Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: sm.de - wie werde ich das wieder los?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.05.2015, 23:38   #1
demisto
 
sm.de - wie werde ich das wieder los? - Standard

sm.de - wie werde ich das wieder los?



Hallo!

Inzwischen habe ich erfahren, dass es mit der Installation des flv-Players zusammen hängen könnte. Wann immer ich in google eine Suche eingebe, zeigt mir sm.de die Ergebnisse. Ein Tool zum entfernen habe ich bisher nicht gefunden, Wohl aber Programme, die bei Scann meines pc den Störer finden und dann Geld verlangen, um ihn zu entfernen. Ich habe auch ein Virenprogramm mit russisch klingendem Namen, welches noch nicht mal nach malware sucht. Das nervt total. Wie werde ich den störer wieder los? Ach so, sm.de ist nur bei Firefox aktiv. Bei IE bisher noch nicht. Deinstallation von Firefox und Neuinstallation bringen nichts. VLC deinstallieren ist auch wecklos.

Mit freundlichen Grüßen
Deisto

Alt 02.05.2015, 00:14   #2
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
sm.de - wie werde ich das wieder los? - Standard

sm.de - wie werde ich das wieder los?





Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.



Los geht's:

Schritt 1


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 02.05.2015, 12:56   #3
demisto
 
sm.de - wie werde ich das wieder los? - Standard

sm.de - wie werde ich das wieder los?



Hallo Jürgen!

Ich habe Dir die beiden Log-Dateien gepostet, doch sind sie nirgends angekommen. Da brauche ich mich nicht wudnern, wenn ich keine Antwort bekomme.

Hier mein zweiter Versuch.
Danke!

FRST txt

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-04-2015 01
Ran by Home (administrator) on HOME-OFFICE on 02-05-2015 10:32:45
Running from C:\Users\Home\Desktop
Loaded Profiles: Home (Available profiles: Home & Gast & Classic .NET AppPool & DefaultAppPool)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\Lexware\AAVUpdateManager\aavus.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Bayer Healthcare LLC) C:\Program Files\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe
(DATA BECKER GmbH & Co KG) C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(StarWind Software) C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
() C:\Windows\System32\CmWatch.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CmCardRun] => C:\Windows\system32\CmWatch.exe [229376 2003-09-16] ()
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-15] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AMD AVT] => C:\Program Files\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-28] (DivX, LLC)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
HKLM\...\Run: [BrowserPlugInHelper] => C:\Program Files\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe [1962896 2014-04-25] ()
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2012-10-01] (Logitech, Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoDriveAutoRun] 0x0000
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\2015_Termine.xls - Verknüpfung.lnk [2015-04-15]
ShortcutTarget: 2015_Termine.xls - Verknüpfung.lnk -> O:\~Termine\Termine_nach_Jahren\2015_Termine.xls ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kalenderchen 5.lnk [2015-04-15]
ShortcutTarget: Kalenderchen 5.lnk -> C:\Program Files\Kalenderchen\Kalenderchen.exe (Daniel Manger Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKU\S-1-5-21-3719280737-1325245270-1685948379-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001 -> {EC9374F2-FD97-4838-9FB3-6C1B76EC6959} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=926458&p={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-12-10] (Kaspersky Lab ZAO)
BHO: Wondershare Video Converter Ultimate -> {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} -> C:\Program Files\Wondershare\Video Converter Ultimate\SVRIEPlugin.dll [2014-04-25] (Wondershare Software Co., Ltd.)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-05-19] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-09] (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-10] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-09] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll [2013-12-10] (Kaspersky Lab ZAO)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Toolbar: HKU\.DEFAULT -> No Name - {266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} -  No File
Toolbar: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Handler: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax [2009-07-16] ()
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: WSWSVCUchrome - No CLSID Value - 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: SuchMaschine
FF SelectedSearchEngine: Yahoo!
FF Homepage: https://www.google.de/?gws_rd=ssl
FF Keyword.URL: https://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=926458&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2014-06-03] (DivX, LLC)
FF Plugin: @fluxdvd.com/NPWMDRMWrapper -> C:\Program Files\Videoload Manager\NPWMDRMWrapper.dll [2010-02-04] ( )
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-09] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2010-03-21] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin: @protectdisc.com/NPMPDRM -> C:\Program Files\Common Files\mpDRM\NPMPDRM.dll [2010-02-03] ( )
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-10-12] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-10-12] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @protectdisc.com/NPPDLicenseHelper -> C:\Windows\system32\config\systemprofile\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll [2009-06-25] ( )
FF Plugin HKU\S-1-5-21-3719280737-1325245270-1685948379-1001: @doubletwist.com/NPPodcast -> C:\Program Files\Common Files\doubleTwist\NPPodcast.dll No File
FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471\searchplugins\suchmaschine.xml [2015-04-30]
FF Extension: WEB.DE MailCheck - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471\Extensions\toolbar@web.de [2015-04-19]
FF Extension: Garmin Communicator - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-10-29]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-12-07]
FF Extension: Video DownloadHelper - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-16]
FF Extension: Adblock Plus - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-15]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-01-30]
FF HKLM\...\Firefox\Extensions:  - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013-04-05]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013-04-05]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013-04-05]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013-04-05]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013-04-05]
FF HKLM\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files\Wondershare\Video Converter Ultimate\SVRFirefoxExt
FF Extension: Wondershare Video Converter Ultimate - C:\Program Files\Wondershare\Video Converter Ultimate\SVRFirefoxExt [2015-04-30]

Chrome: 
=======
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-23]
CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-23]
CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-23]
CHR Extension: (Google Search) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-23]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-10-23]
CHR Extension: (Logitech SetPoint) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2013-10-23]
CHR Extension: (Safe Money) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-10-23]
CHR Extension: (Content Blocker) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-10-23]
CHR Extension: (Virtual Keyboard) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-10-23]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-23]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-10-23]
CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-23]
CHR Extension: (Anti-Banner) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-10-23]
CHR HKLM\...\Chrome\Extension: [chgdeabpmphfhkoemjjglmilajldekbp] - C:\Program Files\Wondershare\Video Converter Ultimate\SVRChromePlugin.crx [2015-04-30]
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-12-14]
CHR HKLM\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-01-30]
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-12-14]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-12-14]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-12-14]
CHR HKLM\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\Home\AppData\Local\Temp\tbch.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-12-14]

