Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Kaspersky 15 installation konnte nicht durchgeführt werden wg. "Basefiltering engine nicht vorhanden" (https://www.trojaner-board.de/163364-kaspersky-15-installation-konnte-durchgefuehrt-wg-basefiltering-engine-vorhanden.html)

Tassimo 29.01.2015 22:00
Kaspersky 15 installation konnte nicht durchgeführt werden wg. "Basefiltering engine nicht vorhanden"
 
Hallo,

anbei möchte ich euch meine FRST.txt als Logifle, dann dazu auch den Addition.txt anhängen.

Der Gund: Ich habe in einem anderen Unterforum "Sicherheit>Antiviren-Firewall" das selbe Thema wie hier, nur mit dem Unterschied "kann" statt "konnte".


Durch den netten Hinweis eines Forenmitgliedes welches mich darauf Hingewiesen hat, dass Steam evtl. die Windows Firewall blockiert, habe ich es hinbekommen zumindest Kaspersky 2015 Total Security zu installieren.

Ich wurde aber von anderen Forenbenutzern, die ebenfalls meine Logfiles lasen, darauf hingewiesen worden, dass mein PC schon ziemlich "vermüllt" wäre. Oder aber auch sogar verseucht!

Als letzten Hinweis wurde mir geraten meine Logfiles mal hier zu Posten, damit Profi's mal drüber schauen könnt.
Vielleicht könntet ihr mir ja dann sagen was ich zu machen habe. Das wäre ganz toll!


Ein kurzer Hinweis. Wenn ich trotz, dass der Kaspersky Version beim öffnen der Windows Firewall folgende Fehlermeldung bekomme.


Code:
Das Snap-In "Windows Firewall" mit erweiterter Sicherheit konnte nicht geladen werden. Starten sie den Windows Firewalldienst auf dem von ihnen verwaltetem Computer neu. Fehlercode: 0x6D9

So aber nun die Logfiles (wurden erstellt, bevor ich Steam De- und Kaspersky Installiert habe.


FRST.txt

Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by Tassilo Welsch (administrator) on TASSILOWELSCH on 29-01-2015 08:24:10
Running from C:\Users\Tassilo Welsch\Pictures\Downloads
Loaded Profiles: Tassilo Welsch (Available profiles: Tassilo Welsch & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Program Files\ASUS\Bluetooth Software\btwdins.exe
() C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(COMPANYVERS_NAME) C:\Program Files (x86)\MyWebFace_5a\bar\1.bin\5abarsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
() C:\Program Files (x86)\watchmi\TvdService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Marvell Semiconductor, Inc.) C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(RemoteMouse.net) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
() C:\Users\Tassilo Welsch\AppData\Local\Amazon Music\Amazon Music Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Broadcom Corporation.) C:\Program Files\ASUS\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VER_COMPANY_NAME) C:\Program Files (x86)\MyWebFace_5a\bar\1.bin\5abrmon.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Neuber Software) C:\Program Files (x86)\Visual TimeAnalyzer\tbaction.exe
() C:\Program Files (x86)\watchmi\TvdTray.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\ASUS\Bluetooth Software\BTStackServer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11821160 2011-05-09] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [PrnStatusMX] => C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [1240064 2012-07-04] (Marvell Semiconductor, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-03] (CyberLink)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [MyWebFace Search Scope Monitor] => C:\Program Files (x86)\MyWebFace_5a\bar\1.bin\5aSrchMn.exe [42552 2012-05-03] (MindSpark)
HKLM-x32\...\Run: [MyWebFace_5a Browser Plugin Loader] => C:\Program Files (x86)\MyWebFace_5a\bar\1.bin\5abrmon.exe [30096 2012-05-03] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [TBAction] => C:\Program Files (x86)\Visual TimeAnalyzer\tbaction.exe [129408 2011-10-13] (Neuber Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [439440 2011-09-27] (CANON INC.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-10-23] (Power Software Ltd)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49152 2005-02-16] (Hewlett-Packard Co.)
HKU\S-1-5-21-3110529466-1759550328-638498961-1002\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-24] (Google Inc.)
HKU\S-1-5-21-3110529466-1759550328-638498961-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-3110529466-1759550328-638498961-1002\...\Run: [Facebook Update] => C:\Users\Tassilo Welsch\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\S-1-5-21-3110529466-1759550328-638498961-1002\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-3110529466-1759550328-638498961-1002\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-07-25] (Samsung)
HKU\S-1-5-21-3110529466-1759550328-638498961-1002\...\Run: [Remote Mouse] => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [1238528 2014-04-28] (RemoteMouse.net)
HKU\S-1-5-21-3110529466-1759550328-638498961-1002\...\Run: [Amazon Music] => C:\Users\Tassilo Welsch\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-06] ()
HKU\S-1-5-21-3110529466-1759550328-638498961-1002\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3110529466-1759550328-638498961-1002\...\MountPoints2: {d372014c-2e9e-11e1-9239-806e6f6e6963} - E:\autorun.exe
Lsa: [Notification Packages] scecli C:\Program Files\ASUS\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ASUS\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk
ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe (Acresso Software Inc.)
Startup: C:\Users\Tassilo Welsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GM_DevUpdate.lnk
ShortcutTarget: GM_DevUpdate.lnk -> C:\Program Files (x86)\Hama PC-Vibra joystick Outlandish\GM_DevUpdate.exe ()
Startup: C:\Users\Tassilo Welsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OMSI Addon Manager.lnk
ShortcutTarget: OMSI Addon Manager.lnk -> C:\Program Files (x86)\OMSI Addon Manager\OMSI Addon Manager.exe (Jan Kiesewalter)
Startup: C:\Users\Tassilo Welsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Tassilo Welsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Versandhelfer.lnk
ShortcutTarget: Versandhelfer.lnk -> C:\Program Files (x86)\Versandhelfer\Versandhelfer.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1402989453&from=smt&uid=ST2000DL003-9VT166_5YD62BQ2XXXX5YD62BQ2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1402989453&from=smt&uid=ST2000DL003-9VT166_5YD62BQ2XXXX5YD62BQ2
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1402989453&from=smt&uid=ST2000DL003-9VT166_5YD62BQ2XXXX5YD62BQ2&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1402989453&from=smt&uid=ST2000DL003-9VT166_5YD62BQ2XXXX5YD62BQ2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1402989453&from=smt&uid=ST2000DL003-9VT166_5YD62BQ2XXXX5YD62BQ2
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1402989453&from=smt&uid=ST2000DL003-9VT166_5YD62BQ2XXXX5YD62BQ2&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3110529466-1759550328-638498961-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
HKU\S-1-5-21-3110529466-1759550328-638498961-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1402989453&from=smt&uid=ST2000DL003-9VT166_5YD62BQ2XXXX5YD62BQ2
HKU\S-1-5-21-3110529466-1759550328-638498961-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1402989453&from=smt&uid=ST2000DL003-9VT166_5YD62BQ2XXXX5YD62BQ2
HKU\S-1-5-21-3110529466-1759550328-638498961-1002\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKU\S-1-5-21-3110529466-1759550328-638498961-1002\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938
HKU\S-1-5-21-3110529466-1759550328-638498961-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
HKU\S-1-5-21-3110529466-1759550328-638498961-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
URLSearchHook: [S-1-5-21-3110529466-1759550328-638498961-1002] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKU\S-1-5-21-3110529466-1759550328-638498961-1002 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKU\S-1-5-21-3110529466-1759550328-638498961-1002 - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
URLSearchHook: HKU\S-1-5-21-3110529466-1759550328-638498961-1002 - (No Name) - {8040829d-1177-46e2-9157-8282438b79c7} - C:\Program Files (x86)\MyWebFace_5a\bar\1.bin\5aSrcAs.dll (MindSpark)
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1402989453&from=smt&uid=ST2000DL003-9VT166_5YD62BQ2XXXX5YD62BQ2&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1402989453&from=smt&uid=ST2000DL003-9VT166_5YD62BQ2XXXX5YD62BQ2&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1402989453&from=smt&uid=ST2000DL003-9VT166_5YD62BQ2XXXX5YD62BQ2&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1402989453&from=smt&uid=ST2000DL003-9VT166_5YD62BQ2XXXX5YD62BQ2&q={searchTerms}
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=2938&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3110529466-1759550328-638498961-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1402989453&from=smt&uid=ST2000DL003-9VT166_5YD62BQ2XXXX5YD62BQ2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3110529466-1759550328-638498961-1002 -> {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
BHO: YoutubeAdBlocke -> {248f4204-2191-4da5-9b39-fe423fa91190} ->  No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: GoSave -> {70dd8865-52b4-414c-98eb-541d6849aa79} ->  No File
BHO: CHIP Best Deal BHO -> {7553EA3C-F8DA-4188-B7BC-956894EA54F5} -> C:\Program Files (x86)\chip\Internet Explorer\chip64.dll ()
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Search Assistant BHO -> {14d02517-c8be-4735-a344-3c8366c77aa0} -> C:\Program Files (x86)\MyWebFace_5a\bar\1.bin\5aSrcAs.dll (MindSpark)
BHO-x32: YoutubeAdBlocke -> {248f4204-2191-4da5-9b39-fe423fa91190} -> C:\Program Files (x86)\YoutubeAdBlocke\lP7ydD35mH4PJE.dll ()
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: GoSave -> {70dd8865-52b4-414c-98eb-541d6849aa79} -> C:\Program Files (x86)\GoSave\ROAy7km9qnEVBh.dll ()
BHO-x32: CHIP Best Deal BHO -> {7553EA3C-F8DA-4188-B7BC-956894EA54F5} -> C:\Program Files (x86)\chip\Internet Explorer\chip32.dll ()
BHO-x32: DownTango Launcher -> {8d3ec233-b92d-4187-a506-284127cfba2d} -> C:\Users\Tassilo Welsch\AppData\Roaming\DownTango4SToolbar\DownTango4SToolbar.dll (Simplytech Ltd.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Toolbar BHO -> {b1df253a-9e7a-480d-b6a5-7a435b520dbb} -> C:\Program Files (x86)\MyWebFace_5a\bar\1.bin\5abar.dll (MindSpark)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: DownTango Launcher -> {b52d0735-ec19-448a-abde-e01b5bd275d2} -> C:\Users\Tassilo Welsch\AppData\Roaming\DownTangoLauncherToolbar\DownTangoLauncherToolbar.dll (Simplytech Ltd.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ICQ Sparberater -> {EC136321-1AE5-4A7F-B01C-5380D666175B} -> C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
Toolbar: HKLM-x32 - MyWebFace - {af94b35c-3ac5-4030-9f9c-15fb4e3dc339} - C:\Program Files (x86)\MyWebFace_5a\bar\1.bin\5abar.dll (MindSpark)
Toolbar: HKLM-x32 - DownTango Launcher - {b52d0735-ec19-448a-abde-e01b5bd275d2} - C:\Users\Tassilo Welsch\AppData\Roaming\DownTangoLauncherToolbar\DownTangoLauncherToolbar.dll (Simplytech Ltd.)
Toolbar: HKLM-x32 - DownTango Launcher - {8d3ec233-b92d-4187-a506-284127cfba2d} - C:\Users\Tassilo Welsch\AppData\Roaming\DownTango4SToolbar\DownTango4SToolbar.dll (Simplytech Ltd.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3110529466-1759550328-638498961-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Tassilo Welsch\AppData\Roaming\Mozilla\Profiles\dcc8za0g.Standard-Benutzer
FF SelectedSearchEngine: Google
FF Homepage: https://www.facebook.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @MyWebFace_5a.com/Plugin -> C:\Program Files (x86)\MyWebFace_5a\bar\1.bin\NP5aStub.dll (MindSpark)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3110529466-1759550328-638498961-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Tassilo Welsch\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3110529466-1759550328-638498961-1002: facebook.com/fbDesktopPlugin -> C:\Users\Tassilo Welsch\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Plugin HKU\S-1-5-21-3110529466-1759550328-638498961-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Oracle Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPSibelius.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll (PDFTron Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll ()
FF SearchPlugin: C:\Users\Tassilo Welsch\AppData\Roaming\Mozilla\Profiles\dcc8za0g.Standard-Benutzer\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Tassilo Welsch\AppData\Roaming\Mozilla\Profiles\dcc8za0g.Standard-Benutzer\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Tassilo Welsch\AppData\Roaming\Mozilla\Profiles\dcc8za0g.Standard-Benutzer\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Tassilo Welsch\AppData\Roaming\Mozilla\Profiles\dcc8za0g.Standard-Benutzer\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Tassilo Welsch\AppData\Roaming\Mozilla\Profiles\dcc8za0g.Standard-Benutzer\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweet-page.xml
FF Extension: Quick Start - C:\Users\Tassilo Welsch\AppData\Roaming\Mozilla\Profiles\dcc8za0g.Standard-Benutzer\Extensions\quick_start@gmail.com [2014-06-17]
FF Extension: WEB.DE MailCheck - C:\Users\Tassilo Welsch\AppData\Roaming\Mozilla\Profiles\dcc8za0g.Standard-Benutzer\Extensions\toolbar@web.de [2014-12-17]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [5affxtbr@MyWebFace_5a.com] - C:\Program Files (x86)\MyWebFace_5a\bar\1.bin
FF Extension: MyWebFace - C:\Program Files (x86)\MyWebFace_5a\bar\1.bin [2012-05-03]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Tassilo Welsch\AppData\Roaming\Mozilla\Profiles\dcc8za0g.Standard-Benutzer\extensions\quick_start@gmail.com
FF HKU\S-1-5-21-3110529466-1759550328-638498961-1002\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-18]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 Accelerometer; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 Accelerometer; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 btwdins; C:\Program Files\ASUS\Bluetooth Software\btwdins.exe [1005944 2012-12-06] (Broadcom Corporation.)
R2 ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [247872 2011-08-17] ()
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2011-09-06] ()
R2 MyWebFace_5aService; C:\Program Files (x86)\MyWebFace_5a\bar\1.bin\5abarsvc.exe [42528 2012-05-03] (COMPANYVERS_NAME)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] () [File not signed]
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [977088 2014-03-02] () [File not signed]
R2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [62464 2010-12-06] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-06-06] ()
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2012-09-24] (Broadcom Corporation.)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-12-30] () [File not signed]
U3 GMFilter; C:\Windows\SysWOW64\Drivers\GMFilter.sys [21760 2005-08-23] () [File not signed]
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-06-06] ()
S0 nvpciflt; system32\DRIVERS\nvpciflt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: Accelerometer -> No ServiceDLL Path.

