\DVD Shrink 3.2 DE.exe - Verknüpfung.lnk
2015-04-30 17:03 - 2015-04-30 17:03 - 00000953 _____ () C:\Users\Gast\Desktop\DVD Shrink 3.2 deutsch.lnk
2015-04-30 17:03 - 2015-04-30 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink deutsch
2015-04-30 17:03 - 2015-04-30 17:03 - 00000000 ____D () C:\Program Files\DVD Shrink DE
2015-04-30 16:59 - 2015-04-30 17:00 - 00541240 _____ ( ) C:\Users\Home\Downloads\DVD%20Shrink.exe
2015-04-30 16:37 - 2013-08-23 13:36 - 00721263 _____ () C:\Windows\system32\WSCM64.dll
2015-04-30 16:37 - 2013-08-07 14:31 - 00214528 _____ () C:\Windows\system32\WSCM32.dll
2015-04-30 16:34 - 2015-04-30 16:35 - 41209384 _____ (Wondershare Software ) C:\Users\Home\Downloads\video-converter-ultimate_full1443.exe
2015-04-30 16:33 - 2015-04-30 16:33 - 00000048 _____ () C:\Windows\F27BBFAFCDA5DF0F.log
2015-04-30 16:27 - 2015-04-30 16:27 - 05185720 _____ () C:\Users\Home\Downloads\SetupCloneDVD2930Slysoft.exe
2015-04-30 15:27 - 2015-04-30 15:27 - 00002117 _____ () C:\Users\Home\Desktop\TuneUp Utilities 2012.lnk
2015-04-30 14:52 - 2015-04-30 14:53 - 00000000 ____D () C:\Windows\system32\sysdir
2015-04-30 14:52 - 2015-04-30 14:52 - 00000000 ____D () C:\ProgramData\CloneDVD Studio
2015-04-30 14:46 - 2015-04-30 16:30 - 00000085 ___SH () C:\ProgramData\.zreglib
2015-04-30 10:34 - 2015-04-30 10:34 - 00000000 ____D () C:\Users\Home\Desktop\Bücher und Schreiberei\Büroarbeiten\Documents\Tipard Studio
2015-04-30 10:34 - 2015-04-30 10:34 - 00000000 ____D () C:\Users\Home\AppData\Local\Tipard Studio
2015-04-30 10:34 - 2015-04-30 10:34 - 00000000 ____D () C:\ProgramData\Tipard Studio
2015-04-30 10:34 - 2015-04-30 10:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tipard
2015-04-30 10:34 - 2015-04-30 10:34 - 00000000 ____D () C:\Program Files\Tipard Studio
2015-04-30 10:28 - 2015-04-30 10:28 - 00000000 ____D () C:\Users\Home\AppData\Roaming\NCH Software
2015-04-30 10:28 - 2015-04-30 10:28 - 00000000 ____D () C:\ProgramData\NCH Software
2015-04-30 10:28 - 2015-04-30 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette
2015-04-30 10:28 - 2015-04-30 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audioverwandte Programme
2015-04-30 10:28 - 2015-04-30 10:28 - 00000000 ____D () C:\Program Files\NCH Software
2015-04-30 10:27 - 2015-04-30 10:27 - 00660504 _____ (NCH Software) C:\Users\Home\Downloads\switchsetup.exe
2015-04-30 08:41 - 2015-04-30 08:41 - 00000995 _____ () C:\Users\Public\Desktop\XMedia Recode.lnk
2015-04-30 08:41 - 2015-04-30 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
2015-04-30 08:37 - 2015-04-30 08:37 - 08039043 _____ (XMedia Recode ) C:\Users\Home\Downloads\XMediaRecode3227_setup.exe
2015-04-30 08:17 - 2015-04-30 08:17 - 00000000 ____D () C:\Program Files\Startfenster
2015-04-30 08:15 - 2015-04-30 08:15 - 29013544 _____ () C:\Users\Home\Downloads\vlc-2.2.1-win32.exe
2015-04-29 23:18 - 2015-04-29 23:19 - 00000686 _____ () C:\Windows\wmsetup.log
2015-04-29 23:15 - 2015-04-29 23:16 - 01203488 _____ () C:\Users\Home\Downloads\Windows Media Player - CHIP-Installer.exe
2015-04-29 22:59 - 2015-04-29 22:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvsoft
2015-04-29 22:56 - 2015-04-29 22:57 - 37546360 _____ (Any-DVD-Converter.com ) C:\Users\Home\Downloads\any-dvd-converter.exe
2015-04-29 22:49 - 2015-04-29 22:49 - 00000000 ____D () C:\Users\Home\Desktop\Bücher und Schreiberei\Büroarbeiten\Documents\Wondershare MediaServer
2015-04-29 22:48 - 2015-04-29 23:07 - 00000000 ____D () C:\ProgramData\Wondershare
2015-04-29 22:46 - 2015-04-29 22:46 - 00811592 _____ () C:\Users\Home\Downloads\video-converter-ultimate_setup_full1045.exe
2015-04-29 11:05 - 2015-04-29 11:05 - 00001050 _____ () C:\Users\Home\Desktop\CDex.lnk
2015-04-26 17:56 - 2015-04-26 17:56 - 00000000 ____D () C:\Users\Home\AppData\Roaming\HandBrake
2015-04-26 17:49 - 2015-04-26 17:49 - 01203488 _____ () C:\Users\Home\Downloads\Free DVD Video Converter - CHIP-Installer.exe
2015-04-21 08:43 - 2015-04-21 08:43 - 00619753 _____ () C:\Users\Home\Downloads\flvplayer2_1.4.0.t3x
2015-04-21 08:22 - 2015-04-21 08:23 - 36790512 _____ (Movavi) C:\Users\Home\Downloads\MovaviVideoConverterSetupF(1).exe
2015-04-17 12:13 - 2015-04-17 12:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IVT BlueSoleil
2015-04-17 11:45 - 2015-04-17 11:45 - 00000000 ____D () C:\Program Files\Free Codec Pack
2015-04-17 10:56 - 2015-04-17 10:56 - 00001511 _____ () C:\Users\Home\Desktop\Für_Erstattungen_gesammelte_Belege - Verknüpfung.lnk
2015-04-17 10:06 - 2015-04-17 10:06 - 34359344 _____ (DVDVideoSoft Ltd. ) C:\Users\Home\Downloads\FreeYouTubeDownload_3.2.56.324.exe
2015-04-16 17:26 - 2015-04-16 17:26 - 00000000 ____D () C:\Users\Home\Desktop\Bücher und Schreiberei\Büroarbeiten\Documents\QuickSteuer
2015-04-16 17:26 - 2015-04-16 17:26 - 00000000 ____D () C:\Users\Home\AppData\Local\HL
2015-04-16 17:23 - 2015-04-20 13:23 - 00000000 ____D () C:\ProgramData\AAV
2015-04-16 17:22 - 2015-04-16 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
2015-04-16 17:14 - 2015-04-16 17:14 - 00000000 ____D () C:\ProgramData\HL
2015-04-16 17:03 - 2015-04-16 17:12 - 351504736 _____ () C:\Users\Home\Downloads\QuickSteuer2015.exe
2015-04-16 15:18 - 2015-04-26 09:48 - 00000000 _____ () C:\Users\Home\.gtk-bookmarks
2015-04-15 18:31 - 2015-04-15 18:40 - 00001633 _____ () C:\Users\Home\Desktop\2015_Grundwassermessung_Grauwinkel.lnk
2015-04-15 14:00 - 2015-04-15 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-15 11:08 - 2015-04-15 11:08 - 00001801 _____ () C:\Users\Home\Desktop\FreeDoko.lnk
2015-04-15 11:08 - 2015-04-15 11:08 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeDoko
2015-04-15 11:08 - 2015-04-15 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeDoko
2015-04-15 11:08 - 2015-04-15 11:08 - 00000000 ____D () C:\Program Files\FreeDoko
2015-04-15 11:03 - 2015-04-15 11:03 - 01203488 _____ () C:\Users\Home\Downloads\FreeDoko - CHIP-Installer.exe
2015-04-15 05:32 - 2015-04-15 05:32 - 00001907 _____ () C:\Users\Home\Desktop\Kalenderchen 5.lnk
2015-04-15 05:26 - 2015-03-23 05:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 05:26 - 2015-03-23 05:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 05:26 - 2015-03-23 05:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 05:26 - 2015-03-23 05:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 05:26 - 2015-03-23 05:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 05:26 - 2015-03-23 05:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 05:26 - 2015-03-23 05:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 05:26 - 2015-03-23 04:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 05:26 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-15 05:26 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 05:26 - 2015-03-17 07:01 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 05:26 - 2015-03-17 07:01 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 05:26 - 2015-03-17 06:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 05:26 - 2015-03-17 06:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 05:26 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 05:26 - 2015-03-17 06:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 05:26 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 05:26 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 05:26 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 05:26 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 05:26 - 2015-03-17 06:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 05:26 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 05:26 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 05:26 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 05:26 - 2015-03-17 06:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 05:26 - 2015-03-17 06:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 05:26 - 2015-03-17 06:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 05:26 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 05:26 - 2015-03-17 06:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 05:26 - 2015-03-17 06:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 05:26 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 05:26 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 05:26 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 05:26 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 05:26 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 05:26 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 05:26 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 05:25 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 05:25 - 2015-03-25 05:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 05:25 - 2015-03-25 05:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 05:25 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 05:25 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 05:25 - 2015-03-25 05:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 05:25 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 05:25 - 2015-03-25 05:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 05:25 - 2015-03-25 05:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 05:25 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 05:25 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 05:25 - 2015-03-25 05:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 05:25 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 05:25 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 05:25 - 2015-03-13 05:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 05:25 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 05:25 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 05:25 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 05:25 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 05:25 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 05:25 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 05:25 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 05:25 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 05:25 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 05:25 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 05:25 - 2015-03-13 05:16 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 05:25 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 05:25 - 2015-03-13 05:09 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 05:25 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 05:25 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 05:25 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 05:25 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 05:25 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 05:25 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 05:25 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 05:25 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 05:25 - 2015-03-13 04:43 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 05:25 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 05:25 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 05:25 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 05:25 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 05:25 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 05:25 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 05:24 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 05:23 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 05:23 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 16:46 - 2015-04-14 16:46 - 00001883 _____ () C:\Users\Home\Downloads\Auslieferung 17.4.2015 (2015_4_14 16_46).csv
2015-04-14 14:55 - 2015-04-14 14:55 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
2015-04-14 14:55 - 2015-04-14 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
2015-04-14 14:55 - 2013-12-11 09:59 - 00032568 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe
2015-04-14 14:55 - 2013-12-11 09:59 - 00022328 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2015-04-14 14:54 - 2015-04-14 14:55 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2012
2015-04-14 14:47 - 2015-04-14 14:48 - 27620744 _____ (TuneUp Software) C:\Users\Home\Downloads\TuneUpUtilities2012_de-DE.exe
2015-04-14 14:07 - 2015-04-14 14:08 - 16107931 _____ (INTENIUM GmbH) C:\Users\Home\Downloads\greatmahjong.exe
2015-04-14 13:58 - 2015-04-14 13:59 - 00381120 _____ () C:\Users\Home\Downloads\greatmahjong_CB-DL-Manager.exe
2015-04-14 13:49 - 2015-04-14 13:49 - 00001328 _____ () C:\Users\Home\Desktop\Mahjongg 2000.lnk
2015-04-14 13:44 - 2015-04-14 13:44 - 00757261 _____ () C:\Users\Home\Downloads\mj32xpde.zip
2015-04-14 13:26 - 2015-04-14 13:26 - 00800216 _____ (Generic Web ) C:\Users\Home\Downloads\IObitUninstallerSetup.exe
2015-04-14 13:19 - 2015-04-14 13:19 - 05942469 _____ ( ) C:\Users\Home\Downloads\MahjongCity.exe
2015-04-14 13:18 - 2015-04-14 13:18 - 00381120 _____ () C:\Users\Home\Downloads\MahjongCity_CB-DL-Manager.exe
2015-04-14 12:31 - 2015-04-14 13:10 - 00000000 ____D () C:\Program Files\Kyodai Mahjongg 2006
2015-04-14 12:30 - 2015-04-14 12:30 - 00000000 ____D () C:\Program Files\WEB.DE MailCheck
2015-04-14 12:10 - 2015-04-14 12:10 - 00000356 _____ () C:\Users\Home\Desktop\Hearts.lnk
2015-04-14 11:27 - 2015-04-14 11:27 - 00000884 _____ () C:\Users\Home\Desktop\Downloads - Verknüpfung.lnk
2015-04-14 11:23 - 2015-04-14 11:24 - 10717440 _____ () C:\Users\Home\Downloads\TU2007TrialDE.exe
2015-04-14 10:16 - 2015-04-14 10:16 - 00000000 ____D () C:\Program Files\Royal Doppelkopf
2015-04-14 09:37 - 2015-04-14 09:37 - 03556352 _____ () C:\Users\Home\Downloads\SetupRoyalDokosv.exe
2015-04-14 09:31 - 2015-04-14 09:31 - 00381120 _____ () C:\Users\Home\Downloads\SetupRoyalDokosv_CB-DL-Manager.exe
2015-04-14 08:57 - 2015-04-14 08:57 - 00000851 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Napster 5.0.lnk
2015-04-14 08:57 - 2015-04-14 08:57 - 00000000 ____D () C:\Program Files\Napster 5.0
2015-04-14 08:55 - 2015-04-14 08:55 - 01203488 _____ () C:\Users\Home\Downloads\Napster - CHIP-Installer.exe
2015-04-14 08:26 - 2015-04-14 15:32 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-04-12 12:24 - 2015-04-12 12:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Napster Rienf Repair
2015-04-12 12:13 - 2015-04-12 12:14 - 07411200 _____ () C:\Users\Home\Downloads\NapsterRienfRepairSetup_1.1.9.msi
2015-04-12 11:32 - 2015-04-12 11:32 - 00000000 ____D () C:\Program Files\NA
2015-04-12 10:16 - 2015-04-12 12:01 - 00000943 _____ () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Napster Music Community.lnk
2015-04-12 10:16 - 2015-04-12 12:01 - 00000919 _____ () C:\Users\Gast\Desktop\Napster Music Community.lnk