Opera: 
=======
StartMenuInternet: (HKLM) Opera - H:\Opera-Browser\Opera.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files\Lexware\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)
R2 BayerHealthcareService; C:\Program Files\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe [135032 2013-12-05] (Bayer Healthcare LLC)
R2 DBService; C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe [187456 2011-01-13] (DATA BECKER GmbH & Co KG) [File not signed]
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2015-03-30] (Freemake) [File not signed]
S3 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [13824 2009-07-14] (Microsoft Corporation)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [254552 2012-12-21] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1529656 2013-12-11] (TuneUp Software)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [15968 2013-10-19] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [24832 2013-10-19] (Advanced Micro Devices, Inc.)
R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [26032 2013-06-02] (Wondershare)
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [77312 2013-09-24] (Advanced Micro Devices) [File not signed]
R3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [34576 2007-03-05] (IVT Corporation.)
R3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [27792 2007-03-05] (IVT Corporation.)
R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [18320 2007-03-05] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [39184 2007-03-05] (IVT Corporation.)
R0 BTHidEnum; C:\Windows\System32\Drivers\vbtenum.sys [20880 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\Windows\System32\Drivers\BTHidMgr.sys [35600 2007-03-05] (IVT Corporation.)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [225280 2011-07-19] (Intel Corporation)
S3 cvspydr2; C:\Windows\System32\DRIVERS\cvspydr2.sys [33024 2002-04-02] (Colorvision Inc)
S1 HCW88AUD; C:\Windows\System32\drivers\hcw88aud.sys [13440 2010-08-16] (Hauppauge Computer Works, Inc)
S3 hcw88bda; C:\Windows\System32\drivers\hcw88bda.sys [216576 2010-08-16] (Hauppauge Computer Works, Inc)
S3 hcw88rc5; C:\Windows\System32\Drivers\hcw88rc5.sys [12288 2010-08-16] (Hauppauge Computer Works, Inc.)
S3 HCW88TSE; C:\Windows\System32\drivers\hcw88tse.sys [321408 2010-08-16] (Hauppauge Computer Works, Inc)
S3 hcw88vid; C:\Windows\System32\drivers\hcw88vid.sys [396928 2010-08-16] (Hauppauge Computer Works, Inc)
S3 HCW88XBAR; C:\Windows\System32\drivers\HCW88BAR.sys [17920 2010-08-16] (Hauppauge Computer Works, Inc.)
S3 iBtFltCoex; C:\Windows\System32\DRIVERS\iBtFltCoex.sys [47104 2011-07-20] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-12-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [597600 2014-05-19] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-12-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-10-09] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-09] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-06-18] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145224 2015-02-17] (Kaspersky Lab ZAO)
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-05-01] (Malwarebytes Corporation)
S3 PAC7311; C:\Windows\System32\DRIVERS\PA707UCM.SYS [154752 2005-10-18] (PixArt Imaging Inc.)
S2 ROB_A; C:\Windows\System32\DRIVERS\rob_a.sys [17664 2003-02-10] (Pinnacle Systems GmbH)
S2 ROB_V; C:\Windows\System32\drivers\rob_v.sys [125568 2003-04-11] (Pinnacle Systems GmbH)
S3 SKYNET; C:\Windows\System32\DRIVERS\SkyNET.SYS [627288 2010-05-10] (TechniSat Digital, S.A.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [436792 2011-04-04] () [File not signed]
S3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1579144 2010-06-07] (Syntek)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [35592 2012-10-25] (Anchorfree Inc.)
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39048 2014-06-11] (RapidSolution Software AG)
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16128 2015-04-23] (Windows (R) Win 7 DDK provider)
R3 ttBudget2; C:\Windows\System32\drivers\ttBudget2.sys [457472 2009-01-16] (TechnoTrend GmbH)
S3 TTHID; C:\Windows\System32\DRIVERS\Cinergy_Hybrid-Stick_HID.sys [21752 2009-05-14] (DTV-DVB)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2013-10-15] (TuneUp Software)
S3 UDXTTM6010; C:\Windows\System32\DRIVERS\UDXTTM6010.sys [762232 2009-05-14] ()
S3 UMSSSTOR; C:\Windows\System32\DRIVERS\UMSS.SYS [48512 2004-07-13] (C-Media Corporation)
R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [34448 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [44304 2007-03-05] (IVT Corporation.)
S3 X86BDA; C:\Windows\System32\DRIVERS\OEMDrv.sys [195712 2011-06-08] ( )
U3 ar6l0i1v; C:\Windows\system32\Drivers\ar6l0i1v.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S3 cpuz132; No ImagePath
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2014-05-19] (Kaspersky Lab ZAO)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-02 10:32 - 2015-05-02 10:33 - 00027607 _____ () C:\Users\Home\Desktop\FRST.txt
2015-05-02 09:39 - 2015-05-02 09:39 - 02204160 _____ () C:\Users\Home\Desktop\adwcleaner_4.203.exe
2015-05-02 00:13 - 2015-05-02 00:15 - 00078826 _____ () C:\Users\Home\Downloads\Addition.txt
2015-05-02 00:12 - 2015-05-02 10:29 - 00065812 _____ () C:\Users\Home\Downloads\FRST.txt
2015-05-02 00:11 - 2015-05-02 00:11 - 01140736 _____ (Farbar) C:\Users\Home\Desktop\FRST.exe
2015-05-02 00:02 - 2015-05-02 00:04 - 00000000 ____D () C:\Users\Home\AppData\Roaming\vlc
2015-05-02 00:01 - 2015-05-02 00:01 - 00000994 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-05-02 00:01 - 2015-05-02 00:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-05-01 22:16 - 2015-05-01 22:16 - 00001087 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-01 22:16 - 2015-05-01 22:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-01 19:56 - 2015-05-01 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-01 19:56 - 2015-05-01 19:56 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-05-01 19:56 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-01 19:56 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-01 19:54 - 2015-05-01 19:57 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2015-05-01 19:54 - 2015-05-01 19:56 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2015-05-01 19:54 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-01 18:18 - 2015-05-01 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
2015-05-01 18:18 - 2015-05-01 18:18 - 00000000 ____D () C:\ProgramData\GridinSoft
2015-05-01 18:18 - 2015-05-01 18:18 - 00000000 ____D () C:\Program Files\GridinSoft Trojan Killer
2015-04-30 17:21 - 2015-04-30 17:21 - 00001470 _____ () C:\Users\Home\Desktop\DVD Shrink 3.2 DE.exe - Verknüpfung.lnk
2015-04-30 17:03 - 2015-04-30 17:03 - 00000953 _____ () C:\Users\Gast\Desktop\DVD Shrink 3.2 deutsch.lnk
2015-04-30 17:03 - 2015-04-30 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink deutsch
2015-04-30 17:03 - 2015-04-30 17:03 - 00000000 ____D () C:\Program Files\DVD Shrink DE
2015-04-30 16:59 - 2015-04-30 17:00 - 00541240 _____ ( ) C:\Users\Home\Downloads\DVD%20Shrink.exe
2015-04-30 16:37 - 2013-08-23 13:36 - 00721263 _____ () C:\Windows\system32\WSCM64.dll
2015-04-30 16:37 - 2013-08-07 14:31 - 00214528 _____ () C:\Windows\system32\WSCM32.dll
2015-04-30 16:34 - 2015-04-30 16:35 - 41209384 _____ (Wondershare Software ) C:\Users\Home\Downloads\video-converter-ultimate_full1443.exe
2015-04-30 16:33 - 2015-04-30 16:33 - 00000048 _____ () C:\Windows\F27BBFAFCDA5DF0F.log
2015-04-30 16:27 - 2015-04-30 16:27 - 05185720 _____ () C:\Users\Home\Downloads\SetupCloneDVD2930Slysoft.exe
2015-04-30 15:27 - 2015-04-30 15:27 - 00002117 _____ () C:\Users\Home\Desktop\TuneUp Utilities 2012.lnk
2015-04-30 14:52 - 2015-05-01 08:52 - 00000000 ____D () C:\Program Files\CloneDVD 7 Ultimate
2015-04-30 14:52 - 2015-04-30 14:53 - 00000000 ____D () C:\Windows\system32\sysdir
2015-04-30 14:52 - 2015-04-30 14:52 - 00000000 ____D () C:\ProgramData\CloneDVD Studio
2015-04-30 14:46 - 2015-04-30 16:33 - 00000000 ____D () C:\Program Files\Elaborate Bytes
2015-04-30 14:46 - 2015-04-30 16:30 - 00000085 ___SH () C:\ProgramData\.zreglib
2015-04-30 10:34 - 2015-04-30 10:34 - 00000000 ____D () C:\Users\Home\Desktop\Bücher und Schreiberei\Büroarbeiten\Documents\Tipard Studio
2015-04-30 10:34 - 2015-04-30 10:34 - 00000000 ____D () C:\Users\Home\AppData\Local\Tipard Studio
2015-04-30 10:34 - 2015-04-30 10:34 - 00000000 ____D () C:\ProgramData\Tipard Studio
2015-04-30 10:34 - 2015-04-30 10:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tipard
2015-04-30 10:34 - 2015-04-30 10:34 - 00000000 ____D () C:\Program Files\Tipard Studio
2015-04-30 10:28 - 2015-04-30 10:28 - 00000000 ____D () C:\Users\Home\AppData\Roaming\NCH Software
2015-04-30 10:28 - 2015-04-30 10:28 - 00000000 ____D () C:\ProgramData\NCH Software
2015-04-30 10:28 - 2015-04-30 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette
2015-04-30 10:28 - 2015-04-30 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audioverwandte Programme
2015-04-30 10:28 - 2015-04-30 10:28 - 00000000 ____D () C:\Program Files\NCH Software
2015-04-30 10:27 - 2015-04-30 10:27 - 00660504 _____ (NCH Software) C:\Users\Home\Downloads\switchsetup.exe
2015-04-30 08:41 - 2015-04-30 08:41 - 00000995 _____ () C:\Users\Public\Desktop\XMedia Recode.lnk
2015-04-30 08:41 - 2015-04-30 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
2015-04-30 08:37 - 2015-04-30 08:37 - 08039043 _____ (XMedia Recode ) C:\Users\Home\Downloads\XMediaRecode3227_setup.exe
2015-04-30 08:17 - 2015-04-30 08:17 - 00000000 ____D () C:\Program Files\Startfenster
2015-04-30 08:15 - 2015-04-30 08:15 - 29013544 _____ () C:\Users\Home\Downloads\vlc-2.2.1-win32.exe
2015-04-29 23:21 - 2015-04-29 23:21 - 00001515 _____ () C:\Users\Home\Desktop\Windows Media Player.lnk
2015-04-29 23:18 - 2015-04-29 23:19 - 00000686 _____ () C:\Windows\wmsetup.log
2015-04-29 23:15 - 2015-04-29 23:16 - 01203488 _____ () C:\Users\Home\Downloads\Windows Media Player - CHIP-Installer.exe
2015-04-29 22:59 - 2015-04-29 22:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvsoft
2015-04-29 22:56 - 2015-04-29 22:57 - 37546360 _____ (Any-DVD-Converter.com ) C:\Users\Home\Downloads\any-dvd-converter.exe
2015-04-29 22:49 - 2015-04-29 22:49 - 00000000 ____D () C:\Users\Home\Desktop\Bücher und Schreiberei\Büroarbeiten\Documents\Wondershare MediaServer
2015-04-29 22:48 - 2015-04-29 23:07 - 00000000 ____D () C:\ProgramData\Wondershare
2015-04-29 22:46 - 2015-04-29 22:46 - 00811592 _____ () C:\Users\Home\Downloads\video-converter-ultimate_setup_full1045.exe
2015-04-29 11:05 - 2015-04-29 11:05 - 00001050 _____ () C:\Users\Home\Desktop\CDex.lnk
2015-04-26 17:56 - 2015-04-26 17:56 - 00000000 ____D () C:\Users\Home\AppData\Roaming\HandBrake
2015-04-26 17:49 - 2015-04-26 17:49 - 01203488 _____ () C:\Users\Home\Downloads\Free DVD Video Converter - CHIP-Installer.exe
2015-04-23 16:57 - 2015-04-23 16:57 - 00016128 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\gtkdrv.sys
2015-04-21 08:43 - 2015-04-21 08:43 - 00619753 _____ () C:\Users\Home\Downloads\flvplayer2_1.4.0.t3x
2015-04-21 08:22 - 2015-04-21 08:23 - 36790512 _____ (Movavi) C:\Users\Home\Downloads\MovaviVideoConverterSetupF(1).exe
2015-04-20 22:25 - 2015-04-20 22:31 - 00000000 ____D () C:\ProgramData\Eltima Software
2015-04-17 12:13 - 2015-04-17 12:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IVT BlueSoleil
2015-04-17 11:45 - 2015-04-17 11:45 - 00000000 ____D () C:\Program Files\Free Codec Pack
2015-04-17 10:56 - 2015-04-17 10:56 - 00001511 _____ () C:\Users\Home\Desktop\Für_Erstattungen_gesammelte_Belege - Verknüpfung.lnk
2015-04-17 10:06 - 2015-04-17 10:06 - 34359344 _____ (DVDVideoSoft Ltd. ) C:\Users\Home\Downloads\FreeYouTubeDownload_3.2.56.324.exe
2015-04-16 17:26 - 2015-04-16 17:26 - 00000000 ____D () C:\Users\Home\Desktop\Bücher und Schreiberei\Büroarbeiten\Documents\QuickSteuer
2015-04-16 17:26 - 2015-04-16 17:26 - 00000000 ____D () C:\Users\Home\AppData\Local\HL
2015-04-16 17:23 - 2015-04-20 13:23 - 00000000 ____D () C:\ProgramData\AAV
2015-04-16 17:22 - 2015-04-16 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
2015-04-16 17:14 - 2015-04-16 17:14 - 00000000 ____D () C:\ProgramData\HL
2015-04-16 17:03 - 2015-04-16 17:12 - 351504736 _____ () C:\Users\Home\Downloads\QuickSteuer2015.exe
2015-04-16 15:18 - 2015-04-26 09:48 - 00000000 _____ () C:\Users\Home\.gtk-bookmarks
2015-04-15 18:31 - 2015-04-15 18:40 - 00001633 _____ () C:\Users\Home\Desktop\2015_Grundwassermessung_Grauwinkel.lnk
2015-04-15 14:00 - 2015-04-15 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-15 11:08 - 2015-04-15 11:08 - 00001801 _____ () C:\Users\Home\Desktop\FreeDoko.lnk
2015-04-15 11:08 - 2015-04-15 11:08 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeDoko
2015-04-15 11:08 - 2015-04-15 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeDoko
2015-04-15 11:08 - 2015-04-15 11:08 - 00000000 ____D () C:\Program Files\FreeDoko
2015-04-15 11:03 - 2015-04-15 11:03 - 01203488 _____ () C:\Users\Home\Downloads\FreeDoko - CHIP-Installer.exe
2015-04-15 05:32 - 2015-04-15 05:32 - 00001907 _____ () C:\Users\Home\Desktop\Kalenderchen 5.lnk
2015-04-15 05:26 - 2015-03-23 05:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 05:26 - 2015-03-23 05:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 05:26 - 2015-03-23 05:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 05:26 - 2015-03-23 05:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 05:26 - 2015-03-23 05:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 05:26 - 2015-03-23 05:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 05:26 - 2015-03-23 05:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 05:26 - 2015-03-23 04:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 05:26 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-15 05:26 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 05:26 - 2015-03-17 07:01 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 05:26 - 2015-03-17 07:01 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 05:26 - 2015-03-17 06:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 05:26 - 2015-03-17 06:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 05:26 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 05:26 - 2015-03-17 06:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 05:26 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 05:26 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 05:26 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 05:26 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 05:26 - 2015-03-17 06:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 05:26 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 05:26 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 05:26 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 05:26 - 2015-03-17 06:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 05:26 - 2015-03-17 06:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 05:26 - 2015-03-17 06:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 05:26 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 05:26 - 2015-03-17 06:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 05:26 - 2015-03-17 06:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 05:26 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 05:26 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 05:26 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 05:26 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 05:26 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 05:26 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 05:26 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 05:25 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 05:25 - 2015-03-25 05:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 05:25 - 2015-03-25 05:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 05:25 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 05:25 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 05:25 - 2015-03-25 05:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 05:25 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 05:25 - 2015-03-25 05:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 05:25 - 2015-03-25 05:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 05:25 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 05:25 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 05:25 - 2015-03-25 05:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 05:25 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 05:25 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 05:25 - 2015-03-13 05:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 05:25 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 05:25 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 05:25 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 05:25 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 05:25 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 05:25 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 05:25 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 05:25 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 05:25 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 05:25 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 05:25 - 2015-03-13 05:16 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 05:25 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 05:25 - 2015-03-13 05:09 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 05:25 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 05:25 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 05:25 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 05:25 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 05:25 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 05:25 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 05:25 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 05:25 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 05:25 - 2015-03-13 04:43 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 05:25 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 05:25 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 05:25 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 05:25 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 05:25 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 05:25 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 05:24 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 05:23 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 05:23 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 16:46 - 2015-04-14 16:46 - 00001883 _____ () C:\Users\Home\Downloads\Auslieferung 17.4.2015 (2015_4_14 16_46).csv
2015-04-14 14:55 - 2015-04-14 14:55 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
2015-04-14 14:55 - 2015-04-14 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
2015-04-14 14:55 - 2013-12-11 09:59 - 00032568 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe
2015-04-14 14:55 - 2013-12-11 09:59 - 00022328 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2015-04-14 14:54 - 2015-04-14 14:55 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2012
2015-04-14 14:47 - 2015-04-14 14:48 - 27620744 _____ (TuneUp Software) C:\Users\Home\Downloads\TuneUpUtilities2012_de-DE.exe
2015-04-14 14:07 - 2015-04-14 14:08 - 16107931 _____ (INTENIUM GmbH) C:\Users\Home\Downloads\greatmahjong.exe
2015-04-14 13:58 - 2015-04-14 13:59 - 00381120 _____ () C:\Users\Home\Downloads\greatmahjong_CB-DL-Manager.exe
2015-04-14 13:49 - 2015-04-14 13:49 - 00001328 _____ () C:\Users\Home\Desktop\Mahjongg 2000.lnk
2015-04-14 13:44 - 2015-04-14 13:44 - 00757261 _____ () C:\Users\Home\Downloads\mj32xpde.zip
2015-04-14 13:26 - 2015-04-14 13:26 - 00800216 _____ (Generic Web ) C:\Users\Home\Downloads\IObitUninstallerSetup.exe
2015-04-14 13:22 - 2015-04-14 13:33 - 00000000 ____D () C:\Program Files\FreeGamePick.com
2015-04-14 13:19 - 2015-04-14 13:19 - 05942469 _____ ( ) C:\Users\Home\Downloads\MahjongCity.exe
2015-04-14 13:18 - 2015-04-14 13:18 - 00381120 _____ () C:\Users\Home\Downloads\MahjongCity_CB-DL-Manager.exe
2015-04-14 12:31 - 2015-04-14 13:10 - 00000000 ____D () C:\Program Files\Kyodai Mahjongg 2006
2015-04-14 12:30 - 2015-04-14 12:30 - 00000000 ____D () C:\Program Files\WEB.DE MailCheck
2015-04-14 12:10 - 2015-04-14 12:10 - 00000356 _____ () C:\Users\Home\Desktop\Hearts.lnk
2015-04-14 11:27 - 2015-04-14 11:27 - 00000884 _____ () C:\Users\Home\Desktop\Downloads - Verknüpfung.lnk
2015-04-14 11:23 - 2015-04-14 11:24 - 10717440 _____ () C:\Users\Home\Downloads\TU2007TrialDE.exe
2015-04-14 10:16 - 2015-04-14 10:16 - 00000000 ____D () C:\Program Files\Royal Doppelkopf
2015-04-14 09:37 - 2015-04-14 09:37 - 03556352 _____ () C:\Users\Home\Downloads\SetupRoyalDokosv.exe
2015-04-14 09:31 - 2015-04-14 09:31 - 00381120 _____ () C:\Users\Home\Downloads\SetupRoyalDokosv_CB-DL-Manager.exe
2015-04-14 08:57 - 2015-04-14 08:57 - 00000851 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Napster 5.0.lnk
2015-04-14 08:57 - 2015-04-14 08:57 - 00000000 ____D () C:\Program Files\Napster 5.0
2015-04-14 08:55 - 2015-04-14 08:55 - 01203488 _____ () C:\Users\Home\Downloads\Napster - CHIP-Installer.exe
2015-04-14 08:26 - 2015-04-14 15:32 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-04-12 12:24 - 2015-04-12 12:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Napster Rienf Repair
2015-04-12 12:13 - 2015-04-12 12:14 - 07411200 _____ () C:\Users\Home\Downloads\NapsterRienfRepairSetup_1.1.9.msi
2015-04-12 11:32 - 2015-04-12 11:32 - 00000000 ____D () C:\Program Files\NA
2015-04-12 10:16 - 2015-04-12 12:01 - 00000943 _____ () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Napster Music Community.lnk
2015-04-12 10:16 - 2015-04-12 12:01 - 00000919 _____ () C:\Users\Gast\Desktop\Napster Music Community.lnk
2015-04-12 10:16 - 2015-04-12 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Napster
2015-04-11 11:40 - 2015-04-12 10:22 - 00000000 _____ () C:\Windows\system32\mx_0020b.00-
2015-04-11 11:38 - 2015-04-12 12:01 - 00000000 ____D () C:\Program Files\Napster
2015-04-11 10:28 - 2015-04-11 10:28 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-04-11 10:28 - 2015-04-11 10:28 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-04-11 10:28 - 2015-04-11 10:28 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2015-04-10 13:30 - 2015-04-10 13:30 - 00000000 ____D () C:\Users\Home\.fontconfig
2015-04-10 13:18 - 2015-04-10 13:19 - 36790512 _____ (Movavi) C:\Users\Home\Downloads\MovaviVideoConverterSetupF.exe
2015-04-10 12:02 - 2015-04-10 12:02 - 00000000 ____D () C:\Users\Default\AppData\Local\Garmin_Ltd._or_its_subsid
2015-04-10 12:02 - 2015-04-10 12:02 - 00000000 ____D () C:\Users\Default User\AppData\Local\Garmin_Ltd._or_its_subsid
2015-04-08 12:12 - 2015-04-08 12:17 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Mp3tag
2015-04-08 12:12 - 2015-04-08 12:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2015-04-08 12:12 - 2015-04-08 12:12 - 00000000 ____D () C:\Program Files\Mp3tag
2015-04-08 12:09 - 2015-04-08 12:09 - 02802944 _____ () C:\Users\Home\Downloads\mp3tagv269setup.exe
2015-04-07 09:20 - 2015-04-07 09:20 - 00001248 _____ () C:\Users\Public\Desktop\Freemake Video Converter.lnk
2015-04-07 09:16 - 2015-04-07 09:16 - 01270552 _____ (Ellora Assets Corporation ) C:\Users\Home\Downloads\FreemakeVideoConverterSetup.exe
2015-04-06 18:31 - 2015-04-06 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftMaker Office Standard 2012
2015-04-06 18:30 - 2015-04-06 18:44 - 00000000 ____D () C:\Program Files\SoftMaker Office Standard 2012
2015-04-06 10:22 - 2015-04-06 10:25 - 113784328 _____ (SoftMaker Software GmbH) C:\Users\Home\Downloads\ofw2012std.exe
2015-04-05 10:46 - 2015-04-05 10:46 - 15621448 _____ (Ventis Media Inc. ) C:\Users\Home\Downloads\MediaMonkey_4.1.6.1736.exe
2015-04-05 10:22 - 2015-04-05 10:22 - 01906385 _____ () C:\Users\Home\Downloads\cdtomp3freeware.exe
2015-04-05 10:22 - 2015-04-05 10:22 - 00000938 _____ () C:\Users\Gast\Desktop\Free CD to MP3 Converter.lnk
2015-04-05 10:22 - 2015-04-05 10:22 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Eusing
2015-04-05 10:22 - 2015-04-05 10:22 - 00000000 ____D () C:\Program Files\CD to MP3 Freeware
2015-04-05 10:20 - 2015-04-05 10:20 - 00232216 _____ () C:\Users\Home\Downloads\cdtomp3freeware-33399310.exe
2015-04-04 10:45 - 2015-04-04 10:45 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-02 08:59 - 2015-04-02 08:59 - 01054912 _____ (Adobe) C:\Users\Home\Downloads\install_flashplayer17x32au_mssd_aaa_aih(2).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-02 10:32 - 2013-10-28 20:58 - 00000000 ____D () C:\FRST
2015-05-02 10:21 - 2013-04-05 07:54 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-02 10:19 - 2009-07-14 06:34 - 00029760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-02 10:19 - 2009-07-14 06:34 - 00029760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-02 10:14 - 2010-02-18 19:57 - 01395243 _____ () C:\Windows\WindowsUpdate.log
2015-05-02 10:13 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-05-02 10:11 - 2015-02-25 21:55 - 00015189 _____ () C:\Windows\setupact.log
2015-05-02 10:11 - 2012-01-14 15:24 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-05-02 10:11 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-02 10:10 - 2012-03-31 17:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-02 10:09 - 2013-09-01 01:36 - 00000000 ___DC () C:\AdwCleaner
2015-05-02 00:00 - 2010-03-07 01:41 - 00000000 ____D () C:\Program Files\VideoLAN
2015-05-01 23:28 - 2015-02-25 21:54 - 00016698 _____ () C:\Windows\PFRO.log
2015-05-01 23:28 - 2014-07-02 10:52 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-01 23:25 - 2013-10-23 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-01 23:16 - 2015-03-03 15:29 - 00000000 ____D () C:\Users\Home\AppData\Roaming\FreeDoko
2015-05-01 22:37 - 2010-02-20 12:39 - 00000000 ___RD () C:\Users\Home\Desktop\Computer&Games
2015-05-01 22:36 - 2011-10-06 13:59 - 00000000 ____D () C:\Users\Home\Desktop\Musik
2015-05-01 19:56 - 2011-10-31 14:12 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Malwarebytes
2015-05-01 17:58 - 2013-02-05 13:34 - 00000000 ____D () C:\Users\Home\AppData\Roaming\MediaMonkey
2015-04-30 17:55 - 2010-06-20 14:29 - 00000000 ____D () C:\Users\Home\AppData\Roaming\dvdcss
2015-04-30 17:34 - 2013-04-24 14:15 - 00000000 ____D () C:\ProgramData\DVD Shrink
2015-04-30 16:48 - 2011-04-04 17:33 - 00000327 _____ () C:\Users\Home\Desktop\Bücher und Schreiberei\Büroarbeiten\Documents\ax_files.xml
2015-04-30 16:39 - 2014-07-05 10:09 - 00000000 ____D () C:\ProgramData\Wondershare Video Converter Ultimate
2015-04-30 16:37 - 2014-12-17 11:51 - 00000000 ____D () C:\Program Files\Wondershare
2015-04-30 16:37 - 2014-07-05 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2015-04-30 14:55 - 2014-01-21 09:25 - 00000033 _____ () C:\Users\Home\AppData\Roaming\pcouffin.log
2015-04-30 14:55 - 2014-01-21 09:23 - 00087608 _____ () C:\Users\Home\AppData\Roaming\inst.exe
2015-04-30 14:55 - 2014-01-21 09:23 - 00047360 _____ (VSO Software) C:\Users\Home\AppData\Roaming\pcouffin.sys
2015-04-30 14:55 - 2014-01-21 09:23 - 00007887 _____ () C:\Users\Home\AppData\Roaming\pcouffin.cat
2015-04-30 14:55 - 2014-01-21 09:23 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Vso
2015-04-30 10:30 - 2012-03-22 10:20 - 00000040 _____ () C:\Users\Home\AppData\Roaming\cdr.ini
2015-04-30 08:41 - 2014-03-13 16:30 - 00000000 ____D () C:\Program Files\XMedia Recode
2015-04-29 23:00 - 2013-09-01 16:15 - 00000000 ____D () C:\Users\Home\Desktop\Bücher und Schreiberei\Büroarbeiten\Documents\Any DVD Converter Professional
2015-04-29 22:58 - 2014-06-29 21:02 - 00000000 ____D () C:\Program Files\AnvSoft
2015-04-29 22:58 - 2012-11-10 09:49 - 00000000 ____D () C:\Users\Home\AppData\Roaming\AnvSoft
2015-04-28 15:31 - 2010-02-18 20:11 - 01765786 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-26 17:53 - 2014-12-07 02:07 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-04-26 17:53 - 2013-12-31 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-04-26 17:53 - 2013-09-01 19:42 - 00000000 ____D () C:\Users\Home\AppData\Roaming\DVDVideoSoft
2015-04-26 17:53 - 2013-09-01 19:42 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2015-04-25 16:38 - 2011-05-07 17:48 - 00000000 ____D () C:\Users\Home\Desktop\Bücher und Schreiberei\Büroarbeiten\Documents\SoftMaker
2015-04-22 20:51 - 2009-07-14 06:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-20 22:29 - 2013-09-01 16:15 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-18 17:27 - 2015-02-14 19:53 - 00000000 ____D () C:\Users\Home\AppData\Local\CDex
2015-04-17 12:14 - 2011-10-09 20:27 - 00000000 ____D () C:\ProgramData\Bluetooth
2015-04-17 12:13 - 2011-10-09 20:13 - 00000032 _____ () C:\Windows\0
2015-04-17 11:50 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-17 06:40 - 2009-07-14 06:33 - 00615568 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-16 18:30 - 2010-04-21 23:12 - 00000000 ____D () C:\Users\Home\dwhelper
2015-04-16 17:27 - 2011-09-25 11:31 - 00198424 _____ () C:\Users\Home\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-16 17:23 - 2010-04-04 19:50 - 00000000 ____D () C:\Program Files\Lexware
2015-04-16 15:18 - 2010-02-18 20:06 - 00000000 ____D () C:\Users\Home
2015-04-16 00:18 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 19:10 - 2012-03-31 17:58 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-15 19:10 - 2011-05-16 16:46 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-15 18:49 - 2010-04-30 09:13 - 00000000 ____D () C:\Users\Home\AppData\Local\FreePDF_XP
2015-04-15 15:43 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2015-04-15 14:55 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-15 14:39 - 2014-05-06 20:28 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 14:38 - 2014-12-10 14:31 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 14:38 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-04-15 14:05 - 2013-08-17 18:06 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 14:05 - 2010-02-18 20:13 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 14:00 - 2013-01-25 19:38 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-04-15 14:00 - 2010-09-09 09:34 - 00000000 ___RD () C:\Program Files\Skype
2015-04-15 14:00 - 2010-09-09 09:34 - 00000000 ____D () C:\ProgramData\Skype
2015-04-15 11:08 - 2015-03-03 15:28 - 00001801 _____ () C:\Users\Gast\Desktop\FreeDoko.lnk
2015-04-15 05:07 - 2010-03-24 08:22 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-15 05:07 - 2010-03-24 08:22 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-14 14:53 - 2011-12-26 12:27 - 00000000 __SHD () C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2015-04-14 14:46 - 2010-02-19 22:54 - 00000000 ____D () C:\Users\Home\AppData\Roaming\TuneUp Software
2015-04-14 14:13 - 2015-02-06 19:23 - 00000000 ____D () C:\Users\Home\AppData\Roaming\dlg
2015-04-14 14:10 - 2013-08-07 19:56 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-04-14 14:04 - 2014-05-28 20:54 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-04-14 12:25 - 2013-11-19 11:52 - 00000000 ____D () C:\Program Files\OXXOGames
2015-04-14 12:10 - 2013-10-27 12:06 - 00000000 ____D () C:\Users\Home\AppData\Local\Microsoft Games
2015-04-14 11:43 - 2013-04-27 13:46 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2015-04-14 10:39 - 2011-01-14 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-14 10:28 - 2011-04-16 14:49 - 00000000 __HDC () C:\ProgramData\{53238C6C-48A3-4507-BBBB-C8A8D54603CF}
2015-04-14 10:28 - 2010-02-28 14:50 - 00000000 ____D () C:\Users\Home\AppData\Local\Downloaded Installations
2015-04-14 10:19 - 2010-02-19 22:51 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-04-14 08:47 - 2014-03-21 10:32 - 00000000 ____D () C:\Users\Home\AppData\Roaming\com.Rhapsody.Napster5
2015-04-12 14:19 - 2012-04-10 11:46 - 00000000 ____D () C:\Users\DefaultAppPool
2015-04-12 14:19 - 2011-09-26 22:01 - 00000000 ____D () C:\Users\Classic .NET AppPool
2015-04-12 12:01 - 2012-07-13 21:50 - 00000000 ____D () C:\Users\Gast
2015-04-11 10:28 - 2010-02-19 20:23 - 00000000 ____D () C:\Program Files\Adobe
2015-04-10 12:03 - 2014-04-09 22:34 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-10 12:02 - 2014-10-29 10:39 - 00000000 ____D () C:\Program Files\Garmin
2015-04-10 12:01 - 2014-10-29 10:12 - 00000000 ____D () C:\ProgramData\Garmin
2015-04-10 12:00 - 2014-10-29 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-04-09 09:50 - 2014-07-05 19:39 - 00000000 ____D () C:\Users\Home\AppData\Local\Adobe
2015-04-08 16:01 - 2009-07-14 06:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-04-07 09:20 - 2014-06-02 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2015-04-06 18:48 - 2011-05-07 17:48 - 00000000 ____D () C:\Users\Home\AppData\Roaming\SoftMaker
2015-04-06 18:27 - 2015-02-11 17:03 - 00000000 ____D () C:\Program Files\SoftMaker Office Home & Business 2012
2015-04-05 10:22 - 2012-03-22 10:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CD to MP3 Freeware

