Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   istart.websearches.com und SaferPro lassen auf neutralen Schaltflächen Werbung aufpoppen (https://www.trojaner-board.de/157019-istart-websearches-com-saferpro-lassen-neutralen-schaltflaechen-werbung-aufpoppen.html)

RalphausG 29.07.2014 20:57
istart.websearches.com und SaferPro lassen auf neutralen Schaltflächen Werbung aufpoppen
 
Hallo allerseits,

leider habe ich als unveränderbare Suchmaschine und Startseite istart.websearches.com das könnte daher kommen, dass ich relativ unüberlegt einem Java-Update zugestimmt habe. Seither habe ich in meiner Systemsteuerung einige Programme gefunden, die mir unbekannt waren und alle zum gleichen Datum installiert wurden. Mit dem Löschen oder deinstallieren der Programme hat sich das Ganze noch nicht gelöst.
Darüber hinaus macht SaferPro aus diversen Schlagwörtern, die in einem Text im Internet stehen Links zu irgendwelchen Artikeln, die es zu kaufen gibt. In letzter Zeit, wird auch aufgerufene Webseiten mit Werbefenster zugemüllt.
Darüberhinaus werden Links, die zu einer Webseite gehören auch zum Auslöser von Werbebannern oder Online-Spielen. Gruselig war es, als das auf der Seite meiner Bank während dem Online-Banking passiert ist.
Diverse Flirt- und Chatangebote bekomme ich natürlich auch.

Es wäre also schön, wenn mir hier jemand helfen könnte, meinen PC zu entmüllen bzw. Programme zu identifizieren, die zum Vermüllen führen.

Vielen Dank im Voraus & Beste Grüße


RalphausG

cosinus 29.07.2014 21:12
Hi und :hallo:

Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

RalphausG 29.07.2014 21:29
Hi Cosinus,

danke für die Antwort. Jetzt habe ich auch die Raute gefunden...

Hier das Ergebnis aus Defogger_disable:

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:35 on 29/07/2014 (RK)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Hier das Ergebnis aus FRST:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by RK (administrator) on RK-PC on 29-07-2014 19:40:04
Running from C:\Users\RK\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Dropbox, Inc.) C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\RK\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\RK\Downloads\Defogger.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2278504 2011-10-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe [156448 2012-05-04] ()
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [fst_de_7] => [X]
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1209466076-2481500518-3684730398-1001\...\MountPoints2: {c05bc35e-2bf3-11e1-b45d-806e6f6e6963} - E:\start.exe /auto
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\RK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.gboxapp.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1399829201&from=tugs&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX11E81AT252AT252
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?AF=100346&babsrc=HP_ss&mntrId=6459e9a60000000000009cb70d08b62b
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1399829201&from=tugs&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX11E81AT252AT252&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1399829201&from=tugs&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX11E81AT252AT252
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.gboxapp.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1399829201&from=tugs&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX11E81AT252AT252&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1399829201&from=tugs&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX11E81AT252AT252&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1399829201&from=tugs&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX11E81AT252AT252
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.gboxapp.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1399829201&from=tugs&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX11E81AT252AT252&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1399829201&from=tugs&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX11E81AT252AT252
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1399829201&from=tugs&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX11E81AT252AT252&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1399829201&from=tugs&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX11E81AT252AT252&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1399829201&from=tugs&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX11E81AT252AT252&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1399829201&from=tugs&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX11E81AT252AT252&q={searchTerms}
SearchScopes: HKCU - DefaultScope {F4B4E944-79B1-4CB3-B9EF-AD83E61C5A2B} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&AF=100346&babsrc=SP_ss&mntrId=6459e9a60000000000009cb70d08b62b
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1399829201&from=tugs&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX11E81AT252AT252&q={searchTerms}
SearchScopes: HKCU - {F4B4E944-79B1-4CB3-B9EF-AD83E61C5A2B} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: delta Helper Object -> {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -> C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll (Delta-search.com)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll (Delta-search.com)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\RK\AppData\Roaming\Mozilla\Firefox\Profiles\61q805o1.default
FF NewTab: hxxp://istart.webssearches.com/newtab/?type=nt&ts=1399829201&from=tugs&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX11E81AT252AT252
FF DefaultSearchEngine: webssearches
FF SelectedSearchEngine: webssearches
FF Homepage: hxxp://istart.webssearches.com/?type=hppp&ts=1404323693&from=tugs&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX11E81AT252AT252
FF Keyword.URL: https://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=501549&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_32 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017319.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\RK\AppData\Roaming\Mozilla\Firefox\Profiles\61q805o1.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Delta Toolbar - C:\Users\RK\AppData\Roaming\Mozilla\Firefox\Profiles\61q805o1.default\Extensions\ffxtlbr@delta.com [2013-09-30]
FF Extension: Quick Start - C:\Users\RK\AppData\Roaming\Mozilla\Firefox\Profiles\61q805o1.default\Extensions\quick_start@gmail.com [2014-05-11]
FF Extension: No Name - C:\Users\RK\AppData\Roaming\Mozilla\Firefox\Profiles\61q805o1.default\Extensions\staged [2014-06-24]
FF Extension: FileConverter 1.3  - C:\Users\RK\AppData\Roaming\Mozilla\Firefox\Profiles\61q805o1.default\Extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee} [2013-11-23]
FF Extension: GMX MailCheck - C:\Users\RK\AppData\Roaming\Mozilla\Firefox\Profiles\61q805o1.default\Extensions\toolbar@gmx.net.xpi [2013-04-07]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2012-07-25]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2012-07-25]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\RK\AppData\Roaming\Mozilla\Firefox\Profiles\61q805o1.default\extensions\quick_start@gmail.com

Chrome:
=======
CHR HomePage: hxxp://istart.webssearches.com/?type=hppp&ts=1406652943&from=tugs&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX11E81AT252AT252
CHR StartupUrls: "hxxp://istart.webssearches.com/?type=hppp&ts=1406652943&from=tugs&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX11E81AT252AT252"
CHR DefaultSearchKeyword: webssearches
CHR DefaultSearchProvider: webssearches
CHR DefaultSearchURL: hxxp://istart.webssearches.com/web/?type=dspp&ts=1406652943&from=tugs&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX11E81AT252AT252&q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Drive) - C:\Users\RK\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-23]
CHR Extension: (YouTube) - C:\Users\RK\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-23]
CHR Extension: (Google-Suche) - C:\Users\RK\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-23]
CHR Extension: (Delta Toolbar) - C:\Users\RK\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-11-23]
CHR Extension: (Color My Twitter) - C:\Users\RK\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmbdmchmkmjamopihbpmnknbkflciolk [2014-07-23]
CHR Extension: (Google Wallet) - C:\Users\RK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-23]
CHR Extension: (Google Mail) - C:\Users\RK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-23]
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\RK\AppData\Roaming\BabSolution\CR\Delta.crx [2013-09-30]
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-09-30]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\RK\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-05-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-03-21] (Advanced Micro Devices, Inc.) [File not signed]
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed]
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 UI Assistant Service; C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe [274208 2012-05-04] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-29 19:40 - 2014-07-29 19:41 - 00021678 _____ () C:\Users\RK\Downloads\FRST.txt
2014-07-29 19:39 - 2014-07-29 19:40 - 00000000 ____D () C:\FRST
2014-07-29 19:39 - 2014-07-29 19:39 - 02093568 _____ (Farbar) C:\Users\RK\Downloads\FRST64.exe
2014-07-29 19:34 - 2014-07-29 19:35 - 00000466 _____ () C:\Users\RK\Downloads\defogger_disable.log
2014-07-29 19:34 - 2014-07-29 19:34 - 00050477 _____ () C:\Users\RK\Downloads\Defogger.exe
2014-07-29 19:34 - 2014-07-29 19:34 - 00000000 _____ () C:\Users\RK\defogger_reenable
2014-07-29 19:33 - 2014-07-29 19:33 - 00001146 _____ () C:\Users\RK\Desktop\Continue Mipony Download Manager Installation.lnk
2014-07-29 19:29 - 2014-07-29 19:30 - 00682272 _____ ( ) C:\Users\RK\Downloads\DownloadManagerSetup.exe
2014-07-28 20:42 - 2014-07-28 20:42 - 00000000 ____D () C:\Program Files (x86)\savingtoyoeu
2014-07-28 20:42 - 2014-07-28 20:42 - 00000000 ____D () C:\Program Files (x86)\SaverPrOi
2014-07-28 20:42 - 2014-07-28 20:42 - 00000000 ____D () C:\Program Files (x86)\saveItkeep
2014-07-28 18:26 - 2014-07-28 18:26 - 00005770 _____ () C:\Users\RK\AppData\Local\recently-used.xbel
2014-07-25 23:30 - 2014-07-25 23:41 - 00013174 _____ () C:\Users\RK\Desktop\Planung Standesamt.xlsx
2014-07-24 20:01 - 2014-07-24 20:01 - 00011519 _____ () C:\Users\RK\Desktop\Ausgaben Hochzeit.xlsx
2014-07-23 19:43 - 2014-07-28 20:52 - 00000000 ____D () C:\ProgramData\SaverPrOi
2014-07-21 23:51 - 2014-07-21 23:51 - 00000999 _____ () C:\Users\RK\Downloads\BAHN_Fahrplan_20140722.ics
2014-07-18 16:37 - 2014-07-18 16:37 - 28472492 _____ () C:\Users\RK\Desktop\3bunt.xcf
2014-07-10 18:43 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 18:43 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-10 18:43 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 18:43 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 18:43 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-10 18:43 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-10 18:43 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-10 18:43 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-10 18:43 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-10 18:43 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-10 18:43 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-10 18:43 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-10 18:43 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-10 18:43 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-10 18:43 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-10 18:43 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-10 18:43 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-10 18:43 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-10 18:43 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-10 18:43 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-10 18:42 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 18:42 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-10 18:42 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 18:42 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 18:42 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-10 18:42 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 18:42 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-10 18:42 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-10 18:42 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-10 18:42 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-10 18:42 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 18:42 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-10 18:42 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 18:42 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-10 18:42 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-10 18:42 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-10 18:42 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-10 18:42 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-10 18:42 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 18:42 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 18:42 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-10 18:42 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-10 18:42 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 18:42 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 18:42 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 18:42 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 18:42 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-10 18:42 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-10 18:42 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-10 18:42 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-10 18:42 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 18:42 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-10 18:42 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-10 18:42 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-10 18:42 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 18:42 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-10 18:42 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-10 18:42 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-10 18:42 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-10 18:42 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-10 18:42 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-10 18:42 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-10 18:42 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-10 18:42 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 18:42 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-10 18:42 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-10 18:42 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 18:42 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-10 18:42 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-10 18:42 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-10 18:42 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-10 18:42 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 18:42 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-10 18:42 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-10 18:42 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-10 18:42 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-10 18:41 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 18:41 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-10 18:41 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-03 18:10 - 2014-07-28 20:52 - 00000000 ____D () C:\ProgramData\savingtoyoeu