2015-04-12 10:16 - 2015-04-12 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Napster
2015-04-11 11:40 - 2015-04-12 10:22 - 00000000 _____ () C:\Windows\system32\mx_0020b.00-
2015-04-11 11:38 - 2015-04-12 12:01 - 00000000 ____D () C:\Program Files\Napster
2015-04-11 10:28 - 2015-04-11 10:28 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-04-11 10:28 - 2015-04-11 10:28 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-04-11 10:28 - 2015-04-11 10:28 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2015-04-10 13:30 - 2015-04-10 13:30 - 00000000 ____D () C:\Users\Home\.fontconfig
2015-04-10 13:18 - 2015-04-10 13:19 - 36790512 _____ (Movavi) C:\Users\Home\Downloads\MovaviVideoConverterSetupF.exe
2015-04-10 12:02 - 2015-04-10 12:02 - 00000000 ____D () C:\Users\Default\AppData\Local\Garmin_Ltd._or_its_subsid
2015-04-10 12:02 - 2015-04-10 12:02 - 00000000 ____D () C:\Users\Default User\AppData\Local\Garmin_Ltd._or_its_subsid
2015-04-08 12:12 - 2015-04-08 12:17 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Mp3tag
2015-04-08 12:12 - 2015-04-08 12:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2015-04-08 12:12 - 2015-04-08 12:12 - 00000000 ____D () C:\Program Files\Mp3tag
2015-04-08 12:09 - 2015-04-08 12:09 - 02802944 _____ () C:\Users\Home\Downloads\mp3tagv269setup.exe
2015-04-07 09:20 - 2015-04-07 09:20 - 00001248 _____ () C:\Users\Public\Desktop\Freemake Video Converter.lnk
2015-04-07 09:16 - 2015-04-07 09:16 - 01270552 _____ (Ellora Assets Corporation ) C:\Users\Home\Downloads\FreemakeVideoConverterSetup.exe
2015-04-06 18:31 - 2015-04-06 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftMaker Office Standard 2012
2015-04-06 18:30 - 2015-04-06 18:44 - 00000000 ____D () C:\Program Files\SoftMaker Office Standard 2012
2015-04-06 10:22 - 2015-04-06 10:25 - 113784328 _____ (SoftMaker Software GmbH) C:\Users\Home\Downloads\ofw2012std.exe
2015-04-05 10:46 - 2015-04-05 10:46 - 15621448 _____ (Ventis Media Inc. ) C:\Users\Home\Downloads\MediaMonkey_4.1.6.1736.exe
2015-04-05 10:22 - 2015-04-05 10:22 - 01906385 _____ () C:\Users\Home\Downloads\cdtomp3freeware.exe
2015-04-05 10:22 - 2015-04-05 10:22 - 00000938 _____ () C:\Users\Gast\Desktop\Free CD to MP3 Converter.lnk
2015-04-05 10:22 - 2015-04-05 10:22 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Eusing
2015-04-05 10:22 - 2015-04-05 10:22 - 00000000 ____D () C:\Program Files\CD to MP3 Freeware
2015-04-05 10:20 - 2015-04-05 10:20 - 00232216 _____ () C:\Users\Home\Downloads\cdtomp3freeware-33399310.exe
2015-04-04 10:45 - 2015-04-04 10:45 - 00000000 ___SD () C:\Windows\system32\GWX
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-03 12:07 - 2013-10-28 20:58 - 00000000 ____D () C:\FRST
2015-05-03 11:24 - 2013-04-05 07:54 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-03 11:10 - 2012-03-31 17:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-03 11:06 - 2010-02-18 19:57 - 01491879 _____ () C:\Windows\WindowsUpdate.log
2015-05-03 10:54 - 2009-07-14 06:34 - 00029760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-03 10:54 - 2009-07-14 06:34 - 00029760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-03 10:47 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-05-03 10:45 - 2015-02-25 21:55 - 00015749 _____ () C:\Windows\setupact.log
2015-05-03 10:45 - 2015-02-25 21:54 - 00022454 _____ () C:\Windows\PFRO.log
2015-05-03 10:45 - 2014-06-30 20:40 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-05-03 10:45 - 2012-01-14 15:24 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-05-03 10:45 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-03 10:08 - 2014-12-07 02:07 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-05-03 10:08 - 2014-07-01 21:34 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Nico Mak Computing
2015-05-03 10:08 - 2014-07-01 21:34 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2015-05-03 10:08 - 2010-02-18 20:06 - 00000000 ____D () C:\Users\Home
2015-05-03 10:08 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-05-03 09:00 - 2015-03-03 15:29 - 00000000 ____D () C:\Users\Home\AppData\Roaming\FreeDoko
2015-05-02 21:48 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Vss
2015-05-02 19:59 - 2013-09-01 01:36 - 00000000 ___DC () C:\AdwCleaner
2015-05-02 19:41 - 2009-07-14 09:50 - 00000000 ____D () C:\Windows\ShellNew
2015-05-02 18:18 - 2014-10-20 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-05-02 17:35 - 2013-02-05 13:34 - 00000000 ____D () C:\Users\Home\AppData\Roaming\MediaMonkey
2015-05-02 14:41 - 2010-04-21 23:12 - 00000000 ____D () C:\Users\Home\dwhelper
2015-05-02 00:00 - 2010-03-07 01:41 - 00000000 ____D () C:\Program Files\VideoLAN
2015-05-01 23:28 - 2014-07-02 10:52 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-01 23:25 - 2013-10-23 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-01 22:37 - 2010-02-20 12:39 - 00000000 ___RD () C:\Users\Home\Desktop\Computer&Games
2015-05-01 22:36 - 2011-10-06 13:59 - 00000000 ____D () C:\Users\Home\Desktop\Musik
2015-04-30 17:55 - 2010-06-20 14:29 - 00000000 ____D () C:\Users\Home\AppData\Roaming\dvdcss
2015-04-30 17:34 - 2013-04-24 14:15 - 00000000 ____D () C:\ProgramData\DVD Shrink
2015-04-30 16:48 - 2011-04-04 17:33 - 00000327 _____ () C:\Users\Home\Desktop\Bücher und Schreiberei\Büroarbeiten\Documents\ax_files.xml
2015-04-30 14:55 - 2014-01-21 09:23 - 00087608 _____ () C:\Users\Home\AppData\Roaming\inst.exe
2015-04-30 14:55 - 2014-01-21 09:23 - 00047360 _____ (VSO Software) C:\Users\Home\AppData\Roaming\pcouffin.sys
2015-04-30 14:55 - 2014-01-21 09:23 - 00007887 _____ () C:\Users\Home\AppData\Roaming\pcouffin.cat
2015-04-30 08:41 - 2014-03-13 16:30 - 00000000 ____D () C:\Program Files\XMedia Recode
2015-04-29 23:00 - 2013-09-01 16:15 - 00000000 ____D () C:\Users\Home\Desktop\Bücher und Schreiberei\Büroarbeiten\Documents\Any DVD Converter Professional
2015-04-29 22:58 - 2014-06-29 21:02 - 00000000 ____D () C:\Program Files\AnvSoft
2015-04-29 22:58 - 2012-11-10 09:49 - 00000000 ____D () C:\Users\Home\AppData\Roaming\AnvSoft
2015-04-28 15:31 - 2010-02-18 20:11 - 01765786 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-26 17:53 - 2013-12-31 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-04-26 17:53 - 2013-09-01 19:42 - 00000000 ____D () C:\Users\Home\AppData\Roaming\DVDVideoSoft
2015-04-26 17:53 - 2013-09-01 19:42 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2015-04-25 16:38 - 2011-05-07 17:48 - 00000000 ____D () C:\Users\Home\Desktop\Bücher und Schreiberei\Büroarbeiten\Documents\SoftMaker
2015-04-22 20:51 - 2009-07-14 06:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-20 22:29 - 2013-09-01 16:15 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-18 17:27 - 2015-02-14 19:53 - 00000000 ____D () C:\Users\Home\AppData\Local\CDex
2015-04-17 12:14 - 2011-10-09 20:27 - 00000000 ____D () C:\ProgramData\Bluetooth
2015-04-17 12:13 - 2011-10-09 20:13 - 00000032 _____ () C:\Windows\0
2015-04-17 11:50 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-17 06:40 - 2009-07-14 06:33 - 00615568 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-16 17:27 - 2011-09-25 11:31 - 00198424 _____ () C:\Users\Home\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-16 17:23 - 2010-04-04 19:50 - 00000000 ____D () C:\Program Files\Lexware
2015-04-16 00:18 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 19:10 - 2012-03-31 17:58 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-15 19:10 - 2011-05-16 16:46 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-15 15:43 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2015-04-15 14:55 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-15 14:39 - 2014-05-06 20:28 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 14:38 - 2014-12-10 14:31 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 14:38 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-04-15 14:05 - 2013-08-17 18:06 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 14:05 - 2010-02-18 20:13 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 14:00 - 2013-01-25 19:38 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-04-15 14:00 - 2010-09-09 09:34 - 00000000 ___RD () C:\Program Files\Skype
2015-04-15 14:00 - 2010-09-09 09:34 - 00000000 ____D () C:\ProgramData\Skype
2015-04-15 11:08 - 2015-03-03 15:28 - 00001801 _____ () C:\Users\Gast\Desktop\FreeDoko.lnk
2015-04-15 05:07 - 2010-03-24 08:22 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-15 05:07 - 2010-03-24 08:22 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-14 14:53 - 2011-12-26 12:27 - 00000000 __SHD () C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2015-04-14 14:46 - 2010-02-19 22:54 - 00000000 ____D () C:\Users\Home\AppData\Roaming\TuneUp Software
2015-04-14 14:10 - 2013-08-07 19:56 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-04-14 14:04 - 2014-05-28 20:54 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-04-14 12:25 - 2013-11-19 11:52 - 00000000 ____D () C:\Program Files\OXXOGames
2015-04-14 12:10 - 2013-10-27 12:06 - 00000000 ____D () C:\Users\Home\AppData\Local\Microsoft Games
2015-04-14 11:43 - 2013-04-27 13:46 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2015-04-14 10:39 - 2011-01-14 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-14 10:19 - 2010-02-19 22:51 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-04-14 08:47 - 2014-03-21 10:32 - 00000000 ____D () C:\Users\Home\AppData\Roaming\com.Rhapsody.Napster5
2015-04-12 14:19 - 2012-04-10 11:46 - 00000000 ____D () C:\Users\DefaultAppPool
2015-04-12 14:19 - 2011-09-26 22:01 - 00000000 ____D () C:\Users\Classic .NET AppPool
2015-04-12 12:01 - 2012-07-13 21:50 - 00000000 ____D () C:\Users\Gast
2015-04-11 10:28 - 2010-02-19 20:23 - 00000000 ____D () C:\Program Files\Adobe
2015-04-10 12:02 - 2014-10-29 10:39 - 00000000 ____D () C:\Program Files\Garmin
2015-04-10 12:01 - 2014-10-29 10:12 - 00000000 ____D () C:\ProgramData\Garmin
2015-04-10 12:00 - 2014-10-29 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-04-09 09:50 - 2014-07-05 19:39 - 00000000 ____D () C:\Users\Home\AppData\Local\Adobe
2015-04-08 16:01 - 2009-07-14 06:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-04-07 09:20 - 2014-06-02 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2015-04-06 18:48 - 2011-05-07 17:48 - 00000000 ____D () C:\Users\Home\AppData\Roaming\SoftMaker
2015-04-06 18:27 - 2015-02-11 17:03 - 00000000 ____D () C:\Program Files\SoftMaker Office Home & Business 2012
2015-04-05 10:22 - 2012-03-22 10:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CD to MP3 Freeware
==================== Files in the root of some directories =======
2011-10-03 20:14 - 2014-10-17 13:36 - 0000030 _____ () C:\Program Files\Exiferupdate.ini
2014-06-29 21:36 - 2014-07-02 17:25 - 5082084 _____ (The Public) C:\Users\Home\AppData\Roaming\Avisynth.exe
2014-06-29 21:36 - 2014-07-02 17:26 - 5243208 _____ ( ) C:\Users\Home\AppData\Roaming\AvsP.exe
2014-08-18 18:55 - 2015-01-02 20:17 - 0000100 _____ () C:\Users\Home\AppData\Roaming\Camdata.ini
2014-08-18 18:55 - 2015-01-02 20:17 - 0000408 _____ () C:\Users\Home\AppData\Roaming\CamLayout.ini
2014-08-18 18:55 - 2015-01-02 20:17 - 0000408 _____ () C:\Users\Home\AppData\Roaming\CamShapes.ini
2014-08-19 16:30 - 2015-01-02 20:17 - 0004546 _____ () C:\Users\Home\AppData\Roaming\CamStudio.cfg
2014-01-21 09:23 - 2015-04-30 14:55 - 0087608 _____ () C:\Users\Home\AppData\Roaming\inst.exe
2014-06-29 21:36 - 2014-07-02 17:26 - 1357348 _____ () C:\Users\Home\AppData\Roaming\MatroskaSplitter.exe
2014-01-21 09:23 - 2015-04-30 14:55 - 0007887 _____ () C:\Users\Home\AppData\Roaming\pcouffin.cat
2014-01-21 09:23 - 2015-04-30 14:55 - 0001144 _____ () C:\Users\Home\AppData\Roaming\pcouffin.inf
2014-01-21 09:23 - 2015-04-30 14:55 - 0047360 _____ (VSO Software) C:\Users\Home\AppData\Roaming\pcouffin.sys
2014-06-29 21:36 - 2014-07-02 17:26 - 7760687 _____ (Boraxsoft) C:\Users\Home\AppData\Roaming\SetupGFD.exe
2014-08-18 18:52 - 2015-01-02 20:11 - 0000096 _____ () C:\Users\Home\AppData\Roaming\version2.xml
2011-10-29 09:51 - 2014-01-16 18:03 - 0008704 _____ () C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-17 21:12 - 2014-08-17 21:12 - 0007634 _____ () C:\Users\Home\AppData\Local\Resmon.ResmonCfg
2011-12-26 12:53 - 2011-12-26 12:53 - 0017408 _____ () C:\Users\Home\AppData\Local\WebpageIcons.db
2015-04-30 14:46 - 2015-04-30 16:30 - 0000085 ___SH () C:\ProgramData\.zreglib
2013-10-19 21:32 - 2013-10-19 21:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2010-09-09 09:39 - 2010-09-09 09:39 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-24 10:50
==================== End Of Log ============================
Die addition.txt in extra Fenster... |
|
03.05.2015, 11:31
| #19 |
| | sm.de - wie werde ich das wieder los? Hier die addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-04-2015 01
Ran by Home at 2015-05-03 12:08:59
Running from C:\Users\Home\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3719280737-1325245270-1685948379-500 - Administrator - Disabled)
Gast (S-1-5-21-3719280737-1325245270-1685948379-501 - Limited - Enabled) => C:\Users\Gast
Home (S-1-5-21-3719280737-1325245270-1685948379-1001 - Administrator - Enabled) => C:\Users\Home
HomeGroupUser$ (S-1-5-21-3719280737-1325245270-1685948379-1008 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
ABBYY FineReader 5.0 Pro (HKLM\...\ABBYY FineReader 5.0 Pro) (Version: 5.0 - ABBYY Software House)
abramania mahjongg freeware 1.0 (HKLM\...\abramania mahjongg freeware 1.0) (Version: 1.0 - abramedia)
Accent OFFICE Password Recovery 4.0 (HKLM\...\Accent OFFICE Password Recovery_is1) (Version: 4.0 - AccentSoft Team)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Renamer (HKLM\...\Advanced Renamer_is1) (Version: 3.64 - Hulubulu Software)
Agent Ransack (HKLM\...\{8B51F879-18C4-4C37-8D2B-E340AEE7AACB}) (Version: 7.0.828.1 - Mythicsoft Ltd)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Any DVD Converter Professional 5.8.0 (HKLM\...\Any DVD Converter Professional_is1) (Version: - Any-DVD-Converter.com)
Apowersoft Bildschirmrekorder Pro V1.3.2 (HKLM\...\{BADAA284-1D15-4EBB-B1E5-7C86603CDBBB}_is1) (Version: 1.3.2 - Apowersoft)
Ashampoo Burning Studio 2014 v.12.0.5 (HKLM\...\{91B33C97-280F-B76D-E27B-E712D7041B76}_is1) (Version: 12.0.5 - Ashampoo GmbH & Co. KG)
ATI AVIVO Codecs (Version: 11.6.0.51118 - ATI Technologies Inc.) Hidden
ATI Catalyst Registration (Version: 3.00.0000 - ATI Technologies Inc.) Hidden
ATI Problem Report Wizard (Version: 3.0.800.0 - ATI Technologies) Hidden
Avery Zweckform DesignPro 2000 (HKLM\...\DesignPro) (Version: - )
AviSynth 2.6 (HKLM\...\AviSynth) (Version: 2.6.0.2 - GPL Public release.)