==================== Files in the root of some directories =======

2011-10-03 20:14 - 2014-10-17 13:36 - 0000030 _____ () C:\Program Files\Exiferupdate.ini
2014-06-29 21:36 - 2014-07-02 17:25 - 5082084 _____ (The Public) C:\Users\Home\AppData\Roaming\Avisynth.exe
2014-06-29 21:36 - 2014-07-02 17:26 - 5243208 _____ (                                                            ) C:\Users\Home\AppData\Roaming\AvsP.exe
2010-02-19 19:04 - 2010-02-19 19:04 - 0000054 _____ () C:\Users\Home\AppData\Roaming\burnaware.ini
2014-08-18 18:55 - 2015-01-02 20:17 - 0000100 _____ () C:\Users\Home\AppData\Roaming\Camdata.ini
2014-08-18 18:55 - 2015-01-02 20:17 - 0000408 _____ () C:\Users\Home\AppData\Roaming\CamLayout.ini
2014-08-18 18:55 - 2015-01-02 20:17 - 0000408 _____ () C:\Users\Home\AppData\Roaming\CamShapes.ini
2014-08-19 16:30 - 2015-01-02 20:17 - 0004546 _____ () C:\Users\Home\AppData\Roaming\CamStudio.cfg
2012-03-22 10:20 - 2015-04-30 10:30 - 0000040 _____ () C:\Users\Home\AppData\Roaming\cdr.ini
2014-06-29 21:36 - 2014-07-02 17:26 - 5514668 _____ (LIGHTNING UK!) C:\Users\Home\AppData\Roaming\Imgburn.exe
2014-01-21 09:23 - 2015-04-30 14:55 - 0087608 _____ () C:\Users\Home\AppData\Roaming\inst.exe
2014-06-29 21:36 - 2014-07-02 17:26 - 1357348 _____ () C:\Users\Home\AppData\Roaming\MatroskaSplitter.exe
2014-01-21 09:23 - 2015-04-30 14:55 - 0007887 _____ () C:\Users\Home\AppData\Roaming\pcouffin.cat
2014-01-21 09:23 - 2015-04-30 14:55 - 0001144 _____ () C:\Users\Home\AppData\Roaming\pcouffin.inf
2014-01-21 09:25 - 2015-04-30 14:55 - 0000033 _____ () C:\Users\Home\AppData\Roaming\pcouffin.log
2014-01-21 09:23 - 2015-04-30 14:55 - 0047360 _____ (VSO Software) C:\Users\Home\AppData\Roaming\pcouffin.sys
2013-05-01 17:06 - 2013-05-01 19:54 - 0000154 _____ () C:\Users\Home\AppData\Roaming\Safer-Networking.log
2014-06-29 21:36 - 2014-07-02 17:26 - 7760687 _____ (Boraxsoft) C:\Users\Home\AppData\Roaming\SetupGFD.exe
2014-08-18 18:52 - 2015-01-02 20:11 - 0000096 _____ () C:\Users\Home\AppData\Roaming\version2.xml
2013-08-02 20:30 - 2013-09-21 12:32 - 0000099 _____ () C:\Users\Home\AppData\Roaming\WB.CFG
2014-06-29 21:36 - 2014-07-02 17:26 - 0117723 _____ () C:\Users\Home\AppData\Roaming\yuvcodecs-1.3.exe
2011-10-29 09:51 - 2014-01-16 18:03 - 0008704 _____ () C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-17 21:12 - 2014-08-17 21:12 - 0007634 _____ () C:\Users\Home\AppData\Local\Resmon.ResmonCfg
2011-12-26 12:53 - 2011-12-26 12:53 - 0017408 _____ () C:\Users\Home\AppData\Local\WebpageIcons.db
2015-04-30 14:46 - 2015-04-30 16:30 - 0000085 ___SH () C:\ProgramData\.zreglib
2013-10-19 21:32 - 2013-10-19 21:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2010-09-09 09:39 - 2010-09-09 09:39 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Some content of TEMP:
====================
C:\Users\Home\AppData\Local\Temp\mpegc.dll
C:\Users\Home\AppData\Local\Temp\mpegm.dll
C:\Users\Home\AppData\Local\Temp\Quarantine.exe
C:\Users\Home\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-24 10:50

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 02.05.2015, 12:58   #4
demisto
 
sm.de - wie werde ich das wieder los? - Standard

sm.de - wie werde ich das wieder los?