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-29 19:41 - 2014-07-29 19:40 - 00021678 _____ () C:\Users\RK\Downloads\FRST.txt
2014-07-29 19:40 - 2014-07-29 19:39 - 00000000 ____D () C:\FRST
2014-07-29 19:39 - 2014-07-29 19:39 - 02093568 _____ (Farbar) C:\Users\RK\Downloads\FRST64.exe
2014-07-29 19:35 - 2014-07-29 19:34 - 00000466 _____ () C:\Users\RK\Downloads\defogger_disable.log
2014-07-29 19:34 - 2014-07-29 19:34 - 00050477 _____ () C:\Users\RK\Downloads\Defogger.exe
2014-07-29 19:34 - 2014-07-29 19:34 - 00000000 _____ () C:\Users\RK\defogger_reenable
2014-07-29 19:34 - 2012-04-30 20:37 - 00000000 ____D () C:\Users\RK
2014-07-29 19:33 - 2014-07-29 19:33 - 00001146 _____ () C:\Users\RK\Desktop\Continue Mipony Download Manager Installation.lnk
2014-07-29 19:30 - 2014-07-29 19:29 - 00682272 _____ ( ) C:\Users\RK\Downloads\DownloadManagerSetup.exe
2014-07-29 19:18 - 2013-11-23 19:15 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-29 19:18 - 2013-11-23 19:15 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-29 19:08 - 2014-02-16 22:08 - 00000280 _____ () C:\Windows\Tasks\Digital Sites.job
2014-07-29 19:08 - 2013-09-30 20:09 - 00000117 _____ () C:\Users\RK\AppData\Roaming\WB.CFG
2014-07-29 19:08 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-29 19:08 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-29 19:07 - 2011-12-21 18:35 - 01072543 _____ () C:\Windows\WindowsUpdate.log
2014-07-29 19:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-07-29 18:55 - 2013-11-04 19:38 - 00000000 ___RD () C:\Users\RK\Dropbox
2014-07-29 18:55 - 2013-10-22 18:52 - 00000000 ____D () C:\Users\RK\AppData\Roaming\Dropbox
2014-07-29 18:55 - 2013-01-02 20:08 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-07-29 18:55 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-29 18:55 - 2009-07-14 06:51 - 00115656 _____ () C:\Windows\setupact.log
2014-07-28 20:52 - 2014-07-23 19:43 - 00000000 ____D () C:\ProgramData\SaverPrOi
2014-07-28 20:52 - 2014-07-03 18:10 - 00000000 ____D () C:\ProgramData\savingtoyoeu
2014-07-28 20:52 - 2014-06-24 20:18 - 00000000 ____D () C:\ProgramData\saveItkeep
2014-07-28 20:52 - 2011-10-19 05:20 - 00554270 _____ () C:\Windows\PFRO.log
2014-07-28 20:45 - 2013-09-30 19:06 - 00000000 ____D () C:\Program Files (x86)\DSP-worx
2014-07-28 20:42 - 2014-07-28 20:42 - 00000000 ____D () C:\Program Files (x86)\savingtoyoeu
2014-07-28 20:42 - 2014-07-28 20:42 - 00000000 ____D () C:\Program Files (x86)\SaverPrOi
2014-07-28 20:42 - 2014-07-28 20:42 - 00000000 ____D () C:\Program Files (x86)\saveItkeep
2014-07-28 20:42 - 2014-06-24 20:18 - 00000000 ____D () C:\ProgramData\85a93ac36f72f73
2014-07-28 20:41 - 2011-02-19 06:24 - 00711530 _____ () C:\Windows\system32\perfh007.dat
2014-07-28 20:41 - 2011-02-19 06:24 - 00153720 _____ () C:\Windows\system32\perfc007.dat
2014-07-28 20:41 - 2009-07-14 07:13 - 01652924 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-28 20:40 - 2013-09-30 19:05 - 00000280 _____ () C:\Windows\Tasks\DigitalSite.job
2014-07-28 18:30 - 2014-05-25 01:23 - 00000000 ____D () C:\Users\RK\.gimp-2.8
2014-07-28 18:26 - 2014-07-28 18:26 - 00005770 _____ () C:\Users\RK\AppData\Local\recently-used.xbel
2014-07-28 17:15 - 2013-10-22 20:02 - 00000000 ____D () C:\Users\RK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-25 23:41 - 2014-07-25 23:30 - 00013174 _____ () C:\Users\RK\Desktop\Planung Standesamt.xlsx
2014-07-25 22:38 - 2012-06-02 18:11 - 00000000 ____D () C:\Users\RK\AppData\Local\Microsoft Help
2014-07-25 22:35 - 2013-03-18 21:58 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 22:35 - 2013-03-18 21:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 20:01 - 2014-07-24 20:01 - 00011519 _____ () C:\Users\RK\Desktop\Ausgaben Hochzeit.xlsx
2014-07-24 18:05 - 2013-03-18 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-21 23:53 - 2012-06-05 21:10 - 00000000 ____D () C:\Users\RK\Documents\Outlook-Dateien
2014-07-21 23:51 - 2014-07-21 23:51 - 00000999 _____ () C:\Users\RK\Downloads\BAHN_Fahrplan_20140722.ics
2014-07-18 16:37 - 2014-07-18 16:37 - 28472492 _____ () C:\Users\RK\Desktop\3bunt.xcf
2014-07-18 16:37 - 2014-05-25 01:37 - 00000000 ____D () C:\Users\RK\AppData\Local\gtk-2.0
2014-07-18 10:36 - 2014-06-15 22:26 - 00000000 ____D () C:\Users\RK\.thumbnails
2014-07-14 12:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-14 10:52 - 2009-07-14 06:45 - 00424392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-14 10:48 - 2009-07-14 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-14 10:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-14 10:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 21:49 - 2012-06-02 18:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-10 21:46 - 2013-07-28 21:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 21:42 - 2012-05-06 00:07 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-07 22:21 - 2012-05-03 21:17 - 00000000 ____D () C:\Users\RK\AppData\Roaming\Skype
2014-07-07 19:21 - 2012-06-19 20:49 - 00000000 ____D () C:\Users\RK\AppData\Local\CrashDumps
2014-07-02 21:00 - 2014-04-05 12:33 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-02 21:00 - 2012-05-03 21:17 - 00000000 ____D () C:\ProgramData\Skype
2014-07-01 22:26 - 2014-05-25 00:45 - 00000000 ____D () C:\Users\RK\Desktop\Tattoo

Some content of TEMP:
====================
C:\Users\RK\AppData\Local\Temp\AskSLib.dll
C:\Users\RK\AppData\Local\Temp\BackupSetup.exe
C:\Users\RK\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr1kdur.dll
C:\Users\RK\AppData\Local\Temp\firefoxjre_exe-1.exe
C:\Users\RK\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\RK\AppData\Local\Temp\GoogleUpdateSetup_latest.exe
C:\Users\RK\AppData\Local\Temp\ICReinstall_DownloadManagerSetup.exe
C:\Users\RK\AppData\Local\Temp\SkypeSetup.exe
C:\Users\RK\AppData\Local\Temp\Sqlite3.dll
C:\Users\RK\AppData\Local\Temp\vcredist_x64.exe
C:\Users\RK\AppData\Local\Temp\_is9F51.exe
C:\Users\RK\AppData\Local\Temp\_isCAD4.exe
C:\Users\RK\AppData\Local\Temp\{2F2CCDA5-BFEF-4816-87C1-17B65ABEE569}-chrome_installer.exe
C:\Users\RK\AppData\Local\Temp\{B793F35B-678D-45E5-8C55-0D685FB782C0}-GoogleUpdateSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-28 18:48

==================== End Of Log ============================
--- --- ---

--- --- ---


hier kommt noch das Ergebnis aus Addition:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014
Ran by RK at 2014-07-29 19:43:11
Running from C:\Users\RK\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1&1 Surf-Stick (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - )
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
AMD APP SDK Runtime (Version: 10.0.851.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{4572399F-5B78-3C50-7281-4AB6248FC1F0}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2012.0321.2215.37961 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.70321.2226 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In  (Version: 2.03.0000 - AMD) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.0321.2215.37961 - Ihr Firmenname) Hidden
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.1 - ASUS)
ASUS Sonic Focus (HKLM-x32\...\{B0002707-4F7E-4745-88A7-852DA8A88635}) (Version: 1.0.0.5 - Synopsys )
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0041 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS)
ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version:  - )
Atheros Client Installation Program (HKLM-x32\...\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}) (Version: 7.0 - Atheros)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0016 - ASUS)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications)
Brother MFL-Pro Suite MFC-J5910DW (HKLM-x32\...\{830F55B6-4398-4B72-A0D8-66397B902C0E}) (Version: 1.1.1.0 - Brother Industries, Ltd.)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0321.2215.37961 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0321.2215.37961 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0321.2215.37961 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0321.2215.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0321.2215.37961 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
CyberLink Media Suite (x32 Version: 8.0.2926 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.1126 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)
Delta Chrome Toolbar (HKLM-x32\...\Delta Chrome Toolbar) (Version:  - Visual Tools) <==== ATTENTION
Delta toolbar  (HKLM-x32\...\delta) (Version: 1.8.24.6 - Delta) <==== ATTENTION
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
ETDWare PS/2-X64 8.0.5.1_WHQL (HKLM\...\Elantech) (Version: 8.0.5.1 - ELAN Microelectronic Corp.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 32 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.320 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 25.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 25.0.1 (x86 de)) (Version: 25.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
OpenSource Flash Video Splitter 1.0.0.5 (HKLM-x32\...\OpenSource Flash Video Splitter) (Version: 1.0.0.5 - )
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.27 - ASUS)
WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{B80A9F10-D0F6-439B-9D71-8C40D1D3D211}) (Version: 21.00.8480 - Buhl Data Service GmbH)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1209466076-2481500518-3684730398-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1209466076-2481500518-3684730398-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RK\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1209466076-2481500518-3684730398-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RK\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1209466076-2481500518-3684730398-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RK\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1209466076-2481500518-3684730398-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RK\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1209466076-2481500518-3684730398-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RK\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1209466076-2481500518-3684730398-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RK\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1209466076-2481500518-3684730398-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RK\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1209466076-2481500518-3684730398-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RK\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

10-07-2014 16:41:34 Windows Update
10-07-2014 19:37:57 Windows Update
14-07-2014 09:05:23 Windows Update
17-07-2014 16:55:26 Windows Update
20-07-2014 19:50:24 Windows Update
24-07-2014 16:00:41 Windows Update
28-07-2014 15:22:59 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {09E5DD7C-B3F1-4428-951F-7213F6E0DBF7} - System32\Tasks\bProtector => Sc.exe start bProtector
Task: {0F614F48-72AA-4BB0-8F7C-59360434B297} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: {1B5921A9-1278-459F-BBE7-CAE24E8340EB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-23] (Google Inc.)
Task: {2C26C9CC-C34F-46C4-98D5-B2DD96A6C349} - System32\Tasks\{30594A26-75C0-4B5F-B303-9B81FB0533AA} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/abandoninstall?source=lightinstaller&amp;page=tsBing
Task: {3B076888-E270-460D-BA00-FD227B7F97C5} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-02-15] (ASUS)
Task: {5AF21740-4588-4127-B003-4416FE1A1693} - System32\Tasks\Digital Sites => C:\Users\RK\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] ()
Task: {5B7C60DD-3BE2-4B95-BA19-7738661F3CFF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-05] (Adobe Systems Incorporated)
Task: {5C830D71-E65F-45EC-A073-B283DB9CE443} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-23] (Google Inc.)
Task: {6489DC9C-3B59-4956-A8FC-A022C1B85451} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: {8B0CE0C1-E297-44B9-ABB1-11EF8AD0174D} - System32\Tasks\DigitalSite => C:\Users\RK\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {99D99D36-75FE-4CC5-B822-2BB329353C6D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {A5FD7955-2DB2-46BF-8E6B-863ED3F48945} - System32\Tasks\{3583808C-342B-436E-9414-0A743C4BFC95} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsPlugin
Task: {C91D7486-53D1-4319-BF67-8FE3DEE414FE} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {D134945A-28BC-438C-A7C8-F87A3AF9BCF1} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-02-16] (ASUSTek Computer Inc.)
Task: {E955CB4C-F6D9-4EA4-8604-B0A2BBC0C546} - System32\Tasks\{A6AF1014-F9B6-4078-A74F-9CACA7513D35} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsMain
Task: {F64DDA8C-FE91-4435-80ED-5BAAEC346DEF} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\RK\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\RK\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-03-21 22:30 - 2012-03-21 22:30 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2010-07-14 16:11 - 2010-07-14 16:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2013-05-12 21:04 - 2012-05-04 17:19 - 00156448 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe
2013-08-29 02:23 - 2013-08-29 02:23 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2013-05-04 11:23 - 2005-04-22 06:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll
2013-05-12 21:04 - 2012-05-04 17:19 - 00274208 _____ () C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
2013-04-12 16:10 - 2013-04-12 16:10 - 00111104 _____ () C:\Users\RK\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe
2014-07-29 19:34 - 2014-07-29 19:34 - 00050477 _____ () C:\Users\RK\Downloads\Defogger.exe
2014-07-29 18:55 - 2014-07-29 18:55 - 00043008 _____ () c:\users\rk\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr1kdur.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\RK\AppData\Roaming\Dropbox\bin\libcef.dll
2013-08-29 02:25 - 2013-08-29 02:25 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-06-15 22:04 - 2014-06-05 15:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-15 22:04 - 2014-06-05 15:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-15 22:04 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-15 22:04 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-15 22:04 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-07-14 17:12 - 2014-07-08 08:18 - 14663856 _____ () C:\Users\RK\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:D20FFA63