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-29 08:23 - 2015-01-29 08:24 - 00000000 ____D () C:\FRST
2015-01-28 18:43 - 2015-01-28 18:43 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2015-01-28 15:34 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-28 15:34 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-28 15:34 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-28 15:34 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-28 15:34 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-28 15:34 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-28 15:34 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-28 15:34 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-28 15:34 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-28 15:34 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-28 15:34 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-28 15:34 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-28 15:34 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-24 08:40 - 2015-01-24 08:40 - 00000000 ____D () C:\Users\Tassilo Welsch\AppData\Local\{5B0E114A-9DF0-45D4-BCF3-BAAC8EF0CED5}
2015-01-23 14:19 - 2015-01-23 14:19 - 00000000 ____D () C:\Users\Tassilo Welsch\AppData\Local\{80093045-D797-4EA6-9E65-A336329CBFA9}
2015-01-20 12:10 - 2015-01-20 12:16 - 00000000 ____D () C:\Users\Tassilo Welsch\Documents\Leitz vorlagen
2015-01-18 20:11 - 2015-01-19 17:20 - 00000000 ____D () C:\Users\Tassilo Welsch\AppData\Local\Spotify
2015-01-18 20:10 - 2015-01-28 15:08 - 00000000 ____D () C:\Users\Tassilo Welsch\AppData\Roaming\Spotify
2015-01-15 09:28 - 2015-01-27 16:44 - 00000000 ____D () C:\Users\Tassilo Welsch\Documents\Online Banking
2015-01-14 22:50 - 2015-01-28 15:08 - 00000000 ____D () C:\99b715753655f64069c8
2015-01-10 14:35 - 2015-01-10 22:00 - 00000000 ____D () C:\Users\Tassilo Welsch\Desktop\Blasmusik Timi
2015-01-10 14:32 - 2015-01-28 15:09 - 00000000 ____D () C:\Users\Tassilo Welsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2015-01-06 19:34 - 2015-01-06 19:34 - 00000221 _____ () C:\Users\Tassilo Welsch\Desktop\Train Simulator 2015.url
2015-01-06 15:56 - 2015-01-06 15:56 - 00001536 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2015-01-06 15:56 - 2015-01-06 15:56 - 00001245 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-29 08:23 - 2011-12-24 19:49 - 02094109 _____ () C:\Windows\WindowsUpdate.log
2015-01-29 08:21 - 2012-03-04 19:15 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-29 08:18 - 2011-12-24 19:52 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-29 08:18 - 2011-09-05 23:24 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-29 08:18 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-29 08:18 - 2009-07-14 05:51 - 00222212 _____ () C:\Windows\setupact.log
2015-01-28 18:46 - 2009-07-14 05:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-28 18:46 - 2009-07-14 05:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-28 18:41 - 2012-04-12 15:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-28 18:39 - 2012-04-12 15:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-28 18:39 - 2012-04-12 15:18 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-28 18:39 - 2011-08-10 20:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-28 18:32 - 2011-12-24 19:52 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-28 18:23 - 2013-05-18 20:51 - 01756160 ___SH () C:\Users\Tassilo Welsch\Desktop\Thumbs.db
2015-01-28 18:14 - 2012-04-24 13:56 - 00000344 _____ () C:\Windows\Tasks\At19.job
2015-01-28 18:00 - 2012-04-24 13:56 - 00000346 _____ () C:\Windows\Tasks\At43.job
2015-01-28 17:47 - 2012-04-11 22:05 - 00001174 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3110529466-1759550328-638498961-1002UA.job
2015-01-28 17:42 - 2012-04-24 13:56 - 00000344 _____ () C:\Windows\Tasks\At17.job
2015-01-28 17:40 - 2010-11-21 04:47 - 00215556 _____ () C:\Windows\PFRO.log
2015-01-28 16:10 - 2013-08-15 22:28 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-28 16:09 - 2011-07-18 21:31 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-28 16:00 - 2012-04-24 13:56 - 00000346 _____ () C:\Windows\Tasks\At41.job
2015-01-28 15:11 - 2012-04-24 13:56 - 00000344 _____ () C:\Windows\Tasks\At23.job
2015-01-28 15:09 - 2014-11-10 18:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-28 15:09 - 2012-02-28 13:57 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-28 15:09 - 2012-01-08 20:43 - 00000000 ____D () C:\Users\Tassilo Welsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-28 15:09 - 2011-12-24 22:40 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-01-28 15:09 - 2011-12-24 19:56 - 00000000 ____D () C:\Users\Tassilo Welsch
2015-01-28 15:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-28 15:07 - 2012-01-08 20:51 - 00000000 ___RD () C:\Users\Tassilo Welsch\Dropbox
2015-01-28 15:07 - 2012-01-08 20:43 - 00000000 ____D () C:\Users\Tassilo Welsch\AppData\Roaming\Dropbox
2015-01-19 23:30 - 2014-09-29 10:33 - 00000000 ____D () C:\Users\Tassilo Welsch\Documents\Studium
2015-01-14 22:00 - 2012-04-24 13:56 - 00000346 _____ () C:\Windows\Tasks\At47.job
2015-01-14 21:03 - 2012-04-24 13:56 - 00000344 _____ () C:\Windows\Tasks\At24.job
2015-01-14 21:03 - 2012-04-24 13:56 - 00000344 _____ () C:\Windows\Tasks\At22.job
2015-01-14 21:03 - 2012-04-24 13:56 - 00000344 _____ () C:\Windows\Tasks\At21.job
2015-01-14 21:03 - 2012-04-24 13:56 - 00000344 _____ () C:\Windows\Tasks\At20.job
2015-01-14 21:03 - 2012-04-24 13:56 - 00000344 _____ () C:\Windows\Tasks\At18.job
2015-01-14 21:03 - 2012-04-24 13:56 - 00000344 _____ () C:\Windows\Tasks\At16.job
2015-01-14 21:03 - 2012-04-24 13:56 - 00000344 _____ () C:\Windows\Tasks\At15.job
2015-01-14 21:03 - 2012-04-24 13:56 - 00000344 _____ () C:\Windows\Tasks\At14.job
2015-01-13 23:25 - 2012-04-24 13:56 - 00000346 _____ () C:\Windows\Tasks\At48.job
2015-01-13 23:25 - 2012-04-24 13:56 - 00000346 _____ () C:\Windows\Tasks\At46.job
2015-01-13 20:00 - 2012-04-24 13:56 - 00000346 _____ () C:\Windows\Tasks\At45.job
2015-01-13 19:31 - 2012-04-24 13:56 - 00000346 _____ () C:\Windows\Tasks\At44.job
2015-01-13 17:00 - 2012-04-24 13:56 - 00000346 _____ () C:\Windows\Tasks\At42.job
2015-01-13 15:00 - 2012-04-24 13:56 - 00000346 _____ () C:\Windows\Tasks\At40.job
2015-01-13 14:00 - 2012-04-24 13:56 - 00000346 _____ () C:\Windows\Tasks\At39.job
2015-01-13 13:00 - 2012-04-24 13:56 - 00000346 _____ () C:\Windows\Tasks\At38.job
2015-01-13 12:39 - 2012-04-24 13:56 - 00000344 _____ () C:\Windows\Tasks\At1.job
2015-01-13 00:27 - 2012-04-24 13:56 - 00000346 _____ () C:\Windows\Tasks\At25.job
2015-01-13 00:27 - 2012-04-11 22:05 - 00001152 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3110529466-1759550328-638498961-1002Core.job
2015-01-12 16:59 - 2012-04-24 13:56 - 00000344 _____ () C:\Windows\Tasks\At11.job
2015-01-12 10:01 - 2011-05-16 15:04 - 00710046 _____ () C:\Windows\system32\perfh007.dat
2015-01-12 10:01 - 2011-05-16 15:04 - 00154482 _____ () C:\Windows\system32\perfc007.dat
2015-01-12 10:01 - 2009-07-14 06:13 - 01649664 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-12 10:00 - 2012-04-24 13:56 - 00000346 _____ () C:\Windows\Tasks\At35.job
2015-01-12 09:41 - 2012-05-13 21:53 - 00000000 ____D () C:\Users\Tassilo Welsch\Documents\Orchestren-Bands
2015-01-10 13:00 - 2012-04-24 13:56 - 00000344 _____ () C:\Windows\Tasks\At2.job
2015-01-09 01:00 - 2012-04-24 13:56 - 00000346 _____ () C:\Windows\Tasks\At26.job
2015-01-06 15:56 - 2014-11-18 23:16 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-01-06 15:56 - 2014-11-18 23:15 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-01-06 15:56 - 2014-08-11 22:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-01-06 15:56 - 2012-06-25 22:01 - 00000000 ____D () C:\Users\Tassilo Welsch\AppData\Roaming\DVDVideoSoft
2015-01-01 16:03 - 2013-01-07 19:25 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-01 14:11 - 2012-04-24 13:56 - 00000344 _____ () C:\Windows\Tasks\At13.job
2014-12-31 12:00 - 2012-04-24 13:56 - 00000346 _____ () C:\Windows\Tasks\At37.job