AVM FRITZ!Box Dokumentation (HKLM\...\AVMFBox) (Version: - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM\...\AVMFBoxPrinter) (Version: - AVM Berlin)
AvsP (HKLM\...\AvsP_is1) (Version: - )
Bluesoleil2.6.0.1 Release 070402 (HKLM\...\{11B5E957-FCF2-469D-AB66-963C38134231}) (Version: 2.6.0.1 Release 070402 - IVT Corporation)
CameraHelperMsi (Version: 13.31.1038.0 - Logitech) Hidden
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: - )
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version: - )
Canon iP4900 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4900_series) (Version: - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon RAW Codec (HKLM\...\Canon RAW Codec) (Version: 1.4.1.44 - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version: - )
Canon Utilities Easy-PrintToolBox (HKLM\...\Easy-PrintToolBox) (Version: - )
Canon Utilities File Viewer Utility 1.3 (HKLM\...\InstallShield_{74344F10-34CA-480E-BD02-B3F4FA692BFA}) (Version: 1.3.1 - Canon)
Canon Utilities PhotoStitch 3.1 (HKLM\...\InstallShield_{F11A403B-0DE9-4953-B790-7A2F014FBB2B}) (Version: 3.1.10 - Canon)
CCleaner (HKLM\...\CCleaner) (Version: 3.04 - Piriform)
CDex - Open Source Digital Audio CD Extractor (HKLM\...\CDex) (Version: 1.77.0.2015 - Georgy Berdyshev)
CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version: - )
C-Media USB Mass Storage Driver (HKLM\...\C-Media Card Reader Driver) (Version: - )
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CorelDRAW Graphics Suite X4 - Capture (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Content (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Draw (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Filters (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - FontNav (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics SUite X4 - ICA (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - IPM (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang BR (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang CZ (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang DE (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang EN (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang ES (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang FR (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang IT (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang NL (Version: 14.2 - Uw bedrijfsnaam) Hidden
CorelDRAW Graphics Suite X4 - Lang PL (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang SU (Version: 14.2 - Yrityksen nimi) Hidden
CorelDRAW Graphics Suite X4 - Lang SV (Version: 14.2 - Ditt företagsnamn) Hidden
CorelDRAW Graphics Suite X4 - PP (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - VBA (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (HKLM\...\_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}) (Version: - Corel Corporation)
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (Version: 1.1 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X4 (HKLM\...\_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}) (Version: - Corel Corporation)
CyberLink PowerDirector 11 (HKLM\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.2707 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.3206 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DATA BECKER CD-DVD Druckerei 8 (HKLM\...\CD-DVD Druckerei 8_is1) (Version: 8.10.0.0 - DATA BECKER GmbH & Co. KG)
DATA BECKER MPEG2 Video Encoder (HKLM\...\MPEG2 Video Encoder_is1) (Version: - )
DATA BECKER Stream Catcher 2 FREE (HKLM\...\Stream Catcher 2 FREE_is1) (Version: - )
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
Dropbox (HKU\S-1-5-21-3719280737-1325245270-1685948379-1001\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
Duplicate Email Remover (HKLM\...\{7AA36634-4324-4EF4-8C0C-D8EF1FC2BEA4}) (Version: 2.16.0 - MAPILab Ltd.)
DVD Shrink 3.2 deutsch (HKLM\...\DVD Shrink DE_is1) (Version: - DVD Shrink)
Easy-WebPrint (HKLM\...\Easy-WebPrint) (Version: - )
Elevated Installer (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
ElsterFormular (HKLM\...\ElsterFormular) (Version: 16.1.20150309 - Landesfinanzdirektion Thüringen)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
EPSON Smart Panel (HKLM\...\{6C11D561-620B-47DA-A693-4C597F3CDF40}) (Version: - )
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Exif Pilot 4.7 (HKLM\...\Exif Pilot_is1) (Version: 4.7 - Two Pilots)
Exifer (HKLM\...\Exifer_is1) (Version: - Friedemann Schmidt)
exPressIT (HKLM\...\exPressIT) (Version: - )
File Viewer Utility 1.3.1 (Version: 1.3.1 - Canon) Hidden
Firebird SQL Server - MAGIX Edition (HKLM\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
FixFoto 3.50 (HKLM\...\FixFoto_is1) (Version: - Joachim Koopmann Software)
FormatFactory 3.3.5.0 (HKLM\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
Fotogalerie (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free Audio Converter version 5.0.46.820 (HKLM\...\Free Audio Converter_is1) (Version: 5.0.46.820 - DVDVideoSoft Ltd.)
Free CD to MP3 Converter (HKLM\...\Free CD to MP3 Converter) (Version: - Eusing Software)
Free DVD MP3 Ripper 1.12 (HKLM\...\Free DVD MP3 Ripper_is1) (Version: - Jodix Technologies Ltd.)
Free DVD Video Converter version 2.0.25.415 (HKLM\...\Free DVD Video Converter_is1) (Version: 2.0.25.415 - DVDVideoSoft Ltd.)
Free MP4 Video Converter version 5.0.44.623 (HKLM\...\Free MP4 Video Converter_is1) (Version: 5.0.44.623 - DVDVideoSoft Ltd.)
Free Screen Video Recorder version 2.5.36.806 (HKLM\...\Free Screen Video Recorder_is1) (Version: 2.5.36.806 - DVDVideoSoft Ltd.)
Free Video to JPG Converter version 5.0.32.1230 (HKLM\...\Free Video to JPG Converter_is1) (Version: 5.0.32.1230 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.56.324 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.56.324 - DVDVideoSoft Ltd.)
FreeDoko 0.7.12 (HKLM\...\FreeDoko) (Version: 0.7.12 - Borg Enders und Diether Knof)
FreeFileSync 6.15 (HKLM\...\FreeFileSync) (Version: 6.15 - www.FreeFileSync.org)
Freemake Video Converter Version 4.1.6 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.6 - Ellora Assets Corporation)
FreeOCR v4.2 (HKLM\...\freeocr_is1) (Version: - )
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version: - )
Garmin City Navigator Europe NTU 2015.30 (HKLM\...\{63F1BF21-7435-4055-AA71-7ED2B7948C8C}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{50755d67-ae60-4e47-b3d6-ce44d01b5a95}) (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
GLUCOFACTS(TM) Deluxe (HKLM\...\{4B1E59A2-A053-4911-896D-1EB84A3E48D1}) (Version: 3.07.03 - Bayer HealthCare)
GLUCOFACTS(TM) Deluxe Smart Launch (HKLM\...\{D21D372C-BAE1-4F6A-98F5-E66DDBF327FB}) (Version: 1.24.01 - Bayer HealthCare)
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GPL Ghostscript 8.71 (HKLM\...\GPL Ghostscript 8.71) (Version: - )
GUI for dvdauthor 1.07 (HKLM\...\GUI for dvdauthor) (Version: 1.07 - Boraxsoft)
Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - )
Helix YUV Codecs (remove only) (HKLM\...\HelixYUVCodecs) (Version: - )
honestech VHS to DVD 2.0 SE (HKLM\...\{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}) (Version: 2.0 - honestech)
HydraVision (Version: 4.2.184.0 - ATI Technologies Inc.) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Kalenderchen 5 (HKLM\...\{11464943-4682-4F6B-A96D-D4E8C26DD111}_is1) (Version: - Daniel Manger)
Kaspersky Internet Security 2013 (HKLM\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Internet Security 2013 (Version: 13.0.1.4190 - Kaspersky Lab) Hidden
K-Lite Codec Pack 10.5.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.5.0 - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Logitech SetPoint 6.51 (HKLM\...\sp6) (Version: 6.51.8 - Logitech)
Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam-Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.31 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Max Uninstaller version 2.0 (HKLM\...\{C7022C9B-4DE0-4A57-B395-ED3BFDB78D73}_is1) (Version: 2.0 - hxxp://www.maxuninstaller.com/)
MD Exif 1.3 (HKLM\...\MD Exif_is1) (Version: - Stefan Göppert Softwareentwicklung)
MediaMonkey 4.1 (HKLM\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
MEDION GoPal Assistant (HKLM\...\{B9D45A76-61DF-4387-B0FE-CA165D582B57}) (Version: 6.3.6.13143 - MEDION)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft GIF Animator (HKLM\...\GIF Animator) (Version: - )
Microsoft Office Converter Pack (HKLM\...\Microsoft Office Converter Pack) (Version: - )
Microsoft Office Word Viewer 2003 (HKLM\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.4 (x86 de) (HKLM\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0.4 - Mozilla)
Mozilla Thunderbird 17.0.8 (x86 de) (HKLM\...\Mozilla Thunderbird 17.0.8 (x86 de)) (Version: 17.0.8 - Mozilla)
Mp3tag v2.69 (HKLM\...\Mp3tag) (Version: v2.69 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Napster 5.0 Beta (HKLM\...\com.Rhapsody.Napster5) (Version: 1.0.29 - Rhapsody International Inc)
Napster 5.0 Beta (Version: 1.0.29 - Rhapsody International Inc) Hidden
Napster Rienf Repair (HKLM\...\{7FF8A00B-5FA7-4BD4-A6B9-131CE0D1FC11}) (Version: 1.1.9 - NA)
Napster v2.0 BETA 10.4 (HKLM\...\Napster v2.0 BETA 10.4) (Version: - )
Newblue Art Effects for PowerDirector (HKLM\...\NewBlue Art Effects for PowerDirector) (Version: 2.0 - NewBlue)
OEXtract 1.0 (Testversion) (HKLM\...\OEXtract - Dateireader für Outlook Express (Testversion)_is1) (Version: - Priotecs Software)
OEXtract 1.0 (Vollversion) (HKLM\...\OEXtract - Dateireader für Outlook Express (Vollversion)_is1) (Version: - Priotecs Software)
Office Password Recovery PRO v1.0 (remove only) (HKLM\...\Password Solutions - Office Password Recovery PRO) (Version: 1.0 - Password Solutions)
OpenOffice 4.1.0 (HKLM\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC)
PassportPhoto (remove) (HKU\S-1-5-21-3719280737-1325245270-1685948379-1001\...\PassportPhoto) (Version: - )
Patrizier II Gold (HKLM\...\Patrizier II Gold_is1) (Version: - )
PDF Blender (HKLM\...\PDF Blender) (Version: - )
PDF Editor 4 (HKLM\...\PDF Editor 4) (Version: - )
PDF To JPG 2.0 (HKLM\...\PDF To JPG_is1) (Version: - PDF To JPG)
PDF24 Creator 6.9.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDF2Word 1.0 (HKLM\...\PDF2Word 1.0) (Version: - )
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.2 - pdfforge)
PhotoScape (HKLM\...\PhotoScape) (Version: - )
PhotoStitch (Version: 3.1.10 - Canon) Hidden
PrintProfi CD-Label (HKLM\...\{F336E5BC-6281-4ECD-8CA8-38D158D0AEAE}) (Version: - )
Protect Disc License Helper 1.0.125 (IE) (HKU\.DEFAULT\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc)
Quick Player 2010 2.3 (HKLM\...\Quick Player 2010 2.3) (Version: - )
QuickSteuer 2015 (HKLM\...\{49E0E0CA-C817-49C8-861B-B766599BCB96}) (Version: 20.33.156 - Haufe-Lexware GmbH & Co.KG)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Royal Doppelkopf (HKLM\...\{75EA97E2-BAD7-45DF-8196-82A828BF47DC}) (Version: 1.0.9 - <no manufacturer>)
Screen Recorder 1 (HKLM\...\Screen Recorder 1) (Version: - )
SDP Downloader (HKLM\...\{B547CB8D-549A-436E-97B5-E79F911B11E2}) (Version: 2.3.0 - SDP Multimedia)
Skat 2095 Special Edition V2.0 (HKLM\...\Skat 2095 Special Edition V2.0_is1) (Version: - )
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartSound Quicktracks 5 (HKLM\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (Version: 5.1.8 - SmartSound Software Inc.) Hidden
SMI USB Grabber (HKLM\...\{B03B98E3-2795-48F6-BA33-793BBF5DF685}) (Version: 1.0.0.02 - Somagic Inc)
SoftMaker Office Standard 2012 (HKLM\...\{8EBB8452-274B-465D-8324-00B0832FBB02}) (Version: 12.0.3493 - SoftMaker Software GmbH)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
Startfenster (HKLM\...\Startfenster) (Version: - Startfenster)
Switch Audiodatei-Konverter (HKLM\...\Switch) (Version: 4.77 - NCH Software)
Technotrend Viewer (HKLM\...\TT-Viewer_is1) (Version: - CM&V)
The Lord of the Rings FREE Trial (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Tipard TS Converter 7.1.52 (HKLM\...\{2D85A23D-06EF-4df2-BF09-B39AEDAE9140}_is1) (Version: 7.1.52 - Tipard Studio)
TKexe designer (HKU\S-1-5-21-3719280737-1325245270-1685948379-1001\...\c4db908bc0b92124) (Version: 2.0.1.25 - TKexe Printservice)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 7.50a - Ghisler Software GmbH)
TSDoctor (HKLM\...\{B737ED31-760E-444A-A696-3D8DB8988412}) (Version: 1.2.116 - Cypheros)
Tunatic (HKLM\...\Tunatic) (Version: - )
TuneUp Utilities 2012 (HKLM\...\TuneUp Utilities 2012) (Version: 12.0.3600.171 - TuneUp Software)
TuneUp Utilities 2012 (Version: 12.0.3600.171 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (Version: 12.0.3600.171 - TuneUp Software) Hidden
UltraMixer 2.4.6 (HKLM\...\{32E2F180-247C-4077-B06A-20F9868568E0}_is1) (Version: 2.4.6 - UltraMixer Digital Audio Solutions)
USB2.0 Grabber (HKLM\...\{45518B6D-9DDF-4144-83E4-A56762524F35}) (Version: 7.12.000.003 - Youyan)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Videoload (HKU\S-1-5-21-3719280737-1325245270-1685948379-1001\...\1260033950.wcps.t-online.de) (Version: - wcps.t-online.de)
Videoload Manager 2.0.2200 (HKLM\...\Videoload Manager) (Version: 2.0.2200 - T-Online)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VOB2MPG v3 (HKLM\...\{908B5359-244E-4E09-AA9F-DBF240679B46}) (Version: 3.2.2000 - BadgerIT)
WEB.DE MailCheck für Mozilla Firefox (HKLM\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 3.0.2.1739 - 1&1 Mail & Media GmbH)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Wondershare PDF Converter Pro (Build 4.0.5) (HKLM\...\{67CC8351-9D8B-4EDF-AAEE-B8CB17E5F3AC}_is1) (Version: 4.0.5 - Wondershare Software)
Wondershare Video Converter Ultimate(Build 7.1.0.2) (HKLM\...\Wondershare Video Converter Ultimate_is1) (Version: 7.1.0.2 - Wondershare Software)
XLS to DBF Converter 1.50 (HKLM\...\XLS to DBF Converter_is1) (Version: - WhiteTown Software)
XMedia Recode Version 3.2.2.7 (HKLM\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.2.7 - XMedia Recode)
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0295691A-D674-4904-805C-BDFE165B4CA0}\localserver32 -> C:\Program Files\SoftMaker Office Standard 2012\PlanMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0295691A-D674-4904-805C-BDFE165B771B}\localserver32 -> C:\Program Files\SoftMaker Office Standard 2012\TextMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0AF398C8-E8E1-700c-2e0c-9348f8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0BA686AA-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0BA686AE-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0BA686AF-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0BA686B3-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0BA686B4-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0BA686B8-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0BA686B9-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0BA686BD-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0BA686BE-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0BA686C2-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0BA686C3-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0BA686C7-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0CD1A340-7FAB-04a4-3e71-d3d3f8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0E7589F8-3F4A-21cc-08a8-cd01f8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{109D12C4-4EB6-1144-b843-753df8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{17A833B2-F647-f2f6-1b53-2d7cf8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32 -> C:\Windows\system32\MSWINSCK.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{27395F85-0C0C-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\PICCLP32.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{2EE319C4-8593-7fe0-edac-4b50f8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{2F155EE4-C332-11CD-B23C-0000C0058192}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{30291A01-707C-11d0-B457-4446490043BF}\localserver32 -> C:\Program Files\SoftMaker Office Standard 2012\TextMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{3801CA43-C9A5-2cbd-2116-c251f8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{399254F2-670F-11D1-8092-0080ADB44B5C}\localserver32 -> C:\Program Files\SoftMaker Office Standard 2012\PlanMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{399254F3-670F-11D1-8092-0080ADB44B5C}\localserver32 -> C:\Program Files\SoftMaker Office Standard 2012\PlanMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{3A952499-3A8C-dc34-95da-f73bf8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{4735E322-568B-f1ec-6510-90e8f8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\Windows\system32\MSINET.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{4C735EC7-E94E-ac2f-8cd2-f37ff8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{4C756328-2F47-ca38-bda4-f1b2f8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{4CC24160-A50F-7270-3a75-75a4f8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{65027E39-AEAF-fac4-df5d-e6c2f8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{6E38DC65-4180-ca68-7cc4-f56bf8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{71B4EE53-E932-dbdd-61e5-3afbf8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{8a087491-5264-11d4-95F6-00A0CC3CCA14}\localserver32 -> C:\Program Files\SoftMaker Office Standard 2012\PlanMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{8A291A46-46B3-7292-63d5-9199f8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{8E932745-E80C-45f5-8423-df98f8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{A8C3B720-0B5A-101B-B22E-00AA0037B2FC}\InprocServer32 -> C:\Windows\system32\GRID32.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{AACA9EA2-6F92-008f-6ece-683ff8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{bf608490-5373-11d0-8efb-4446490043bf}\localserver32 -> C:\Program Files\SoftMaker Office Standard 2012\TextMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{F4392542-0CFE-101B-B22E-00AA0037B2FC}\InprocServer32 -> C:\Windows\system32\GRID32.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{F6D87F96-D010-461a-0045-706ef8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{F78FB21B-A447-b845-9bb8-fc29f8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\COMDLG32.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{FDECAF97-6F7B-451a-57f9-fbd8f8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2014-07-02 00:21 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {013C0F72-E552-4AC4-A261-4CE541A9D031} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2014-04-25] (Safer-Networking Ltd.)