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk => C:\Windows\pss\AsusVibeLauncher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
MSCONFIG\startupreg: ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
MSCONFIG\startupreg: ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: ControlCenter4 => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
MSCONFIG\startupreg: ETDCtrl => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: Nuance PDF Reader-reminder => "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SonicMasterTray => C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Wireless Console 3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/07/2014 07:21:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Skype.exe, Version: 6.16.0.105, Zeitstempel: 0x536b4342
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x1734
Startzeit der fehlerhaften Anwendung: 0xSkype.exe0
Pfad der fehlerhaften Anwendung: Skype.exe1
Pfad des fehlerhaften Moduls: Skype.exe2
Berichtskennung: Skype.exe3

Error: (05/25/2014 04:01:26 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Web.Mobile, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (05/14/2014 08:13:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wmain14.dll, Version: 2014.21.3.8560, Zeitstempel: 0x52fa0470
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x7417e4e4
ID des fehlerhaften Prozesses: 0xc1c
Startzeit der fehlerhaften Anwendung: 0xwmain14.dll0
Pfad der fehlerhaften Anwendung: wmain14.dll1
Pfad des fehlerhaften Moduls: wmain14.dll2
Berichtskennung: wmain14.dll3

Error: (05/14/2014 08:02:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BabMaint.exe, Version: 0.0.0.0, Zeitstempel: 0x51b05504
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001f1e6
ID des fehlerhaften Prozesses: 0x930
Startzeit der fehlerhaften Anwendung: 0xBabMaint.exe0
Pfad der fehlerhaften Anwendung: BabMaint.exe1
Pfad des fehlerhaften Moduls: BabMaint.exe2
Berichtskennung: BabMaint.exe3

Error: (05/12/2014 07:18:04 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\BonanzaDealsLiveHelper.msi

Error: (05/12/2014 06:18:02 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\BonanzaDealsLiveHelper.msi

Error: (05/11/2014 07:47:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm _iu14D2N.tmp, Version 51.52.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: d04

Startzeit: 01cf6d3f6353ea61

Endzeit: 15

Anwendungspfad: C:\Users\RK\AppData\Local\Temp\_iu14D2N.tmp

Berichts-ID:

Error: (05/11/2014 07:18:02 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\BonanzaDealsLiveHelper.msi

Error: (05/11/2014 07:11:22 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.23.9\BonanzaDealsLiveHelper.msi

Error: (05/10/2014 08:48:02 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.23.9\BonanzaDealsLiveHelper.msi


System errors:
=============
Error: (07/25/2014 10:45:55 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.179.1012.0

        Aktualisierungsquelle: %NT-AUTORITÄT59

        Aktualisierungsphase: 4.5.0216.00

        Quellpfad: 4.5.0216.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\SYSTEM

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (06/30/2014 08:01:21 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.177.925.0

        Aktualisierungsquelle: %NT-AUTORITÄT59

        Aktualisierungsphase: 4.5.0216.00

        Quellpfad: 4.5.0216.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\SYSTEM

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (06/29/2014 03:39:46 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.177.925.0

        Aktualisierungsquelle: %NT-AUTORITÄT59

        Aktualisierungsphase: 4.5.0216.00

        Quellpfad: 4.5.0216.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\SYSTEM

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (06/29/2014 00:53:56 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.177.925.0

        Aktualisierungsquelle: %NT-AUTORITÄT59

        Aktualisierungsphase: 4.5.0216.00

        Quellpfad: 4.5.0216.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\SYSTEM

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (06/29/2014 11:32:29 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.177.925.0

        Aktualisierungsquelle: %NT-AUTORITÄT59

        Aktualisierungsphase: 4.5.0216.00

        Quellpfad: 4.5.0216.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\SYSTEM

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (06/28/2014 09:33:27 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.177.925.0

        Aktualisierungsquelle: %NT-AUTORITÄT59

        Aktualisierungsphase: 4.5.0216.00

        Quellpfad: 4.5.0216.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\SYSTEM

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (06/28/2014 09:14:05 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.177.925.0

        Aktualisierungsquelle: %NT-AUTORITÄT59

        Aktualisierungsphase: 4.5.0216.00

        Quellpfad: 4.5.0216.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\SYSTEM

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (06/26/2014 10:18:07 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 111.25.0.0

        Aktualisierungsquelle: %NT-AUTORITÄT51

        Aktualisierungsphase: 4.5.0216.00

        Quellpfad: 4.5.0216.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\NETZWERKDIENST

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (06/26/2014 10:18:07 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.175.2358.0

        Aktualisierungsquelle: %NT-AUTORITÄT51

        Aktualisierungsphase: 4.5.0216.00

        Quellpfad: 4.5.0216.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\NETZWERKDIENST

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (06/26/2014 10:18:07 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.175.2358.0

        Aktualisierungsquelle: %NT-AUTORITÄT51

        Aktualisierungsphase: 4.5.0216.00

        Quellpfad: 4.5.0216.01

        Signaturtyp: %NT-AUTORITÄT602

        Aktualisierungstyp: %NT-AUTORITÄT604

        Benutzer: NT-AUTORITÄT\NETZWERKDIENST

        Aktuelle Modulversion: %NT-AUTORITÄT605

        Vorherige Modulversion: %NT-AUTORITÄT606

        Fehlercode: %NT-AUTORITÄT607

        Fehlerbeschreibung: %NT-AUTORITÄT608


Microsoft Office Sessions:
=========================
Error: (07/07/2014 07:21:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Skype.exe6.16.0.105536b4342unknown0.0.0.000000000c000000500000000173401cf9a0794e147cdC:\Program Files (x86)\Skype\Phone\Skype.exeunknown1235ef0c-05fb-11e4-a7dd-5404a6e315b8

Error: (05/25/2014 04:01:26 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Web.Mobile, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (05/14/2014 08:13:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wmain14.dll2014.21.3.856052fa0470unknown0.0.0.000000000c00000fd7417e4e4c1c01cf6fa02064e8e5C:\Program Files (x86)\WISO\Steuersoftware 2014\wmain14.dllunknown73ff344f-db93-11e3-bd6a-5404a6e315b8

Error: (05/14/2014 08:02:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BabMaint.exe0.0.0.051b05504ole32.dll6.1.7601.175144ce7b96fc00000050001f1e693001cf6f9e562ecb73C:\Users\RK\AppData\Roaming\BABSOL~1\Shared\BabMaint.exeC:\Windows\syswow64\ole32.dlle2c709c0-db91-11e3-bd6a-5404a6e315b8

Error: (05/12/2014 07:18:04 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/12/2014 06:18:02 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/11/2014 07:47:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: _iu14D2N.tmp51.52.0.0d0401cf6d3f6353ea6115C:\Users\RK\AppData\Local\Temp\_iu14D2N.tmp

Error: (05/11/2014 07:18:02 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.7\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/11/2014 07:11:22 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.23.9\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/10/2014 08:48:02 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.23.9\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)


==================== Memory info ===========================

Percentage of memory in use: 29%
Total physical RAM: 7787.66 MB
Available physical RAM: 5512.16 MB
Total Pagefile: 15573.49 MB
Available Pagefile: 13063.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:128.18 GB) (Free:55.24 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:144.91 GB) (Free:113.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 125FC5E1)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=128 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=145 GB) - (Type=07 NTFS)

==================== End Of Log ============================

und das Ergebnis aus GMER:

Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-29 20:12:39
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006a WDC_WD32 rev.01.0 298,09GB
Running: s4fzhzks.exe; Driver: C:\Users\RK\AppData\Local\Temp\pxldrpoc.sys


---- User code sections - GMER 2.1 ----

.text    C:\ProgramData\IePluginService\PluginService.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                0000000076691465 2 bytes [69, 76]
.text    C:\ProgramData\IePluginService\PluginService.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                00000000766914bb 2 bytes [69, 76]
.text    ...                                                                                                                                                                                                            * 2
.text    C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[2792] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                                                                                              0000000076691465 2 bytes [69, 76]
.text    C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe[2792] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                                                                                            00000000766914bb 2 bytes [69, 76]
.text    ...                                                                                                                                                                                                            * 2
.text    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                          0000000076691465 2 bytes [69, 76]
.text    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                          00000000766914bb 2 bytes [69, 76]
.text    ...                                                                                                                                                                                                            * 2
?        C:\Windows\system32\mssprxy.dll [2032] entry point in ".rdata" section                                                                                                                                        00000000742271e6
?        C:\Windows\system32\mssprxy.dll [3236] entry point in ".rdata" section                                                                                                                                        00000000742271e6
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                          0000000076691465 2 bytes [69, 76]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                          00000000766914bb 2 bytes [69, 76]
.text    ...                                                                                                                                                                                                            * 2
---- Processes - GMER 2.1 ----

Library  C:\Users\RK\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe [2792](2014-07-21 20:53:38)                                                0000000003f80000
Library  c:\users\rk\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr1kdur.dll (*** suspicious ***) @ C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe [2792](2014-07-29 16:55:39)  00000000045b0000
Library  C:\Users\RK\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe [2792](2013-10-18 23:55:02)                                                      0000000069bd0000
Library  C:\Users\RK\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe [2792] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00)                        0000000069240000
Process  C:\Users\RK\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE (*** suspicious ***) @ C:\Users\RK\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE [2636](2013-04-12 14:10:43)                                      0000000000400000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e                                                                                                                                   
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)                                                                                                               

---- EOF - GMER 2.1 ----

cosinus 29.07.2014 21:35
Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


RalphausG 30.07.2014 16:23
Code:
# AdwCleaner v3.301 - Bericht erstellt am 30/07/2014 um 16:28:18
# Aktualisiert 28/07/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : RK - RK-PC
# Gestartet von : C:\Users\RK\Downloads\adwcleaner_3.301.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : IePluginService