==================== Files in the root of some directories =======

2012-10-05 19:23 - 2012-10-05 19:23 - 0000604 ____H () C:\Program Files (x86)\_Z2
2012-04-24 13:45 - 2012-04-24 13:45 - 0000000 _____ () C:\Users\Tassilo Welsch\AppData\Roaming\domRK.txt
2012-02-12 16:11 - 2013-02-25 00:38 - 0005120 _____ () C:\Users\Tassilo Welsch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-01 21:07 - 2014-12-02 16:58 - 0000058 _____ () C:\Users\Tassilo Welsch\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2013-06-09 19:32 - 2013-06-09 19:32 - 0000102 _____ () C:\Users\Tassilo Welsch\AppData\Local\fusioncache.dat
2012-06-02 20:27 - 2012-06-02 20:27 - 0000218 _____ () C:\Users\Tassilo Welsch\AppData\Local\recently-used.xbel
2012-01-04 12:04 - 2013-03-26 21:55 - 0007605 _____ () C:\Users\Tassilo Welsch\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\Tassilo Welsch\SkiRegionSimulator2012Patch1.0.1DE.exe
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At11.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At13.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At15.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At17.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At19.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At21.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At23.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At25.job
C:\Windows\Tasks\At26.job
C:\Windows\Tasks\At27.job
C:\Windows\Tasks\At28.job
C:\Windows\Tasks\At29.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At30.job
C:\Windows\Tasks\At31.job
C:\Windows\Tasks\At32.job
C:\Windows\Tasks\At33.job
C:\Windows\Tasks\At34.job
C:\Windows\Tasks\At35.job
C:\Windows\Tasks\At36.job
C:\Windows\Tasks\At37.job
C:\Windows\Tasks\At38.job
C:\Windows\Tasks\At39.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At40.job
C:\Windows\Tasks\At41.job
C:\Windows\Tasks\At42.job
C:\Windows\Tasks\At43.job
C:\Windows\Tasks\At44.job
C:\Windows\Tasks\At45.job
C:\Windows\Tasks\At46.job
C:\Windows\Tasks\At47.job
C:\Windows\Tasks\At48.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At9.job


Some content of TEMP:
====================
C:\Users\Tassilo Welsch\AppData\Local\Temp\0EKePdkNuE.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\0TxSPhNfJA.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\2NvbCmmyuD.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\2ztHtAD2VB.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\5kuexcp2.dll
C:\Users\Tassilo Welsch\AppData\Local\Temp\6gE4nUCDNV.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\7z.dll
C:\Users\Tassilo Welsch\AppData\Local\Temp\7z.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\9cmEyA5mpT.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\amazonicon_v5.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\AskSLib.dll
C:\Users\Tassilo Welsch\AppData\Local\Temp\awAT0mBiDf.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\bassmod.dll
C:\Users\Tassilo Welsch\AppData\Local\Temp\dDgZ9sEjNt.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\dprdhvhm.dll
C:\Users\Tassilo Welsch\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpijwbul.dll
C:\Users\Tassilo Welsch\AppData\Local\Temp\DZThVLV4s7.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\eZxZxhkrIp.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\F49F4235-9291-19B2-CB31-29CB0A709291.dll
C:\Users\Tassilo Welsch\AppData\Local\Temp\F49F4235-9291-19B2-CB31-29CB0A709291.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\FileSystemView.dll
C:\Users\Tassilo Welsch\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\foxy_security_games.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\FreeYouTubeToMP3Converter.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\gEqk3gGzOo.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\htmlayout.dll
C:\Users\Tassilo Welsch\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\installhelper.dll
C:\Users\Tassilo Welsch\AppData\Local\Temp\install_flashplayer11x32_mssd_au_aih.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\k5rgkNrGdT.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\KrNGIXstjz.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\LIPjQu7WLK.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\luRVyxWyJJ.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\m4pyqTIavy.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\mp3el.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\mq8LeHKlag.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Tassilo Welsch\AppData\Local\Temp\mymugle_update.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\nsj3171.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\nsj4387.tmp.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\nso1EB8.tmp.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\nsr9715.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\nssC4CE.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\nssC9AF.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\nsx9B7A.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\optprosetup.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\ose00000.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\ot2wnash.dll
C:\Users\Tassilo Welsch\AppData\Local\Temp\p2bNZxvwJt.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\pZllcuqCQ4.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\qcCtFZXMpW.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\QjOTvu1MJv.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\RegSvr32User.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\safeguard.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\sdapskill.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\sdaspwn.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\Search_Protect_NonSearch_setup.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\SIntf16.dll
C:\Users\Tassilo Welsch\AppData\Local\Temp\SIntf32.dll
C:\Users\Tassilo Welsch\AppData\Local\Temp\SIntfNT.dll
C:\Users\Tassilo Welsch\AppData\Local\Temp\T2Y2zE9oqQ.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\tmp40D0.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\tmp47.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\tmp5FA7.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\tmpDE73.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\ubi5B4A.tmp.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\uninstall.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\uninstall2140364.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\VzRfXZa788.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\W0qeutVHoH.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\WEB.DE_Softwareaktualisierung_Setup.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\wusetup.exE


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64


LastRegBack: 2015-01-24 00:55

==================== End Of Log ============================

Hier der Addition.txt

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2015
Ran by Tassilo Welsch at 2015-01-29 08:25:42
Running from C:\Users\Tassilo Welsch\Pictures\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Disabled - Up to date) {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AS: Kaspersky Internet Security (Disabled - Up to date) {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security (Disabled) {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