Task: {0772D220-C3AD-4369-BF74-16CDD08E68A2} - System32\Tasks\{02FD5746-A1F9-4486-B88D-85A3CF31B979} => pcalua.exe -a D:\Utilities\DirectX\dxsetup.exe -d D:\Utilities\DirectX
Task: {096C0D24-882C-4B08-8A24-05881A99FEF8} - System32\Tasks\{96135FEB-DB57-4E6D-89A0-647352254E78} => pcalua.exe -a C:\Users\Home\Downloads\irfanview_plugins_438_setup(1).exe -d C:\Users\Home\Downloads
Task: {0A362B58-ABBE-4DC7-8530-CF37EF39F5FE} - System32\Tasks\{B1C3AF6C-F07A-466E-A421-94FE223F0C06} => pcalua.exe -a C:\Users\Home\Downloads\APRO23_Win_ESD1_WWEFG.exe -d C:\Users\Home\Downloads
Task: {11765517-C21F-490D-8559-9ED4EB3EE79B} - System32\Tasks\{1DA0E4E6-85B3-4F07-94C1-E1C789D9039E} => pcalua.exe -a C:\downloads\Software\M_Pass_Finder(1).exe -d C:\downloads\Software
Task: {124F544D-9EE7-45CB-99DA-89C8DB1AAD60} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe
Task: {14405332-47DB-4652-A4D8-A9295175B6F0} - System32\Tasks\Divx-Online-Aktualisierungsprogramm => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2014-01-10] ()
Task: {165EA01E-9226-448F-8BB9-164965894571} - System32\Tasks\{F19FB522-684E-4D87-9CC7-1FF2AED5EE10} => pcalua.exe -a D:\Drivers\Setup.exe -d D:\Drivers
Task: {1A08B7A0-E798-46A1-9DC6-E16F33560879} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-04-25] (Safer-Networking Ltd.)
Task: {1E837AFF-C50D-453A-9EB4-C263E28FA3A5} - System32\Tasks\{EEDB1D99-8E90-4017-A256-FB9267BF88AD} => pcalua.exe -a H:\Computer\CStartup\CStartUp.EXE -d H:\Computer\CStartup
Task: {210056DE-CCF2-495E-838F-83AC058DFF5F} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
Task: {2698C28E-78A4-4985-A55F-6D39C7BDF198} - System32\Tasks\{258712A6-52C4-4CA3-9D65-4426E197812A} => pcalua.exe -a H:\Computer\Downloads-neu\dp2000_3-5.exe -d H:\Computer\Downloads-neu
Task: {2793310B-63B4-48C1-9F5D-CCADFFB9687B} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3719280737-1325245270-1685948379-1001 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {2A5D720E-212E-495D-A0E0-6B7E5EF39DA8} - System32\Tasks\{19000F55-88D1-436B-A67C-734768091901} => C:\Program Files\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {3AE8DAF0-2D1C-494D-9967-15004C2D604A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {4303196B-CE7A-4476-A274-7495241EEAC8} - System32\Tasks\{1B29FBC3-0BC8-465D-B65D-D94C4534B9D3} => pcalua.exe -a D:\Utilities\SonyMPEG\install.exe -d D:\Utilities\SonyMPEG
Task: {44ED2D9B-1558-44E3-9CBF-7678577AC928} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3719280737-1325245270-1685948379-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {484BA704-22AE-42F2-AE98-9D79FCA3DCA0} - System32\Tasks\{FAC3CBCF-CA94-4C0A-B4D9-CA10B847768E} => pcalua.exe -a D:\Setup\Setup.exe -d D:\Setup
Task: {4CCE5242-F799-400D-B90C-409B34D8A902} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3719280737-1325245270-1685948379-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {4EC4FC41-A35F-4D55-BB38-D63FBE3F7D17} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {502A2562-69BD-47E3-9976-53522A532C1C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {5D0EBAC6-B9A5-4753-9AC0-3D7E1601AB7B} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {5E8E6AEE-724B-4517-BFCC-2757A3CC18F8} - System32\Tasks\{C75D6492-A1E3-4017-BF59-AC81F249092B} => pcalua.exe -a "C:\Program Files\Lavalys\EVEREST Home Edition\everest.exe" -d C:\Users\Home\Desktop
Task: {60D16A13-6AB1-4308-A615-064027883850} - System32\Tasks\{9E29FF12-276E-4F58-826A-6C7DDD6A07C9} => pcalua.exe -a K:\Computer\CStartup\CStartUp.EXE -d K:\Computer\CStartup
Task: {62CA084E-455A-4DF5-8405-029FA6741C73} - System32\Tasks\{5B9F00C7-19A6-4104-944D-3B067D17D2C8} => pcalua.exe -a C:\Users\Home\Desktop\Integrated_BrotherSoft_TB.exe -d C:\Users\Home\Desktop
Task: {6356851D-5F35-4EFB-B03C-8355282D9388} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {6B357A0F-9069-415B-9377-E4BFF2D5391E} - System32\Tasks\{F2C97F45-3879-47ED-A783-1C76CE1A41C0} => pcalua.exe -a W:\Werkzeuge\Q-sonic\Drivers\Setup.exe -d W:\Werkzeuge\Q-sonic\Drivers
Task: {77693F8B-84FA-4B65-8FAB-F7ACC2D49F8E} - System32\Tasks\{3677C788-B53D-4E82-99B3-A5797F018680} => pcalua.exe -a C:\Users\Home\Downloads\irfanview_plugins_436_setup.exe -d C:\Users\Home\Downloads
Task: {77A04416-3991-4B96-8E3B-A8D35BF222D2} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3719280737-1325245270-1685948379-1001 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: {7F5070D9-2D3F-4495-859B-B9B0DEB8B2CF} - System32\Tasks\Real Player-Online-Aktualisierungsprogramm => C:\Program Files\Real\RealPlayer\update\realsched.exe
Task: {81563AA5-0CD8-4E32-8C22-1D35D86A8D7A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {8899C3B4-241D-438D-A9EC-0A2615D397F8} - System32\Tasks\{515A30A9-1E46-49B2-AAA7-21BDB43C4F18} => pcalua.exe -a "C:\Program Files\TechniSat DVB\bin\Setup4PC.exe" -d "C:\Program Files\TechniSat DVB\bin"
Task: {8D28C47C-37F5-4857-A914-C7AEB8D7241B} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3719280737-1325245270-1685948379-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {9E684E3C-7993-4CCE-AA8A-C8CBDCF441E3} - System32\Tasks\{2A75B433-1734-4C90-A867-9E3FEDDD7CDD} => pcalua.exe -a N:\Computer\CStartup\CStartUp.EXE -d n:\Computer\CStartup
Task: {AA407090-3662-4AF2-B924-16E9CC3BEEF4} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
Task: {AEBAB572-2025-4EA7-B3FA-49ACD6F32951} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3719280737-1325245270-1685948379-1001 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {AFD40DB1-CE00-4000-B0DA-1CB57C9B7D0C} - System32\Tasks\{EFDF58DF-BFBA-46A4-858E-C3CD60EC11AD} => pcalua.exe -a "C:\Users\Home\Downloads\PC Drivers HeadQuarters\Driver Detective\mcekit_setup.exe" -d "C:\Users\Home\Downloads\PC Drivers HeadQuarters\Driver Detective"
Task: {B21F7E5C-3600-4394-8979-07BD6EE1FF36} - System32\Tasks\{335DFFD1-0167-424E-8235-C73364469415} => pcalua.exe -a "D:\Utilities\Flash Player\flashplayer7_winax.exe" -d "D:\Utilities\Flash Player"
Task: {B542E1AA-1A38-446F-975F-E899C138F39A} - System32\Tasks\{C28788E7-581B-4B90-97C2-0099D4888DD8} => pcalua.exe -a C:\Users\Home\Downloads\irfanview_plugins_433_setup(1).exe -d C:\Users\Home\Downloads
Task: {B6A431E7-F5C7-46A3-B033-5C33159D3C01} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-04-25] (Safer-Networking Ltd.)
Task: {BCAE2D8F-D45C-41B2-9F03-7EFE5348E72D} - System32\Tasks\{2D9278F9-DE03-488F-8AD7-415C7F96541D} => pcalua.exe -a C:\Users\Home\AppData\Local\Temp\Winload.exe -d C:\Downloads -c /s -silent -DefaultSearch=FALSE -StartPage=FALSE -showPersonalCompDialog=FALSE
Task: {C5F7DDA3-15DD-4239-A281-6CDAB48BAC22} - System32\Tasks\Sansa Dispatch => C:\Users\Home\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
Task: {CD04E532-D555-4513-90F5-5FEABCD07715} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3719280737-1325245270-1685948379-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {CE1B1105-A62A-4B59-AF86-18414B79A840} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {D7152DFE-3195-4C15-86EA-87BE7446F816} - System32\Tasks\Abelssoft\CheckDriveBackgroundGuard => C:\Program Files\CheckDrive\CheckDriveBackgroundGuard.exe
Task: {DB9A1A89-34B8-4631-9B93-2CE371D92AA0} - System32\Tasks\{F72BC835-1BEF-4643-A681-770E8114E46D} => pcalua.exe -a N:\Computer\eMAILS\OE-Kombi-Pack\Backup-Tool\setup.exe -d N:\Computer\eMAILS\OE-Kombi-Pack\Backup-Tool
Task: {DC2AC514-74CD-4ACF-A8E2-B3D9052057E9} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe
Task: {F355B065-DAB2-4A89-A31C-A3A1A4D47E81} - System32\Tasks\{46792AD2-76CE-4141-9EF6-3FD5C8CC6672} => pcalua.exe -a "C:\Program Files\Babylon\Babylon-Pro\Utils\uninstbb.exe"
Task: {FDB5C640-1D6F-40B6-9853-D5915981F2BA} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {FE892AFB-0ADD-430D-A146-2D074E279272} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {FFF5226B-CC13-4F46-81DA-0CEFE1F0B19A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2012-01-24 16:03 - 2010-06-17 22:56 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files\Lexware\AAVUpdateManager\aavus.exe
2012-12-14 13:45 - 2012-12-14 13:45 - 01310136 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2015-03-17 13:43 - 2012-12-21 11:41 - 00254552 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2014-07-01 22:00 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-07-01 22:00 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-07-01 22:00 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-07-01 22:00 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-07-01 22:00 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2003-09-16 17:50 - 2003-09-16 17:50 - 00229376 _____ () C:\Windows\System32\CmWatch.exe
2012-08-17 21:38 - 2012-08-17 21:38 - 00479160 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2012-11-16 16:09 - 2012-11-16 16:09 - 00369152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:60466E88
AlternateDataStreams: C:\ProgramData\TEMP:A5B56640
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7865 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3719280737-1325245270-1685948379-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Home\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{E414FD12-D373-480C-81AD-B076819F3451}] => (Allow) D:\fsetup.exe
FirewallRules: [{D7DB5B33-FC81-4A9E-9576-8DB56EF932B5}] => (Allow) D:\fsetup.exe
FirewallRules: [{1BF225B8-8090-4230-AF69-F391C3DC8D8C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{B9AC60E0-F62C-4A6F-8079-79BDE7FF41AF}] => (Allow) C:\Program Files\Password Solutions\Office Password Recovery PRO\OfficePasswordRecoveryPRO.exe
FirewallRules: [{5AFE0747-1DB6-4658-AB05-55E081DF3665}] => (Allow) C:\Program Files\Password Solutions\Office Password Recovery PRO\OfficePasswordRecoveryPRO.exe
FirewallRules: [{81C39690-24BE-473C-B740-035686A3BD38}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{0DE6869C-0C62-4F46-BE43-56C00935003D}] => (Allow) C:\Program Files\Logitech\Vid HD\Vid.exe
FirewallRules: [{C6D56887-8C74-40B1-B9A9-50E3F08465D5}] => (Allow) C:\Program Files\Logitech\Vid HD\Vid.exe
FirewallRules: [{04F359E7-CA9F-49DD-8A55-DCF04DCF9A51}] => (Allow) C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FB621D64-8FE8-443D-BDC3-50969DCB2CA0}] => (Allow) C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{C686DC63-097F-4288-BA31-34AD511A8566}C:\users\home\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\home\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{786BACB4-225F-4176-B26E-B7F6C86F2A11}C:\users\home\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\home\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{55FB332D-8DA7-4D41-845A-585D5C355A68}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [UDP Query User{44360BBC-DEFF-4D4D-BFD6-EF11FE03C66C}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [TCP Query User{E95CFACC-58A1-4E99-BB82-4B8BA4D99C76}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{97C55EB5-D28D-4DBB-8BEF-6FD596939AB6}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{6081BCF4-659A-4BF4-9E02-45EBE26B3744}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{913D79B4-5AC3-414C-8A8A-8A57D8980CBB}] => (Allow) LPort=2869
FirewallRules: [{E52B857E-9976-4EDA-97D8-2A08A8B3D12C}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{7A008C18-F838-4C03-91B8-B3F712D15032}C:\program files\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [UDP Query User{40EE451A-A031-4C55-8C44-C54710101A6C}C:\program files\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [TCP Query User{BF937590-79B9-41B8-B6EA-B3C24AFDE0D3}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [UDP Query User{00231B14-50E5-4074-B18F-4A20EDD47E8A}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [TCP Query User{AECEC791-D4FC-4315-8BF5-4B01F4125BEE}C:\program files\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [UDP Query User{460CD571-FC36-41A1-A654-246B0A14BB6A}C:\program files\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [{D740BC39-CEFA-4C13-9618-03AFC5130F19}] => (Allow) C:\Program Files\Apowersoft\Apowersoft Screen Recorder Pro\Apowersoft Screen Recorder Pro.exe
FirewallRules: [{740BCFC3-FD35-4606-B112-2406DBC57497}] => (Allow) C:\Program Files\Apowersoft\Apowersoft Screen Recorder Pro\Apowersoft Screen Recorder Pro.exe
FirewallRules: [{F96A1494-BC1F-4CE5-8FE7-6172057128EF}] => (Allow) C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
FirewallRules: [{DD53377F-9B6C-49B9-AFFF-F2E48BB29B61}] => (Allow) C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
FirewallRules: [TCP Query User{85CF76EF-914C-4434-BAE8-55A3FF009293}C:\program files\wondershare\video converter ultimate\videoconverterultimate.exe] => (Allow) C:\program files\wondershare\video converter ultimate\videoconverterultimate.exe
FirewallRules: [UDP Query User{97BC8FF6-1DE8-4639-A28B-9150691E2BDA}C:\program files\wondershare\video converter ultimate\videoconverterultimate.exe] => (Allow) C:\program files\wondershare\video converter ultimate\videoconverterultimate.exe
FirewallRules: [{1120D557-4940-4B91-A465-C3B5286EB819}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{A7200B32-860D-424F-9F7C-25130C7BC6CC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{17C22E0F-960B-4D13-8B7F-E807ADB79703}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe] => Designer.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/03/2015 00:09:02 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (05/03/2015 00:09:02 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (05/03/2015 11:21:56 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (05/03/2015 11:20:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rundll32.exe_aepdu.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc637
Name des fehlerhaften Moduls: generaltel.dll, Version: 10.0.10037.0, Zeitstempel: 0x550d5182
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002c98e
ID des fehlerhaften Prozesses: 0x8cc
Startzeit der fehlerhaften Anwendung: 0xrundll32.exe_aepdu.dll0
Pfad der fehlerhaften Anwendung: rundll32.exe_aepdu.dll1
Pfad des fehlerhaften Moduls: rundll32.exe_aepdu.dll2
Berichtskennung: rundll32.exe_aepdu.dll3
Error: (05/03/2015 10:51:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DATA BECKER Update Service.exe, Version: 0.0.4.1, Zeitstempel: 0x4d89246b
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3c6
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000c3b93
ID des fehlerhaften Prozesses: 0xf10
Startzeit der fehlerhaften Anwendung: 0xDATA BECKER Update Service.exe0
Pfad der fehlerhaften Anwendung: DATA BECKER Update Service.exe1
Pfad des fehlerhaften Moduls: DATA BECKER Update Service.exe2
Berichtskennung: DATA BECKER Update Service.exe3
Error: (05/03/2015 09:31:15 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\wbem\wmiprvse.exe; Beschreibung = zoek.exe restore point; Fehler = 0x80042302).