Und hier der addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-04-2015 01
Ran by Home at 2015-05-02 10:33:49
Running from C:\Users\Home\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3719280737-1325245270-1685948379-500 - Administrator - Disabled)
Gast (S-1-5-21-3719280737-1325245270-1685948379-501 - Limited - Enabled) => C:\Users\Gast
Home (S-1-5-21-3719280737-1325245270-1685948379-1001 - Administrator - Enabled) => C:\Users\Home
HomeGroupUser$ (S-1-5-21-3719280737-1325245270-1685948379-1008 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
ABBYY FineReader 5.0 Pro (HKLM\...\ABBYY FineReader 5.0 Pro) (Version: 5.0 - ABBYY Software House)
abramania mahjongg freeware 1.0 (HKLM\...\abramania mahjongg freeware 1.0) (Version: 1.0 - abramedia)
Accent OFFICE Password Recovery 4.0 (HKLM\...\Accent OFFICE Password Recovery_is1) (Version: 4.0 - AccentSoft Team)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Renamer (HKLM\...\Advanced Renamer_is1) (Version: 3.64 - Hulubulu Software)
Agent Ransack (HKLM\...\{8B51F879-18C4-4C37-8D2B-E340AEE7AACB}) (Version: 7.0.828.1 - Mythicsoft Ltd)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Any DVD Converter Professional 5.8.0 (HKLM\...\Any DVD Converter Professional_is1) (Version:  - Any-DVD-Converter.com)
Apowersoft Bildschirmrekorder Pro V1.3.2 (HKLM\...\{BADAA284-1D15-4EBB-B1E5-7C86603CDBBB}_is1) (Version: 1.3.2 - Apowersoft)
Ashampoo Burning Studio 2014 v.12.0.5 (HKLM\...\{91B33C97-280F-B76D-E27B-E712D7041B76}_is1) (Version: 12.0.5 - Ashampoo GmbH & Co. KG)
ATI AVIVO Codecs (Version: 11.6.0.51118 - ATI Technologies Inc.) Hidden
ATI Catalyst Registration (Version: 3.00.0000 - ATI Technologies Inc.) Hidden
ATI Problem Report Wizard (Version: 3.0.800.0 - ATI Technologies) Hidden
Avery Zweckform DesignPro 2000 (HKLM\...\DesignPro) (Version:  - )
AviSynth 2.6 (HKLM\...\AviSynth) (Version: 2.6.0.2 - GPL Public release.)
AVM FRITZ!Box Dokumentation (HKLM\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
AvsP (HKLM\...\AvsP_is1) (Version:  - )
Bluesoleil2.6.0.1 Release 070402 (HKLM\...\{11B5E957-FCF2-469D-AB66-963C38134231}) (Version: 2.6.0.1 Release 070402 - IVT Corporation)
CameraHelperMsi (Version: 13.31.1038.0 - Logitech) Hidden
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version:  - )
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version:  - )
Canon iP4900 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4900_series) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon RAW Codec (HKLM\...\Canon RAW Codec) (Version: 1.4.1.44 - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version:  - )
Canon Utilities Easy-PrintToolBox (HKLM\...\Easy-PrintToolBox) (Version:  - )
Canon Utilities File Viewer Utility 1.3 (HKLM\...\InstallShield_{74344F10-34CA-480E-BD02-B3F4FA692BFA}) (Version: 1.3.1 - Canon)
Canon Utilities PhotoStitch 3.1 (HKLM\...\InstallShield_{F11A403B-0DE9-4953-B790-7A2F014FBB2B}) (Version: 3.1.10 - Canon)
CCleaner (HKLM\...\CCleaner) (Version: 3.04 - Piriform)
CDex - Open Source Digital Audio CD Extractor (HKLM\...\CDex) (Version: 1.77.0.2015 - Georgy Berdyshev)
CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version:  - )
C-Media USB Mass Storage Driver (HKLM\...\C-Media Card Reader Driver) (Version:  - )
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CorelDRAW Graphics Suite X4 - Capture (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Content (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Draw (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Filters (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - FontNav (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics SUite X4 - ICA (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - IPM (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang BR (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang CZ (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang DE (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang EN (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang ES (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang FR (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang IT (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang NL (Version: 14.2 - Uw bedrijfsnaam) Hidden
CorelDRAW Graphics Suite X4 - Lang PL (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang SU (Version: 14.2 - Yrityksen nimi) Hidden
CorelDRAW Graphics Suite X4 - Lang SV (Version: 14.2 - Ditt företagsnamn) Hidden
CorelDRAW Graphics Suite X4 - PP (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - VBA (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 (Version: 14.2 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (HKLM\...\_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}) (Version:  - Corel Corporation)
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (Version: 1.1 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X4 (HKLM\...\_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}) (Version:  - Corel Corporation)
CyberLink PowerDirector 11 (HKLM\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.2707 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.3206 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DATA BECKER CD-DVD Druckerei 8 (HKLM\...\CD-DVD Druckerei 8_is1) (Version: 8.10.0.0 - DATA BECKER GmbH & Co. KG)
DATA BECKER MPEG2 Video Encoder (HKLM\...\MPEG2 Video Encoder_is1) (Version:  - )
DATA BECKER Stream Catcher 2 FREE (HKLM\...\Stream Catcher 2 FREE_is1) (Version:  - )
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
Dropbox (HKU\S-1-5-21-3719280737-1325245270-1685948379-1001\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
Duplicate Email Remover (HKLM\...\{7AA36634-4324-4EF4-8C0C-D8EF1FC2BEA4}) (Version: 2.16.0 - MAPILab Ltd.)
DVD Shrink 3.2 deutsch (HKLM\...\DVD Shrink DE_is1) (Version:  - DVD Shrink)
Easy-WebPrint (HKLM\...\Easy-WebPrint) (Version:  - )
Elevated Installer (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
ElsterFormular (HKLM\...\ElsterFormular) (Version: 16.1.20150309 - Landesfinanzdirektion Thüringen)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
EPSON Smart Panel (HKLM\...\{6C11D561-620B-47DA-A693-4C597F3CDF40}) (Version:  - )
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Exif Pilot 4.7 (HKLM\...\Exif Pilot_is1) (Version: 4.7 - Two Pilots)
Exifer (HKLM\...\Exifer_is1) (Version:  - Friedemann Schmidt)
exPressIT (HKLM\...\exPressIT) (Version:  - )
File Viewer Utility 1.3.1 (Version: 1.3.1 - Canon) Hidden
Firebird SQL Server - MAGIX Edition (HKLM\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
FixFoto 3.50 (HKLM\...\FixFoto_is1) (Version:  - Joachim Koopmann Software)
FormatFactory 3.3.5.0 (HKLM\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
Fotogalerie (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free Audio Converter version 5.0.46.820 (HKLM\...\Free Audio Converter_is1) (Version: 5.0.46.820 - DVDVideoSoft Ltd.)
Free CD to MP3 Converter (HKLM\...\Free CD to MP3 Converter) (Version:  - Eusing Software)
Free DVD MP3 Ripper 1.12 (HKLM\...\Free DVD MP3 Ripper_is1) (Version:  - Jodix Technologies Ltd.)
Free DVD Video Converter version 2.0.25.415 (HKLM\...\Free DVD Video Converter_is1) (Version: 2.0.25.415 - DVDVideoSoft Ltd.)
Free MP4 Video Converter version 5.0.44.623 (HKLM\...\Free MP4 Video Converter_is1) (Version: 5.0.44.623 - DVDVideoSoft Ltd.)
Free Screen Video Recorder version 2.5.36.806 (HKLM\...\Free Screen Video Recorder_is1) (Version: 2.5.36.806 - DVDVideoSoft Ltd.)
Free Video to JPG Converter version 5.0.32.1230 (HKLM\...\Free Video to JPG Converter_is1) (Version: 5.0.32.1230 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.56.324 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.56.324 - DVDVideoSoft Ltd.)
FreeDoko 0.7.12 (HKLM\...\FreeDoko) (Version: 0.7.12 - Borg Enders und Diether Knof)
Freemake Video Converter Version 4.1.6 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.6 - Ellora Assets Corporation)
FreeOCR v4.2 (HKLM\...\freeocr_is1) (Version:  - )
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version:  - )
Garmin City Navigator Europe NTU 2015.30 (HKLM\...\{63F1BF21-7435-4055-AA71-7ED2B7948C8C}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{50755d67-ae60-4e47-b3d6-ce44d01b5a95}) (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
GLUCOFACTS(TM) Deluxe (HKLM\...\{4B1E59A2-A053-4911-896D-1EB84A3E48D1}) (Version: 3.07.03 - Bayer HealthCare)
GLUCOFACTS(TM) Deluxe Smart Launch (HKLM\...\{D21D372C-BAE1-4F6A-98F5-E66DDBF327FB}) (Version: 1.24.01 - Bayer HealthCare)
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GPL Ghostscript 8.71 (HKLM\...\GPL Ghostscript 8.71) (Version:  - )
GUI for dvdauthor 1.07 (HKLM\...\GUI for dvdauthor) (Version: 1.07 - Boraxsoft)
Haali Media Splitter (HKLM\...\HaaliMkx) (Version:  - )
Helix YUV Codecs (remove only) (HKLM\...\HelixYUVCodecs) (Version:  - )
honestech VHS to DVD 2.0 SE (HKLM\...\{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}) (Version: 2.0 - honestech)
HydraVision (Version: 4.2.184.0 - ATI Technologies Inc.) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Kalenderchen 5 (HKLM\...\{11464943-4682-4F6B-A96D-D4E8C26DD111}_is1) (Version:  - Daniel Manger)
Kaspersky Internet Security 2013 (HKLM\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Internet Security 2013 (Version: 13.0.1.4190 - Kaspersky Lab) Hidden
K-Lite Codec Pack 10.5.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.5.0 - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
Logitech SetPoint 6.51 (HKLM\...\sp6) (Version: 6.51.8 - Logitech)
Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam-Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.31 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Max Uninstaller version 2.0 (HKLM\...\{C7022C9B-4DE0-4A57-B395-ED3BFDB78D73}_is1) (Version: 2.0 - hxxp://www.maxuninstaller.com/)
MD Exif 1.3 (HKLM\...\MD Exif_is1) (Version:  - Stefan Göppert Softwareentwicklung)
MediaMonkey 4.1 (HKLM\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
MEDION GoPal Assistant (HKLM\...\{B9D45A76-61DF-4387-B0FE-CA165D582B57}) (Version: 6.3.6.13143 - MEDION)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft GIF Animator (HKLM\...\GIF Animator) (Version:  - )
Microsoft Office Converter Pack (HKLM\...\Microsoft Office Converter Pack) (Version:  - )
Microsoft Office Word Viewer 2003 (HKLM\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.4 (x86 de) (HKLM\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0.4 - Mozilla)
Mozilla Thunderbird 17.0.8 (x86 de) (HKLM\...\Mozilla Thunderbird 17.0.8 (x86 de)) (Version: 17.0.8 - Mozilla)
Mp3tag v2.69 (HKLM\...\Mp3tag) (Version: v2.69 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Napster 5.0 Beta (HKLM\...\com.Rhapsody.Napster5) (Version: 1.0.29 - Rhapsody International Inc)
Napster 5.0 Beta (Version: 1.0.29 - Rhapsody International Inc) Hidden
Napster Rienf Repair (HKLM\...\{7FF8A00B-5FA7-4BD4-A6B9-131CE0D1FC11}) (Version: 1.1.9 - NA)
Napster v2.0 BETA 10.4 (HKLM\...\Napster v2.0 BETA 10.4) (Version:  - )
Newblue Art Effects for PowerDirector (HKLM\...\NewBlue Art Effects for PowerDirector) (Version: 2.0 - NewBlue)
OEXtract 1.0 (Testversion) (HKLM\...\OEXtract - Dateireader für Outlook Express (Testversion)_is1) (Version:  - Priotecs Software)
OEXtract 1.0 (Vollversion) (HKLM\...\OEXtract - Dateireader für Outlook Express (Vollversion)_is1) (Version:  - Priotecs Software)
Office Password Recovery PRO v1.0 (remove only) (HKLM\...\Password Solutions - Office Password Recovery PRO) (Version: 1.0 - Password Solutions)
OpenOffice 4.1.0 (HKLM\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC)
PassportPhoto (remove) (HKU\S-1-5-21-3719280737-1325245270-1685948379-1001\...\PassportPhoto) (Version:  - )
Patrizier II Gold (HKLM\...\Patrizier II Gold_is1) (Version:  - )
PDF Blender (HKLM\...\PDF Blender) (Version:  - )
PDF Editor 4 (HKLM\...\PDF Editor 4) (Version:  - )
PDF To JPG 2.0 (HKLM\...\PDF To JPG_is1) (Version:  - PDF To JPG)
PDF24 Creator 6.9.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDF2Word 1.0 (HKLM\...\PDF2Word 1.0) (Version:  - )
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.2 - pdfforge)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
PhotoStitch (Version: 3.1.10 - Canon) Hidden
PrintProfi CD-Label (HKLM\...\{F336E5BC-6281-4ECD-8CA8-38D158D0AEAE}) (Version:  - )
Protect Disc License Helper 1.0.125 (IE) (HKU\.DEFAULT\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc)
Quick Player 2010 2.3 (HKLM\...\Quick Player 2010 2.3) (Version:  - )
QuickSteuer 2015 (HKLM\...\{49E0E0CA-C817-49C8-861B-B766599BCB96}) (Version: 20.33.156 - Haufe-Lexware GmbH & Co.KG)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Royal Doppelkopf (HKLM\...\{75EA97E2-BAD7-45DF-8196-82A828BF47DC}) (Version: 1.0.9 - <no manufacturer>)
Screen Recorder 1 (HKLM\...\Screen Recorder 1) (Version:  - )
SDP Downloader (HKLM\...\{B547CB8D-549A-436E-97B5-E79F911B11E2}) (Version: 2.3.0 - SDP Multimedia)
Skat 2095 Special Edition V2.0 (HKLM\...\Skat 2095 Special Edition V2.0_is1) (Version:  - )
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartSound Quicktracks 5 (HKLM\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (Version: 5.1.8 - SmartSound Software Inc.) Hidden
SMI USB Grabber (HKLM\...\{B03B98E3-2795-48F6-BA33-793BBF5DF685}) (Version: 1.0.0.02 - Somagic Inc)
SoftMaker Office Standard 2012 (HKLM\...\{8EBB8452-274B-465D-8324-00B0832FBB02}) (Version: 12.0.3493 - SoftMaker Software GmbH)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
Startfenster (HKLM\...\Startfenster) (Version:  - Startfenster)
Switch Audiodatei-Konverter (HKLM\...\Switch) (Version: 4.77 - NCH Software)
Technotrend Viewer (HKLM\...\TT-Viewer_is1) (Version:  - CM&V)
The Lord of the Rings FREE Trial  (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Tipard TS Converter 7.1.52 (HKLM\...\{2D85A23D-06EF-4df2-BF09-B39AEDAE9140}_is1) (Version: 7.1.52 - Tipard Studio)
TKexe designer (HKU\S-1-5-21-3719280737-1325245270-1685948379-1001\...\c4db908bc0b92124) (Version: 2.0.1.25 - TKexe Printservice)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 7.50a - Ghisler Software GmbH)
Trojan Killer (HKLM\...\GridinSoft Trojan Killer) (Version: 2.2.7.1 - GridinSoft LLC)
TSDoctor (HKLM\...\{B737ED31-760E-444A-A696-3D8DB8988412}) (Version: 1.2.116 - Cypheros)
Tunatic (HKLM\...\Tunatic) (Version:  - )
TuneUp Utilities 2012 (HKLM\...\TuneUp Utilities 2012) (Version: 12.0.3600.171 - TuneUp Software)
TuneUp Utilities 2012 (Version: 12.0.3600.171 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (Version: 12.0.3600.171 - TuneUp Software) Hidden
UltraMixer 2.4.6 (HKLM\...\{32E2F180-247C-4077-B06A-20F9868568E0}_is1) (Version: 2.4.6 - UltraMixer Digital Audio Solutions)
USB2.0 Grabber (HKLM\...\{45518B6D-9DDF-4144-83E4-A56762524F35}) (Version: 7.12.000.003 - Youyan)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VIDEO DVR (HKLM\...\{EBD0EE76-2CFC-4EE5-AFE6-7EEAA3B14332}) (Version: 2012.04.17 - -)
Videoload (HKU\S-1-5-21-3719280737-1325245270-1685948379-1001\...\1260033950.wcps.t-online.de) (Version:  - wcps.t-online.de)
Videoload Manager 2.0.2200 (HKLM\...\Videoload Manager) (Version: 2.0.2200 - T-Online)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VOB2MPG v3 (HKLM\...\{908B5359-244E-4E09-AA9F-DBF240679B46}) (Version: 3.2.2000 - BadgerIT)
WEB.DE MailCheck für Mozilla Firefox (HKLM\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 3.0.2.1739 - 1&1 Mail & Media GmbH)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Media Player Packages (HKU\S-1-5-21-3719280737-1325245270-1685948379-1001\...\Windows Media Player Packages) (Version:  - ) <==== ATTENTION
Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
Wondershare PDF Converter Pro (Build 4.0.5) (HKLM\...\{67CC8351-9D8B-4EDF-AAEE-B8CB17E5F3AC}_is1) (Version: 4.0.5 - Wondershare Software)
Wondershare Video Converter Ultimate(Build 7.1.0.2) (HKLM\...\Wondershare Video Converter Ultimate_is1) (Version: 7.1.0.2 - Wondershare Software)
XLS to DBF Converter 1.50 (HKLM\...\XLS to DBF Converter_is1) (Version:  - WhiteTown Software)
XMedia Recode Version 3.2.2.7 (HKLM\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.2.7 - XMedia Recode)
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0295691A-D674-4904-805C-BDFE165B4CA0}\localserver32 -> C:\Program Files\SoftMaker Office Standard 2012\PlanMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0295691A-D674-4904-805C-BDFE165B771B}\localserver32 -> C:\Program Files\SoftMaker Office Standard 2012\TextMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0AF398C8-E8E1-700c-2e0c-9348f8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0BA686AA-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0BA686AE-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0BA686AF-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0BA686B3-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0BA686B4-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0BA686B8-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0BA686B9-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0BA686BD-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0BA686BE-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0BA686C2-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0BA686C3-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0BA686C7-F7D3-101A-993E-0000C0EF6F5E}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0CD1A340-7FAB-04a4-3e71-d3d3f8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{0E7589F8-3F4A-21cc-08a8-cd01f8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{109D12C4-4EB6-1144-b843-753df8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{17A833B2-F647-f2f6-1b53-2d7cf8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32 -> C:\Windows\system32\MSWINSCK.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{27395F85-0C0C-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\PICCLP32.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{2EE319C4-8593-7fe0-edac-4b50f8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{2F155EE4-C332-11CD-B23C-0000C0058192}\InprocServer32 -> C:\Windows\system32\THREED32.OCX (Sheridan Software Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{30291A01-707C-11d0-B457-4446490043BF}\localserver32 -> C:\Program Files\SoftMaker Office Standard 2012\TextMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{3801CA43-C9A5-2cbd-2116-c251f8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{399254F2-670F-11D1-8092-0080ADB44B5C}\localserver32 -> C:\Program Files\SoftMaker Office Standard 2012\PlanMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{399254F3-670F-11D1-8092-0080ADB44B5C}\localserver32 -> C:\Program Files\SoftMaker Office Standard 2012\PlanMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{3A952499-3A8C-dc34-95da-f73bf8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{4735E322-568B-f1ec-6510-90e8f8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\Windows\system32\MSINET.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{4C735EC7-E94E-ac2f-8cd2-f37ff8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{4C756328-2F47-ca38-bda4-f1b2f8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{4CC24160-A50F-7270-3a75-75a4f8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{65027E39-AEAF-fac4-df5d-e6c2f8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{6E38DC65-4180-ca68-7cc4-f56bf8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{71B4EE53-E932-dbdd-61e5-3afbf8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{8a087491-5264-11d4-95F6-00A0CC3CCA14}\localserver32 -> C:\Program Files\SoftMaker Office Standard 2012\PlanMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{8A291A46-46B3-7292-63d5-9199f8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{8E932745-E80C-45f5-8423-df98f8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{A8C3B720-0B5A-101B-B22E-00AA0037B2FC}\InprocServer32 -> C:\Windows\system32\GRID32.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{AACA9EA2-6F92-008f-6ece-683ff8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{bf608490-5373-11d0-8efb-4446490043bf}\localserver32 -> C:\Program Files\SoftMaker Office Standard 2012\TextMaker.exe (SoftMaker Software GmbH)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{F4392542-0CFE-101B-B22E-00AA0037B2FC}\InprocServer32 -> C:\Windows\system32\GRID32.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{F6D87F96-D010-461a-0045-706ef8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{F78FB21B-A447-b845-9bb8-fc29f8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\COMDLG32.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3719280737-1325245270-1685948379-1001_Classes\CLSID\{FDECAF97-6F7B-451a-57f9-fbd8f8fd20df}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2014-07-02 00:21 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {013C0F72-E552-4AC4-A261-4CE541A9D031} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2014-04-25] (Safer-Networking Ltd.)
Task: {0772D220-C3AD-4369-BF74-16CDD08E68A2} - System32\Tasks\{02FD5746-A1F9-4486-B88D-85A3CF31B979} => pcalua.exe -a D:\Utilities\DirectX\dxsetup.exe -d D:\Utilities\DirectX
Task: {096C0D24-882C-4B08-8A24-05881A99FEF8} - System32\Tasks\{96135FEB-DB57-4E6D-89A0-647352254E78} => pcalua.exe -a C:\Users\Home\Downloads\irfanview_plugins_438_setup(1).exe -d C:\Users\Home\Downloads
Task: {0A362B58-ABBE-4DC7-8530-CF37EF39F5FE} - System32\Tasks\{B1C3AF6C-F07A-466E-A421-94FE223F0C06} => pcalua.exe -a C:\Users\Home\Downloads\APRO23_Win_ESD1_WWEFG.exe -d C:\Users\Home\Downloads
Task: {11765517-C21F-490D-8559-9ED4EB3EE79B} - System32\Tasks\{1DA0E4E6-85B3-4F07-94C1-E1C789D9039E} => pcalua.exe -a C:\downloads\Software\M_Pass_Finder(1).exe -d C:\downloads\Software
Task: {124F544D-9EE7-45CB-99DA-89C8DB1AAD60} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe [2015-04-23] (GridinSoft LLC)
Task: {14405332-47DB-4652-A4D8-A9295175B6F0} - System32\Tasks\Divx-Online-Aktualisierungsprogramm => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2014-01-10] ()
Task: {165EA01E-9226-448F-8BB9-164965894571} - System32\Tasks\{F19FB522-684E-4D87-9CC7-1FF2AED5EE10} => pcalua.exe -a D:\Drivers\Setup.exe -d D:\Drivers
Task: {1A08B7A0-E798-46A1-9DC6-E16F33560879} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-04-25] (Safer-Networking Ltd.)
Task: {1E837AFF-C50D-453A-9EB4-C263E28FA3A5} - System32\Tasks\{EEDB1D99-8E90-4017-A256-FB9267BF88AD} => pcalua.exe -a H:\Computer\CStartup\CStartUp.EXE -d H:\Computer\CStartup
Task: {210056DE-CCF2-495E-838F-83AC058DFF5F} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
Task: {2698C28E-78A4-4985-A55F-6D39C7BDF198} - System32\Tasks\{258712A6-52C4-4CA3-9D65-4426E197812A} => pcalua.exe -a H:\Computer\Downloads-neu\dp2000_3-5.exe -d H:\Computer\Downloads-neu
Task: {2793310B-63B4-48C1-9F5D-CCADFFB9687B} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3719280737-1325245270-1685948379-1001 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {2A5D720E-212E-495D-A0E0-6B7E5EF39DA8} - System32\Tasks\{19000F55-88D1-436B-A67C-734768091901} => C:\Program Files\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {3AE8DAF0-2D1C-494D-9967-15004C2D604A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {4303196B-CE7A-4476-A274-7495241EEAC8} - System32\Tasks\{1B29FBC3-0BC8-465D-B65D-D94C4534B9D3} => pcalua.exe -a D:\Utilities\SonyMPEG\install.exe -d D:\Utilities\SonyMPEG
Task: {44ED2D9B-1558-44E3-9CBF-7678577AC928} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3719280737-1325245270-1685948379-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {484BA704-22AE-42F2-AE98-9D79FCA3DCA0} - System32\Tasks\{FAC3CBCF-CA94-4C0A-B4D9-CA10B847768E} => pcalua.exe -a D:\Setup\Setup.exe -d D:\Setup
Task: {4CCE5242-F799-400D-B90C-409B34D8A902} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3719280737-1325245270-1685948379-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {4EC4FC41-A35F-4D55-BB38-D63FBE3F7D17} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {502A2562-69BD-47E3-9976-53522A532C1C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {5D0EBAC6-B9A5-4753-9AC0-3D7E1601AB7B} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {5E8E6AEE-724B-4517-BFCC-2757A3CC18F8} - System32\Tasks\{C75D6492-A1E3-4017-BF59-AC81F249092B} => pcalua.exe -a "C:\Program Files\Lavalys\EVEREST Home Edition\everest.exe" -d C:\Users\Home\Desktop
Task: {60D16A13-6AB1-4308-A615-064027883850} - System32\Tasks\{9E29FF12-276E-4F58-826A-6C7DDD6A07C9} => pcalua.exe -a K:\Computer\CStartup\CStartUp.EXE -d K:\Computer\CStartup
Task: {62CA084E-455A-4DF5-8405-029FA6741C73} - System32\Tasks\{5B9F00C7-19A6-4104-944D-3B067D17D2C8} => pcalua.exe -a C:\Users\Home\Desktop\Integrated_BrotherSoft_TB.exe -d C:\Users\Home\Desktop
Task: {6356851D-5F35-4EFB-B03C-8355282D9388} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {6B357A0F-9069-415B-9377-E4BFF2D5391E} - System32\Tasks\{F2C97F45-3879-47ED-A783-1C76CE1A41C0} => pcalua.exe -a W:\Werkzeuge\Q-sonic\Drivers\Setup.exe -d W:\Werkzeuge\Q-sonic\Drivers
Task: {77693F8B-84FA-4B65-8FAB-F7ACC2D49F8E} - System32\Tasks\{3677C788-B53D-4E82-99B3-A5797F018680} => pcalua.exe -a C:\Users\Home\Downloads\irfanview_plugins_436_setup.exe -d C:\Users\Home\Downloads
Task: {77A04416-3991-4B96-8E3B-A8D35BF222D2} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3719280737-1325245270-1685948379-1001 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: {7F5070D9-2D3F-4495-859B-B9B0DEB8B2CF} - System32\Tasks\Real Player-Online-Aktualisierungsprogramm => C:\Program Files\Real\RealPlayer\update\realsched.exe
Task: {81563AA5-0CD8-4E32-8C22-1D35D86A8D7A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {8899C3B4-241D-438D-A9EC-0A2615D397F8} - System32\Tasks\{515A30A9-1E46-49B2-AAA7-21BDB43C4F18} => pcalua.exe -a "C:\Program Files\TechniSat DVB\bin\Setup4PC.exe" -d "C:\Program Files\TechniSat DVB\bin"
Task: {8D28C47C-37F5-4857-A914-C7AEB8D7241B} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3719280737-1325245270-1685948379-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {9E684E3C-7993-4CCE-AA8A-C8CBDCF441E3} - System32\Tasks\{2A75B433-1734-4C90-A867-9E3FEDDD7CDD} => pcalua.exe -a N:\Computer\CStartup\CStartUp.EXE -d n:\Computer\CStartup
Task: {AA407090-3662-4AF2-B924-16E9CC3BEEF4} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
Task: {AEBAB572-2025-4EA7-B3FA-49ACD6F32951} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3719280737-1325245270-1685948379-1001 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {AFD40DB1-CE00-4000-B0DA-1CB57C9B7D0C} - System32\Tasks\{EFDF58DF-BFBA-46A4-858E-C3CD60EC11AD} => pcalua.exe -a "C:\Users\Home\Downloads\PC Drivers HeadQuarters\Driver Detective\mcekit_setup.exe" -d "C:\Users\Home\Downloads\PC Drivers HeadQuarters\Driver Detective"
Task: {B21F7E5C-3600-4394-8979-07BD6EE1FF36} - System32\Tasks\{335DFFD1-0167-424E-8235-C73364469415} => pcalua.exe -a "D:\Utilities\Flash Player\flashplayer7_winax.exe" -d "D:\Utilities\Flash Player"
Task: {B542E1AA-1A38-446F-975F-E899C138F39A} - System32\Tasks\{C28788E7-581B-4B90-97C2-0099D4888DD8} => pcalua.exe -a C:\Users\Home\Downloads\irfanview_plugins_433_setup(1).exe -d C:\Users\Home\Downloads
Task: {B6A431E7-F5C7-46A3-B033-5C33159D3C01} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-04-25] (Safer-Networking Ltd.)
Task: {BCAE2D8F-D45C-41B2-9F03-7EFE5348E72D} - System32\Tasks\{2D9278F9-DE03-488F-8AD7-415C7F96541D} => pcalua.exe -a C:\Users\Home\AppData\Local\Temp\Winload.exe -d C:\Downloads -c /s -silent -DefaultSearch=FALSE  -StartPage=FALSE      -showPersonalCompDialog=FALSE
Task: {C5F7DDA3-15DD-4239-A281-6CDAB48BAC22} - System32\Tasks\Sansa Dispatch => C:\Users\Home\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
Task: {CD04E532-D555-4513-90F5-5FEABCD07715} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3719280737-1325245270-1685948379-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {CE1B1105-A62A-4B59-AF86-18414B79A840} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {D7152DFE-3195-4C15-86EA-87BE7446F816} - System32\Tasks\Abelssoft\CheckDriveBackgroundGuard => C:\Program Files\CheckDrive\CheckDriveBackgroundGuard.exe
Task: {DB9A1A89-34B8-4631-9B93-2CE371D92AA0} - System32\Tasks\{F72BC835-1BEF-4643-A681-770E8114E46D} => pcalua.exe -a N:\Computer\eMAILS\OE-Kombi-Pack\Backup-Tool\setup.exe -d N:\Computer\eMAILS\OE-Kombi-Pack\Backup-Tool
Task: {DC2AC514-74CD-4ACF-A8E2-B3D9052057E9} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe
Task: {F355B065-DAB2-4A89-A31C-A3A1A4D47E81} - System32\Tasks\{46792AD2-76CE-4141-9EF6-3FD5C8CC6672} => pcalua.exe -a "C:\Program Files\Babylon\Babylon-Pro\Utils\uninstbb.exe"
Task: {FDB5C640-1D6F-40B6-9853-D5915981F2BA} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {FE892AFB-0ADD-430D-A146-2D074E279272} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {FFF5226B-CC13-4F46-81DA-0CEFE1F0B19A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2012-01-24 16:03 - 2010-06-17 22:56 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files\Lexware\AAVUpdateManager\aavus.exe
2012-12-14 13:45 - 2012-12-14 13:45 - 01310136 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2015-03-17 13:43 - 2012-12-21 11:41 - 00254552 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2014-07-01 22:00 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-07-01 22:00 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-07-01 22:00 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-07-01 22:00 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-07-01 22:00 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2010-10-21 19:32 - 2010-03-15 12:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2003-09-16 17:50 - 2003-09-16 17:50 - 00229376 _____ () C:\Windows\System32\CmWatch.exe
2012-08-17 21:38 - 2012-08-17 21:38 - 00479160 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2014-07-05 10:09 - 2014-10-31 16:37 - 01498112 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-07-05 10:09 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2012-11-16 16:09 - 2012-11-16 16:09 - 00369152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:60466E88
AlternateDataStreams: C:\ProgramData\TEMP:A5B56640