18 Wheels of Steel - Extreme Trucker (entfernen) (HKLM-x32\...\18 Wheels of Steel - Extreme Trucker) (Version:  - )
18 WoS Extreme Trucker 2 (HKLM-x32\...\{2070D91D-5C3C-4E9C-BA77-EC0ADE0FE671}) (Version: 1.00.0000 - Valusoft)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Aerosoft's - Aerosoft Launcher (HKLM-x32\...\{EE11CFFC-898C-4875-8A63-8B732A9AD43B}) (Version: 1.1.0.2 - Aerosoft)
Amazon Music (HKU\S-1-5-21-3110529466-1759550328-638498961-1002\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC)
ANNO 1503 GOLD (HKLM-x32\...\{DB833EF9-A198-49BE-970A-BD46F30BFBB4}) (Version: 1.05.00 - )
Anno 1701 (HKLM-x32\...\{A2433A63-5F5D-40E5-B529-9123C2B3E734}) (Version: 1.02 - Sunflowers)
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio (HKLM-x32\...\Ashampoo Burning Studio_is1) (Version: 10.0.10 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander (HKLM-x32\...\Ashampoo Photo Commander_is1) (Version: 9.2.0 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer (HKLM-x32\...\Ashampoo Photo Optimizer_is1) (Version: 4.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Snap (HKLM-x32\...\Ashampoo Snap_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology)
ASUS Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.3700 - ASUS)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
Avid License Control (HKLM-x32\...\{89A9B9EE-839E-4820-9450-2912C82F46AF}) (Version: 6.0.1 - Avid Technology, Inc.)
Bagger-Simulator 2011 (Demo) (HKLM-x32\...\Bagger-Simulator 2011 (Demo)) (Version:  - )
BestPractice (remove only) (HKLM-x32\...\BestPractice) (Version:  - )
Bridge Builder 2 Demo (HKLM-x32\...\Bridge Builder 2 Demo) (Version:  - (c) 2012 Halycon Media GmbH & Co.KG)
Brothers in Arms: Hell's Highway (HKLM-x32\...\Brothers in Arms - Hell's Highway) (Version: 1.0.0.0 - Ubisoft)
Bus-Simulator 2012 (HKLM-x32\...\Bus-Simulator 2012_is1) (Version:  - astragon)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon Kurzwahlprogramm (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version:  - )
Canon MX430 series Benutzerregistrierung (HKLM-x32\...\Canon MX430 series Benutzerregistrierung) (Version:  - )
Canon MX430 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX430_series) (Version:  - )
Canon MX430 series On-screen Manual (HKLM-x32\...\Canon MX430 series On-screen Manual) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
capella 7 (HKLM-x32\...\{39E95738-42E2-4B1D-A079-7548359D7B4A}) (Version: 7.1.10 - capella software AG)
capella playAlong 3.0 (HKLM-x32\...\{E53699F2-7E51-4616-A4BF-B5237F17A22F}) (Version: 3.0.38 - capella software)
capella-scan 7.0 (HKLM-x32\...\{59AD5D9B-C4E7-40D0-AA58-C9EF41000795}) (Version: 7.0.20 - capella-software)
Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version:  - Dark Byte)
CHIP Best Deal (HKLM-x32\...\{7553EA3C-F8DA-4188-B7BC-956894EA54F5}) (Version: 1.4.21 - Ciuvo GmbH)
City Bus Simulator 2010 - New York (HKLM-x32\...\{0190000A-A5F5-41EE-9E20-BE784015214C}) (Version: 1.21 - TML-Studios)
City Bus Simulator 2010 - Regiobus Usedom (HKLM-x32\...\{1E24084C-1619-46A3-940A-6A827D3F1404}) (Version: 1.20 - TML-Studios)
ClipMem Advanced (HKLM-x32\...\{E62952D9-52CC-4D65-B112-91DCD22856C5}_is1) (Version: 2.0 beta - Ingo Elsholz)
Construction-Simulator 2015 (HKLM-x32\...\Steam App 289950) (Version:  - weltenbauer. Software Entwicklung GmbH)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Extra Content (HKLM-x32\...\_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}) (Version:  - Corel Corporation)
CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - WT (x32 Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Essentials X5 (HKLM-x32\...\_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}) (Version: 15.2.0.686 - Corel Corporation)
CorelDRAW Essentials X5 (x32 Version: 15.3 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3418 - CyberLink Corp.)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1817_38674 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1327 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.4125 - CyberLink Corp.)
CyberLink YouPaint (HKLM-x32\...\InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}) (Version: 1.2.1928 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Desktop Icon für Amazon (HKLM\...\DesktopIconAmazon) (Version: 1.0.1 (de) - CHIP.de)
DownTango Launcher (HKLM-x32\...\{cb6d194b-149b-4e28-9b6b-fd0bdaa2aa7c}_is1) (Version:  - DownTango Launcher) <==== ATTENTION
DownTango Launcher 1.6 (HKLM-x32\...\{107c7af4-bcdb-4ba2-87d1-3cb1f7190dba}_is1) (Version: 1.6 - DownTango Launcher) <==== ATTENTION
Dropbox (HKU\S-1-5-21-3110529466-1759550328-638498961-1002\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
EarMaster Pro 6.1 (HKLM-x32\...\EarMaster Pro 6_is1) (Version: 6.1 - EarMaster ApS)
Emergency 2012 Demo (HKLM-x32\...\Emergency 2012 Demo) (Version:  - Quadriga Games GmbH)
Emergency 2013 (HKLM-x32\...\Emergency 2013) (Version:  - Quadriga Games)
Euro Truck Simulator 2 Demo (HKLM-x32\...\Steam App 231120) (Version:  - )
Euro Truck Simulator Gold (entfernen) (HKLM-x32\...\Euro Truck Simulator Gold) (Version:  - )
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
FBW_549 (HKU\S-1-5-21-3110529466-1759550328-638498961-1002\...\FBW_549) (Version:  - )
Finale 2011 Demo (HKLM-x32\...\Finale 2011 Demo) (Version: 2011.b.r2.0 - MakeMusic)
Finale 2012 (HKLM-x32\...\Finale 2012) (Version: 2012.a.r3.10 - MakeMusic)
Finale 2012 Demo (HKLM-x32\...\Finale 2012 Demo) (Version: 2012.a.r5.2 - MakeMusic)
Finale NotePad 2012 (HKLM-x32\...\Finale NotePad 2012) (Version: 2012..r1.1 - MakeMusic)
FlightGear 2.10.0.3 (HKLM\...\FlightGear_is1) (Version:  - The FlightGear Team)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 5.4.4.1023 - Foxit Corporation)
Free M4a to MP3 Converter 8.1 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free YouTube Download version 3.2.49.1111 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.49.1111 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.52.1215 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.52.1215 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GCH Guitar academy (HKLM-x32\...\GCH Guitar academy) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 12.0.742.91 - Google Inc.)
Google Earth (HKLM-x32\...\{528145C0-462A-11E1-B8B4-B8AC6F97B88E}) (Version: 6.2.0.5905 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GoSave (HKLM-x32\...\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}) (Version:  - ) <==== ATTENTION
Grand Theft Auto(TM): San Andreas (HKLM-x32\...\{77B07EA9-570E-472B-8B5A-1C8D5232D328}_is1) (Version:  - Rockstar)
Hama PC-Vibra joystick Outlandish (HKLM-x32\...\Hama PC-Vibra joystick Outlandish) (Version:  - )
HP Color LaserJet CP1210 Series (HKLM\...\HP Color LaserJet CP1210 Series) (Version:  - )
HP Color LaserJet CP1210 Series Toolbox (HKLM\...\{F323676A-B911-4B57-827F-32D02DCD4971}) (Version: 1.0.21 - Hewlett-Packard)
HP Software Update (HKLM-x32\...\{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}) (Version: 3.0.7.014 - Hewlett-Packard)
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Ihr Firmenname)
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation)
ICQ Sparberater (HKLM-x32\...\{EC136321-1AE5-4A7F-B01C-5380D666175B}) (Version: 1.3.667 - solute gmbh)
ICQ Toolbar (HKLM-x32\...\ICQToolbar) (Version: 3.0.0 - ICQ)
ICQ7.7 (HKLM-x32\...\{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}) (Version: 7.7 - ICQ)
iLivid (HKLM-x32\...\iLivid) (Version: 1.92.0.118480 - Bandoo Media Inc.) <==== ATTENTION
iLivid (x32 Version: 1.92.0.118480 - Bandoo Media Inc.) Hidden <==== ATTENTION
Inkscape 0.48.3.1 (HKLM-x32\...\Inkscape) (Version: 0.48.3.1 - )
Installer (x32 Version: 1.0.0 - Sierra Entertainment, Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.)
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Java(TM) 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417000FF}) (Version: 7.0.0 - Oracle)
Java(TM) 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217000FF}) (Version: 7.0.0 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KMSpico v9.2.3 (HKLM\...\KMSpico_is1) (Version: 9.2.3 - )
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Mafia II (HKLM-x32\...\Steam App 50130) (Version:  - 2K Czech)