Error: (05/03/2015 09:31:15 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "GetProviderMgmtInterface" ist ein unerwarteter Fehler aufgetreten. hr = 0x8004230f, Unerwarteter Fehler beim Schattenkopieanbieter bei dem Versuch, den angegebenen Vorgang zu verarbeiten.
.
Error: (05/03/2015 09:31:14 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Anbieterverwaltungsschnittstelle wird abgerufen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {00000000-0000-0000-0000-000000000000}
Snapshotkontext: -1
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Error: (05/03/2015 09:31:14 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Anbieterverwaltungsschnittstelle wird abgerufen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {00000000-0000-0000-0000-000000000000}
Snapshotkontext: -1
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Error: (05/03/2015 08:25:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Integrator.exe, Version: 12.0.3600.171, Zeitstempel: 0x52a8292a
Name des fehlerhaften Moduls: vcl120.bpl, Version: 12.0.3420.21218, Zeitstempel: 0x4a0b8b7f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000ae789
ID des fehlerhaften Prozesses: 0x15f0
Startzeit der fehlerhaften Anwendung: 0xIntegrator.exe0
Pfad der fehlerhaften Anwendung: Integrator.exe1
Pfad des fehlerhaften Moduls: Integrator.exe2
Berichtskennung: Integrator.exe3
System errors:
=============
Error: (05/03/2015 11:24:17 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
Error: (05/03/2015 11:23:47 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (05/03/2015 10:45:48 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
amdkmafd
Error: (05/03/2015 10:45:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Pinnacle WDM PCTV Video Capture" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error: (05/03/2015 10:45:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Pinnacle WDM PCTV Audio Capture" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error: (05/03/2015 10:02:59 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/03/2015 10:02:58 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/03/2015 10:02:56 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/03/2015 10:02:55 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/03/2015 10:02:53 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Microsoft Office Sessions:
=========================
Error: (05/03/2015 00:09:02 PM) (Source: VSS) (EventID: 12292) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (05/03/2015 00:09:02 PM) (Source: VSS) (EventID: 13) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (05/03/2015 11:21:56 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\common files\logishrd\sp6_uninstall\tools\64\AddBrowsers.exe
Error: (05/03/2015 11:20:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_aepdu.dll6.1.7600.163854a5bc637generaltel.dll10.0.10037.0550d5182c00000050002c98e8cc01d085819e0edba2C:\Windows\system32\rundll32.exeC:\Windows\system32\generaltel.dlla466477b-f175-11e4-98e3-0009dd64401c
Error: (05/03/2015 10:51:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: DATA BECKER Update Service.exe0.0.4.14d89246bntdll.dll6.1.7601.187985507b3c6c0000374000c3b93f1001d0857e320fb40cC:\Program Files\Common Files\DATA BECKER Shared\DATA BECKER Update Service.exeC:\Windows\SYSTEM32\ntdll.dll86af0311-f171-11e4-98e3-0009dd64401c
Error: (05/03/2015 09:31:15 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\wbem\wmiprvse.exezoek.exe restore point0x80042302
Error: (05/03/2015 09:31:15 AM) (Source: VSS) (EventID: 8193) (User: )
Description: GetProviderMgmtInterface0x8004230f, Unerwarteter Fehler beim Schattenkopieanbieter bei dem Versuch, den angegebenen Vorgang zu verarbeiten.
Error: (05/03/2015 09:31:14 AM) (Source: VSS) (EventID: 12292) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Anbieterverwaltungsschnittstelle wird abgerufen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {00000000-0000-0000-0000-000000000000}
Snapshotkontext: -1
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Error: (05/03/2015 09:31:14 AM) (Source: VSS) (EventID: 13) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Anbieterverwaltungsschnittstelle wird abgerufen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {00000000-0000-0000-0000-000000000000}
Snapshotkontext: -1
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Error: (05/03/2015 08:25:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Integrator.exe12.0.3600.17152a8292avcl120.bpl12.0.3420.212184a0b8b7fc0000005000ae78915f001d08569ee53798cC:\Program Files\TuneUp Utilities 2012\Integrator.exeC:\Program Files\TuneUp Utilities 2012\vcl120.bpl3220ec9e-f15d-11e4-8288-0009dd64401c
CodeIntegrity Errors:
===================================
Date: 2014-09-11 21:11:00.917
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 21:11:00.917
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 21:11:00.901
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 21:11:00.901
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 21:04:09.918
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 21:04:09.903
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-14 13:00:40.405
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-14 13:00:40.403
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-14 13:00:40.367
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-14 13:00:40.364
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 53%
Total physical RAM: 2046.42 MB
Available physical RAM: 946.35 MB
Total Pagefile: 4092.84 MB
Available Pagefile: 2586.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.2 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:149.05 GB) (Free:27.97 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (GILLAN NTSC) (CDROM) (Total:5.88 GB) (Free:0 GB) UDF
Drive f: (Umwandlung - Musik) (Fixed) (Total:1397.26 GB) (Free:1266.3 GB) NTFS
Drive g: (MEDIA-HDD) (Fixed) (Total:1397.26 GB) (Free:1278.8 GB) NTFS
Drive h: (Trek-Stor-Zwischenmaterial) (Fixed) (Total:76.69 GB) (Free:13.01 GB) NTFS
Drive i: (Intenso-Reserve) (Fixed) (Total:48.83 GB) (Free:48.7 GB) NTFS
Drive n: (Intenso-Computer) (Fixed) (Total:146.48 GB) (Free:75.3 GB) NTFS
Drive o: (Intenso-Familie) (Fixed) (Total:97.66 GB) (Free:69.86 GB) NTFS
Drive p: (Intenso-Foto-Archiv) (Fixed) (Total:146.48 GB) (Free:53.01 GB) NTFS
Drive q: (Intenso-Haus) (Fixed) (Total:24.41 GB) (Free:13.84 GB) NTFS
Drive r: (Intenso-Schreiberei) (Fixed) (Total:68.36 GB) (Free:60.13 GB) NTFS
Drive s: (Intenso-Burschenschaft) (Fixed) (Total:24.41 GB) (Free:22.11 GB) NTFS
Drive t: (Intenso-Musik) (Fixed) (Total:146.48 GB) (Free:84.59 GB) NTFS
Drive u: (Intenso-Polizei) (Fixed) (Total:24.41 GB) (Free:9.62 GB) NTFS
Drive v: (Intenso-Bekannte & Verwandte) (Fixed) (Total:87.89 GB) (Free:35.83 GB) NTFS
Drive w: (Intenso-Video&TV) (Fixed) (Total:91.66 GB) (Free:57.14 GB) NTFS
Drive x: (Intenso-JOKES) (Fixed) (Total:24.41 GB) (Free:23.21 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: E49C41A0)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 76.7 GB) (Disk ID: 49EFB767)
Partition 1: (Not Active) - (Size=76.7 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: DD09E70A)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)
========================================================
Disk: 4 (Size: 931.5 GB) (Disk ID: 14EE0B66)
Partition 1: (Not Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=638.5 GB) - (Type=OF Extended)
==================== End Of Log ============================
|
|
03.05.2015, 11:45
| #20 |
| /// TB-Ausbilder /// Anleitungs-Guru | sm.de - wie werde ich das wieder los? Hi, Schritt 1   Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument: Code:
ATTFilter SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\.DEFAULT -> No Name - {266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6} - No File
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: SuchMaschine
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
C:\Program Files\Enigma Software Group
Task: {124F544D-9EE7-45CB-99DA-89C8DB1AAD60} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe
C:\Program Files\GridinSoft Trojan Killer
AlternateDataStreams: C:\ProgramData\TEMP:60466E88
AlternateDataStreams: C:\ProgramData\TEMP:A5B56640
Wie sieht es nach diesem Fix aus mit sm...?
__________________ Gruß deeprybka  Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
03.05.2015, 18:33
| #21 |
| | sm.de - wie werde ich das wieder los? SM ist immer noch aktiv ;-( Soll ich nach dem Fix erst mal den Rechner neu starten? |
|
03.05.2015, 18:35
| #22 |
| /// TB-Ausbilder /// Anleitungs-Guru | sm.de - wie werde ich das wieder los? Ja, mach mal bitte.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
03.05.2015, 19:36
| #23 |
| | sm.de - wie werde ich das wieder los? Zu früh gefreut... ;-) Gebe ich de Suchbegriff ein und wähle dann aus den diversen Möglichkeiten Google aus, so sucht und zeigt Google... Gebe ich aber den Begriff ein und drücke Enter, sucht sm.de ;-( |
|
03.05.2015, 19:37
| #24 |
| /// TB-Ausbilder /// Anleitungs-Guru | sm.de - wie werde ich das wieder los? Poste bitte mal das Fixlog wie beschrieben und einen neues FRST-Log.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
03.05.2015, 19:46
| #25 |
| | sm.de - wie werde ich das wieder los? Zu früh gefreut ... ;-( Gebe ich einen Begriff ein und wähle Google, sucht und antwortet Google... Gebe ich den Begriff ein und drücke Enter, sucht SM.de... Gruß Demisto |
|
03.05.2015, 19:47
| #26 | |
| /// TB-Ausbilder /// Anleitungs-Guru | sm.de - wie werde ich das wieder los?Zitat:
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
04.05.2015, 09:51
| #27 |
| | sm.de - wie werde ich das wieder los? Hallo! Ja, ich habe es gelesen und nun schicke ich das neue Fixlog sowie FRST.txt und ich hoffe, dass das FRST.txt das FRST-log ist. Wenn nicht, bitte ich um einen Hinweis. Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-04-2015 01
Ran by Home at 2015-05-04 10:43:33 Run:3
Running from C:\Users\Home\Desktop
Loaded Profiles: Home (Available profiles: Home & Gast & Classic .NET AppPool & DefaultAppPool)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\.DEFAULT -> No Name - {266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6} - No File
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: SuchMaschine
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
C:\Program Files\Enigma Software Group
Task: {124F544D-9EE7-45CB-99DA-89C8DB1AAD60} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe
C:\Program Files\GridinSoft Trojan Killer
AlternateDataStreams: C:\ProgramData\TEMP:60466E88
AlternateDataStreams: C:\ProgramData\TEMP:A5B56640
*****************
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6} => Value not found.
HKCR\CLSID\{266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6} => Key not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value not found.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
Firefox newtab deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
esgiguard => Service not found.
"C:\Program Files\Enigma Software Group" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{124F544D-9EE7-45CB-99DA-89C8DB1AAD60} => Key not found.
C:\Windows\System32\Tasks\Trojan Killer not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Trojan Killer => Key not found.
"C:\Program Files\GridinSoft Trojan Killer" => File/Directory not found.
"C:\ProgramData\TEMP" => ":60466E88" ADS not found.
"C:\ProgramData\TEMP" => ":A5B56640" ADS not found.