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7865 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3719280737-1325245270-1685948379-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Home\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{E414FD12-D373-480C-81AD-B076819F3451}] => (Allow) D:\fsetup.exe
FirewallRules: [{D7DB5B33-FC81-4A9E-9576-8DB56EF932B5}] => (Allow) D:\fsetup.exe
FirewallRules: [{1BF225B8-8090-4230-AF69-F391C3DC8D8C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{B9AC60E0-F62C-4A6F-8079-79BDE7FF41AF}] => (Allow) C:\Program Files\Password Solutions\Office Password Recovery PRO\OfficePasswordRecoveryPRO.exe
FirewallRules: [{5AFE0747-1DB6-4658-AB05-55E081DF3665}] => (Allow) C:\Program Files\Password Solutions\Office Password Recovery PRO\OfficePasswordRecoveryPRO.exe
FirewallRules: [{81C39690-24BE-473C-B740-035686A3BD38}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{0DE6869C-0C62-4F46-BE43-56C00935003D}] => (Allow) C:\Program Files\Logitech\Vid HD\Vid.exe
FirewallRules: [{C6D56887-8C74-40B1-B9A9-50E3F08465D5}] => (Allow) C:\Program Files\Logitech\Vid HD\Vid.exe
FirewallRules: [{04F359E7-CA9F-49DD-8A55-DCF04DCF9A51}] => (Allow) C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FB621D64-8FE8-443D-BDC3-50969DCB2CA0}] => (Allow) C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{C686DC63-097F-4288-BA31-34AD511A8566}C:\users\home\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\home\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{786BACB4-225F-4176-B26E-B7F6C86F2A11}C:\users\home\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\home\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{55FB332D-8DA7-4D41-845A-585D5C355A68}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [UDP Query User{44360BBC-DEFF-4D4D-BFD6-EF11FE03C66C}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [TCP Query User{E95CFACC-58A1-4E99-BB82-4B8BA4D99C76}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{97C55EB5-D28D-4DBB-8BEF-6FD596939AB6}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{6081BCF4-659A-4BF4-9E02-45EBE26B3744}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{913D79B4-5AC3-414C-8A8A-8A57D8980CBB}] => (Allow) LPort=2869
FirewallRules: [{E52B857E-9976-4EDA-97D8-2A08A8B3D12C}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{7A008C18-F838-4C03-91B8-B3F712D15032}C:\program files\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [UDP Query User{40EE451A-A031-4C55-8C44-C54710101A6C}C:\program files\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [TCP Query User{BF937590-79B9-41B8-B6EA-B3C24AFDE0D3}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [UDP Query User{00231B14-50E5-4074-B18F-4A20EDD47E8A}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [TCP Query User{AECEC791-D4FC-4315-8BF5-4B01F4125BEE}C:\program files\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [UDP Query User{460CD571-FC36-41A1-A654-246B0A14BB6A}C:\program files\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [{D740BC39-CEFA-4C13-9618-03AFC5130F19}] => (Allow) C:\Program Files\Apowersoft\Apowersoft Screen Recorder Pro\Apowersoft Screen Recorder Pro.exe
FirewallRules: [{740BCFC3-FD35-4606-B112-2406DBC57497}] => (Allow) C:\Program Files\Apowersoft\Apowersoft Screen Recorder Pro\Apowersoft Screen Recorder Pro.exe
FirewallRules: [{F96A1494-BC1F-4CE5-8FE7-6172057128EF}] => (Allow) C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
FirewallRules: [{DD53377F-9B6C-49B9-AFFF-F2E48BB29B61}] => (Allow) C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
FirewallRules: [TCP Query User{85CF76EF-914C-4434-BAE8-55A3FF009293}C:\program files\wondershare\video converter ultimate\videoconverterultimate.exe] => (Allow) C:\program files\wondershare\video converter ultimate\videoconverterultimate.exe
FirewallRules: [UDP Query User{97BC8FF6-1DE8-4639-A28B-9150691E2BDA}C:\program files\wondershare\video converter ultimate\videoconverterultimate.exe] => (Allow) C:\program files\wondershare\video converter ultimate\videoconverterultimate.exe
FirewallRules: [{1120D557-4940-4B91-A465-C3B5286EB819}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{A7200B32-860D-424F-9F7C-25130C7BC6CC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{17C22E0F-960B-4D13-8B7F-E807ADB79703}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe] => Designer.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/02/2015 10:33:52 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (05/02/2015 10:33:52 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (05/02/2015 10:16:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DATA BECKER Update Service.exe, Version: 0.0.4.1, Zeitstempel: 0x4d89246b
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3c6
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000c3b93
ID des fehlerhaften Prozesses: 0xabc
Startzeit der fehlerhaften Anwendung: 0xDATA BECKER Update Service.exe0
Pfad der fehlerhaften Anwendung: DATA BECKER Update Service.exe1
Pfad des fehlerhaften Moduls: DATA BECKER Update Service.exe2
Berichtskennung: DATA BECKER Update Service.exe3