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\374311380
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BonanzaDealsLive
Ordner Gelöscht : C:\ProgramData\bProtector
Ordner Gelöscht : C:\ProgramData\DSearchLink
Ordner Gelöscht : C:\ProgramData\IBUpdaterService
Ordner Gelöscht : C:\ProgramData\IePluginService
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\saveItkeep
Ordner Gelöscht : C:\ProgramData\SaverPrOi
Ordner Gelöscht : C:\ProgramData\savingtoyoeu
Ordner Gelöscht : C:\Program Files (x86)\BonanzaDeals
Ordner Gelöscht : C:\Program Files (x86)\BonanzaDealsLive
Ordner Gelöscht : C:\Program Files (x86)\Delta
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\GreenTree Applications
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\Program Files (x86)\Uninstaller
Ordner Gelöscht : C:\Program Files (x86)\saveItkeep
Ordner Gelöscht : C:\Program Files (x86)\SaverPrOi
Ordner Gelöscht : C:\Program Files (x86)\savingtoyoeu
Ordner Gelöscht : C:\Users\RK\AppData\Local\BonanzaDealsLive
Ordner Gelöscht : C:\Users\RK\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\RK\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\RK\AppData\Local\Temp\mt_ffx
Ordner Gelöscht : C:\Users\RK\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\RK\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\RK\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\RK\AppData\Roaming\digitalsite
Ordner Gelöscht : C:\Users\RK\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\RK\AppData\Roaming\SupTab
Ordner Gelöscht : C:\Users\RK\AppData\Roaming\webssearches
Ordner Gelöscht : C:\Users\RK\Documents\Optimizer Pro
Ordner Gelöscht : C:\Users\RK\AppData\Roaming\Mozilla\Firefox\Profiles\61q805o1.default\Smartbar
Ordner Gelöscht : C:\Users\RK\AppData\Roaming\Mozilla\Firefox\Profiles\61q805o1.default\ValueApps
Ordner Gelöscht : C:\Users\RK\AppData\Roaming\Mozilla\Firefox\Profiles\61q805o1.default\CT3241949
Ordner Gelöscht : C:\Users\RK\AppData\Roaming\Mozilla\Firefox\Profiles\61q805o1.default\Extensions\ffxtlbr@delta.com
Ordner Gelöscht : C:\Users\RK\AppData\Roaming\Mozilla\Firefox\Profiles\61q805o1.default\Extensions\quick_start@gmail.com
Ordner Gelöscht : C:\Users\RK\AppData\Roaming\Mozilla\Firefox\Profiles\61q805o1.default\Extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}
Ordner Gelöscht : C:\Users\RK\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\RK\AppData\Roaming\aps.uninstall.scan.results
Datei Gelöscht : C:\Users\RK\AppData\Roaming\Mozilla\Firefox\Profiles\61q805o1.default\bprotector_prefs.js
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml
Datei Gelöscht : C:\Users\RK\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
Datei Gelöscht : C:\Users\RK\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\RK\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\RK\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage
Datei Gelöscht : C:\Users\RK\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage-journal

***** [ Tasks ] *****

Task Gelöscht : APSnotifierPP1
Task Gelöscht : APSnotifierPP2
Task Gelöscht : APSnotifierPP3
Task Gelöscht : bProtector
Task Gelöscht : Digital Sites
Task Gelöscht : DigitalSite

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\d
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\BABSOLUTION
Schlüssel Gelöscht : HKCU\Software\BonanzaDealsLive
Schlüssel Gelöscht : HKCU\Software\bProtector
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
[#] Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\TutoTag
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Schlüssel Gelöscht : HKLM\Software\BonanzaDealsLive
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\Free_soft_today
Schlüssel Gelöscht : HKLM\Software\GlobalUpdate
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\Tutorials
Schlüssel Gelöscht : HKLM\Software\webssearchesSoftware
Schlüssel Gelöscht : HKLM\Software\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17207

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v25.0.1 (de)

[ Datei : C:\Users\RK\AppData\Roaming\Mozilla\Firefox\Profiles\61q805o1.default\prefs.js ]

Zeile gelöscht : user_pref("CT3241949.1000082.isDisplayHidden", "true");
Zeile gelöscht : user_pref("CT3241949.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock\",\"url\":\"hxxp://feedlive.net/california.asx\"}");
Zeile gelöscht : user_pref("CT3241949.1000234.TWC_TMP_city", "WITTEN");
Zeile gelöscht : user_pref("CT3241949.1000234.TWC_TMP_country", "DE");
Zeile gelöscht : user_pref("CT3241949.1000234.TWC_locId", "GMXX5665");
Zeile gelöscht : user_pref("CT3241949.1000234.TWC_location", "Witten, Deutschland");
Zeile gelöscht : user_pref("CT3241949.1000234.TWC_region", "DE");
Zeile gelöscht : user_pref("CT3241949.1000234.TWC_temp_dis", "c");
Zeile gelöscht : user_pref("CT3241949.1000234.TWC_wind_dis", "kmh");
Zeile gelöscht : user_pref("CT3241949.1000234.weatherData", "{\"icon\":\"28.png\",\"temperature\":\"12°C\",\"temperatureClear\":\"12°C\",\"highTemperature\":\"18ÂÂÂ[...]
Zeile gelöscht : user_pref("CT3241949.129498282976856742.isToggled_item0_12", "true");
Zeile gelöscht : user_pref("CT3241949.CBOpenMAMSettings.enc", "MA==");
Zeile gelöscht : user_pref("CT3241949.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"false\"}");
Zeile gelöscht : user_pref("CT3241949.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT3241949.FirstTime", "true");
Zeile gelöscht : user_pref("CT3241949.FirstTimeFF3", "true");
Zeile gelöscht : user_pref("CT3241949.LoginRevertSettingsEnabled", true);
Zeile gelöscht : user_pref("CT3241949.PG_ENABLE", "dHJ1ZQ==");
Zeile gelöscht : user_pref("CT3241949.PG_ENABLE.enc", "dHJ1ZQ==");
Zeile gelöscht : user_pref("CT3241949.RevertSettingsEnabled", true);
Zeile gelöscht : user_pref("CT3241949.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Zeile gelöscht : user_pref("CT3241949.SF_STATUS.enc", "RU5BQkxFRA==");
Zeile gelöscht : user_pref("CT3241949.SF_USER_ID.enc", "Y2lkXzI3NDIwMTMxODE3Mzk1Mzc3MjI5");
Zeile gelöscht : user_pref("CT3241949.UserID", "UN53311395107442181");
Zeile gelöscht : user_pref("CT3241949.addressBarTakeOverEnabledInHidden", "true");
Zeile gelöscht : user_pref("CT3241949.cb_experience_000.enc", "NTM=");
Zeile gelöscht : user_pref("CT3241949.cb_firstuse0100.enc", "MQ==");
Zeile gelöscht : user_pref("CT3241949.cbcountry_001.enc", "REU=");
Zeile gelöscht : user_pref("CT3241949.cbfirsttime.enc", "U3VuIE5vdiAxMSAyMDEyIDIwOjQ0OjM5IEdNVCswMTAw");
Zeile gelöscht : user_pref("CT3241949.countryCode", "DE");
Zeile gelöscht : user_pref("CT3241949.enableAlerts", "never");
Zeile gelöscht : user_pref("CT3241949.enableFix404ByUser", "FALSE");
Zeile gelöscht : user_pref("CT3241949.event_data", "JTVCJTVE");
Zeile gelöscht : user_pref("CT3241949.fired_events", "AA==");
Zeile gelöscht : user_pref("CT3241949.firstTimeDialogOpened", "true");
Zeile gelöscht : user_pref("CT3241949.fixPageNotFoundErrorByUser", "TRUE");
Zeile gelöscht : user_pref("CT3241949.fixPageNotFoundErrorInHidden", "true");
Zeile gelöscht : user_pref("CT3241949.fixUrls", true);
Zeile gelöscht : user_pref("CT3241949.fullUserID", "UN53311395107442181.UP.20130702213314");
Zeile gelöscht : user_pref("CT3241949.homepageuserchanged", true);
Zeile gelöscht : user_pref("CT3241949.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES.enc", "b3BlbnBvc2l0aW9uPW9mZnNldDo1MDs1MCxzYXZlbG9jYXRpb249MCxyZXNpemFibGU9bm8sc2Nyb2xsYmFycz1ubyx0aXRsZW[...]
Zeile gelöscht : user_pref("CT3241949.installType", "Unknown");
Zeile gelöscht : user_pref("CT3241949.isCheckedStartAsHidden", true);
Zeile gelöscht : user_pref("CT3241949.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"false\"}");
Zeile gelöscht : user_pref("CT3241949.isFirstTimeToolbarLoading", "false");
Zeile gelöscht : user_pref("CT3241949.isNewTabEnabled", false);
Zeile gelöscht : user_pref("CT3241949.isPerformedSmartBarTransition", "true");
Zeile gelöscht : user_pref("CT3241949.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT3241949.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT3241949.key_date", "MTM=");
Zeile gelöscht : user_pref("CT3241949.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3241949&octid=CT3241949&SearchSource=15&CUI=UN53311395107442181&SSPV=&Lay=1&UM=\"}");
Zeile gelöscht : user_pref("CT3241949.lastVersion", "10.20.1.508");
Zeile gelöscht : user_pref("CT3241949.mam_gk_appStateReportTime.enc", "MTM2NzcwMDM1ODc4Ng==");
Zeile gelöscht : user_pref("CT3241949.mam_gk_appState_CouponBuddy.enc", "b24=");
Zeile gelöscht : user_pref("CT3241949.mam_gk_appState_Easytobook.enc", "b24=");
Zeile gelöscht : user_pref("CT3241949.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Zeile gelöscht : user_pref("CT3241949.mam_gk_appState_PriceGong.enc", "b24=");
Zeile gelöscht : user_pref("CT3241949.mam_gk_appState_WindowShopper.enc", "b24=");
Zeile gelöscht : user_pref("CT3241949.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5h[...]
Zeile gelöscht : user_pref("CT3241949.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Zeile gelöscht : user_pref("CT3241949.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImNyaXRlcmlhcyI6W3siY3JpdGVyaWFJZCI6IjhhMzY3MDA2LWQ1M2UtNGY5My05OTc2LTQ3ZjM0ZmMyZjY5ZCIsImRvbWFpbnMiOls[...]
Zeile gelöscht : user_pref("CT3241949.mam_gk_currentVersion.enc", "MS40LjQuNg==");
Zeile gelöscht : user_pref("CT3241949.mam_gk_first_time.enc", "MQ==");
Zeile gelöscht : user_pref("CT3241949.mam_gk_lastLoginTime.enc", "MTM2NzcwMDM1ODc3NA==");
Zeile gelöscht : user_pref("CT3241949.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50LVJpY2h0bGluaWUifSwiZ2FkZ2V0RGVzY3JpcHRpb25QcmltYXJ5Ijp7IlRleHQiOiJWYWx1ZSBBcHBzIGJlcmVpY2hlcnQgSWhy[...]
Zeile gelöscht : user_pref("CT3241949.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Zeile gelöscht : user_pref("CT3241949.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmllbmNlRW5hYmxlZEJ5RGVmYXVsd[...]
Zeile gelöscht : user_pref("CT3241949.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Zeile gelöscht : user_pref("CT3241949.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Zeile gelöscht : user_pref("CT3241949.mam_gk_userId.enc", "Zjc2ZDNmMjMtZWQ5MC00ZmFhLTlmZGEtMDM2MWYwYjc1NWJk");
Zeile gelöscht : user_pref("CT3241949.migrateAppsAndComponents", true);
Zeile gelöscht : user_pref("CT3241949.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fwww.mitfahrgelegenheit.de%2Fbookings%2Fcurrent\",\"EB_MAIN_FRAME_TITLE\":\"Mitfahrzentrale%20%7C%20mitfahrgelegenhe[...]
Zeile gelöscht : user_pref("CT3241949.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT3241949.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\\"11\\\\/11\\\\/2012 22\\\"}\"}");
Zeile gelöscht : user_pref("CT3241949.price-gong.isManagedApp", "true");
Zeile gelöscht : user_pref("CT3241949.search.searchAppId", "129887071061272563");
Zeile gelöscht : user_pref("CT3241949.search.searchCount", "0");
Zeile gelöscht : user_pref("CT3241949.searchInNewTabEnabled", "false");
Zeile gelöscht : user_pref("CT3241949.searchInNewTabEnabledByUser", "false");
Zeile gelöscht : user_pref("CT3241949.searchInNewTabEnabledInHidden", "true");
Zeile gelöscht : user_pref("CT3241949.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Zeile gelöscht : user_pref("CT3241949.searchSuggestEnabledByUser", "false");
Zeile gelöscht : user_pref("CT3241949.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT3241949.sendUsageEnabled", "false");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3241949\"}");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://FileConverter13.OurToolbar.com//xpi\"}");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"FileConverter 1.3 \"}");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_Configuration_lastUpdate", "1380560776073");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1367951067696");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_appsMetadata_lastUpdate", "1368633351174");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1368633351260");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_location_lastUpdate", "1372709276138");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_login_10.13.1.99_lastUpdate", "1352654336809");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_login_10.13.40.15_lastUpdate", "1359397634210");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_login_10.14.42.7_lastUpdate", "1361296184889");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_login_10.14.65.43_lastUpdate", "1364642328667");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_login_10.15.0.562_lastUpdate", "1365949772281");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_login_10.15.2.523_lastUpdate", "1369591382381");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_login_10.16.2.509_lastUpdate", "1372709275635");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374597147681");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_login_10.16.70.505_lastUpdate", "1377839123881");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_login_10.19.2.505_lastUpdate", "1378184586985");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_login_10.20.0.513_lastUpdate", "1380560775525");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "1368633474394");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "1368633471720");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_optimizer_lastUpdate", "1352651017625");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1368633352390");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_searchAPI_lastUpdate", "1380560775465");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_serviceMap_lastUpdate", "1380560775428");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_setupAPI_lastUpdate", "1364570296406");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_toolbarContextMenu_lastUpdate", "1368633354229");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_toolbarSettings_lastUpdate", "1380567976353");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_translation_lastUpdate", "1380560776093");
Zeile gelöscht : user_pref("CT3241949.serviceLayer_services_userApps_lastUpdate", "1353961801876");
Zeile gelöscht : user_pref("CT3241949.settingsINI", true);
Zeile gelöscht : user_pref("CT3241949.showToolbarPermission", "false");
Zeile gelöscht : user_pref("CT3241949.smartbar.CTID", "CT3241949");
Zeile gelöscht : user_pref("CT3241949.smartbar.Uninstall", "0");
Zeile gelöscht : user_pref("CT3241949.smartbar.isHidden", true);
Zeile gelöscht : user_pref("CT3241949.smartbar.toolbarName", "FileConverter 1.3 ");
Zeile gelöscht : user_pref("CT3241949.toolbarBornServerTime", "13-9-2012");
Zeile gelöscht : user_pref("CT3241949.toolbarCurrentServerTime", "30-9-2013");
Zeile gelöscht : user_pref("CT3241949.toolbarLoginClientTime", "Sun Mar 31 2013 11:34:19 GMT+0200");
Zeile gelöscht : user_pref("CT3241949.url_history0001.enc", "aHR0cDovL3d3dy5oaW1tbGlzY2gtcGxhdWRlcm4uZGUvbWVzc2FnZXMvaW5ib3gvOjo6Y2xpY2toYW5kbGVyOjo6MTM1NDA1MTI4NDIyNywsLGh0dHA6Ly93d3cuaGltbWxpc2NoLXBsYXVkZXJuLmRlL21l[...]
Zeile gelöscht : user_pref("CT3241949_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1385468751622,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://istart.webssearches.com/newtab/?type=nt&ts=1399829201&from=tugs&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX11E81AT252AT252");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "webssearches");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "webssearches");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://istart.webssearches.com/?type=hppp&ts=1404323693&from=tugs&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX11E81AT252AT252");