==== End of Fixlog 10:43:33 ====
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-04-2015 01
Ran by Home (administrator) on HOME-OFFICE on 04-05-2015 10:02:40
Running from C:\Users\Home\Desktop
Loaded Profiles: Home (Available profiles: Home & Gast & Classic .NET AppPool & DefaultAppPool)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\Lexware\AAVUpdateManager\aavus.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Bayer Healthcare LLC) C:\Program Files\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe
(DATA BECKER GmbH & Co KG) C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(StarWind Software) C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
() C:\Windows\System32\CmWatch.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [CmCardRun] => C:\Windows\system32\CmWatch.exe [229376 2003-09-16] ()
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-15] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AMD AVT] => C:\Program Files\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-28] (DivX, LLC)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
HKLM\...\Run: [BrowserPlugInHelper] => C:\Program Files\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2012-10-01] (Logitech, Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoDriveAutoRun] 0x0000
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\2015_Termine.xls - Verknüpfung.lnk [2015-04-15]
ShortcutTarget: 2015_Termine.xls - Verknüpfung.lnk -> O:\~Termine\Termine_nach_Jahren\2015_Termine.xls ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kalenderchen 5.lnk [2015-04-15]
ShortcutTarget: Kalenderchen 5.lnk -> C:\Program Files\Kalenderchen\Kalenderchen.exe (Daniel Manger Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3719280737-1325245270-1685948379-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-12-10] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-05-19] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-10] (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll [2013-12-10] (Kaspersky Lab ZAO)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Toolbar: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Handler: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax [2009-07-16] ()
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: WSWSVCUchrome - No CLSID Value -
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: SuchMaschine
FF Homepage: google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2014-06-03] (DivX, LLC)
FF Plugin: @fluxdvd.com/NPWMDRMWrapper -> C:\Program Files\Videoload Manager\NPWMDRMWrapper.dll [2010-02-04] ( )
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll No File
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll No File
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2010-03-21] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin: @protectdisc.com/NPMPDRM -> C:\Program Files\Common Files\mpDRM\NPMPDRM.dll [2010-02-03] ( )
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-10-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-10-12] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @protectdisc.com/NPPDLicenseHelper -> C:\Windows\system32\config\systemprofile\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll [2009-06-25] ( )
FF Plugin HKU\S-1-5-21-3719280737-1325245270-1685948379-1001: @doubletwist.com/NPPodcast -> C:\Program Files\Common Files\doubleTwist\NPPodcast.dll No File
FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471\searchplugins\suchmaschine.xml [2015-04-30]
FF Extension: WEB.DE MailCheck - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471\Extensions\toolbar@web.de [2015-04-19]
FF Extension: Garmin Communicator - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-10-29]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-12-07]
FF Extension: Video DownloadHelper - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-16]
FF Extension: Adblock Plus - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-15]
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-01-30]
FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013-04-05]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013-04-05]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013-04-05]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013-04-05]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013-04-05]
Chrome:
=======
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-23]
CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-23]
CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-23]
CHR Extension: (Google Search) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-23]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-10-23]
CHR Extension: (Logitech SetPoint) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2013-10-23]
CHR Extension: (Safe Money) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-10-23]
CHR Extension: (Content Blocker) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-10-23]
CHR Extension: (Virtual Keyboard) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-10-23]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-23]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-10-23]
CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-23]
CHR Extension: (Anti-Banner) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-10-23]
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-12-14]
CHR HKLM\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-01-30]
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-12-14]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-12-14]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-12-14]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-12-14]
Opera:
=======
StartMenuInternet: (HKLM) Opera - H:\Opera-Browser\Opera.exe
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AAV UpdateService; C:\Program Files\Lexware\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)
R2 BayerHealthcareService; C:\Program Files\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe [135032 2013-12-05] (Bayer Healthcare LLC)
R2 DBService; C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe [187456 2011-01-13] (DATA BECKER GmbH & Co KG) [File not signed]
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2015-03-30] (Freemake) [File not signed]
S3 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [13824 2009-07-14] (Microsoft Corporation)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [254552 2012-12-21] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1529656 2013-12-11] (TuneUp Software)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [15968 2013-10-19] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [24832 2013-10-19] (Advanced Micro Devices, Inc.)
R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [26032 2013-06-02] (Wondershare)
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [77312 2013-09-24] (Advanced Micro Devices) [File not signed]
R3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [34576 2007-03-05] (IVT Corporation.)
R3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [27792 2007-03-05] (IVT Corporation.)
R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [18320 2007-03-05] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [39184 2007-03-05] (IVT Corporation.)
R0 BTHidEnum; C:\Windows\System32\Drivers\vbtenum.sys [20880 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\Windows\System32\Drivers\BTHidMgr.sys [35600 2007-03-05] (IVT Corporation.)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [225280 2011-07-19] (Intel Corporation)
S3 cvspydr2; C:\Windows\System32\DRIVERS\cvspydr2.sys [33024 2002-04-02] (Colorvision Inc)
S1 HCW88AUD; C:\Windows\System32\drivers\hcw88aud.sys [13440 2010-08-16] (Hauppauge Computer Works, Inc)
S3 hcw88bda; C:\Windows\System32\drivers\hcw88bda.sys [216576 2010-08-16] (Hauppauge Computer Works, Inc)
S3 hcw88rc5; C:\Windows\System32\Drivers\hcw88rc5.sys [12288 2010-08-16] (Hauppauge Computer Works, Inc.)
S3 HCW88TSE; C:\Windows\System32\drivers\hcw88tse.sys [321408 2010-08-16] (Hauppauge Computer Works, Inc)
S3 hcw88vid; C:\Windows\System32\drivers\hcw88vid.sys [396928 2010-08-16] (Hauppauge Computer Works, Inc)
S3 HCW88XBAR; C:\Windows\System32\drivers\HCW88BAR.sys [17920 2010-08-16] (Hauppauge Computer Works, Inc.)
S3 iBtFltCoex; C:\Windows\System32\DRIVERS\iBtFltCoex.sys [47104 2011-07-20] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-12-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [597600 2014-05-19] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-12-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-10-09] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-09] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-06-18] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145224 2015-02-17] (Kaspersky Lab ZAO)
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-05-03] (Malwarebytes Corporation)
S3 PAC7311; C:\Windows\System32\DRIVERS\PA707UCM.SYS [154752 2005-10-18] (PixArt Imaging Inc.)
S2 ROB_A; C:\Windows\System32\DRIVERS\rob_a.sys [17664 2003-02-10] (Pinnacle Systems GmbH)
S2 ROB_V; C:\Windows\System32\drivers\rob_v.sys [125568 2003-04-11] (Pinnacle Systems GmbH)
S3 SKYNET; C:\Windows\System32\DRIVERS\SkyNET.SYS [627288 2010-05-10] (TechniSat Digital, S.A.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [436792 2011-04-04] () [File not signed]
S3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1579144 2010-06-07] (Syntek)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [35592 2012-10-25] (Anchorfree Inc.)
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39048 2014-06-11] (RapidSolution Software AG)
R3 ttBudget2; C:\Windows\System32\drivers\ttBudget2.sys [457472 2009-01-16] (TechnoTrend GmbH)
S3 TTHID; C:\Windows\System32\DRIVERS\Cinergy_Hybrid-Stick_HID.sys [21752 2009-05-14] (DTV-DVB)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2013-10-15] (TuneUp Software)
S3 UDXTTM6010; C:\Windows\System32\DRIVERS\UDXTTM6010.sys [762232 2009-05-14] ()
S3 UMSSSTOR; C:\Windows\System32\DRIVERS\UMSS.SYS [48512 2004-07-13] (C-Media Corporation)
R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [34448 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [44304 2007-03-05] (IVT Corporation.)
S3 X86BDA; C:\Windows\System32\DRIVERS\OEMDrv.sys [195712 2011-06-08] ( )
U3 an0sbdns; C:\Windows\system32\Drivers\an0sbdns.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S3 cpuz132; No ImagePath
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2014-05-19] (Kaspersky Lab ZAO)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-04 10:02 - 2015-05-04 10:03 - 00024921 _____ () C:\Users\Home\Desktop\FRST.txt
2015-05-03 11:24 - 2015-05-03 11:24 - 00032621 _____ () C:\Users\Home\Desktop\zoek-results.txt
2015-05-03 10:22 - 2015-05-03 09:25 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-05-03 09:31 - 2015-05-03 11:23 - 00032621 ____C () C:\zoek-results.log
2015-05-03 09:25 - 2015-05-03 10:45 - 00000000 ___DC () C:\zoek_backup
2015-05-03 09:24 - 2015-05-03 09:22 - 01305600 _____ () C:\Users\Home\Desktop\zoek.exe
2015-05-03 09:22 - 2015-05-03 09:22 - 01305600 _____ () C:\Users\Home\Downloads\zoek.exe
2015-05-02 14:03 - 2015-05-02 14:03 - 00001067 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk
2015-05-02 14:03 - 2015-05-02 14:03 - 00001057 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealtimeSync.lnk
2015-05-02 14:03 - 2015-05-02 14:03 - 00001055 _____ () C:\Users\Public\Desktop\FreeFileSync.lnk
2015-05-02 14:03 - 2015-05-02 14:03 - 00001045 _____ () C:\Users\Public\Desktop\RealtimeSync.lnk
2015-05-02 14:03 - 2015-05-02 14:03 - 00000000 ____D () C:\Program Files\FreeFileSync
2015-05-02 14:01 - 2015-05-02 14:02 - 12027832 _____ (www.FreeFileSync.org) C:\Users\Home\Downloads\FreeFileSync_6.15_Windows_Setup.exe
2015-05-02 09:39 - 2015-05-02 09:39 - 02204160 _____ () C:\Users\Home\Desktop\adwcleaner_4.203.exe
2015-05-02 00:13 - 2015-05-02 00:15 - 00078826 _____ () C:\Users\Home\Downloads\Addition.txt
2015-05-02 00:12 - 2015-05-02 10:29 - 00065812 _____ () C:\Users\Home\Downloads\FRST.txt
2015-05-02 00:11 - 2015-05-02 00:11 - 01140736 _____ (Farbar) C:\Users\Home\Desktop\FRST.exe
2015-05-02 00:02 - 2015-05-04 08:30 - 00000000 ____D () C:\Users\Home\AppData\Roaming\vlc
2015-05-02 00:01 - 2015-05-02 00:01 - 00000994 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-05-02 00:01 - 2015-05-02 00:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-05-01 22:16 - 2015-05-03 19:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-01 22:16 - 2015-05-01 22:16 - 00001087 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-01 19:56 - 2015-05-01 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-05-01 19:56 - 2015-05-01 19:56 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2015-05-01 19:56 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-01 19:56 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-01 19:54 - 2015-05-03 08:51 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2015-05-01 19:54 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-01 18:18 - 2015-05-01 18:18 - 00000000 ____D () C:\ProgramData\GridinSoft
2015-04-30 17:21 - 2015-04-30 17:21 - 00001470 _____ () C:\Users\Home\Desktop\DVD Shrink 3.2 DE.exe - Verknüpfung.lnk
2015-04-30 17:03 - 2015-04-30 17:03 - 00000953 _____ () C:\Users\Gast\Desktop\DVD Shrink 3.2 deutsch.lnk
2015-04-30 17:03 - 2015-04-30 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink deutsch
2015-04-30 17:03 - 2015-04-30 17:03 - 00000000 ____D () C:\Program Files\DVD Shrink DE
2015-04-30 16:59 - 2015-04-30 17:00 - 00541240 _____ ( ) C:\Users\Home\Downloads\DVD%20Shrink.exe
2015-04-30 16:37 - 2013-08-23 13:36 - 00721263 _____ () C:\Windows\system32\WSCM64.dll
2015-04-30 16:37 - 2013-08-07 14:31 - 00214528 _____ () C:\Windows\system32\WSCM32.dll
2015-04-30 16:34 - 2015-04-30 16:35 - 41209384 _____ (Wondershare Software ) C:\Users\Home\Downloads\video-converter-ultimate_full1443.exe
2015-04-30 16:33 - 2015-04-30 16:33 - 00000048 _____ () C:\Windows\F27BBFAFCDA5DF0F.log
2015-04-30 16:27 - 2015-04-30 16:27 - 05185720 _____ () C:\Users\Home\Downloads\SetupCloneDVD2930Slysoft.exe
2015-04-30 15:27 - 2015-04-30 15:27 - 00002117 _____ () C:\Users\Home\Desktop\TuneUp Utilities 2012.lnk
2015-04-30 14:52 - 2015-04-30 14:53 - 00000000 ____D () C:\Windows\system32\sysdir
2015-04-30 14:52 - 2015-04-30 14:52 - 00000000 ____D () C:\ProgramData\CloneDVD Studio
2015-04-30 14:46 - 2015-04-30 16:30 - 00000085 ___SH () C:\ProgramData\.zreglib
2015-04-30 10:34 - 2015-04-30 10:34 - 00000000 ____D () C:\Users\Home\Desktop\Bücher und Schreiberei\Büroarbeiten\Documents\Tipard Studio
2015-04-30 10:34 - 2015-04-30 10:34 - 00000000 ____D () C:\Users\Home\AppData\Local\Tipard Studio
2015-04-30 10:34 - 2015-04-30 10:34 - 00000000 ____D () C:\ProgramData\Tipard Studio
2015-04-30 10:34 - 2015-04-30 10:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tipard
2015-04-30 10:34 - 2015-04-30 10:34 - 00000000 ____D () C:\Program Files\Tipard Studio
2015-04-30 10:28 - 2015-04-30 10:28 - 00000000 ____D () C:\Users\Home\AppData\Roaming\NCH Software
2015-04-30 10:28 - 2015-04-30 10:28 - 00000000 ____D () C:\ProgramData\NCH Software
2015-04-30 10:28 - 2015-04-30 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette
2015-04-30 10:28 - 2015-04-30 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audioverwandte Programme
2015-04-30 10:28 - 2015-04-30 10:28 - 00000000 ____D () C:\Program Files\NCH Software
2015-04-30 10:27 - 2015-04-30 10:27 - 00660504 _____ (NCH Software) C:\Users\Home\Downloads\switchsetup.exe
2015-04-30 08:41 - 2015-04-30 08:41 - 00000995 _____ () C:\Users\Public\Desktop\XMedia Recode.lnk
2015-04-30 08:41 - 2015-04-30 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
2015-04-30 08:37 - 2015-04-30 08:37 - 08039043 _____ (XMedia Recode ) C:\Users\Home\Downloads\XMediaRecode3227_setup.exe
2015-04-30 08:17 - 2015-04-30 08:17 - 00000000 ____D () C:\Program Files\Startfenster
2015-04-30 08:15 - 2015-04-30 08:15 - 29013544 _____ () C:\Users\Home\Downloads\vlc-2.2.1-win32.exe
2015-04-29 23:18 - 2015-04-29 23:19 - 00000686 _____ () C:\Windows\wmsetup.log
2015-04-29 23:15 - 2015-04-29 23:16 - 01203488 _____ () C:\Users\Home\Downloads\Windows Media Player - CHIP-Installer.exe