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.2926 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Access database engine 2007 (German) (HKLM-x32\...\{90120000-00D1-0407-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 de)) (Version: 34.0 - Mozilla)
Mozilla Thunderbird 12.0.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 12.0.1 (x86 de)) (Version: 12.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-3110529466-1759550328-638498961-1002\...\MyFreeCodec) (Version:  - )
myMugle (HKLM-x32\...\myMugle3.0.0.0) (Version: 3.0.0.0 - Computer Business Solutions)
MyTomTom 3.1.0.530 (HKLM-x32\...\MyTomTom) (Version: 3.1.0.530 - TomTom)
MyWebFace Toolbar (HKLM-x32\...\MyWebFace_5abar Uninstall) (Version:  - Mindspark Interactive Network) <==== ATTENTION
NVIDIA 3D Vision Controller-Treiber 295.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 295.73 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.12.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.12.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.0209 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0209 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
OMSI - Der Omnibussimulator (HKLM-x32\...\{9AE850A4-B89D-4875-A159-B1B64D717EFB}) (Version: 1.04 - aerosoft)
OMSI - Stadtbus O305 (HKLM-x32\...\{3EF2A817-4ADC-46F7-8441-46DFCE158D72}) (Version: 1.00 - aerosoft)
OMSI 2 (HKLM-x32\...\Steam App 252530) (Version:  - MR-Software GbR)
OMSI Addon Manager Version 1.2.4 (HKLM-x32\...\{32B08666-1587-435D-988C-7958A04B218A}_is1) (Version: 1.2.4 - Jan Kiesewalter)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Password Remover v3.1 (HKLM-x32\...\PDF Password Remover v3.1_is1) (Version:  - VeryPDF.com Inc)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
Playboy Screensaver (HKLM-x32\...\Playboy Screensaver_is1) (Version:  - )
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Postal 2 Share The Pain Demo (HKLM-x32\...\Postal 2 Share The Pain Demo) (Version:  - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.8 - Power Software Ltd)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6368 - Realtek Semiconductor Corp.)
Remote Mouse version 2.54 (HKLM-x32\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 2.54 - Remote Mouse)
Renault Karosa Citybus 12M (HKLM-x32\...\Renault Karosa Citybus 12M) (Version:  - )
Safe Knacker (HKU\S-1-5-21-3110529466-1759550328-638498961-1002\...\Safe Knacker) (Version:  - )
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.2.12074_13 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.2.12074_13 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
San Andreas Mod Installer (HKLM-x32\...\San Andreas Mod Installer1.1) (Version: 1.1 - cpmusick)
SAP Crystal Reports runtime engine for .NET Framework (32-bit) (HKLM-x32\...\{FBAB5DC0-657B-424F-BE58-07DEFF68917C}) (Version: 13.0.5.891 - SAP)
Screenshot Captor 4.03.00 (HKLM-x32\...\ScreenshotCaptor_is1) (Version:  - )
SctMedia (HKU\S-1-5-21-3110529466-1759550328-638498961-1002\...\VerCheck) (Version: 5.2.0.0 - )
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Shape Collage (HKLM-x32\...\ShapeCollage) (Version:  - Shape Collage Inc.)
Ship Simulator Extremes (HKLM-x32\...\ShipSimExtremes) (Version:  - )
Sibelius 7 OpenType Fonts (HKLM-x32\...\{44998978-7DDB-4AD0-BDF5-D226FBC029FE}) (Version: 7.1.2 - Avid)
Sibelius 7.0.1.45 (HKLM\...\Sibelius 7.0.0.23_is1) (Version: 7.0.1.45 - Avid)
Sibelius Scorch (Firefox, Opera, Netscape only) (HKLM-x32\...\{10ABE49D-343A-463E-9753-C4C5A05ECEF9}) (Version: 6.2.0 - Sibelius Software)
Silent Hunter 4 Wolves of the Pacific (HKLM-x32\...\{0D005F09-A5F4-473B-A901-5735C6AF5628}) (Version: 1.05.0000 - Ubisoft)
Simulationsprogramm Integrierte Leitstelle V4 (HKLM-x32\...\{4B60A7A4-49F6-4D2A-8AE7-BCBAFA6224CE}) (Version: 4.0.14 - BK Elektronik)
Skiregion Simulator 2012 (HKLM-x32\...\SkiRegionSimulator2012DE_is1) (Version: 1.0 - GIANTS Software)
SoftNoteDemo 3.2.0.0 (HKLM-x32\...\{48E35CA4-B3E0-49B3-A950-22A5F060743A}_is1) (Version: 3.2.0.0 - Dieter Klingl)
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SWAT 4 - THE STETCHKOV SYNDICATE (HKLM-x32\...\InstallShield_{97E12F84-C033-4DA2-97D2-F540C3E292EA}) (Version: 1.0.0 - Sierra Entertainment, Inc.)
SWAT 4 (HKLM-x32\...\InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}) (Version: 1.0.31763 - Ihr Firmenname)
SWAT 4 (x32 Version: 1.0.31763 - Ihr Firmenname) Hidden
SWAT 4 Single Player Demo (HKLM-x32\...\InstallShield_{F2CA85EF-D86E-4F4C-99E7-8ED7AA18E7B8}) (Version: 1.10.29930 - Vivendi Universal Games)
SWAT 4 Single Player Demo (x32 Version: 1.10.29930 - Vivendi Universal Games) Hidden
sweet-page uninstaller (HKLM-x32\...\sweet-page uninstaller) (Version:  - sweet-page) <==== ATTENTION
Switch Sound File Converter (HKLM-x32\...\Switch) (Version:  - NCH Software)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.13989 - TeamViewer)
TmUnitedForever (HKLM-x32\...\TmUnitedForever_is1) (Version:  - Nadeo)
Tom Clancy's H.A.W.X (HKLM-x32\...\{6E36A172-06FB-4BC8-B7FC-D30D219E6776}) (Version: 1.02.00000 - Ubisoft)
Tom Clancy's H.A.W.X Demo (HKLM-x32\...\{6C596FD6-C378-4399-93F1-43A206759B23}) (Version: 1.00.00000 - Ubisoft)
Tom Clancy's H.A.W.X. 2 (HKLM-x32\...\{76A232AF-B7D6-41A4-B795-6B355E6D32B1}) (Version: 1.0.1 - Ubisoft)
tonica fugata 10.0  (HKLM-x32\...\{AF27FA1B-CD05-48E3-A86A-A0736C7F4170}) (Version: 10.0.3 - capella software)
Train Simulator 2015 (HKLM-x32\...\Steam App 24010) (Version:  - RailSimulator.com)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKU\S-1-5-21-3110529466-1759550328-638498961-1002\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
Visitenkarten in 2 Minuten (HKLM-x32\...\Visitenkarten in 2 Minuten) (Version:  - )
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Visual TimeAnalyzer 1.5 (HKLM-x32\...\Visual TimeAnalyzer) (Version: 1.5 - Neuber Software)
War Thunder Launcher 1.0.1.252 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - 2013 Gaijin Entertainment Corporation)
watchmi (HKLM-x32\...\{AA4D1C5E-116A-4FF4-AA91-28F526868203}) (Version: 2.5.0 - Axel Springer Digital TV Guide GmbH)
WAV To MP3 V2 (HKLM-x32\...\WAV To MP3_is1) (Version:  - hxxp://www.WAVMP3.net)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version:  - NCH Software)
WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 2.1.4.1300 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung (HKLM-x32\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.0.55 - 1&1 Mail & Media GmbH)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Liven asennustyökalu (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WindowsProtectManger20.0.0.401 (HKLM-x32\...\WindowsProtectManger) (Version: 20.0.0.401 - Fuyu LIMITED) <==== ATTENTION
WinRAR 4.10 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
Worms Ultimate Mayhem (HKLM-x32\...\Steam App 70600) (Version:  - )
YoutubeAdBlocke (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version:  - ) <==== ATTENTION
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3110529466-1759550328-638498961-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tassilo Welsch\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3110529466-1759550328-638498961-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tassilo Welsch\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3110529466-1759550328-638498961-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tassilo Welsch\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3110529466-1759550328-638498961-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tassilo Welsch\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3110529466-1759550328-638498961-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tassilo Welsch\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3110529466-1759550328-638498961-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tassilo Welsch\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3110529466-1759550328-638498961-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tassilo Welsch\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3110529466-1759550328-638498961-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tassilo Welsch\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3110529466-1759550328-638498961-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tassilo Welsch\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