Error: (05/02/2015 09:35:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FreemakeVC.exe, Version 4.1.6.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1478

Startzeit: 01d0849e641f1633

Endzeit: 23

Anwendungspfad: C:\Program Files\Freemake\Freemake Video Converter\FreemakeVC.exe

Berichts-ID:

Error: (05/02/2015 08:08:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FreemakeVC.exe, Version 4.1.6.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 460

Startzeit: 01d0849dd9422dae

Endzeit: 31

Anwendungspfad: C:\Program Files\Freemake\Freemake Video Converter\FreemakeVC.exe

Berichts-ID:

Error: (05/02/2015 07:27:47 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/02/2015 07:22:30 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/02/2015 07:19:38 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/02/2015 07:18:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rundll32.exe_aepdu.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc637
Name des fehlerhaften Moduls: generaltel.dll, Version: 10.0.10037.0, Zeitstempel: 0x550d5182
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002c98e
ID des fehlerhaften Prozesses: 0xcec
Startzeit der fehlerhaften Anwendung: 0xrundll32.exe_aepdu.dll0
Pfad der fehlerhaften Anwendung: rundll32.exe_aepdu.dll1
Pfad des fehlerhaften Moduls: rundll32.exe_aepdu.dll2
Berichtskennung: rundll32.exe_aepdu.dll3

Error: (05/02/2015 07:08:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DATA BECKER Update Service.exe, Version: 0.0.4.1, Zeitstempel: 0x4d89246b
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3c6
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000c3b93
ID des fehlerhaften Prozesses: 0x864
Startzeit der fehlerhaften Anwendung: 0xDATA BECKER Update Service.exe0
Pfad der fehlerhaften Anwendung: DATA BECKER Update Service.exe1
Pfad des fehlerhaften Moduls: DATA BECKER Update Service.exe2
Berichtskennung: DATA BECKER Update Service.exe3


System errors:
=============
Error: (05/02/2015 10:21:26 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (05/02/2015 10:21:21 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (05/02/2015 10:11:28 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
amdkmafd

Error: (05/02/2015 10:11:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Pinnacle WDM PCTV Video Capture" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1058

Error: (05/02/2015 10:11:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Pinnacle WDM PCTV Audio Capture" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1058

Error: (05/02/2015 10:09:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" ist vom Dienst "Sicherheitscenter" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (05/02/2015 10:09:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Sicherheitscenter" ist vom Dienst "Windows-Verwaltungsinstrumentation" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1115

Error: (05/02/2015 10:09:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Druckwarteschlange" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (05/02/2015 10:09:57 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "Spooler" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (05/02/2015 10:09:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%5


Microsoft Office Sessions:
=========================
Error: (05/02/2015 10:33:52 AM) (Source: VSS) (EventID: 12292) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (05/02/2015 10:33:52 AM) (Source: VSS) (EventID: 13) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (05/02/2015 10:16:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: DATA BECKER Update Service.exe0.0.4.14d89246bntdll.dll6.1.7601.187985507b3c6c0000374000c3b93abc01d084b0412afe26C:\Program Files\Common Files\DATA BECKER Shared\DATA BECKER Update Service.exeC:\Windows\SYSTEM32\ntdll.dll81ab2b5a-f0a3-11e4-9b18-0009dd64401c

Error: (05/02/2015 09:35:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FreemakeVC.exe4.1.6.1147801d0849e641f163323C:\Program Files\Freemake\Freemake Video Converter\FreemakeVC.exe

Error: (05/02/2015 08:08:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FreemakeVC.exe4.1.6.146001d0849dd9422dae31C:\Program Files\Freemake\Freemake Video Converter\FreemakeVC.exe

Error: (05/02/2015 07:27:47 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\common files\logishrd\sp6_uninstall\tools\64\AddBrowsers.exe

Error: (05/02/2015 07:22:30 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\cyberlink\powerdirector11\muitransfer\MUIStartMenuX64.exe

Error: (05/02/2015 07:19:38 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar64.exe

Error: (05/02/2015 07:18:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_aepdu.dll6.1.7600.163854a5bc637generaltel.dll10.0.10037.0550d5182c00000050002c98ecec01d08495edc729e8C:\Windows\system32\rundll32.exeC:\Windows\system32\generaltel.dll9a5d5084-f08a-11e4-9377-0009dd64401c

Error: (05/02/2015 07:08:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: DATA BECKER Update Service.exe0.0.4.14d89246bntdll.dll6.1.7601.187985507b3c6c0000374000c3b9386401d08495ee5139b7C:\Program Files\Common Files\DATA BECKER Shared\DATA BECKER Update Service.exeC:\Windows\SYSTEM32\ntdll.dll38a7d6cd-f089-11e4-9377-0009dd64401c