2015-04-29 22:59 - 2015-04-29 22:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvsoft
2015-04-29 22:56 - 2015-04-29 22:57 - 37546360 _____ (Any-DVD-Converter.com ) C:\Users\Home\Downloads\any-dvd-converter.exe
2015-04-29 22:49 - 2015-04-29 22:49 - 00000000 ____D () C:\Users\Home\Desktop\Bücher und Schreiberei\Büroarbeiten\Documents\Wondershare MediaServer
2015-04-29 22:48 - 2015-04-29 23:07 - 00000000 ____D () C:\ProgramData\Wondershare
2015-04-29 22:46 - 2015-04-29 22:46 - 00811592 _____ () C:\Users\Home\Downloads\video-converter-ultimate_setup_full1045.exe
2015-04-29 11:05 - 2015-04-29 11:05 - 00001050 _____ () C:\Users\Home\Desktop\CDex.lnk
2015-04-26 17:56 - 2015-04-26 17:56 - 00000000 ____D () C:\Users\Home\AppData\Roaming\HandBrake
2015-04-26 17:49 - 2015-04-26 17:49 - 01203488 _____ () C:\Users\Home\Downloads\Free DVD Video Converter - CHIP-Installer.exe
2015-04-21 08:43 - 2015-04-21 08:43 - 00619753 _____ () C:\Users\Home\Downloads\flvplayer2_1.4.0.t3x
2015-04-21 08:22 - 2015-04-21 08:23 - 36790512 _____ (Movavi) C:\Users\Home\Downloads\MovaviVideoConverterSetupF(1).exe
2015-04-17 12:13 - 2015-04-17 12:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IVT BlueSoleil
2015-04-17 11:45 - 2015-04-17 11:45 - 00000000 ____D () C:\Program Files\Free Codec Pack
2015-04-17 10:56 - 2015-04-17 10:56 - 00001511 _____ () C:\Users\Home\Desktop\Für_Erstattungen_gesammelte_Belege - Verknüpfung.lnk
2015-04-17 10:06 - 2015-04-17 10:06 - 34359344 _____ (DVDVideoSoft Ltd. ) C:\Users\Home\Downloads\FreeYouTubeDownload_3.2.56.324.exe
2015-04-16 17:26 - 2015-04-16 17:26 - 00000000 ____D () C:\Users\Home\Desktop\Bücher und Schreiberei\Büroarbeiten\Documents\QuickSteuer
2015-04-16 17:26 - 2015-04-16 17:26 - 00000000 ____D () C:\Users\Home\AppData\Local\HL
2015-04-16 17:23 - 2015-04-20 13:23 - 00000000 ____D () C:\ProgramData\AAV
2015-04-16 17:22 - 2015-04-16 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
2015-04-16 17:14 - 2015-04-16 17:14 - 00000000 ____D () C:\ProgramData\HL
2015-04-16 17:03 - 2015-04-16 17:12 - 351504736 _____ () C:\Users\Home\Downloads\QuickSteuer2015.exe
2015-04-16 15:18 - 2015-04-26 09:48 - 00000000 _____ () C:\Users\Home\.gtk-bookmarks
2015-04-15 18:31 - 2015-04-15 18:40 - 00001633 _____ () C:\Users\Home\Desktop\2015_Grundwassermessung_Grauwinkel.lnk
2015-04-15 14:00 - 2015-04-15 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-15 11:08 - 2015-04-15 11:08 - 00001801 _____ () C:\Users\Home\Desktop\FreeDoko.lnk
2015-04-15 11:08 - 2015-04-15 11:08 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeDoko
2015-04-15 11:08 - 2015-04-15 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeDoko
2015-04-15 11:08 - 2015-04-15 11:08 - 00000000 ____D () C:\Program Files\FreeDoko
2015-04-15 11:03 - 2015-04-15 11:03 - 01203488 _____ () C:\Users\Home\Downloads\FreeDoko - CHIP-Installer.exe
2015-04-15 05:32 - 2015-04-15 05:32 - 00001907 _____ () C:\Users\Home\Desktop\Kalenderchen 5.lnk
2015-04-15 05:26 - 2015-03-23 05:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 05:26 - 2015-03-23 05:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 05:26 - 2015-03-23 05:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 05:26 - 2015-03-23 05:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 05:26 - 2015-03-23 05:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 05:26 - 2015-03-23 05:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 05:26 - 2015-03-23 05:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 05:26 - 2015-03-23 04:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 05:26 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-15 05:26 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 05:26 - 2015-03-17 07:01 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 05:26 - 2015-03-17 07:01 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 05:26 - 2015-03-17 06:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 05:26 - 2015-03-17 06:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 05:26 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 05:26 - 2015-03-17 06:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 05:26 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 05:26 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 05:26 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 05:26 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 05:26 - 2015-03-17 06:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 05:26 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 05:26 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 05:26 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 05:26 - 2015-03-17 06:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 05:26 - 2015-03-17 06:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 05:26 - 2015-03-17 06:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 05:26 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 05:26 - 2015-03-17 06:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 05:26 - 2015-03-17 06:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 05:26 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 05:26 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 05:26 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 05:26 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 05:26 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 05:26 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 05:26 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 05:25 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 05:25 - 2015-03-25 05:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 05:25 - 2015-03-25 05:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 05:25 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 05:25 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 05:25 - 2015-03-25 05:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 05:25 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 05:25 - 2015-03-25 05:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 05:25 - 2015-03-25 05:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 05:25 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 05:25 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 05:25 - 2015-03-25 05:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 05:25 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 05:25 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 05:25 - 2015-03-13 05:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 05:25 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 05:25 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 05:25 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 05:25 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 05:25 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 05:25 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 05:25 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 05:25 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 05:25 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 05:25 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 05:25 - 2015-03-13 05:16 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 05:25 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 05:25 - 2015-03-13 05:09 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 05:25 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 05:25 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 05:25 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 05:25 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 05:25 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 05:25 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 05:25 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 05:25 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 05:25 - 2015-03-13 04:43 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 05:25 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 05:25 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 05:25 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 05:25 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 05:25 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 05:25 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 05:24 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 05:23 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 05:23 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 16:46 - 2015-04-14 16:46 - 00001883 _____ () C:\Users\Home\Downloads\Auslieferung 17.4.2015 (2015_4_14 16_46).csv
2015-04-14 14:55 - 2015-04-14 14:55 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
2015-04-14 14:55 - 2015-04-14 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
2015-04-14 14:55 - 2013-12-11 09:59 - 00032568 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe
2015-04-14 14:55 - 2013-12-11 09:59 - 00022328 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2015-04-14 14:54 - 2015-04-14 14:55 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2012
2015-04-14 14:47 - 2015-04-14 14:48 - 27620744 _____ (TuneUp Software) C:\Users\Home\Downloads\TuneUpUtilities2012_de-DE.exe
2015-04-14 14:07 - 2015-04-14 14:08 - 16107931 _____ (INTENIUM GmbH) C:\Users\Home\Downloads\greatmahjong.exe
2015-04-14 13:58 - 2015-04-14 13:59 - 00381120 _____ () C:\Users\Home\Downloads\greatmahjong_CB-DL-Manager.exe
2015-04-14 13:49 - 2015-04-14 13:49 - 00001328 _____ () C:\Users\Home\Desktop\Mahjongg 2000.lnk
2015-04-14 13:44 - 2015-04-14 13:44 - 00757261 _____ () C:\Users\Home\Downloads\mj32xpde.zip
2015-04-14 13:26 - 2015-04-14 13:26 - 00800216 _____ (Generic Web ) C:\Users\Home\Downloads\IObitUninstallerSetup.exe
2015-04-14 13:19 - 2015-04-14 13:19 - 05942469 _____ ( ) C:\Users\Home\Downloads\MahjongCity.exe
2015-04-14 13:18 - 2015-04-14 13:18 - 00381120 _____ () C:\Users\Home\Downloads\MahjongCity_CB-DL-Manager.exe
2015-04-14 12:31 - 2015-04-14 13:10 - 00000000 ____D () C:\Program Files\Kyodai Mahjongg 2006
2015-04-14 12:30 - 2015-04-14 12:30 - 00000000 ____D () C:\Program Files\WEB.DE MailCheck
2015-04-14 12:10 - 2015-04-14 12:10 - 00000356 _____ () C:\Users\Home\Desktop\Hearts.lnk
2015-04-14 11:27 - 2015-04-14 11:27 - 00000884 _____ () C:\Users\Home\Desktop\Downloads - Verknüpfung.lnk
2015-04-14 11:23 - 2015-04-14 11:24 - 10717440 _____ () C:\Users\Home\Downloads\TU2007TrialDE.exe
2015-04-14 10:16 - 2015-04-14 10:16 - 00000000 ____D () C:\Program Files\Royal Doppelkopf
2015-04-14 09:37 - 2015-04-14 09:37 - 03556352 _____ () C:\Users\Home\Downloads\SetupRoyalDokosv.exe
2015-04-14 09:31 - 2015-04-14 09:31 - 00381120 _____ () C:\Users\Home\Downloads\SetupRoyalDokosv_CB-DL-Manager.exe
2015-04-14 08:57 - 2015-04-14 08:57 - 00000851 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Napster 5.0.lnk
2015-04-14 08:57 - 2015-04-14 08:57 - 00000000 ____D () C:\Program Files\Napster 5.0
2015-04-14 08:55 - 2015-04-14 08:55 - 01203488 _____ () C:\Users\Home\Downloads\Napster - CHIP-Installer.exe
2015-04-14 08:26 - 2015-04-14 15:32 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-04-12 12:24 - 2015-04-12 12:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Napster Rienf Repair
2015-04-12 12:13 - 2015-04-12 12:14 - 07411200 _____ () C:\Users\Home\Downloads\NapsterRienfRepairSetup_1.1.9.msi
2015-04-12 11:32 - 2015-04-12 11:32 - 00000000 ____D () C:\Program Files\NA
2015-04-12 10:16 - 2015-04-12 12:01 - 00000943 _____ () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Napster Music Community.lnk
2015-04-12 10:16 - 2015-04-12 12:01 - 00000919 _____ () C:\Users\Gast\Desktop\Napster Music Community.lnk
2015-04-12 10:16 - 2015-04-12 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Napster
2015-04-11 11:40 - 2015-04-12 10:22 - 00000000 _____ () C:\Windows\system32\mx_0020b.00-
2015-04-11 11:38 - 2015-04-12 12:01 - 00000000 ____D () C:\Program Files\Napster
2015-04-11 10:28 - 2015-04-11 10:28 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-04-11 10:28 - 2015-04-11 10:28 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-04-11 10:28 - 2015-04-11 10:28 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2015-04-10 13:30 - 2015-04-10 13:30 - 00000000 ____D () C:\Users\Home\.fontconfig
2015-04-10 13:18 - 2015-04-10 13:19 - 36790512 _____ (Movavi) C:\Users\Home\Downloads\MovaviVideoConverterSetupF.exe
2015-04-10 12:02 - 2015-04-10 12:02 - 00000000 ____D () C:\Users\Default\AppData\Local\Garmin_Ltd._or_its_subsid
2015-04-10 12:02 - 2015-04-10 12:02 - 00000000 ____D () C:\Users\Default User\AppData\Local\Garmin_Ltd._or_its_subsid
2015-04-08 12:12 - 2015-04-08 12:17 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Mp3tag
2015-04-08 12:12 - 2015-04-08 12:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2015-04-08 12:12 - 2015-04-08 12:12 - 00000000 ____D () C:\Program Files\Mp3tag
2015-04-08 12:09 - 2015-04-08 12:09 - 02802944 _____ () C:\Users\Home\Downloads\mp3tagv269setup.exe
2015-04-07 09:20 - 2015-04-07 09:20 - 00001248 _____ () C:\Users\Public\Desktop\Freemake Video Converter.lnk
2015-04-07 09:16 - 2015-04-07 09:16 - 01270552 _____ (Ellora Assets Corporation ) C:\Users\Home\Downloads\FreemakeVideoConverterSetup.exe
2015-04-06 18:31 - 2015-04-06 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftMaker Office Standard 2012
2015-04-06 18:30 - 2015-04-06 18:44 - 00000000 ____D () C:\Program Files\SoftMaker Office Standard 2012
2015-04-06 10:22 - 2015-04-06 10:25 - 113784328 _____ (SoftMaker Software GmbH) C:\Users\Home\Downloads\ofw2012std.exe
2015-04-05 10:46 - 2015-04-05 10:46 - 15621448 _____ (Ventis Media Inc. ) C:\Users\Home\Downloads\MediaMonkey_4.1.6.1736.exe
2015-04-05 10:22 - 2015-04-05 10:22 - 01906385 _____ () C:\Users\Home\Downloads\cdtomp3freeware.exe
2015-04-05 10:22 - 2015-04-05 10:22 - 00000938 _____ () C:\Users\Gast\Desktop\Free CD to MP3 Converter.lnk
2015-04-05 10:22 - 2015-04-05 10:22 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Eusing
2015-04-05 10:22 - 2015-04-05 10:22 - 00000000 ____D () C:\Program Files\CD to MP3 Freeware
2015-04-05 10:20 - 2015-04-05 10:20 - 00232216 _____ () C:\Users\Home\Downloads\cdtomp3freeware-33399310.exe
2015-04-04 10:45 - 2015-04-04 10:45 - 00000000 ___SD () C:\Windows\system32\GWX
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-04 10:02 - 2013-10-28 20:58 - 00000000 ____D () C:\FRST
2015-05-04 09:39 - 2013-04-05 07:54 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-04 09:10 - 2012-03-31 17:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-04 08:32 - 2010-02-18 19:57 - 01555241 _____ () C:\Windows\WindowsUpdate.log
2015-05-04 07:09 - 2009-07-14 06:34 - 00029760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-04 07:09 - 2009-07-14 06:34 - 00029760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-04 07:02 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-05-04 07:00 - 2015-02-25 21:55 - 00016085 _____ () C:\Windows\setupact.log
2015-05-04 07:00 - 2012-01-14 15:24 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-05-04 07:00 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-03 20:26 - 2014-07-02 10:52 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-03 20:22 - 2013-02-05 13:34 - 00000000 ____D () C:\Users\Home\AppData\Roaming\MediaMonkey
2015-05-03 13:08 - 2015-03-03 15:29 - 00000000 ____D () C:\Users\Home\AppData\Roaming\FreeDoko
2015-05-03 12:33 - 2013-09-01 01:36 - 00000000 ___DC () C:\AdwCleaner
2015-05-03 10:45 - 2015-02-25 21:54 - 00022454 _____ () C:\Windows\PFRO.log
2015-05-03 10:45 - 2014-06-30 20:40 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-05-03 10:08 - 2014-12-07 02:07 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-05-03 10:08 - 2014-07-01 21:34 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Nico Mak Computing
2015-05-03 10:08 - 2014-07-01 21:34 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2015-05-03 10:08 - 2010-02-18 20:06 - 00000000 ____D () C:\Users\Home
2015-05-03 10:08 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-05-02 21:48 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Vss
2015-05-02 19:41 - 2009-07-14 09:50 - 00000000 ____D () C:\Windows\ShellNew
2015-05-02 18:18 - 2014-10-20 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-05-02 14:41 - 2010-04-21 23:12 - 00000000 ____D () C:\Users\Home\dwhelper