06-01-2015 20:09:26 DirectX wurde installiert
14-01-2015 22:49:39 Windows Update
15-01-2015 08:39:32 Windows Update
22-01-2015 18:27:41 Geplanter Prüfpunkt
28-01-2015 15:01:28 Wiederherstellungsvorgang
28-01-2015 16:09:19 Windows Update

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02025390-5726-4719-A2BB-ACAB192884F7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3110529466-1759550328-638498961-1002Core => C:\Users\Tassilo Welsch\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {0392A79F-8731-47F1-89D2-1AD67A282DE8} - System32\Tasks\At33 => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: {043FF251-D067-4ADE-AEDD-2AFC847E1D0F} - System32\Tasks\{0AE2D788-F196-46AB-BE15-15A9605BE958} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {04D46FE5-0D9E-46D2-8798-2666BDCE309D} - System32\Tasks\{1ED58AB2-8029-4E9C-A213-5C7894B1CA35} => pcalua.exe -a C:\m-r-software\Omsi\Omsi.exe -d C:\m-r-software\Omsi -c "-fullscreen"
Task: {05EDD863-B371-4899-A7D7-FA2980942271} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {070666B1-C2E1-4638-A839-CB4E67BC1A3D} - System32\Tasks\At30 => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: {094F27B0-5A00-45C1-B0FB-ACA578B19A45} - System32\Tasks\At28 => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: {09F37058-9D92-4327-AA4F-A75CE8A90886} - \At4 No Task File <==== ATTENTION
Task: {0A4D7FF9-ECAF-487A-8D2A-A896AF16CC21} - \At2 No Task File <==== ATTENTION
Task: {0ADB3337-B023-4353-8286-31A63D09D241} - System32\Tasks\{1A3F48C3-253E-4168-BD92-9241CFF2A4D8} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {10105F39-A419-4A24-8297-65EE512ABE35} - \At7 No Task File <==== ATTENTION
Task: {103D478E-F8CF-49B4-B0F9-A443B0D28D7F} - \At16 No Task File <==== ATTENTION
Task: {10618EBF-F08B-43B3-A332-5D58583E0272} - \At3 No Task File <==== ATTENTION
Task: {15104991-C26D-4167-8394-27B328193225} - System32\Tasks\{25A6C881-AD79-4A85-A0BB-0C6056602419} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {1AF891CF-6756-47B8-854C-C23DD6BA4C07} - System32\Tasks\{6D819BE8-C6CF-4F28-9AC9-A7E2AE497829} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {1E1ABE2D-B62E-496D-B537-88EA82AEEC26} - System32\Tasks\Amazon Music Helper => C:\Users\Tassilo Welsch\AppData\Local\Amazon Music\Amazon Music Helper.exe [2014-09-06] ()
Task: {202C9BA6-B730-4F88-B86B-639009CAA25C} - \At5 No Task File <==== ATTENTION
Task: {20C90576-D021-42E2-AEA5-06E029D5A080} - System32\Tasks\{B238AEDF-DE81-4E43-9330-FA6CC0F867A0} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {21DE7754-DD97-42E8-85C4-B6E80849EE41} - System32\Tasks\At43 => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: {25D2FB58-7DA6-4ECB-B192-D0776E007565} - System32\Tasks\At37 => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: {282DED2F-C270-46E1-A61E-B5B5FAADC8F7} - \At10 No Task File <==== ATTENTION
Task: {29725982-F7FC-40B6-A6DB-5DD2674153FD} - System32\Tasks\At39 => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: {29E822E6-8756-4E4F-A21F-0D033A1C330C} - System32\Tasks\{12F9ACDA-CA6A-431A-B4A4-3E2BC21F2250} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {355843D3-4F6B-4F67-8244-F64648B2C1E1} - \At20 No Task File <==== ATTENTION
Task: {35944AB0-ADF1-4882-A2D4-AECB50B52975} - System32\Tasks\chipSWU => Cscript.exe "C:\Program Files (x86)\chip\Internet Explorer\swu.vbs"
Task: {364047D3-C5D1-4D24-8FB5-C2DD6DDF481C} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {3919F3D9-18BB-41EC-9826-56296FFAAFF7} - \At15 No Task File <==== ATTENTION
Task: {427D426D-332F-4BF1-8266-BBFAB40E3CF9} - System32\Tasks\At47 => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: {46788C87-0C37-4FF1-A45A-AFB9A6D61350} - System32\Tasks\{44DCC17B-8C14-4418-BF73-310FB40AC60D} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {4921EC05-F17D-48C5-920B-3213A9FC0047} - System32\Tasks\{B3B0ECF1-0811-461C-A0E3-B737D0131314} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {4A76E701-557A-4868-914C-32D9253282CE} - System32\Tasks\{B83F56F7-41C0-4041-B880-6CF52C3F1FA2} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {4D2D5124-9062-44C9-A917-9C3AE33E6B0E} - System32\Tasks\{750A1C66-B661-4846-92BA-390FEC272DAF} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {51399FE4-24B9-4C6E-A29D-F4665B7C8048} - \At24 No Task File <==== ATTENTION
Task: {5A814DC2-A635-4AAA-8F45-5C42E8FEE7CB} - \At23 No Task File <==== ATTENTION
Task: {5A8B76CC-D296-4D77-BAE4-1677C8220AAD} - \At17 No Task File <==== ATTENTION
Task: {5E14173A-DEFD-4920-B10C-36ECAFB52B2B} - System32\Tasks\{5B7B4B03-B99E-4BA0-BBD9-2A2EA7E65036} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {5F3EA573-8819-423E-93DD-2DDC7C4FD56E} - System32\Tasks\{D09E4CC6-A05F-4FFA-8244-6D8FB05E6160} => C:\Users\Tassilo Welsch\AppData\Local\Amazon Cloud Player\Amazon Cloud Player.exe
Task: {5F57D93D-38A2-45F4-A423-9DFAAC6FF869} - System32\Tasks\{243BADA1-A22B-4B16-8043-39F74EDF3C77} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {6101C5EA-B462-48CD-B035-2C6E9C2A6CA3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {64D5AA50-CDB3-4B3D-A40F-D820B91058F3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {66255517-79A3-4F02-B460-0370432F317D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {694CD5F9-EB16-4C88-B4A3-D783B27AFAFB} - System32\Tasks\At25 => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: {71BFFC63-B880-4E68-B0ED-E59C069DC13A} - \At1 No Task File <==== ATTENTION
Task: {73584D25-52B4-45A3-9389-9B397670EF03} - System32\Tasks\At34 => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: {783E54CB-F145-430E-B287-F1C0C24415B1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {79D30614-991C-443A-ABC3-776ABCC330FD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {7AEB562E-4247-493F-8996-0137D2A2850C} - System32\Tasks\{FCCC9FFA-FC10-4E1B-AE34-78B87BC36E68} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {838DD098-0C51-47A6-838F-C90C5595BC76} - \At12 No Task File <==== ATTENTION
Task: {843BEDBB-8F37-445A-B324-C9084E182B8B} - \At21 No Task File <==== ATTENTION
Task: {88E3BC65-2F38-494F-9985-D2CD7340369B} - System32\Tasks\At29 => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: {8938AFA7-F868-4D96-844B-EA1671232A93} - System32\Tasks\{C746D4EC-C1D8-40D3-9DA2-EF0E2328DC71} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {8A0B9FA0-5173-4285-B3A2-82018DB4A25C} - System32\Tasks\{AC17E5B0-4CF9-498D-9D60-C362574FC48B} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {8AC517C7-DC43-4CF5-B563-A9DF7913FE5B} - System32\Tasks\At42 => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: {8D818155-7C81-46C9-9171-E08E6621E1D8} - System32\Tasks\{C43FC5A4-1B2C-4F37-BBBB-D3EEB8947BBD} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {8E54C98E-8414-459A-B946-73A09C8B510D} - System32\Tasks\At27 => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: {8EADC75B-DFE7-47F6-9DC7-FE573A4E7C99} - System32\Tasks\At26 => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: {901009AC-1D16-4FE1-A529-1D466F64ED11} - \At6 No Task File <==== ATTENTION
Task: {9076459D-0AF5-4C56-B1F4-44968B8A8318} - \At8 No Task File <==== ATTENTION
Task: {95EDCB0E-F821-48A7-A0ED-3692B5987C5D} - System32\Tasks\At40 => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: {9D90C69D-D749-4E94-BA55-C172914A30CE} - System32\Tasks\{E0DD3A53-07DA-4236-A62E-6A42664D024F} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {9EDFEAE4-8268-4EFE-A4A3-9CCE33D983E6} - \At13 No Task File <==== ATTENTION
Task: {9FEBF923-899C-4C3F-A386-3C92C1D30DB1} - System32\Tasks\At45 => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: {A2AD11D1-76B0-4B21-AEFA-1056C53E05E1} - System32\Tasks\At31 => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: {A4628B90-0279-4C00-8FA8-033CE40AA740} - \At14 No Task File <==== ATTENTION
Task: {A80A92C6-9FE6-4096-9D2D-FD595711CC1E} - System32\Tasks\{63F7B680-1B36-4ACF-A86E-59FC74504873} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {A9B3202A-BE95-4C86-B58E-98971319C3E2} - System32\Tasks\At38 => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: {ACBDDC4F-97DE-4D0C-9492-713B174EDDDB} - \At11 No Task File <==== ATTENTION
Task: {B318E3F1-F201-4A40-8D42-D70500CBD7A8} - System32\Tasks\At46 => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: {B8E6A3AC-B431-438B-A7D4-74E6C1D87949} - \At19 No Task File <==== ATTENTION
Task: {BA158446-C7CE-49B8-A1D6-481A8B731D46} - System32\Tasks\YourFile Update => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {C6C0B6C4-59B7-487C-8F5E-9E84D2C91A81} - \At9 No Task File <==== ATTENTION
Task: {D0C4DBEE-71BA-4801-92F5-1A3B13B1CC65} - System32\Tasks\At41 => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: {D4138801-55D3-4902-8FF1-5136EA21594B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3110529466-1759550328-638498961-1002UA => C:\Users\Tassilo Welsch\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {D5CFB42B-2507-4E20-B209-4C10C758D6B8} - System32\Tasks\{1BED51C9-F658-49C5-B86C-D31BF8A961E8} => C:\Program Files (x86)\TML-Studios\World of Subways Vol.2\WoS.exe
Task: {D73D652F-4501-4C47-8AA2-2A6407458CA4} - System32\Tasks\At36 => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: {D779D6CC-EA9A-4207-AD9E-3BA663E94A72} - System32\Tasks\{15271AA7-DA3A-44C0-BCAE-6CC3CAADDDC0} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {DA6C0C70-D803-4C93-AB58-D06DEFF453D0} - System32\Tasks\{9BDB2E1A-6737-4103-80BB-A45643C92345} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {DB7CC111-37BE-488A-B7B6-BA571B8F8D52} - System32\Tasks\{9FD97733-AE8A-4759-8825-39DECB04E12A} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {DC05C5BA-4C6B-4F6D-9DD2-4BA66249976D} - System32\Tasks\At35 => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: {DC25BB7C-575E-497E-83D3-C36B298E191E} - System32\Tasks\At48 => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: {E5BDA5B7-2CF2-46BA-A413-8B643B022B34} - System32\Tasks\At44 => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: {E891FE67-EE89-4838-AF1A-8060BF2B54EE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-28] (Adobe Systems Incorporated)
Task: {E8DC9438-CB3A-4157-8187-61C6688AF50A} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-03-02] ()
Task: {E9464586-5878-4940-8EC7-741AA781CC31} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {F30F424C-468A-4687-A7FB-1A7376E20D2E} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH)
Task: {F3324A00-BF44-4504-B517-F21BAE717E2E} - System32\Tasks\{8C1D70BB-D416-4688-AFB9-173239B33133} => C:\Program Files (x86)\TML-Studios\World of Subways Vol.2\WoS.exe
Task: {F3EFE125-337C-4C3D-B5C5-36B5DED0CFB8} - \At18 No Task File <==== ATTENTION
Task: {F8ABD4ED-F635-4DAF-8BD0-6C71B13EC162} - System32\Tasks\At32 => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: {F8D94F39-8AF1-401C-8771-52ADDAA33375} - \At22 No Task File <==== ATTENTION
Task: {FDF6D008-0166-466E-BF7D-48B32299C963} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\At1.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At10.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At11.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At12.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At13.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At14.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At15.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At16.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At17.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At18.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At19.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At2.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At20.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At21.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At22.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At23.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At24.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At25.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At26.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At27.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At28.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At29.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At3.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At30.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At31.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At32.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At33.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At34.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At35.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At36.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At37.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At38.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At39.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At4.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At40.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At41.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At42.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At43.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At44.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At45.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At46.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At47.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At48.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At5.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At6.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At7.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At8.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\At9.job => C:\ProgramData\40543q1E.exe <==== ATTENTION
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3110529466-1759550328-638498961-1002Core.job => C:\Users\Tassilo Welsch\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3110529466-1759550328-638498961-1002UA.job => C:\Users\Tassilo Welsch\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-01-19 21:08 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2012-02-21 21:44 - 2013-01-18 16:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-12-25 21:06 - 2011-08-17 11:04 - 00247872 _____ () C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
2013-01-07 19:36 - 2011-09-06 03:02 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2012-03-23 14:25 - 2012-03-23 14:25 - 00087040 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2010-12-06 12:52 - 2010-12-06 12:52 - 00062464 _____ () C:\Program Files (x86)\watchmi\TvdService.exe
2011-12-24 19:51 - 2011-12-24 19:51 - 00061952 _____ () C:\Windows\assembly\GAC_MSIL\Tvd.Remote\2.5.0.5__f722db7bec59a14b\Tvd.Remote.dll
2011-12-24 19:51 - 2011-12-24 19:51 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\FingerPrint\1.0.0.0__a62e68e935d72fa6\FingerPrint.dll
2011-12-24 19:51 - 2011-12-24 19:51 - 00078848 _____ () C:\Windows\assembly\GAC_MSIL\Tvd.Reporting\2.5.0.5__f722db7bec59a14b\Tvd.Reporting.dll
2011-12-24 19:51 - 2011-12-24 19:51 - 00148480 _____ () C:\Windows\assembly\GAC_MSIL\Tvd.Aprico\2.5.0.5__f722db7bec59a14b\Tvd.Aprico.dll
2014-10-12 13:22 - 2014-09-06 01:54 - 06281536 _____ () C:\Users\Tassilo Welsch\AppData\Local\Amazon Music\Amazon Music Helper.exe
2010-12-06 12:52 - 2010-12-06 12:52 - 01070080 _____ () C:\Program Files (x86)\watchmi\TvdTray.exe
2010-12-06 12:52 - 2010-12-06 12:52 - 00004608 _____ () C:\Program Files (x86)\watchmi\de\TvdTray.resources.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-21 20:25 - 2013-11-19 21:34 - 00152576 _____ () C:\Program Files (x86)\Remote Mouse\FileS.dll
2010-08-03 23:39 - 2010-08-03 23:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-03 23:39 - 2010-08-03 23:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2011-01-17 16:19 - 2012-02-28 21:57 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2014-11-28 23:49 - 2014-12-02 13:02 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-01-28 18:39 - 2015-01-28 18:39 - 16844976 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll
2014-10-17 11:03 - 2014-10-17 11:03 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c152a64e30c5b94894d75ac86aa7aad2\IsdiInterop.ni.dll
2011-08-11 21:01 - 2011-04-30 08:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:02B2B479
AlternateDataStreams: C:\ProgramData\Temp:2C14C495
AlternateDataStreams: C:\ProgramData\Temp:40D3D3E8
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
AlternateDataStreams: C:\ProgramData\Temp:F1A5FE8B

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3110529466-1759550328-638498961-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3110529466-1759550328-638498961-1007 - Limited - Enabled)
Gast (S-1-5-21-3110529466-1759550328-638498961-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3110529466-1759550328-638498961-1004 - Limited - Enabled)
Tassilo Welsch (S-1-5-21-3110529466-1759550328-638498961-1002 - Administrator - Enabled) => C:\Users\Tassilo Welsch
UpdatusUser (S-1-5-21-3110529466-1759550328-638498961-1005 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/29/2015 08:20:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Service_KMS.exe, Version: 13.1.0.0, Zeitstempel: 0x5313ef48
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0x00000000
Fehleroffset: 0x000007fe957b0368
ID des fehlerhaften Prozesses: 0x98c
Startzeit der fehlerhaften Anwendung: 0xService_KMS.exe0
Pfad der fehlerhaften Anwendung: Service_KMS.exe1
Pfad des fehlerhaften Moduls: Service_KMS.exe2
Berichtskennung: Service_KMS.exe3

Error: (01/28/2015 06:43:44 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\steam.exe