CodeIntegrity Errors:
===================================
  Date: 2014-09-11 21:11:00.917
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-11 21:11:00.917
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-11 21:11:00.901
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-11 21:11:00.901
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-11 21:04:09.918
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-11 21:04:09.903
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-14 13:00:40.405
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-14 13:00:40.403
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-14 13:00:40.367
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-14 13:00:40.364
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 62%
Total physical RAM: 2046.42 MB
Available physical RAM: 768.2 MB
Total Pagefile: 4092.84 MB
Available Pagefile: 2403.32 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.19 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:149.05 GB) (Free:27.08 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RAINBOW) (CDROM) (Total:7.21 GB) (Free:0 GB) UDF
Drive f: (Umwandlung - Musik) (Fixed) (Total:1397.26 GB) (Free:1271.02 GB) NTFS
Drive g: (MEDIA-HDD) (Fixed) (Total:1397.26 GB) (Free:1287.95 GB) NTFS
Drive h: (Trek-Stor-Zwischenmaterial) (Fixed) (Total:76.69 GB) (Free:13.01 GB) NTFS
Drive i: (Intenso-Reserve) (Fixed) (Total:48.83 GB) (Free:48.7 GB) NTFS
Drive n: (Intenso-Computer) (Fixed) (Total:146.48 GB) (Free:75.3 GB) NTFS
Drive o: (Intenso-Familie) (Fixed) (Total:97.66 GB) (Free:69.86 GB) NTFS
Drive p: (Intenso-Foto-Archiv) (Fixed) (Total:146.48 GB) (Free:53.02 GB) NTFS
Drive q: (Intenso-Haus) (Fixed) (Total:24.41 GB) (Free:13.84 GB) NTFS
Drive r: (Intenso-Schreiberei) (Fixed) (Total:68.36 GB) (Free:60.13 GB) NTFS
Drive s: (Intenso-Burschenschaft) (Fixed) (Total:24.41 GB) (Free:22.11 GB) NTFS
Drive t: (Intenso-Musik) (Fixed) (Total:146.48 GB) (Free:84.59 GB) NTFS
Drive u: (Intenso-Polizei) (Fixed) (Total:24.41 GB) (Free:9.62 GB) NTFS
Drive v: (Intenso-Bekannte & Verwandte) (Fixed) (Total:87.89 GB) (Free:35.83 GB) NTFS
Drive w: (Intenso-Video&TV) (Fixed) (Total:91.66 GB) (Free:57.14 GB) NTFS
Drive x: (Intenso-JOKES) (Fixed) (Total:24.41 GB) (Free:23.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: E49C41A0)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 76.7 GB) (Disk ID: 49EFB767)
Partition 1: (Not Active) - (Size=76.7 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: DD09E70A)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (Size: 931.5 GB) (Disk ID: 14EE0B66)
Partition 1: (Not Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=638.5 GB) - (Type=OF Extended)

==================== End Of Log ============================
         
Danke!

Alt 02.05.2015, 13:30   #5
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
sm.de - wie werde ich das wieder los? - Standard

sm.de - wie werde ich das wieder los?



Hi,

Schritt 1

Bitte deinstalliere folgende Programme:

Java 8 Update 31


Versuche es bei Windows 7 zunächst über Systemsteuerung/Programme deinstallieren.

Sollte das nicht gehen, lade Dir bitte Revo Uninstallerhier herunter. Entpacke die zip-Datei auf den Desktop. Anleitung
  • Starte die Revouninstaller.exe
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den oben angegebenen Programmen und wähle sie einzeln aus.
    Klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

Wenn Du ein Programm nicht deinstallieren kannst, mach mit dem nächsten weiter.
Auch wenn am Ende noch Programme übrig geblieben sind, führe den nächsten Schritt aus:

Schritt 2
  • Schließe alle offenen Programme und Browser.
  • Starte bitte Adwcleaner.
  • Klicke auf Suchen und warte, bis der Suchlauf abgeschlossen ist.
  • Klicke nun auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
    Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Sx].txt. (x = fortlaufende Nummer).

Schritt 3

  • Download und Anleitung
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
  • Unter Einstellungen/ Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
  • Gehe zurück zum Armaturenbrett und klicke auf "Jetzt scannen".
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben und poste mir das Log.

__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 02.05.2015, 17:39   #6
demisto
 
sm.de - wie werde ich das wieder los? - Standard

sm.de - wie werde ich das wieder los?



Nach 2. (AdwCleaner.txt)
Code:
ATTFilter
# AdwCleaner v4.203 - Bericht erstellt 02/05/2015 um 18:21:43
# Aktualisiert 30/04/2015 von Xplode
# Datenbank : 2015-05-02.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x86)
# Benutzername : Home - HOME-OFFICE
# Gestarted von : C:\Users\Home\Desktop\adwcleaner_4.203.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17728


-\\ Mozilla Firefox v36.0.4 (x86 de)

[hl47song.default-1391114288471\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml");

-\\ Google Chrome v42.0.2311.135


*************************

AdwCleaner[R0].txt - [33635 Bytes] - [01/09/2013 01:37:00]
AdwCleaner[R10].txt - [1986 Bytes] - [02/05/2015 10:07:53]
AdwCleaner[R11].txt - [2105 Bytes] - [02/05/2015 18:20:00]
AdwCleaner[R1].txt - [16686 Bytes] - [02/10/2013 07:56:49]
AdwCleaner[R2].txt - [10352 Bytes] - [02/10/2013 23:02:11]
AdwCleaner[R3].txt - [30063 Bytes] - [22/10/2013 21:40:07]
AdwCleaner[R4].txt - [14760 Bytes] - [22/10/2013 22:38:44]
AdwCleaner[R5].txt - [7013 Bytes] - [23/10/2013 21:02:31]
AdwCleaner[R6].txt - [7098 Bytes] - [24/10/2013 12:28:51]
AdwCleaner[R7].txt - [1823 Bytes] - [01/05/2015 23:37:19]
AdwCleaner[R8].txt - [1869 Bytes] - [02/05/2015 09:40:17]
AdwCleaner[R9].txt - [1926 Bytes] - [02/05/2015 10:04:01]
AdwCleaner[S0].txt - [30681 Bytes] - [01/09/2013 01:39:01]
AdwCleaner[S1].txt - [16795 Bytes] - [02/10/2013 08:00:30]
AdwCleaner[S2].txt - [8586 Bytes] - [02/10/2013 23:05:11]
AdwCleaner[S3].txt - [30171 Bytes] - [22/10/2013 21:42:10]
AdwCleaner[S4].txt - [14073 Bytes] - [22/10/2013 22:39:30]
AdwCleaner[S5].txt - [6945 Bytes] - [23/10/2013 21:03:46]
AdwCleaner[S6].txt - [3885 Bytes] - [24/10/2013 12:32:20]
AdwCleaner[S7].txt - [2054 Bytes] - [02/05/2015 10:08:57]
AdwCleaner[S8].txt - [2034 Bytes] - [02/05/2015 18:21:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [2093  Bytes] ##########
         
Nun weiter mit Malwarebyte...
Ich bin zuversichtlich ;-)

Alt 02.05.2015, 18:31   #7
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
sm.de - wie werde ich das wieder los? - Standard

sm.de - wie werde ich das wieder los?



OK...
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 02.05.2015, 19:08   #8
demisto
 
sm.de - wie werde ich das wieder los? - Standard

sm.de - wie werde ich das wieder los?



Habe ich etwas falsch gemacht?

Alles funzte wie geplant.
Etwas anders lief es vermutlich mit MBAM. Malwarebytes scannte und scannte. Dabei fand es vielleicht 18 bis 18 Bedrohungen oder Roots oder was auch immer. Ich habe mir die Treffer angesehen und sie sahen gefährlich aus. Als es fertig war hat es angeboten, eine Anwendung zu starten. Die Möglichkeit, die Treffer in Quarantäne zu schieben, gab es nicht. Die Treffer wurden gelöscht. Eine Log-Datei wurde angeblich gespeichert, ich weiß aber nicht wo. Ansehen und kopieren konnte ich diese Datei nicht. Also bin ich davon ausgegangen, dass es das zu sm.de gewesen ist. Rechner runter fahren wieder starten und Firefox aufrufen. In Google nach "Ofen" suchen lassen...
Die Ergebnisse wurden über sm.de präsentiert ;-(

Nun lasse ich Malwarebytes nochmals suchen und dann melde ich mich erneut.

Alt 02.05.2015, 19:11   #9
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
sm.de - wie werde ich das wieder los? - Standard

sm.de - wie werde ich das wieder los?



Die Logs findest Du so:

Malwarebytes Anti-Malware Logfile finden - Anleitungen
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 02.05.2015, 19:14   #10
demisto
 
sm.de - wie werde ich das wieder los? - Standard

sm.de - wie werde ich das wieder los?



Hier ist der log
Code:
ATTFilter
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/05/02 18:48:33 +0200</date>
<logfile>mbam-log-2015-05-02 (18-48-32).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.4.1028</version>
<malware-database>v2015.05.02.03</malware-database>
<rootkit-database>v2015.04.21.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x86</arch>
<username>Home</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>469623</objects>
<time>2718</time>
<processes>0</processes>
<modules>0</modules>
<keys>5</keys>
<values>4</values>
<datas>0</datas>
<folders>3</folders>
<files>8</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>disabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>enabled</deeprootkit>
<heuristics>disabled</heuristics>
<pup>warn</pup>
<pum>enabled</pum>
</options>
<items>
<key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}</path><vendor>PUP.Optional.SofTonic.A</vendor><action>none</action><hash>8baf6708d0baef47f1408efa4ab90cf4</hash></key>
<key><path>HKU\S-1-5-21-3719280737-1325245270-1685948379-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}</path><vendor>PUP.Optional.SofTonic.A</vendor><action>none</action><hash>8baf6708d0baef47f1408efa4ab90cf4</hash></key>
<key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}</path><vendor>PUP.Optional.SofTonic.A</vendor><action>none</action><hash>8baf6708d0baef47f1408efa4ab90cf4</hash></key>
<key><path>HKU\S-1-5-21-3719280737-1325245270-1685948379-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}</path><vendor>PUP.Optional.SofTonic.A</vendor><action>none</action><hash>8baf6708d0baef47f1408efa4ab90cf4</hash></key>
<key><path>HKU\S-1-5-21-3719280737-1325245270-1685948379-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\softonic-de3</path><vendor>PUP.Optional.Softonic.A</vendor><action>none</action><hash>5edce48b3951c96dbadec811bc470ef2</hash></key>
<value><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER</path><valuename>{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}</valuename><vendor>PUP.Optional.SofTonic.A</vendor><action>none</action><valuedata>ã£ÌÃdòJ¿Á¯
f¶e</valuedata><hash>8baf6708d0baef47f1408efa4ab90cf4</hash></value>
<value><path>HKU\S-1-5-21-3719280737-1325245270-1685948379-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER</path><valuename>{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}</valuename><vendor>PUP.Optional.SofTonic.A</vendor><action>none</action><valuedata>ã£ÌÃdòJ¿Á¯
f¶e</valuedata><hash>8baf6708d0baef47f1408efa4ab90cf4</hash></value>
<value><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}</path><valuename></valuename><vendor>PUP.Optional.SofTonic.A</vendor><action>none</action><valuedata></valuedata><hash>3109640b8802c96dbf72a3e5699a5ea2</hash></value>
<value><path>HKU\S-1-5-21-3719280737-1325245270-1685948379-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}</path><valuename></valuename><vendor>PUP.Optional.SofTonic.A</vendor><action>none</action><valuedata></valuedata><hash>bd7df07f3c4e0333e948a5e39f64ff01</hash></value>
<folder><path>C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471\MyScrapNook_12</path><vendor>PUP.Optional.MyScrapNook.A</vendor><action>none</action><hash>c37766094743fb3b2a164b52db28b64a</hash></folder>
<folder><path>C:\Windows\System32\config\systemprofile\AppData\Local\ICSharpCode.net\PennyBeeW.exe_Url_agkh2q2wptz44nr1mbd43tyforr5s4zl</path><vendor>PUP.Optional.PennyBee.A</vendor><action>none</action><hash>43f76c03f9919d9931c6ebc938cbd927</hash></folder>
<folder><path>C:\Windows\System32\config\systemprofile\AppData\Local\ICSharpCode.net\PennyBeeW.exe_Url_agkh2q2wptz44nr1mbd43tyforr5s4zl\1.0.2.0</path><vendor>PUP.Optional.PennyBee.A</vendor><action>none</action><hash>43f76c03f9919d9931c6ebc938cbd927</hash></folder>
<file><path>C:\$Recycle.Bin\S-1-5-21-3719280737-1325245270-1685948379-1001\$RGLYD09\uninstaller.exe</path><vendor>PUP.Optional.InstallCore</vendor><action>none</action><hash>fe3ca7c81e6c54e2bb3c530a9171df21</hash></file>
<file><path>C:\Users\Home\AppData\Local\Temp\28693466.Uninstall\uninstaller.exe</path><vendor>PUP.Optional.InstallCore</vendor><action>none</action><hash>55e50c632a608fa78a6d2c316e9402fe</hash></file>
<file><path>C:\Users\Home\Downloads\Tunatic-lnstall.exe</path><vendor>PUP.Optional.Giga</vendor><action>none</action><hash>88b20b64632750e653bb2bc5cf36eb15</hash></file>
<file><path>C:\Windows\System32\config\systemprofile\AppData\Local\ICSharpCode.net\PennyBeeW.exe_Url_agkh2q2wptz44nr1mbd43tyforr5s4zl\1.0.2.0\t17nqbx8.newcfg</path><vendor>PUP.Optional.PennyBee.A</vendor><action>none</action><hash>43f76c03f9919d9931c6ebc938cbd927</hash></file>
<file><path>C:\Windows\System32\config\systemprofile\AppData\Local\ICSharpCode.net\PennyBeeW.exe_Url_agkh2q2wptz44nr1mbd43tyforr5s4zl\1.0.2.0\t17nqbx8.tmp</path><vendor>PUP.Optional.PennyBee.A</vendor><action>none</action><hash>43f76c03f9919d9931c6ebc938cbd927</hash></file>
<file><path>C:\Windows\System32\config\systemprofile\AppData\Local\ICSharpCode.net\PennyBeeW.exe_Url_agkh2q2wptz44nr1mbd43tyforr5s4zl\1.0.2.0\user.config</path><vendor>PUP.Optional.PennyBee.A</vendor><action>none</action><hash>43f76c03f9919d9931c6ebc938cbd927</hash></file>
<file><path>C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471\prefs.js</path><vendor>PUP.Optional.Spigot.A</vendor><action>none</action><baddata>user_pref(&quot;keyword.URL&quot;, &quot;https://de.search.yahoo.com/search?fr=greentree_ff1&amp;ei=utf-8&amp;ilc=12&amp;type=926458&amp;p=&quot;);</baddata><gooddata></gooddata><hash>6ad0402fe5a5b6804203b796db2b06fa</hash></file>
<file><path>C:\Windows\System32\drivers\Msft_Kernel_webinstr_01009.Wdf</path><vendor>PUP.Optional.WebInstr.A</vendor><action>delete-on-reboot</action><hash></hash></file>
</items>
</mbam-log>
         
Ich drück uns die Daumen ;-)

Alt 02.05.2015, 19:15   #11
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
sm.de - wie werde ich das wieder los? - Standard

sm.de - wie werde ich das wieder los?