2015-05-02 00:00 - 2010-03-07 01:41 - 00000000 ____D () C:\Program Files\VideoLAN
2015-05-01 23:25 - 2013-10-23 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-01 22:37 - 2010-02-20 12:39 - 00000000 ___RD () C:\Users\Home\Desktop\Computer&Games
2015-05-01 22:36 - 2011-10-06 13:59 - 00000000 ____D () C:\Users\Home\Desktop\Musik
2015-04-30 17:55 - 2010-06-20 14:29 - 00000000 ____D () C:\Users\Home\AppData\Roaming\dvdcss
2015-04-30 17:34 - 2013-04-24 14:15 - 00000000 ____D () C:\ProgramData\DVD Shrink
2015-04-30 16:48 - 2011-04-04 17:33 - 00000327 _____ () C:\Users\Home\Desktop\Bücher und Schreiberei\Büroarbeiten\Documents\ax_files.xml
2015-04-30 14:55 - 2014-01-21 09:23 - 00087608 _____ () C:\Users\Home\AppData\Roaming\inst.exe
2015-04-30 14:55 - 2014-01-21 09:23 - 00047360 _____ (VSO Software) C:\Users\Home\AppData\Roaming\pcouffin.sys
2015-04-30 14:55 - 2014-01-21 09:23 - 00007887 _____ () C:\Users\Home\AppData\Roaming\pcouffin.cat
2015-04-30 08:41 - 2014-03-13 16:30 - 00000000 ____D () C:\Program Files\XMedia Recode
2015-04-29 23:00 - 2013-09-01 16:15 - 00000000 ____D () C:\Users\Home\Desktop\Bücher und Schreiberei\Büroarbeiten\Documents\Any DVD Converter Professional
2015-04-29 22:58 - 2014-06-29 21:02 - 00000000 ____D () C:\Program Files\AnvSoft
2015-04-29 22:58 - 2012-11-10 09:49 - 00000000 ____D () C:\Users\Home\AppData\Roaming\AnvSoft
2015-04-28 15:31 - 2010-02-18 20:11 - 01765786 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-26 17:53 - 2013-12-31 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-04-26 17:53 - 2013-09-01 19:42 - 00000000 ____D () C:\Users\Home\AppData\Roaming\DVDVideoSoft
2015-04-26 17:53 - 2013-09-01 19:42 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2015-04-25 16:38 - 2011-05-07 17:48 - 00000000 ____D () C:\Users\Home\Desktop\Bücher und Schreiberei\Büroarbeiten\Documents\SoftMaker
2015-04-22 20:51 - 2009-07-14 06:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-20 22:29 - 2013-09-01 16:15 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-18 17:27 - 2015-02-14 19:53 - 00000000 ____D () C:\Users\Home\AppData\Local\CDex
2015-04-17 12:14 - 2011-10-09 20:27 - 00000000 ____D () C:\ProgramData\Bluetooth
2015-04-17 12:13 - 2011-10-09 20:13 - 00000032 _____ () C:\Windows\0
2015-04-17 11:50 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-17 06:40 - 2009-07-14 06:33 - 00615568 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-16 17:27 - 2011-09-25 11:31 - 00198424 _____ () C:\Users\Home\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-16 17:23 - 2010-04-04 19:50 - 00000000 ____D () C:\Program Files\Lexware
2015-04-16 00:18 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 19:10 - 2012-03-31 17:58 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-15 19:10 - 2011-05-16 16:46 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-15 15:43 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2015-04-15 14:55 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-15 14:39 - 2014-05-06 20:28 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 14:38 - 2014-12-10 14:31 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 14:38 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-04-15 14:05 - 2013-08-17 18:06 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 14:05 - 2010-02-18 20:13 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 14:00 - 2013-01-25 19:38 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-04-15 14:00 - 2010-09-09 09:34 - 00000000 ___RD () C:\Program Files\Skype
2015-04-15 14:00 - 2010-09-09 09:34 - 00000000 ____D () C:\ProgramData\Skype
2015-04-15 11:08 - 2015-03-03 15:28 - 00001801 _____ () C:\Users\Gast\Desktop\FreeDoko.lnk
2015-04-15 05:07 - 2010-03-24 08:22 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-15 05:07 - 2010-03-24 08:22 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-14 14:53 - 2011-12-26 12:27 - 00000000 __SHD () C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2015-04-14 14:46 - 2010-02-19 22:54 - 00000000 ____D () C:\Users\Home\AppData\Roaming\TuneUp Software
2015-04-14 14:10 - 2013-08-07 19:56 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-04-14 14:04 - 2014-05-28 20:54 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-04-14 12:25 - 2013-11-19 11:52 - 00000000 ____D () C:\Program Files\OXXOGames
2015-04-14 12:10 - 2013-10-27 12:06 - 00000000 ____D () C:\Users\Home\AppData\Local\Microsoft Games
2015-04-14 11:43 - 2013-04-27 13:46 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2015-04-14 10:39 - 2011-01-14 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-14 10:19 - 2010-02-19 22:51 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-04-14 08:47 - 2014-03-21 10:32 - 00000000 ____D () C:\Users\Home\AppData\Roaming\com.Rhapsody.Napster5
2015-04-12 14:19 - 2012-04-10 11:46 - 00000000 ____D () C:\Users\DefaultAppPool
2015-04-12 14:19 - 2011-09-26 22:01 - 00000000 ____D () C:\Users\Classic .NET AppPool
2015-04-12 12:01 - 2012-07-13 21:50 - 00000000 ____D () C:\Users\Gast
2015-04-11 10:28 - 2010-02-19 20:23 - 00000000 ____D () C:\Program Files\Adobe
2015-04-10 12:02 - 2014-10-29 10:39 - 00000000 ____D () C:\Program Files\Garmin
2015-04-10 12:01 - 2014-10-29 10:12 - 00000000 ____D () C:\ProgramData\Garmin
2015-04-10 12:00 - 2014-10-29 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-04-09 09:50 - 2014-07-05 19:39 - 00000000 ____D () C:\Users\Home\AppData\Local\Adobe
2015-04-08 16:01 - 2009-07-14 06:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-04-07 09:20 - 2014-06-02 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2015-04-06 18:48 - 2011-05-07 17:48 - 00000000 ____D () C:\Users\Home\AppData\Roaming\SoftMaker
2015-04-06 18:27 - 2015-02-11 17:03 - 00000000 ____D () C:\Program Files\SoftMaker Office Home & Business 2012
2015-04-05 10:22 - 2012-03-22 10:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CD to MP3 Freeware
==================== Files in the root of some directories =======
2011-10-03 20:14 - 2014-10-17 13:36 - 0000030 _____ () C:\Program Files\Exiferupdate.ini
2014-06-29 21:36 - 2014-07-02 17:25 - 5082084 _____ (The Public) C:\Users\Home\AppData\Roaming\Avisynth.exe
2014-06-29 21:36 - 2014-07-02 17:26 - 5243208 _____ ( ) C:\Users\Home\AppData\Roaming\AvsP.exe
2014-08-18 18:55 - 2015-01-02 20:17 - 0000100 _____ () C:\Users\Home\AppData\Roaming\Camdata.ini
2014-08-18 18:55 - 2015-01-02 20:17 - 0000408 _____ () C:\Users\Home\AppData\Roaming\CamLayout.ini
2014-08-18 18:55 - 2015-01-02 20:17 - 0000408 _____ () C:\Users\Home\AppData\Roaming\CamShapes.ini
2014-08-19 16:30 - 2015-01-02 20:17 - 0004546 _____ () C:\Users\Home\AppData\Roaming\CamStudio.cfg
2014-01-21 09:23 - 2015-04-30 14:55 - 0087608 _____ () C:\Users\Home\AppData\Roaming\inst.exe
2014-06-29 21:36 - 2014-07-02 17:26 - 1357348 _____ () C:\Users\Home\AppData\Roaming\MatroskaSplitter.exe
2014-01-21 09:23 - 2015-04-30 14:55 - 0007887 _____ () C:\Users\Home\AppData\Roaming\pcouffin.cat
2014-01-21 09:23 - 2015-04-30 14:55 - 0001144 _____ () C:\Users\Home\AppData\Roaming\pcouffin.inf
2014-01-21 09:23 - 2015-04-30 14:55 - 0047360 _____ (VSO Software) C:\Users\Home\AppData\Roaming\pcouffin.sys
2014-06-29 21:36 - 2014-07-02 17:26 - 7760687 _____ (Boraxsoft) C:\Users\Home\AppData\Roaming\SetupGFD.exe
2014-08-18 18:52 - 2015-01-02 20:11 - 0000096 _____ () C:\Users\Home\AppData\Roaming\version2.xml
2011-10-29 09:51 - 2014-01-16 18:03 - 0008704 _____ () C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-17 21:12 - 2014-08-17 21:12 - 0007634 _____ () C:\Users\Home\AppData\Local\Resmon.ResmonCfg
2011-12-26 12:53 - 2011-12-26 12:53 - 0017408 _____ () C:\Users\Home\AppData\Local\WebpageIcons.db
2015-04-30 14:46 - 2015-04-30 16:30 - 0000085 ___SH () C:\ProgramData\.zreglib
2013-10-19 21:32 - 2013-10-19 21:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2010-09-09 09:39 - 2010-09-09 09:39 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
Some content of TEMP:
====================
C:\Users\Home\AppData\Local\Temp\Quarantine.exe
C:\Users\Home\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-24 10:50
==================== End Of Log ============================
Danke! |
|
04.05.2015, 10:59
| #28 |
| /// TB-Ausbilder /// Anleitungs-Guru | sm.de - wie werde ich das wieder los? Hi, bitte Suchscan mit ESET durchführen: Schritt 1 ESET Online Scanner
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
04.05.2015, 13:37
| #29 |
| | sm.de - wie werde ich das wieder los? Aua, Aua, ESET hat bald nach dem Start 61 Treffer angezeigt und nun scannt ESET seit einer Stunde ganz am Anfang des Laufbalkens... Inzwischen hat ESET 62 Bedrohungen gefudnen und ist immer noch ganz am Anfang des Balkens. Hier eine Datei mit den gefudnenen Bedrohungen: Code:
ATTFilter C:\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\AdvancedSystemProtector.exe.vir Variante von MSIL/AdvancedSystemProtector.E evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\AspManager.exe.vir Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\Communication.dll.vir Win32/Systweak.F evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\filetypehelper.exe.vir Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\scandll.dll.vir Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\Troubleshooter\asp-fixer.com.vir MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\Troubleshooter\asp-fixer.exe.vir MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\Troubleshooter\asp-fixer.pif.vir MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\Troubleshooter\asp-fixer.scr.vir MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\Troubleshooter\firefox.com.vir MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\Troubleshooter\iexplore.exe.vir MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\DealPly\DealPly.crx.vir Win32/DealPly.E evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\DealPly\DealPly.xpi.vir Win32/DealPly.J evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\DealPly\DealPlyUpdateVer.exe.vir Win32/DealPly.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\Disk Speedup\DSU.exe.vir Variante von Win32/Systweak.C evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\Disk Speedup\DSUHelper.dll.vir Variante von Win32/Systweak.N evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Components\toolbarconduit\ToolBarConduit.dll.vir Variante von Win32/Toolbar.Conduit.K evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\PennyBee\DealplyInstallerHelper.dll.vir Win32/DealPly.T evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\PennyBee\uninstall.exe.vir Variante von Win32/Toolbar.Linkury.I evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\PennyBee\Resources\ntdisie_32.dll.vir Win32/Toolbar.Linkury.I evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\PennyBee\Resources\ntdis_32.dll.vir Win32/Toolbar.Linkury.I evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\RegClean Pro\CleanSchedule.exe.vir Win32/Systweak.O evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\RegClean Pro\Cloud_Backup_Setup.exe.vir Win32/MyPCBackup.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\RegClean Pro\Cloud_Backup_Setup_Intl.exe.vir Win32/MyPCBackup.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\RegClean Pro\RCPUninstall.exe.vir Variante von Win32/Systweak.Q evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\RegClean Pro\RegCleanPro.exe.vir Variante von Win32/Systweak evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\RegClean Pro\systweakasp.exe.vir MSIL/AdvancedSystemProtector.D evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\SaveByClick\uninstall.exe.vir Variante von Win32/SProtector.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\softonic-de3\tbsoft.dll.vir Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SupTab.dll.vir Win32/Thinknice.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\SupTab\uninstall.exe.vir Win32/Thinknice.E evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\TowerTilt\TowerTiltUninstall.exe.vir Win32/BrowseFox.C evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe.vir Win32/SpeedUpMyPC evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\Uniblue\SpeedUpMyPC\spnotifier.exe.vir Win32/SpeedUpMyPC evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\Uniblue\SpeedUpMyPC\sp_move_serial.exe.vir Win32/SpeedUpMyPC evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\Uniblue\SpeedUpMyPC\sump.exe.vir Win32/SpeedUpMyPC evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\Uninstaller\Uninstall.exe.vir Variante von MSIL/DomaIQ.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\WebConnect\WebConnectUninstall.exe.vir Win32/BrowseFox.C evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\WinZip Malware Protector\AppManager.exe.vir Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\WinZip Malware Protector\filetypehelper.exe.vir Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\WinZip Malware Protector\scandll.dll.vir Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\WinZip Malware Protector\WinZipMalwareProtector.exe.vir Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\WinZip Malware Protector\WMPUninstall.exe.vir Variante von Win32/Systweak.Q evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\XTab\ffsearch_toolbar!1.0.0.1025.xpi.vir Win32/Toolbar.TNT2.I evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\ProgramData\InstallMate\{07A1BBF2-F8E2-47D9-A532-B0C0DC429904}\_Setupx.dll.vir Variante von Win32/InstalleRex.U evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir Variante von Win32/Adware.Yontoo.B Anwendung
C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Home\AppData\Local\DownloadGuide\Offers\protegere.exe.vir Variante von Win32/Adware.Synatix.A Anwendung
C:\AdwCleaner\Quarantine\C\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojcgaoafcmbadjkfdippkdddgkeaipbn\3.5.0.0_0\background.html.vir Win32/DealPly.E evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Home\AppData\Local\Temp\OCS\ocs_v71b.exe.vir Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Home\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe.vir Win32/DealPly.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\g49l6ldz.default\Extensions\firefox@webconnect.co.xpi.vir Win32/BrowseFox.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\m8oog3sf.default-1367056280427\Extensions\firefox@webconnect.co.xpi.vir Win32/BrowseFox.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\m8oog3sf.default-1367056280427\Extensions\addon@dealplyshopping.com\chrome\content\dealplyshopping.xul.vir Win32/DealPly.J evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\yctv7ti5.default\Extensions\firefox@webconnect.co.xpi.vir Win32/BrowseFox.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Home\AppData\Roaming\SeeSimilar02\install_helper.exe.vir Win32/bProtector.H evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Home\AppData\Roaming\SpeedAnalysis3\install_helper.exe.vir Win32/bProtector.H evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Home\AppData\Roaming\Uniblue\RegistryBooster\_temp\ub.exe.vir Win32/RegistryBooster evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Home\AppData\Roaming\zulagames\install_helper.exe.vir Win32/bProtector.H evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir Variante von Win32/Systweak.A evtl. unerwünschte Anwendung
C:\Program Files\Free FLV Converter\Uninstall.exe Variante von Win32/KoyoteLab.A evtl. unerwünschte Anwendung
C:\Program Files\YoutubeDownloader\YoutubeDownloader.exe Variante von Win32/InstallCore.A evtl. unerwünschte Anwendung
Geändert von demisto (04.05.2015 um 14:37 Uhr) |
|
04.05.2015, 17:02
| #30 |
| /// TB-Ausbilder /// Anleitungs-Guru | sm.de - wie werde ich das wieder los? Bitte Log so wie beschrieben posten.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
| Themen zu sm.de - wie werde ich das wieder los? |
| deinstallation, deinstalliere, deinstallieren, eingebe, entferne, entfernen, fehlercode 0xc0000005, fehlercode 0xc0000374, fehlercode windows, firefox, google, hängen, installation, malware, neuinstallation, programme, russisch, spyhunter, spyhunter entfernen, verlangen, virenprogramm, windows media player packages entfernen, zusammen, zwischen |
Linear-Darstellung