Error: (01/28/2015 06:41:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Service_KMS.exe, Version: 13.1.0.0, Zeitstempel: 0x5313ef48
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0x00000000
Fehleroffset: 0x000007fe98d40368
ID des fehlerhaften Prozesses: 0x848
Startzeit der fehlerhaften Anwendung: 0xService_KMS.exe0
Pfad der fehlerhaften Anwendung: Service_KMS.exe1
Pfad des fehlerhaften Moduls: Service_KMS.exe2
Berichtskennung: Service_KMS.exe3

Error: (01/28/2015 05:46:25 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\steam.exe

Error: (01/28/2015 05:43:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Service_KMS.exe, Version: 13.1.0.0, Zeitstempel: 0x5313ef48
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0x00000000
Fehleroffset: 0x000007fe988e0368
ID des fehlerhaften Prozesses: 0x6dc
Startzeit der fehlerhaften Anwendung: 0xService_KMS.exe0
Pfad der fehlerhaften Anwendung: Service_KMS.exe1
Pfad des fehlerhaften Moduls: Service_KMS.exe2
Berichtskennung: Service_KMS.exe3

Error: (01/28/2015 03:16:50 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\steam.exe

Error: (01/28/2015 03:14:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: sidebar.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7a1c7
Name des fehlerhaften Moduls: gadget.dll, Version: 14.0.0.4764, Zeitstempel: 0x52484648
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000ad07
ID des fehlerhaften Prozesses: 0xe64
Startzeit der fehlerhaften Anwendung: 0xsidebar.exe0
Pfad der fehlerhaften Anwendung: sidebar.exe1
Pfad des fehlerhaften Moduls: sidebar.exe2
Berichtskennung: sidebar.exe3

Error: (01/28/2015 03:13:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (01/28/2015 02:40:37 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\steam.exe

Error: (01/28/2015 02:39:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Service_KMS.exe, Version: 13.1.0.0, Zeitstempel: 0x5313ef48
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0x00000000
Fehleroffset: 0x000007fe95920368
ID des fehlerhaften Prozesses: 0x984
Startzeit der fehlerhaften Anwendung: 0xService_KMS.exe0
Pfad der fehlerhaften Anwendung: Service_KMS.exe1
Pfad des fehlerhaften Moduls: Service_KMS.exe2
Berichtskennung: Service_KMS.exe3


System errors:
=============
Error: (01/29/2015 08:22:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (01/29/2015 08:22:11 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (01/29/2015 08:20:52 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Service KMSELDI" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/29/2015 08:18:56 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

Error: (01/29/2015 08:18:55 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

Error: (01/29/2015 08:18:51 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (01/29/2015 08:18:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:
%%1060

Error: (01/29/2015 08:18:47 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (01/29/2015 08:18:47 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "M2500" wurde mit folgendem Fehler beendet:
%%2

Error: (01/28/2015 06:51:22 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.


Microsoft Office Sessions:
=========================
Error: (01/29/2015 08:20:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe13.1.0.05313ef48unknown0.0.0.00000000000000000000007fe957b036898c01d03b93d8b5b77aC:\Program Files\KMSpico\Service_KMS.exeunknown3d20c4c7-a787-11e4-8c72-5cf370628b9b

Error: (01/28/2015 06:43:44 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to add firewall exception for C:\Program Files (x86)\Steam\steam.exe

Error: (01/28/2015 06:41:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe13.1.0.05313ef48unknown0.0.0.00000000000000000000007fe98d4036884801d03b21aa1c323eC:\Program Files\KMSpico\Service_KMS.exeunknownf49d3078-a714-11e4-8b94-5cf370628b9b

Error: (01/28/2015 05:46:25 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to add firewall exception for C:\Program Files (x86)\Steam\steam.exe

Error: (01/28/2015 05:43:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe13.1.0.05313ef48unknown0.0.0.00000000000000000000007fe988e03686dc01d03b19713b83caC:\Program Files\KMSpico\Service_KMS.exeunknownc51b3c54-a70c-11e4-a54d-5cf370628b9b

Error: (01/28/2015 03:16:50 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to add firewall exception for C:\Program Files (x86)\Steam\steam.exe

Error: (01/28/2015 03:14:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: sidebar.exe6.1.7601.175144ce7a1c7gadget.dll14.0.0.476452484648c0000005000000000000ad07e6401d03b04a02add80C:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\gadget.dll024a9502-a6f8-11e4-9d61-5cf370628b9b

Error: (01/28/2015 03:13:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Tassilo Welsch\Desktop\SoftonicDownloader_for_postal-2.exe

Error: (01/28/2015 02:40:37 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to add firewall exception for C:\Program Files (x86)\Steam\steam.exe

Error: (01/28/2015 02:39:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe13.1.0.05313ef48unknown0.0.0.00000000000000000000007fe9592036898401d03affb06f4a62C:\Program Files\KMSpico\Service_KMS.exeunknown18b16483-a6f3-11e4-a55b-5cf370628b9b


CodeIntegrity Errors:
===================================
  Date: 2015-01-28 15:44:27.380
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-28 15:44:27.380
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-28 15:44:27.317
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-28 15:44:27.317
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-28 15:29:59.345
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-28 15:29:59.329
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-28 15:29:59.220
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-28 15:29:59.158
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-12 16:47:38.716
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-12 16:47:38.626
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 57%
Total physical RAM: 4077.64 MB
Available physical RAM: 1752.78 MB
Total Pagefile: 8153.46 MB
Available Pagefile: 5480.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:1811.92 GB) (Free:1295.02 GB) NTFS
Drive d: (Recover) (Fixed) (Total:50 GB) (Free:25.54 GB) NTFS
Drive e: (KTS Multi-Device) (CDROM) (Total:0.52 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1811.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================

Vielen Dank im vorraus für eure Hilfe.

schrauber 29.01.2015 22:15
hi,

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    DownTango Launcher

    DownTango Launcher 1.6

    GoSave

    iLivid

    iLivid

    MyWebFace Toolbar

    sweet-page uninstaller

    WindowsProtectManger20.0.0.401 (HKLM-x32\...\WindowsProtectManger) (Version: 20.0.0.401 - Fuyu LIMITED) <==== ATTENTION

    YoutubeAdBlocke


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 






Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Tassimo 30.01.2015 00:15
Guten Abend Schrauber,

schon mal wieder vielen Dank für deine Hilfe.