Schau Dir bitte die verlinkte Anleitung an. Ich hätte das Log gerne als .txt...
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 02.05.2015, 19:17   #12
demisto
 
sm.de - wie werde ich das wieder los? - Standard

sm.de - wie werde ich das wieder los?



Und hier noch die protection.log

Code:
ATTFilter
<?xml version="1.0" encoding="UTF-8" ?>
<logs>
   <record severity="debug" LoggingEventType="1" datetime="2015-05-02T18:42:00.625645+02:00" source="Manual" type="Update" username="SYSTEM" systemname="HOME-OFFICE" fromVersion="2015.5.1.5" last_modified_tag="fffa600f-3370-4690-b847-534c8e16f58a" name="Malware Database" toVersion="2015.5.2.3"></record>
   <record severity="debug" LoggingEventType="6" datetime="2015-05-02T19:34:18.118099+02:00" source="Manual" type="Scan" username="SYSTEM" systemname="HOME-OFFICE" duration="2718" last_modified_tag="6f742056-c3e3-45b6-9673-4b8739f82df7" malwaredetections="1" nonmalwaredetections="19" scanresult="completed" scantype="threat" starttime="2015-05-02T18:48:33+02:00"></record>
</logs>
         

Alt 02.05.2015, 19:22   #13
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
sm.de - wie werde ich das wieder los? - Standard

sm.de - wie werde ich das wieder los?



Nö, schau Dir die Anleitung bitte nochmal an.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 02.05.2015, 21:01   #14
demisto
 
sm.de - wie werde ich das wieder los? - Standard

sm.de - wie werde ich das wieder los?



Ich habe meinen Fehler erkannt. Man muss zu jedem Treffer die Aktion "Quarantäne" einstellen und dann könnte es klappen. sm.de ist aber nach dem Neustart immer noch da.
Hier ist der neue Log:

Code:
ATTFilter
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/05/02 20:18:01 +0200</date>
<logfile>mbam-log-2015-05-02 (20-18-00).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.4.1028</version>
<malware-database>v2015.05.02.03</malware-database>
<rootkit-database>v2015.04.21.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x86</arch>
<username>Home</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>469504</objects>
<time>2724</time>
<processes>0</processes>
<modules>0</modules>
<keys>5</keys>
<values>4</values>
<datas>0</datas>
<folders>3</folders>
<files>7</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>disabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>enabled</deeprootkit>
<heuristics>disabled</heuristics>
<pup>warn</pup>
<pum>enabled</pum>
</options>
<items>
<key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}</path><vendor>PUP.Optional.SofTonic.A</vendor><action>success</action><hash>8eac7ef1b5d589adc1708ff9d132fe02</hash></key>
<key><path>HKU\S-1-5-21-3719280737-1325245270-1685948379-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}</path><vendor>PUP.Optional.SofTonic.A</vendor><action>success</action><hash>8eac7ef1b5d589adc1708ff9d132fe02</hash></key>
<key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}</path><vendor>PUP.Optional.SofTonic.A</vendor><action>success</action><hash>8eac7ef1b5d589adc1708ff9d132fe02</hash></key>
<key><path>HKU\S-1-5-21-3719280737-1325245270-1685948379-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}</path><vendor>PUP.Optional.SofTonic.A</vendor><action>success</action><hash>8eac7ef1b5d589adc1708ff9d132fe02</hash></key>
<key><path>HKU\S-1-5-21-3719280737-1325245270-1685948379-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\softonic-de3</path><vendor>PUP.Optional.Softonic.A</vendor><action>success</action><hash>dd5da6c9b7d3d85e6d2bfadf0cf7c43c</hash></key>
<value><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER</path><valuename>{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}</valuename><vendor>PUP.Optional.SofTonic.A</vendor><action>success</action><valuedata>ã£ÌÃdòJ¿Á¯
f¶e</valuedata><hash>8eac7ef1b5d589adc1708ff9d132fe02</hash></value>
<value><path>HKU\S-1-5-21-3719280737-1325245270-1685948379-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER</path><valuename>{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}</valuename><vendor>PUP.Optional.SofTonic.A</vendor><action>success</action><valuedata>ã£ÌÃdòJ¿Á¯
f¶e</valuedata><hash>8eac7ef1b5d589adc1708ff9d132fe02</hash></value>
<value><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}</path><valuename></valuename><vendor>PUP.Optional.SofTonic.A</vendor><action>success</action><valuedata></valuedata><hash>f84274fba6e4ad89d55c0385679c5ca4</hash></value>
<value><path>HKU\S-1-5-21-3719280737-1325245270-1685948379-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}</path><valuename></valuename><vendor>PUP.Optional.SofTonic.A</vendor><action>success</action><valuedata></valuedata><hash>12289cd34347f83e1a17c7c122e18e72</hash></value>
<folder><path>C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471\MyScrapNook_12</path><vendor>PUP.Optional.MyScrapNook.A</vendor><action>success</action><hash>99a1323d038738fec47c5c4119eadf21</hash></folder>
<folder><path>C:\Windows\System32\config\systemprofile\AppData\Local\ICSharpCode.net\PennyBeeW.exe_Url_agkh2q2wptz44nr1mbd43tyforr5s4zl</path><vendor>PUP.Optional.PennyBee.A</vendor><action>success</action><hash>1e1c2a459af0f6402ec91e9639caa65a</hash></folder>
<folder><path>C:\Windows\System32\config\systemprofile\AppData\Local\ICSharpCode.net\PennyBeeW.exe_Url_agkh2q2wptz44nr1mbd43tyforr5s4zl\1.0.2.0</path><vendor>PUP.Optional.PennyBee.A</vendor><action>success</action><hash>1e1c2a459af0f6402ec91e9639caa65a</hash></folder>
<file><path>C:\$Recycle.Bin\S-1-5-21-3719280737-1325245270-1685948379-1001\$RGLYD09\uninstaller.exe</path><vendor>PUP.Optional.InstallCore</vendor><action>success</action><hash>b28870ff24660d29a45390cdc73bfe02</hash></file>
<file><path>C:\Users\Home\AppData\Local\Temp\28693466.Uninstall\uninstaller.exe</path><vendor>PUP.Optional.InstallCore</vendor><action>success</action><hash>75c5fd720981e25421d60657857d57a9</hash></file>
<file><path>C:\Users\Home\Downloads\Tunatic-lnstall.exe</path><vendor>PUP.Optional.Giga</vendor><action>success</action><hash>2e0cc9a6cebc1125020c767a2ed710f0</hash></file>
<file><path>C:\Windows\System32\config\systemprofile\AppData\Local\ICSharpCode.net\PennyBeeW.exe_Url_agkh2q2wptz44nr1mbd43tyforr5s4zl\1.0.2.0\t17nqbx8.newcfg</path><vendor>PUP.Optional.PennyBee.A</vendor><action>success</action><hash>1e1c2a459af0f6402ec91e9639caa65a</hash></file>
<file><path>C:\Windows\System32\config\systemprofile\AppData\Local\ICSharpCode.net\PennyBeeW.exe_Url_agkh2q2wptz44nr1mbd43tyforr5s4zl\1.0.2.0\t17nqbx8.tmp</path><vendor>PUP.Optional.PennyBee.A</vendor><action>success</action><hash>1e1c2a459af0f6402ec91e9639caa65a</hash></file>
<file><path>C:\Windows\System32\config\systemprofile\AppData\Local\ICSharpCode.net\PennyBeeW.exe_Url_agkh2q2wptz44nr1mbd43tyforr5s4zl\1.0.2.0\user.config</path><vendor>PUP.Optional.PennyBee.A</vendor><action>success</action><hash>1e1c2a459af0f6402ec91e9639caa65a</hash></file>
<file><path>C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\hl47song.default-1391114288471\prefs.js</path><vendor>PUP.Optional.Spigot.A</vendor><action>replaced</action><baddata>user_pref(&quot;keyword.URL&quot;, &quot;https://de.search.yahoo.com/search?fr=greentree_ff1&amp;ei=utf-8&amp;ilc=12&amp;type=926458&amp;p=&quot;);</baddata><gooddata></gooddata><hash>7ac03837fc8e092d86bfd17c8d79af51</hash></file>
</items>
</mbam-log>
         
und hier der zweite protection-og:

Code:
ATTFilter
<?xml version="1.0" encoding="UTF-8" ?>
<logs>
   <record severity="debug" LoggingEventType="1" datetime="2015-05-02T18:42:00.625645+02:00" source="Manual" type="Update" username="SYSTEM" systemname="HOME-OFFICE" fromVersion="2015.5.1.5" last_modified_tag="fffa600f-3370-4690-b847-534c8e16f58a" name="Malware Database" toVersion="2015.5.2.3"></record>
   <record severity="debug" LoggingEventType="6" datetime="2015-05-02T19:34:18.118099+02:00" source="Manual" type="Scan" username="SYSTEM" systemname="HOME-OFFICE" duration="2718" last_modified_tag="6f742056-c3e3-45b6-9673-4b8739f82df7" malwaredetections="1" nonmalwaredetections="19" scanresult="completed" scantype="threat" starttime="2015-05-02T18:48:33+02:00"></record>
   <record severity="debug" LoggingEventType="6" datetime="2015-05-02T21:47:12.932410+02:00" source="Manual" type="Scan" username="SYSTEM" systemname="HOME-OFFICE" duration="2724" last_modified_tag="5fc6b92f-3479-4b93-9152-bcfa523170be" malwaredetections="0" nonmalwaredetections="19" scanresult="completed" scantype="threat" starttime="2015-05-02T20:18:01+02:00"></record>
</logs>
         
Bis später ;-)

Alt 02.05.2015, 23:20   #15
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
sm.de - wie werde ich das wieder los? - Standard

sm.de - wie werde ich das wieder los?



Hi,
das ist immernoch nicht das richtige Log. Da ist es doch beschrieben: Exportieren als Textdatei. Malwarebytes Anti-Malware Logfile finden - Anleitungen


Es geht so weiter:

(Kaspersky Echtzeitschutz deaktivieren)

Schritt 1
Download von ZOEK (by Smeenk)
  • Speichere die zoek.exe auf dem Desktop.
  • Bitte deaktiviere während der Verwendung von Zoek Deinen Virenscanner, da dieser Zoek stören könnte.
  • Starte die zoek.exe mit einem Doppelklick und warte bis die Programmoberfläche erscheint (ca. 30 Sekunden)
  • Kopiere den Text der folgenden Box in das Skriptfenster von Zoek:
    Code:
    ATTFilter
    systemspecs;
    autoclean;
    FFdefaults;
    iedefaults;
    CHRdefaults;
    emptyclsid;
             
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
    Zitat:
    Zoek.exe is running now.
    Do not start any browser windows, they may get closed automatically.
    Please wait! This window will close when finished.
    A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
  • Wenn das Tool fertig ist, wird sich eine Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter C:\
  • Bitte poste mir das zoek-results.log.

Schritt 2



Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Antwort

Themen zu sm.de - wie werde ich das wieder los?
deinstallation, deinstalliere, deinstallieren, eingebe, entferne, entfernen, fehlercode 0xc0000005, fehlercode 0xc0000374, fehlercode windows, firefox, google, hängen, installation, malware, neuinstallation, programme, russisch, spyhunter, spyhunter entfernen, verlangen, virenprogramm, windows media player packages entfernen, zusammen, zwischen




Ähnliche Themen: sm.de - wie werde ich das wieder los?


  1. sm.de - Wie werde ich das wieder los?
    Lob, Kritik und Wünsche - 06.05.2015 (1)
  2. Wie werde ich das Ding wieder los ?
    Plagegeister aller Art und deren Bekämpfung - 22.03.2015 (4)
  3. wie werde ich das Ding wieder los 2
    Log-Analyse und Auswertung - 22.09.2014 (41)
  4. wie werde ich dreamsupport.us wieder los?
    Plagegeister aller Art und deren Bekämpfung - 05.08.2014 (7)
  5. SoftwareUpdater.UI.exe --- wie werde ich es wieder los?
    Plagegeister aller Art und deren Bekämpfung - 29.08.2013 (7)
  6. Wie werde ich Iminent wieder los?
    Plagegeister aller Art und deren Bekämpfung - 24.08.2013 (27)
  7. SoftwareUpdater.ui.exe? wie werde ich das wieder los?
    Plagegeister aller Art und deren Bekämpfung - 24.07.2013 (13)
  8. Wie werde ich GVU Trojaner wieder los???
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (2)
  9. Akm-Virus! Wie werde ich den wieder los?
    Log-Analyse und Auswertung - 07.09.2012 (5)
  10. BOO/Whistler.A, wie werde ich ihn wieder los?
    Log-Analyse und Auswertung - 20.07.2011 (2)
  11. Wie werde ich sshnas21.dll wieder los?
    Plagegeister aller Art und deren Bekämpfung - 03.09.2010 (7)
  12. Wie werde ich den wieder los ?
    Log-Analyse und Auswertung - 03.09.2008 (27)
  13. cpmsky wie werde ich das wieder los?
    Log-Analyse und Auswertung - 05.05.2008 (1)
  14. Hijacker - wie werde ich sie wieder los
    Log-Analyse und Auswertung - 26.12.2005 (14)
  15. Wie werde ich den WinFixer wieder los?
    Log-Analyse und Auswertung - 19.10.2005 (10)
  16. Wie werde ich den Hijack wieder los?
    Log-Analyse und Auswertung - 24.01.2005 (3)
  17. Wie werde ich die Seuche wieder los?
    Plagegeister aller Art und deren Bekämpfung - 06.01.2005 (9)

Zum Thema sm.de - wie werde ich das wieder los? - Hallo! Inzwischen habe ich erfahren, dass es mit der Installation des flv-Players zusammen hängen könnte. Wann immer ich in google eine Suche eingebe, zeigt mir sm.de die Ergebnisse. Ein Tool - sm.de - wie werde ich das wieder los?...
Archiv
Du betrachtest: sm.de - wie werde ich das wieder los? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.