-\\ Google Chrome v35.0.1916.153

[ Datei : C:\Users\RK\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=dspp&ts=1406652943&from=tugs&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX11E81AT252AT252&q={searchTerms}
Gelöscht [Startup_urls] : hxxp://istart.webssearches.com/?type=hppp&ts=1406652943&from=tugs&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX11E81AT252AT252
Gelöscht [Homepage] : hxxp://istart.webssearches.com/?type=hppp&ts=1406652943&from=tugs&uid=WDCXWD3200BPVT-80JJ5T0_WD-WX11E81AT252AT252
Gelöscht [Extension] : eooncjejnppfjjklapaamhcdmjbilmde
Gelöscht [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma

*************************

AdwCleaner[R0].txt - [33380 octets] - [30/07/2014 16:25:36]
AdwCleaner[S0].txt - [30783 octets] - [30/07/2014 16:28:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [30844 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by RK on 30.07.2014 at 16:38:14,95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_USERS\.DEFAULT\Software\bProtector



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\sho3799.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho5181.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho650A.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoA305.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC0F1.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC16B.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoD1B2.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoD636.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoE440.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEE79.tmp



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Users\RK\AppData\Roaming\mozilla\firefox\profiles\61q805o1.default\extensions\staged
Emptied folder: C:\Users\RK\AppData\Roaming\mozilla\firefox\profiles\61q805o1.default\minidumps [99 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.07.2014 at 16:53:19,81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by RK (administrator) on RK-PC on 30-07-2014 17:01:59
Running from C:\Users\RK\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe
(Dropbox, Inc.) C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\RK\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be

moved.)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2278504 2011-10-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19]

(ASUS)
HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe [156448 2012-05-04] ()
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe [984400 2010-07-09]

(Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21]

(DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe

Systems Incorporated)
HKLM-x32\...\Run: [fst_de_7] => [X]
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1209466076-2481500518-3684730398-1001\...\MountPoints2: {c05bc35e-2bf3-11e1-b45d-806e6f6e6963} - E:\start.exe

/auto
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\RK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {F4B4E944-79B1-4CB3-B9EF-AD83E61C5A2B} URL = https://de.search.yahoo.com/search?fr=chr-

greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll

(Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office

\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo

\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin

\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

(Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files

\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office

\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin

\jp2ssv.dll (Sun Microsystems, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

(Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced

Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll

(Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll

(Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo

\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\RK\AppData\Roaming\Mozilla\Firefox\Profiles\61q805o1.default
FF Keyword.URL: https://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=501549&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft

Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX,

LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll

(DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_32 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll (

Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

(Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

(Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll

(Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll

(Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader

\npAmazonMP3DownloaderPlugin1017319.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\RK\AppData\Roaming\Mozilla\Firefox\Profiles\61q805o1.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: GMX MailCheck - C:\Users\RK\AppData\Roaming\Mozilla\Firefox\Profiles\61q805o1.default\Extensions

\toolbar@gmx.net.xpi [2013-04-07]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2012-07-25]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2

[2012-07-25]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Google Drive) - C:\Users\RK\AppData\Local\Google\Chrome\User Data\Default\Extensions

\apdfllckaahabafndbhieahigkjlhalf [2013-11-23]
CHR Extension: (YouTube) - C:\Users\RK\AppData\Local\Google\Chrome\User Data\Default\Extensions

\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-23]
CHR Extension: (Google-Suche) - C:\Users\RK\AppData\Local\Google\Chrome\User Data\Default\Extensions

\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-23]
CHR Extension: (Color My Twitter) - C:\Users\RK\AppData\Local\Google\Chrome\User Data\Default\Extensions

\lmbdmchmkmjamopihbpmnknbkflciolk [2014-07-23]
CHR Extension: (Google Wallet) - C:\Users\RK\AppData\Local\Google\Chrome\User Data\Default\Extensions

\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-23]
CHR Extension: (Google Mail) - C:\Users\RK\AppData\Local\Google\Chrome\User Data\Default\Extensions

\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-23]
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome

\aswWebRepChrome.crx [2013-11-23]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless

listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-03-21] (Advanced Micro

Devices, Inc.) [File not signed]
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros) [File

not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not

signed]
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 UI Assistant Service; C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe [274208 2012-05-04] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless

listed separately.)

R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately

to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-30 17:01 - 2014-07-30 17:01 - 02093568 _____ (Farbar) C:\Users\RK\Downloads\FRST64 (1).exe
2014-07-30 17:01 - 2014-07-30 17:01 - 00015398 _____ () C:\Users\RK\Downloads\FRST.txt
2014-07-30 16:53 - 2014-07-30 16:53 - 00001573 _____ () C:\Users\RK\Desktop\JRT.txt
2014-07-30 16:38 - 2014-07-30 16:38 - 00000000 ____D () C:\Windows\ERUNT
2014-07-30 16:35 - 2014-07-30 16:36 - 01016261 _____ (Thisisu) C:\Users\RK\Downloads\JRT.exe
2014-07-30 16:33 - 2014-07-30 16:33 - 00031009 _____ () C:\Users\RK\Desktop\AdwCleaner[S0].txt
2014-07-30 16:26 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-30 16:25 - 2014-07-30 16:30 - 00000000 ____D () C:\AdwCleaner
2014-07-30 16:23 - 2014-07-30 16:23 - 01365525 _____ () C:\Users\RK\Downloads\adwcleaner_3.301.exe
2014-07-29 20:12 - 2014-07-29 20:12 - 00005364 _____ () C:\Users\RK\Desktop\Gmer.txt
2014-07-29 19:48 - 2014-07-29 19:48 - 00380416 _____ () C:\Users\RK\Downloads\s4fzhzks.exe
2014-07-29 19:43 - 2014-07-29 19:46 - 00049852 _____ () C:\Users\RK\Desktop\Addition.txt
2014-07-29 19:40 - 2014-07-29 19:46 - 00040231 _____ () C:\Users\RK\Desktop\FRST.txt
2014-07-29 19:39 - 2014-07-30 17:02 - 00000000 ____D () C:\FRST
2014-07-29 19:39 - 2014-07-29 19:39 - 02093568 _____ (Farbar) C:\Users\RK\Downloads\FRST64.exe
2014-07-29 19:34 - 2014-07-29 19:35 - 00000466 _____ () C:\Users\RK\Desktop\defogger_disable.log
2014-07-29 19:34 - 2014-07-29 19:34 - 00050477 _____ () C:\Users\RK\Downloads\Defogger.exe
2014-07-29 19:34 - 2014-07-29 19:34 - 00000000 _____ () C:\Users\RK\defogger_reenable
2014-07-29 19:33 - 2014-07-29 19:33 - 00001146 _____ () C:\Users\RK\Desktop\Continue Mipony Download Manager

Installation.lnk
2014-07-29 19:29 - 2014-07-29 19:30 - 00682272 _____ ( ) C:\Users\RK\Downloads\DownloadManagerSetup.exe
2014-07-28 18:26 - 2014-07-28 18:26 - 00005770 _____ () C:\Users\RK\AppData\Local\recently-used.xbel
2014-07-25 23:30 - 2014-07-25 23:41 - 00013174 _____ () C:\Users\RK\Desktop\Planung Standesamt.xlsx
2014-07-24 20:01 - 2014-07-24 20:01 - 00011519 _____ () C:\Users\RK\Desktop\Ausgaben Hochzeit.xlsx
2014-07-21 23:51 - 2014-07-21 23:51 - 00000999 _____ () C:\Users\RK\Downloads\BAHN_Fahrplan_20140722.ics
2014-07-18 16:37 - 2014-07-18 16:37 - 28472492 _____ () C:\Users\RK\Desktop\3bunt.xcf
2014-07-10 18:43 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 18:43 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-10 18:43 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 18:43 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 18:43 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-10 18:43 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-10 18:43 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-10 18:43 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-10 18:43 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-10 18:43 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-10 18:43 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-10 18:43 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-10 18:43 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-10 18:43 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-10 18:43 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-10 18:43 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-10 18:43 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-10 18:43 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-10 18:43 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-10 18:43 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-10 18:42 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 18:42 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-10 18:42 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 18:42 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 18:42 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-10 18:42 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 18:42 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-10 18:42 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-10 18:42 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-10 18:42 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-10 18:42 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 18:42 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-10 18:42 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 18:42 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-10 18:42 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-10 18:42 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-10 18:42 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-10 18:42 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-10 18:42 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 18:42 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows

\system32\JavaScriptCollectionAgent.dll
2014-07-10 18:42 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-10 18:42 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-10 18:42 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 18:42 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 18:42 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 18:42 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 18:42 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-10 18:42 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-10 18:42 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-10 18:42 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-10 18:42 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 18:42 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-10 18:42 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-10 18:42 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-10 18:42 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 18:42 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-10 18:42 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-10 18:42 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-10 18:42 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-10 18:42 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-10 18:42 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-10 18:42 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-10 18:42 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-10 18:42 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 18:42 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-10 18:42 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-10 18:42 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 18:42 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-10 18:42 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-10 18:42 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-10 18:42 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-10 18:42 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 18:42 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-10 18:42 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-10 18:42 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-10 18:42 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-10 18:41 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 18:41 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-10 18:41 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-30 17:03 - 2014-07-30 17:01 - 00015398 _____ () C:\Users\RK\Downloads\FRST.txt
2014-07-30 17:02 - 2014-07-29 19:39 - 00000000 ____D () C:\FRST
2014-07-30 17:01 - 2014-07-30 17:01 - 02093568 _____ (Farbar) C:\Users\RK\Downloads\FRST64 (1).exe
2014-07-30 17:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-07-30 16:53 - 2014-07-30 16:53 - 00001573 _____ () C:\Users\RK\Desktop\JRT.txt
2014-07-30 16:40 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-

1.C7483456-A289-439d-8115-601632D005A0
2014-07-30 16:40 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-

0.C7483456-A289-439d-8115-601632D005A0
2014-07-30 16:38 - 2014-07-30 16:38 - 00000000 ____D () C:\Windows\ERUNT
2014-07-30 16:37 - 2011-12-21 18:35 - 01099182 _____ () C:\Windows\WindowsUpdate.log
2014-07-30 16:36 - 2014-07-30 16:35 - 01016261 _____ (Thisisu) C:\Users\RK\Downloads\JRT.exe
2014-07-30 16:33 - 2014-07-30 16:33 - 00031009 _____ () C:\Users\RK\Desktop\AdwCleaner[S0].txt
2014-07-30 16:33 - 2013-11-04 19:38 - 00000000 ___RD () C:\Users\RK\Dropbox
2014-07-30 16:33 - 2013-10-22 18:52 - 00000000 ____D () C:\Users\RK\AppData\Roaming\Dropbox
2014-07-30 16:32 - 2013-11-23 19:15 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-30 16:32 - 2013-01-02 20:08 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-07-30 16:32 - 2011-10-19 05:20 - 00554584 _____ () C:\Windows\PFRO.log
2014-07-30 16:32 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-30 16:32 - 2009-07-14 06:51 - 00115768 _____ () C:\Windows\setupact.log
2014-07-30 16:30 - 2014-07-30 16:25 - 00000000 ____D () C:\AdwCleaner
2014-07-30 16:28 - 2013-11-23 19:16 - 00001284 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-30 16:28 - 2013-11-23 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-30 16:28 - 2012-05-02 17:42 - 00001067 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla

Firefox.lnk
2014-07-30 16:23 - 2014-07-30 16:23 - 01365525 _____ () C:\Users\RK\Downloads\adwcleaner_3.301.exe
2014-07-30 16:18 - 2013-11-23 19:15 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-29 21:41 - 2011-02-19 06:24 - 00711530 _____ () C:\Windows\system32\perfh007.dat
2014-07-29 21:41 - 2011-02-19 06:24 - 00153720 _____ () C:\Windows\system32\perfc007.dat
2014-07-29 21:41 - 2009-07-14 07:13 - 01652924 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-29 20:12 - 2014-07-29 20:12 - 00005364 _____ () C:\Users\RK\Desktop\Gmer.txt
2014-07-29 20:09 - 2013-09-30 20:09 - 00000108 _____ () C:\Users\RK\AppData\Roaming\WB.CFG
2014-07-29 19:48 - 2014-07-29 19:48 - 00380416 _____ () C:\Users\RK\Downloads\s4fzhzks.exe
2014-07-29 19:46 - 2014-07-29 19:43 - 00049852 _____ () C:\Users\RK\Desktop\Addition.txt
2014-07-29 19:46 - 2014-07-29 19:40 - 00040231 _____ () C:\Users\RK\Desktop\FRST.txt
2014-07-29 19:39 - 2014-07-29 19:39 - 02093568 _____ (Farbar) C:\Users\RK\Downloads\FRST64.exe
2014-07-29 19:35 - 2014-07-29 19:34 - 00000466 _____ () C:\Users\RK\Desktop\defogger_disable.log
2014-07-29 19:34 - 2014-07-29 19:34 - 00050477 _____ () C:\Users\RK\Downloads\Defogger.exe
2014-07-29 19:34 - 2014-07-29 19:34 - 00000000 _____ () C:\Users\RK\defogger_reenable
2014-07-29 19:34 - 2012-04-30 20:37 - 00000000 ____D () C:\Users\RK
2014-07-29 19:33 - 2014-07-29 19:33 - 00001146 _____ () C:\Users\RK\Desktop\Continue Mipony Download Manager

Installation.lnk
2014-07-29 19:30 - 2014-07-29 19:29 - 00682272 _____ ( ) C:\Users\RK\Downloads\DownloadManagerSetup.exe
2014-07-28 20:45 - 2013-09-30 19:06 - 00000000 ____D () C:\Program Files (x86)\DSP-worx
2014-07-28 20:42 - 2014-06-24 20:18 - 00000000 ____D () C:\ProgramData\85a93ac36f72f73
2014-07-28 18:30 - 2014-05-25 01:23 - 00000000 ____D () C:\Users\RK\.gimp-2.8
2014-07-28 18:26 - 2014-07-28 18:26 - 00005770 _____ () C:\Users\RK\AppData\Local\recently-used.xbel
2014-07-28 17:15 - 2013-10-22 20:02 - 00000000 ____D () C:\Users\RK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

\Dropbox
2014-07-25 23:41 - 2014-07-25 23:30 - 00013174 _____ () C:\Users\RK\Desktop\Planung Standesamt.xlsx
2014-07-25 22:38 - 2012-06-02 18:11 - 00000000 ____D () C:\Users\RK\AppData\Local\Microsoft Help
2014-07-25 22:35 - 2013-03-18 21:58 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 22:35 - 2013-03-18 21:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 20:01 - 2014-07-24 20:01 - 00011519 _____ () C:\Users\RK\Desktop\Ausgaben Hochzeit.xlsx
2014-07-24 18:05 - 2013-03-18 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft

Silverlight
2014-07-21 23:53 - 2012-06-05 21:10 - 00000000 ____D () C:\Users\RK\Documents\Outlook-Dateien
2014-07-21 23:51 - 2014-07-21 23:51 - 00000999 _____ () C:\Users\RK\Downloads\BAHN_Fahrplan_20140722.ics
2014-07-18 16:37 - 2014-07-18 16:37 - 28472492 _____ () C:\Users\RK\Desktop\3bunt.xcf
2014-07-18 16:37 - 2014-05-25 01:37 - 00000000 ____D () C:\Users\RK\AppData\Local\gtk-2.0
2014-07-18 10:36 - 2014-06-15 22:26 - 00000000 ____D () C:\Users\RK\.thumbnails
2014-07-14 12:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-14 10:52 - 2009-07-14 06:45 - 00424392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-14 10:48 - 2009-07-14 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-14 10:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-14 10:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 21:49 - 2012-06-02 18:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-10 21:46 - 2013-07-28 21:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 21:42 - 2012-05-06 00:07 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-07 22:21 - 2012-05-03 21:17 - 00000000 ____D () C:\Users\RK\AppData\Roaming\Skype
2014-07-07 19:21 - 2012-06-19 20:49 - 00000000 ____D () C:\Users\RK\AppData\Local\CrashDumps
2014-07-02 21:00 - 2014-04-05 12:33 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-02 21:00 - 2012-05-03 21:17 - 00000000 ____D () C:\ProgramData\Skype
2014-07-01 22:26 - 2014-05-25 00:45 - 00000000 ____D () C:\Users\RK\Desktop\Tattoo

Some content of TEMP:
====================
C:\Users\RK\AppData\Local\Temp\AskSLib.dll
C:\Users\RK\AppData\Local\Temp\BackupSetup.exe
C:\Users\RK\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmput41zg.dll
C:\Users\RK\AppData\Local\Temp\firefoxjre_exe-1.exe
C:\Users\RK\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\RK\AppData\Local\Temp\GoogleUpdateSetup_latest.exe
C:\Users\RK\AppData\Local\Temp\ICReinstall_DownloadManagerSetup.exe
C:\Users\RK\AppData\Local\Temp\Quarantine.exe
C:\Users\RK\AppData\Local\Temp\SkypeSetup.exe
C:\Users\RK\AppData\Local\Temp\Sqlite3.dll
C:\Users\RK\AppData\Local\Temp\vcredist_x64.exe
C:\Users\RK\AppData\Local\Temp\_is9F51.exe
C:\Users\RK\AppData\Local\Temp\_isCAD4.exe
C:\Users\RK\AppData\Local\Temp\{2F2CCDA5-BFEF-4816-87C1-17B65ABEE569}-chrome_installer.exe
C:\Users\RK\AppData\Local\Temp\{B793F35B-678D-45E5-8C55-0D685FB782C0}-GoogleUpdateSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-28 18:48

==================== End Of Log ============================
--- --- ---


Addition wurde dieses Mal nicht ausgegeben

cosinus 30.07.2014 17:46
Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

http://saved.im/mtg0mjy4yjlu/2014-04...ryscantool.png

RalphausG 30.07.2014 18:02
FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014
Ran by RK at 2014-07-30 19:00:22
Running from C:\Users\RK\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1&1 Surf-Stick (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - )
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
AMD APP SDK Runtime (Version: 10.0.851.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{4572399F-5B78-3C50-7281-4AB6248FC1F0}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2012.0321.2215.37961 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.70321.2226 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In  (Version: 2.03.0000 - AMD) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.0321.2215.37961 - Ihr Firmenname) Hidden
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.1 - ASUS)
ASUS Sonic Focus (HKLM-x32\...\{B0002707-4F7E-4745-88A7-852DA8A88635}) (Version: 1.0.0.5 - Synopsys )
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0041 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS)
ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version:  - )
Atheros Client Installation Program (HKLM-x32\...\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}) (Version: 7.0 - Atheros)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0016 - ASUS)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications)
Brother MFL-Pro Suite MFC-J5910DW (HKLM-x32\...\{830F55B6-4398-4B72-A0D8-66397B902C0E}) (Version: 1.1.1.0 - Brother Industries, Ltd.)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0321.2215.37961 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0321.2215.37961 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0321.2215.37961 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0321.2215.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0321.2214.37961 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0321.2215.37961 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
CyberLink Media Suite (x32 Version: 8.0.2926 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.1126 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
ETDWare PS/2-X64 8.0.5.1_WHQL (HKLM\...\Elantech) (Version: 8.0.5.1 - ELAN Microelectronic Corp.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 32 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.320 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 25.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 25.0.1 (x86 de)) (Version: 25.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
OpenSource Flash Video Splitter 1.0.0.5 (HKLM-x32\...\OpenSource Flash Video Splitter) (Version: 1.0.0.5 - )
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.27 - ASUS)
WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{B80A9F10-D0F6-439B-9D71-8C40D1D3D211}) (Version: 21.00.8480 - Buhl Data Service GmbH)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1209466076-2481500518-3684730398-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\RK\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1209466076-2481500518-3684730398-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RK\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1209466076-2481500518-3684730398-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RK\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1209466076-2481500518-3684730398-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RK\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1209466076-2481500518-3684730398-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RK\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1209466076-2481500518-3684730398-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RK\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1209466076-2481500518-3684730398-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RK\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1209466076-2481500518-3684730398-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RK\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1209466076-2481500518-3684730398-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RK\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

10-07-2014 16:41:34 Windows Update
10-07-2014 19:37:57 Windows Update
14-07-2014 09:05:23 Windows Update
17-07-2014 16:55:26 Windows Update
20-07-2014 19:50:24 Windows Update
24-07-2014 16:00:41 Windows Update
28-07-2014 15:22:59 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1B5921A9-1278-459F-BBE7-CAE24E8340EB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-23] (Google Inc.)
Task: {2C26C9CC-C34F-46C4-98D5-B2DD96A6C349} - System32\Tasks\{30594A26-75C0-4B5F-B303-9B81FB0533AA} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/abandoninstall?source=lightinstaller&amp;page=tsBing
Task: {3B076888-E270-460D-BA00-FD227B7F97C5} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-02-15] (ASUS)
Task: {5B7C60DD-3BE2-4B95-BA19-7738661F3CFF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-05] (Adobe Systems Incorporated)
Task: {5C830D71-E65F-45EC-A073-B283DB9CE443} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-23] (Google Inc.)
Task: {99D99D36-75FE-4CC5-B822-2BB329353C6D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {A5FD7955-2DB2-46BF-8E6B-863ED3F48945} - System32\Tasks\{3583808C-342B-436E-9414-0A743C4BFC95} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsPlugin
Task: {C91D7486-53D1-4319-BF67-8FE3DEE414FE} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {D134945A-28BC-438C-A7C8-F87A3AF9BCF1} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-02-16] (ASUSTek Computer Inc.)
Task: {E955CB4C-F6D9-4EA4-8604-B0A2BBC0C546} - System32\Tasks\{A6AF1014-F9B6-4078-A74F-9CACA7513D35} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsMain
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-03-21 22:30 - 2012-03-21 22:30 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2010-07-14 16:11 - 2010-07-14 16:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2013-05-12 21:04 - 2012-05-04 17:19 - 00156448 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe
2013-08-29 02:23 - 2013-08-29 02:23 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2013-05-04 11:23 - 2005-04-22 06:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll
2013-05-12 21:04 - 2012-05-04 17:19 - 00274208 _____ () C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
2014-07-30 16:32 - 2014-07-30 16:32 - 00043008 _____ () c:\users\rk\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmput41zg.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\RK\AppData\Roaming\Dropbox\bin\libcef.dll
2013-08-29 02:25 - 2013-08-29 02:25 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-06-15 22:04 - 2014-06-05 15:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-15 22:04 - 2014-06-05 15:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-15 22:04 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-15 22:04 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-15 22:04 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-07-14 17:12 - 2014-07-08 08:18 - 14663856 _____ () C:\Users\RK\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:D20FFA63

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk => C:\Windows\pss\AsusVibeLauncher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
MSCONFIG\startupreg: ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
MSCONFIG\startupreg: ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: ControlCenter4 => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
MSCONFIG\startupreg: ETDCtrl => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: Nuance PDF Reader-reminder => "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SonicMasterTray => C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Wireless Console 3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 35%
Total physical RAM: 7787.66 MB
Available physical RAM: 5048.11 MB
Total Pagefile: 15573.49 MB
Available Pagefile: 12545.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:128.18 GB) (Free:54.82 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:144.91 GB) (Free:113.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 125FC5E1)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=128 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=145 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

cosinus 30.07.2014 19:10
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\ProgramData\85a93ac36f72f73
C:\Users\RK\AppData\Local\Temp\AskSLib.dll
C:\Users\RK\AppData\Local\Temp\BackupSetup.exe
C:\Users\RK\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmput41zg.dll
C:\Users\RK\AppData\Local\Temp\firefoxjre_exe-1.exe
C:\Users\RK\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\RK\AppData\Local\Temp\GoogleUpdateSetup_latest.exe
C:\Users\RK\AppData\Local\Temp\ICReinstall_DownloadManagerSetup.exe
C:\Users\RK\AppData\Local\Temp\Quarantine.exe
C:\Users\RK\AppData\Local\Temp\SkypeSetup.exe
C:\Users\RK\AppData\Local\Temp\Sqlite3.dll
C:\Users\RK\AppData\Local\Temp\vcredist_x64.exe
C:\Users\RK\AppData\Local\Temp\_is9F51.exe
C:\Users\RK\AppData\Local\Temp\_isCAD4.exe
C:\Users\RK\AppData\Local\Temp\{2F2CCDA5-BFEF-4816-87C1-17B65ABEE569}-chrome_installer.exe
C:\Users\RK\AppData\Local\Temp\{B793F35B-678D-45E5-8C55-0D685FB782C0}-GoogleUpdateSetup.exe
AlternateDataStreams: C:\ProgramData\Temp:D20FFA63

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


RalphausG 30.07.2014 19:28
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-07-2014
Ran by RK at 2014-07-30 20:28:22 Run:1
Running from C:\Users\RK\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\ProgramData\85a93ac36f72f73
C:\Users\RK\AppData\Local\Temp\AskSLib.dll
C:\Users\RK\AppData\Local\Temp\BackupSetup.exe
C:\Users\RK\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmput41zg.dll
C:\Users\RK\AppData\Local\Temp\firefoxjre_exe-1.exe
C:\Users\RK\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\RK\AppData\Local\Temp\GoogleUpdateSetup_latest.exe
C:\Users\RK\AppData\Local\Temp\ICReinstall_DownloadManagerSetup.exe
C:\Users\RK\AppData\Local\Temp\Quarantine.exe
C:\Users\RK\AppData\Local\Temp\SkypeSetup.exe
C:\Users\RK\AppData\Local\Temp\Sqlite3.dll
C:\Users\RK\AppData\Local\Temp\vcredist_x64.exe
C:\Users\RK\AppData\Local\Temp\_is9F51.exe
C:\Users\RK\AppData\Local\Temp\_isCAD4.exe
C:\Users\RK\AppData\Local\Temp\{2F2CCDA5-BFEF-4816-87C1-17B65ABEE569}-chrome_installer.exe
C:\Users\RK\AppData\Local\Temp\{B793F35B-678D-45E5-8C55-0D685FB782C0}-GoogleUpdateSetup.exe
AlternateDataStreams: C:\ProgramData\Temp:D20FFA63
*****************

C:\ProgramData\85a93ac36f72f73 => Moved successfully.
C:\Users\RK\AppData\Local\Temp\AskSLib.dll => Moved successfully.
C:\Users\RK\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\RK\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmput41zg.dll => Moved successfully.
C:\Users\RK\AppData\Local\Temp\firefoxjre_exe-1.exe => Moved successfully.
C:\Users\RK\AppData\Local\Temp\firefoxjre_exe.exe => Moved successfully.
C:\Users\RK\AppData\Local\Temp\GoogleUpdateSetup_latest.exe => Moved successfully.
C:\Users\RK\AppData\Local\Temp\ICReinstall_DownloadManagerSetup.exe => Moved successfully.
C:\Users\RK\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\RK\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\RK\AppData\Local\Temp\Sqlite3.dll => Moved successfully.
C:\Users\RK\AppData\Local\Temp\vcredist_x64.exe => Moved successfully.
C:\Users\RK\AppData\Local\Temp\_is9F51.exe => Moved successfully.
C:\Users\RK\AppData\Local\Temp\_isCAD4.exe => Moved successfully.
C:\Users\RK\AppData\Local\Temp\{2F2CCDA5-BFEF-4816-87C1-17B65ABEE569}-chrome_installer.exe => Moved successfully.
C:\Users\RK\AppData\Local\Temp\{B793F35B-678D-45E5-8C55-0D685FB782C0}-GoogleUpdateSetup.exe => Moved successfully.
C:\ProgramData\Temp => ":D20FFA63" ADS removed successfully.

==== End of Fixlog ====

cosinus 30.07.2014 19:47
Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


RalphausG 30.07.2014 20:59
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 30.07.2014 21:01:37, SYSTEM, RK-PC, Protection, Malware Protection, Starting,
Protection, 30.07.2014 21:01:37, SYSTEM, RK-PC, Protection, Malware Protection, Started,
Protection, 30.07.2014 21:01:37, SYSTEM, RK-PC, Protection, Malicious Website Protection, Starting,
Protection, 30.07.2014 21:01:41, SYSTEM, RK-PC, Protection, Malicious Website Protection, Started,
Update, 30.07.2014 21:01:51, SYSTEM, RK-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.7.17.1,
Update, 30.07.2014 21:02:22, SYSTEM, RK-PC, Manual, Malware Database, 2014.3.4.9, 2014.7.30.7,
Protection, 30.07.2014 21:02:45, SYSTEM, RK-PC, Protection, Refresh, Starting,
Protection, 30.07.2014 21:02:45, SYSTEM, RK-PC, Protection, Malicious Website Protection, Stopping,
Protection, 30.07.2014 21:02:46, SYSTEM, RK-PC, Protection, Malicious Website Protection, Stopped,
Protection, 30.07.2014 21:03:05, SYSTEM, RK-PC, Protection, Refresh, Success,
Protection, 30.07.2014 21:03:05, SYSTEM, RK-PC, Protection, Malicious Website Protection, Starting,
Protection, 30.07.2014 21:03:06, SYSTEM, RK-PC, Protection, Malicious Website Protection, Started,
Detection, 30.07.2014 21:22:07, SYSTEM, RK-PC, Protection, Malicious Website Protection, IP, 5.150.195.169, 3c45d848d99.se, 62059, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 30.07.2014 21:22:08, SYSTEM, RK-PC, Protection, Malicious Website Protection, IP, 5.150.195.169, 3c45d848d99.se, 62059, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 30.07.2014 21:22:08, SYSTEM, RK-PC, Protection, Malicious Website Protection, IP, 5.150.195.169, 3c45d848d99.se, 62060, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Protection, 30.07.2014 21:50:39, SYSTEM, RK-PC, Protection, Malware Protection, Starting,
Protection, 30.07.2014 21:50:39, SYSTEM, RK-PC, Protection, Malware Protection, Started,
Protection, 30.07.2014 21:50:39, SYSTEM, RK-PC, Protection, Malicious Website Protection, Starting,
Protection, 30.07.2014 21:50:49, SYSTEM, RK-PC, Protection, Malicious Website Protection, Started,

(end)

cosinus 30.07.2014 23:17
Falsches MBAM-Log, bitte Anleitung richtig lesen und umsetzen

RalphausG 31.07.2014 16:35
ok, das mit dem falschen mbam war mein Fehler. Sorry!
Als ich heute das Programm geöffnet habe, hat es automatisch einen neuen Suchlauf gestartet. Jetzt steht im neuesten Protokoll aber deutlich weniger drin. Das liegt wahrscheinlich daran, dass ich gestern das ESET habe durchlaufen lassen?
Zum ESET: da es sich erst Daten aus dem Internet gezogen hat, habe ich mich nicht getraut, meine Antiviren-Software (Microsoft Essentials) und meine Firewall zu deaktivieren. Da der Suchlauf automatisch startete blieben die beiden Sicherheitseinrichtungen aktiviert. Kann man mit dem Protokoll jetzt was anfangen? Fehlermeldungen gab's keine.

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 31.07.2014
Suchlauf-Zeit: 05:49:01
Logdatei: mbam1.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.31.02
Rootkit Datenbank: v2014.07.17.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: RK

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 296655
Verstrichene Zeit: 59 Min, 1 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 2
PUP.Optional.Superfish.A, C:\Users\RK\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Löschen bei Neustart, [739bdbcb007b082e0fc825ba43bf827e],
PUP.Optional.Superfish.A, C:\Users\RK\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, In Quarantäne, [c648347209722b0b34a3ebf4ab57fa06],

Physische Sektoren: 0
(No malicious items detected)


(end)
und hier das von ESET:
Code:
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=dd89847169bfdc419595eee7aa8cb6df
# engine=19424
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-31 07:56:58
# local_time=2014-07-31 09:56:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 10141413 48106734 0 0
# scanned=197934
# found=43
# cleaned=0
# scan_time=41996
sh=34622C0C9B0F72AB2F67AE3BD7CF94EF76B2B54D ft=1 fh=422f90d5b5335443 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.24.6\deltaApp.dll.vir"
sh=80C8F13A1918FAEEAB9673C1CCF96E52325EE695 ft=1 fh=0aefb751d92be997 vn="möglicherweise Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.24.6\deltaEng.dll.vir"
sh=4400797578E17E511E6164469770A80E828DDA3A ft=1 fh=56dbbea16253a143 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.24.6\deltasrv.exe.vir"
sh=610CDC3A03DA21A83EB90193BACF1347AAA39A0F ft=1 fh=6544723ffe1f3f66 vn="Variante von Win32/Toolbar.Montiera.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll.vir"
sh=AFD5B25F86CFD3045CCFF940A249A1DA89DEDE5D ft=1 fh=c55a3c08e5709f9a vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.24.6\uninstall.exe.vir"
sh=66AE7973E507FF0471DECFFF3BF7FFD40EA4D00D ft=1 fh=1b697967a44eb4e0 vn="Variante von Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll.vir"
sh=4E475FD620FBCCBB37453AF2BD0427BDA73109FF ft=1 fh=70875884387ffbdb vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=524ED1264811258D64BA2BE8B48005C6D1935713 ft=1 fh=19b60c262a337e59 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir"
sh=72971E4B87542575A876B36FB87879B416F4EC88 ft=1 fh=eb8c71c588367618 vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterfacef32.dll.vir"
sh=01C9B3D0E073B824021B29F1FD957A8643DF6931 ft=1 fh=9d9cb38b273b86fe vn="Variante von Win32/ELEX.AR evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir"
sh=F34BB16FA7EEF85B106A7C3A3FDEEE95ECF18001 ft=1 fh=7bd5299d4d87abc5 vn="Win32/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir"
sh=FB15CD6ADCD9BDFBF68D5DF5EAEA02BF329F8D4F ft=1 fh=dfa2b1c2f56e7303 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir"
sh=B733C40B96BCA6CC139230D0F7C4E51CEC12CF35 ft=1 fh=08ea3c71e6c55c1b vn="Win32/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv32.dll.vir"
sh=D6F9F256C03B81C01D6CFF28D2D966F59F786AC3 ft=1 fh=3a3e287aa52ff7e5 vn="Variante von Win64/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv64.dll.vir"
sh=EC7EC5D60C5A578BC9953115D368BECD05BA14B2 ft=1 fh=ecbff00cc7dcc0fd vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=B992ED7A1B4DF30F6AF8A911FBFDE92ED9F77519 ft=1 fh=5dac4dde3cd39976 vn="Variante von MSIL/DomaIQ.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Uninstaller\Uninstall.exe.vir"
sh=246DDBC3A2C223A6B9072637D93DC2A2832D097A ft=1 fh=c71c0011b04f613a vn="Win32/Toolbar.Babylon.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\DSearchLink\DSearchLink.exe.vir"
sh=95D8C7F2851240F836D46EBD0DCB0BBAE3C9C3C8 ft=1 fh=c39b2415a29978f2 vn="Variante von Win32/ELEX.AD evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginService\PluginService.exe.vir"
sh=1549CF4F9282F1B42A58B5E050E12EF0AD669798 ft=1 fh=ffe6693d8bc7d6c5 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\RK\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"
sh=A645887207B3B55F090294FF38DE19B7F4FD98AA ft=1 fh=7568caa4916f0615 vn="Variante von Win32/DealPly.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\RK\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe.vir"
sh=F66F477B53B39DF2C2C561D4AF1C7C8F87C89046 ft=1 fh=d0f38e5e390c9502 vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\RK\AppData\Roaming\Mozilla\Firefox\Profiles\61q805o1.default\Extensions\ffxtlbr@delta.com\uninstall.exe.vir"
sh=37824D4B366B35F9C84237C48E66DF9687EEDEC6 ft=1 fh=c570259d3a36278d vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\RK\AppData\Roaming\Mozilla\Firefox\Profiles\61q805o1.default\Extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\Plugins\npConduitFirefoxPlugin.dll.vir"
sh=EC7EC5D60C5A578BC9953115D368BECD05BA14B2 ft=1 fh=ecbff00cc7dcc0fd vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\RK\AppData\Roaming\SupTab\SupTab.dll.vir"
sh=CE6D5CBF8C409CBE86AB04EE9A1E55A67A278CD9 ft=1 fh=c71c00114b6b2392 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\RK\AppData\Local\Temp\ICReinstall_DownloadManagerSetup.exe.xBAD"
sh=6527D773A16878E428D8DE50D51F28FEA7AAD655 ft=1 fh=abbd31e330edcbad vn="Win32/AnyProtect.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\RK\AppData\Local\nsoD2C0.tmp"
sh=58A0A73C94467248C36A8A094D7870FA6156C854 ft=1 fh=3f5f03da32467475 vn="Win32/Wajam.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\RK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LE7USF8\wajam_install[1].exe"
sh=13D8748AF18587B90684DA11682546BCCF08B078 ft=0 fh=0000000000000000 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\RK\AppData\Local\Mozilla\Firefox\Profiles\61q805o1.default\Cache\B\77\36E56d01"
sh=FF0E8EB8A33A3026F802F9600837010094D45518 ft=0 fh=0000000000000000 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\RK\AppData\Local\Mozilla\Firefox\Profiles\61q805o1.default\Cache\C\91\6B963d01"
sh=6527D773A16878E428D8DE50D51F28FEA7AAD655 ft=1 fh=abbd31e330edcbad vn="Win32/AnyProtect.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\RK\AppData\Local\Temp\nsoD2C0.tmp"
sh=A6CCC75EC425545CA45F28382CF0A26A14BD0501 ft=1 fh=527d19224d8098c1 vn="Variante von Win32/Toolbar.Widgi.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\RK\AppData\Local\Temp\~spDC9B.tmp"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\RK\AppData\Local\Temp\12927334.Uninstall\uninstaller.exe"
sh=1A9C2CE8C1F539AC8546D67C9F924AEA8D2A84C2 ft=1 fh=d348c3328e970e39 vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\RK\AppData\Local\Temp\32f9ec7d-9ba3-474a-bc9e-8ce4f1a0e7ee\software\Cloud_Backup_Setup.exe"
sh=A9FD6D9C7A0F182F48D427D255535C2085D2DD59 ft=1 fh=5da18cd7d36290a1 vn="Variante von Win32/AdWare.SpeedingUpMyPC.L Anwendung" ac=I fn="C:\Users\RK\AppData\Local\Temp\32f9ec7d-9ba3-474a-bc9e-8ce4f1a0e7ee\software\OptimizerPro.exe"
sh=CCDFEE87B0A44C2DC94247FD64A46633479966E2 ft=1 fh=8ea0c674691f6066 vn="Win32/VOPackage.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\RK\AppData\Local\Temp\32f9ec7d-9ba3-474a-bc9e-8ce4f1a0e7ee\software\VOPackage.exe"
sh=1549CF4F9282F1B42A58B5E050E12EF0AD669798 ft=1 fh=ffe6693d8bc7d6c5 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\RK\AppData\Local\Temp\3796D686-BAB0-7891-8B98-E4BC4E628BA1\Latest\BabMaint.exe"
sh=7759A3318DE2ABC3755EBB7F50322C6D586B5286 ft=1 fh=e3d39714b3bfb2a0 vn="Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\RK\AppData\Local\Temp\3796D686-BAB0-7891-8B98-E4BC4E628BA1\Latest\IEHelper.dll"
sh=A836A8346F791EC8A83B51BC78E84B2F6659E6DA ft=1 fh=0a2e45c370149901 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\RK\AppData\Local\Temp\is357113909\5107216_stp\wajam_validate.exe"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\RK\AppData\Local\Temp\is357113909\5107590_stp\uninstaller.exe"
sh=1D0A1572D7AF9A149EB45C0F86B486B9AE8FAF4B ft=1 fh=9a57284d8243f9b8 vn="Win32/AnyProtect.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\RK\AppData\Local\Temp\is45637729\86876466_stp\AnyProtectScannerSetup.exe"
sh=1D0A1572D7AF9A149EB45C0F86B486B9AE8FAF4B ft=1 fh=9a57284d8243f9b8 vn="Win32/AnyProtect.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\RK\AppData\Local\Temp\is45637729\87648799_stp\AnyProtectScannerSetup.exe"
sh=CE6D5CBF8C409CBE86AB04EE9A1E55A67A278CD9 ft=1 fh=c71c00114b6b2392 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\RK\Downloads\DownloadManagerSetup.exe"
sh=91A80C205C65E37F27D0E608EF65B2BE523E18BD ft=1 fh=4fcdf0195d1e4a50 vn="Variante von Win32/Toolbar.Widgi.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\RK\Downloads\YTDSetup481.exe"
sh=AEC4FA43405F1085800CD762F24CDBE9FFF35208 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Inbox.A evtl. unerwünschte Anwendung" ac=I fn="D:\Eigene Dateien\Festplatte\RK-PC\Backup Set 2012-03-11 192525\Backup Files 2012-03-11 192525\Backup files 4.zip"

cosinus 31.07.2014 22:38
Sehr viele Reste.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Users\RK\AppData\Local\nsoD2C0.tmp
C:\Users\RK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
C:\Users\RK\AppData\Local\Mozilla\Firefox\Profiles\61q805o1.default\Cache
D:\Eigene Dateien\Festplatte\RK-PC\Backup Set 2012-03-11 192525
C:\Users\RK\AppData\Local\Temp\nsoD2C0.tmp

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Danach TFC bitte:

Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
  • Öffne die TFC.exe.
    Vista und Win 7 User mit Rechtsklick "als Administrator starten".
  • Schließe alle anderen Programme.
  • Drücke auf den Button Start.
  • Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.


RalphausG 02.08.2014 08:02
Hi Cosinius,

ich bin zur Zeit nicht zu Hause wg. Umzug etc.
D. h. ich werde die Sachen frühestens heute Abend umsetzen können.


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:21 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131