Hier das neue Logfile

Code:
ComboFix 15-01-29.01 - Tassilo Welsch 29.01.2015  23:53:36.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4078.2391 [GMT 1:00]
ausgeführt von:: c:\users\Tassilo Welsch\Pictures\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\programdata\374311380
c:\programdata\374311380\BITC0C4.tmp
c:\programdata\5786049068603124795
c:\programdata\5786049068603124795\cd5b15e575e1c3d0e674c466fe83676c.ini
c:\programdata\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk
c:\users\Tassilo Welsch\4.0
c:\users\Tassilo Welsch\AppData\Local\BrowserSafeguard
c:\users\Tassilo Welsch\AppData\Local\BrowserSafeguard\cookies.dat
c:\users\Tassilo Welsch\AppData\Local\Microsoft\Windows\Temporary Internet Files\{123EC466-5A97-432A-9190-9C47BD49DCBE}.xps
c:\users\Tassilo Welsch\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1B079100-BC4C-49AD-AB44-2E861074C215}.xps
c:\users\Tassilo Welsch\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1D8FB497-0874-4E4F-8161-664306400F93}.xps
c:\users\Tassilo Welsch\AppData\Local\Microsoft\Windows\Temporary Internet Files\{25D46B86-F33D-461B-8DB7-DDCE5AB13255}.xps
c:\users\Tassilo Welsch\AppData\Local\Microsoft\Windows\Temporary Internet Files\{30A6830E-4434-4134-A5BC-E70858B969DB}.xps
c:\users\Tassilo Welsch\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7AE0C575-C007-414F-B57E-948AAD46BA81}.xps
c:\users\Tassilo Welsch\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A52268E0-2F34-4DF9-B589-CF734942EE83}.xps
c:\users\Tassilo Welsch\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AE495195-A855-49D1-9833-DF8501EBEACB}.xps
c:\users\Tassilo Welsch\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AEC56003-EC3C-445F-84E9-78C3B6EDA1C2}.xps
c:\users\Tassilo Welsch\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BBC59C43-B580-48A9-8999-6F94D96E3264}.xps
c:\users\Tassilo Welsch\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C81AF79A-3673-4E02-88C8-5745B1D1364C}.xps
c:\users\Tassilo Welsch\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D53401F7-6DDF-411F-9F82-454D7126F8FC}.xps
c:\users\Tassilo Welsch\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E1C112B8-3ED7-44F0-9FB4-0B0099AD7FF1}.xps
c:\users\Tassilo Welsch\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E4462E97-0044-49D9-A5A2-B08F18A5E27B}.xps
c:\users\Tassilo Welsch\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F71AFC19-C628-42D1-9866-E2C26EE91615}.xps
c:\users\Tassilo Welsch\AppData\Local\MSoft
c:\users\Tassilo Welsch\AppData\Local\MSoft\VerCheck\NDde.dll
c:\users\Tassilo Welsch\AppData\Local\Temp\168b3c08c3446f80688d21e3ba192d42
c:\users\Tassilo Welsch\AppData\Local\Temp\168b3c08c3446f80688d21e3ba192d42\foxy_security_games .exe
c:\users\Tassilo Welsch\AppData\Roaming\.#
c:\users\Tassilo Welsch\AppData\Roaming\Roaming
c:\users\Tassilo Welsch\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lst
c:\users\Tassilo Welsch\AppData\Roaming\Wiynz
c:\users\Tassilo Welsch\AppData\Roaming\Wiynz\xuyz.xuf
c:\windows\msdownld.tmp
c:\windows\security\logs\scecomp.log
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Service KMSELDI
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-12-28 bis 2015-01-29  ))))))))))))))))))))))))))))))
.
.
2015-01-29 22:30 . 2012-05-03 15:18        693648        ----a-w-        c:\program files (x86)\5aUninstall MyWebFace.dll
2015-01-29 22:30 . 2012-05-03 15:18        174008        ----a-w-        c:\program files (x86)\5ares.dll
2015-01-29 21:36 . 2015-01-29 21:36        --------        d-----w-        c:\program files (x86)\VS Revo Group
2015-01-29 18:43 . 2013-05-06 08:13        110176        ----a-w-        c:\windows\system32\klfphc.dll
2015-01-29 18:42 . 2015-01-29 18:42        --------        d-----w-        c:\windows\ELAMBKUP
2015-01-29 18:42 . 2015-01-29 23:05        --------        d-----w-        c:\programdata\Kaspersky Lab
2015-01-29 18:42 . 2015-01-29 18:42        --------        d-----w-        c:\program files (x86)\Kaspersky Lab
2015-01-29 18:42 . 2014-08-12 17:33        246456        ----a-w-        c:\windows\system32\drivers\klhk.sys
2015-01-29 12:01 . 2015-01-29 12:01        73840        ----a-w-        c:\program files (x86)\Mozilla Firefox\wow_helper.exe
2015-01-29 07:23 . 2015-01-29 07:26        --------        d-----w-        C:\FRST
2015-01-18 19:11 . 2015-01-19 16:20        --------        d-----w-        c:\users\Tassilo Welsch\AppData\Local\Spotify
2015-01-18 19:10 . 2015-01-28 14:08        --------        d-----w-        c:\users\Tassilo Welsch\AppData\Roaming\Spotify
2015-01-14 21:50 . 2015-01-28 14:08        --------        d-----w-        C:\99b715753655f64069c8
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-29 19:02 . 2014-08-13 18:34        77512        ----a-w-        c:\windows\system32\drivers\klwtp.sys
2015-01-29 19:02 . 2014-08-20 17:04        818888        ----a-w-        c:\windows\system32\drivers\klif.sys
2015-01-29 19:02 . 2014-08-18 13:43        150536        ----a-w-        c:\windows\system32\drivers\klflt.sys
2015-01-28 17:39 . 2012-04-12 14:18        701616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-28 17:39 . 2011-08-10 19:09        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-28 15:09 . 2011-07-18 20:31        113365784        ----a-w-        c:\windows\system32\MRT.exe
2014-12-04 02:50 . 2014-12-10 14:59        413184        ----a-w-        c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-10 14:59        741376        ----a-w-        c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-10 14:59        396800        ----a-w-        c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-10 14:59        830976        ----a-w-        c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-10 14:59        227328        ----a-w-        c:\windows\system32\aepdu.dll
2014-12-04 02:50 . 2014-12-10 14:59        192000        ----a-w-        c:\windows\system32\aepic.dll
2014-12-04 02:44 . 2014-12-10 14:59        1083392        ----a-w-        c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-10 14:59        1232040        ----a-w-        c:\windows\system32\aitstatic.exe
2014-11-24 22:12 . 2014-12-10 14:59        17874432        ----a-w-        c:\windows\system32\mshtml.dll
2014-11-24 21:59 . 2014-12-10 14:59        448512        ----a-w-        c:\windows\system32\html.iec
2014-11-24 21:54 . 2014-12-10 14:59        10921984        ----a-w-        c:\windows\system32\ieframe.dll
2014-11-24 21:53 . 2014-12-10 14:59        2339840        ----a-w-        c:\windows\system32\jscript9.dll
2014-11-24 21:47 . 2014-12-10 14:59        1388032        ----a-w-        c:\windows\system32\urlmon.dll
2014-11-24 21:47 . 2014-12-10 14:59        1392128        ----a-w-        c:\windows\system32\wininet.dll
2014-11-24 21:45 . 2014-12-10 14:59        1494016        ----a-w-        c:\windows\system32\inetcpl.cpl
2014-11-24 21:45 . 2014-12-10 14:59        237056        ----a-w-        c:\windows\system32\url.dll
2014-11-24 21:45 . 2014-12-10 14:59        86016        ----a-w-        c:\windows\system32\jsproxy.dll
2014-11-24 21:44 . 2014-12-10 14:59        173056        ----a-w-        c:\windows\system32\ieUnatt.exe
2014-11-24 21:44 . 2014-12-10 14:59        599040        ----a-w-        c:\windows\system32\vbscript.dll
2014-11-24 21:44 . 2014-12-10 14:59        2157056        ----a-w-        c:\windows\system32\iertutil.dll
2014-11-24 21:44 . 2014-12-10 14:59        816640        ----a-w-        c:\windows\system32\jscript.dll
2014-11-24 21:44 . 2014-12-10 14:59        729088        ----a-w-        c:\windows\system32\msfeeds.dll
2014-11-24 21:44 . 2014-12-10 14:59        453120        ----a-w-        c:\windows\system32\dxtmsft.dll
2014-11-24 21:44 . 2014-12-10 14:59        282112        ----a-w-        c:\windows\system32\dxtrans.dll
2014-11-24 21:44 . 2014-12-10 14:59        55296        ----a-w-        c:\windows\system32\msfeedsbs.dll
2014-11-24 21:44 . 2014-12-10 14:59        11264        ----a-w-        c:\windows\system32\msfeedssync.exe
2014-11-24 21:43 . 2014-12-10 14:59        96768        ----a-w-        c:\windows\system32\mshtmled.dll
2014-11-24 21:43 . 2014-12-10 14:59        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2014-11-24 21:43 . 2014-12-10 14:59        12800        ----a-w-        c:\windows\system32\mshta.exe
2014-11-24 21:42 . 2014-12-10 14:59        248320        ----a-w-        c:\windows\system32\ieui.dll
2014-11-24 20:44 . 2014-12-10 14:59        367104        ----a-w-        c:\windows\SysWow64\html.iec
2014-11-24 20:40 . 2014-12-10 14:59        1810944        ----a-w-        c:\windows\SysWow64\jscript9.dll
2014-11-24 20:35 . 2014-12-10 14:59        1129472        ----a-w-        c:\windows\SysWow64\wininet.dll
2014-11-24 20:34 . 2014-12-10 14:59        1427968        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2014-11-24 20:33 . 2014-12-10 14:59        142848        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2014-11-24 20:33 . 2014-12-10 14:59        421376        ----a-w-        c:\windows\SysWow64\vbscript.dll
2014-11-24 20:32 . 2014-12-10 14:59        11776        ----a-w-        c:\windows\SysWow64\mshta.exe
2014-11-24 20:32 . 2014-12-10 14:59        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2014-11-18 19:47 . 2014-11-18 19:47        1691816        ----a-w-        c:\windows\system32\FM20.DLL
2014-11-11 03:09 . 2014-12-10 14:59        1190912        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-19 22:06        241152        ----a-w-        c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 22:06        728064        ----a-w-        c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-10 14:59        1011200        ----a-w-        c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 22:06        186880        ----a-w-        c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 22:06        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-10 14:59        119296        ----a-w-        c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-10 14:58        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-10 14:58        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
2014-05-08 10:52        513648        ----a-w-        c:\program files (x86)\SupTab\SupTab.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7553EA3C-F8DA-4188-B7BC-956894EA54F5}]
2014-11-18 16:33        187512        ----a-w-        c:\program files (x86)\chip\Internet Explorer\chip32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{8d3ec233-b92d-4187-a506-284127cfba2d}]
2012-10-25 08:11        1030728        ----a-w-        c:\users\Tassilo Welsch\AppData\Roaming\DownTango4SToolbar\DownTango4SToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EC136321-1AE5-4A7F-B01C-5380D666175B}]
2011-11-14 12:08        128064        ----a-w-        c:\program files (x86)\icq\Internet Explorer\icq.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-11-11 13:07        323752        ----a-w-        c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{8d3ec233-b92d-4187-a506-284127cfba2d}"= "c:\users\Tassilo Welsch\AppData\Roaming\DownTango4SToolbar\DownTango4SToolbar.dll" [2012-10-25 1030728]
.
[HKEY_CLASSES_ROOT\clsid\{8d3ec233-b92d-4187-a506-284127cfba2d}]
[HKEY_CLASSES_ROOT\wtb.Band.1]
[HKEY_CLASSES_ROOT\TypeLib\{5c0647de-0eee-4822-b211-a05a5bf316ab}]
[HKEY_CLASSES_ROOT\wtb.Band]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 16:19        1729744        ----a-w-        c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 16:19        1729744        ----a-w-        c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 16:19        1729744        ----a-w-        c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09        131480        ----a-w-        c:\users\Tassilo Welsch\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09        131480        ----a-w-        c:\users\Tassilo Welsch\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09        131480        ----a-w-        c:\users\Tassilo Welsch\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{014F27E2-6D75-4E42-A0E9-2A2C68498AFA}"
[HKEY_CLASSES_ROOT\CLSID\{014F27E2-6D75-4E42-A0E9-2A2C68498AFA}]
2015-01-29 19:01        552232        ----a-w-        c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-24 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2014-07-25 845120]
"Remote Mouse"="c:\program files (x86)\Remote Mouse\RemoteMouse.exe" [2014-04-28 1238528]
"Amazon Music"="c:\users\Tassilo Welsch\AppData\Local\Amazon Music\Amazon Music Helper.exe" [2014-09-06 6281536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-03 107816]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2014-07-25 311616]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"TBAction"="c:\program files (x86)\Visual TimeAnalyzer\tbaction.exe" [2011-10-13 129408]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-09-27 439440]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2013-10-23 337432]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
c:\users\Tassilo Welsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GM_DevUpdate.lnk - c:\program files (x86)\Hama PC-Vibra joystick Outlandish\GM_DevUpdate.exe [2012-4-13 45056]
OMSI Addon Manager.lnk - c:\program files (x86)\OMSI Addon Manager\OMSI Addon Manager.exe -silent [2014-11-18 737280]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ASUS\Bluetooth Software\BTTray.exe [2012-12-6 1393528]
watchmi tray.lnk - c:\windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe [2011-12-24 300416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          scecli c:\program files\ASUS\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 cm_km_w;Kaspersky Lab Crypto Module (FDE PDK);c:\windows\system32\DRIVERS\cm_km_w.sys;c:\windows\SYSNATIVE\DRIVERS\cm_km_w.sys [x]
S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 Klwtp;Klwtp;c:\windows\system32\DRIVERS\klwtp.sys;c:\windows\SYSNATIVE\DRIVERS\klwtp.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AVP15.0.1;Kaspersky Anti-Virus Service 15.0.1;c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [x]
S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys;c:\windows\SYSNATIVE\DRIVERS\kldisk.sys [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 watchmi;watchmi service;c:\program files (x86)\watchmi\TvdService.exe;c:\program files (x86)\watchmi\TvdService.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys;c:\windows\SYSNATIVE\drivers\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys;c:\windows\SYSNATIVE\drivers\asmtxhci.sys [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 17:39]
.
2015-01-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3110529466-1759550328-638498961-1002Core.job
- c:\users\Tassilo Welsch\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-11 21:42]
.
2015-01-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3110529466-1759550328-638498961-1002UA.job
- c:\users\Tassilo Welsch\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-11 21:42]
.
2015-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 09:27]
.
2015-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 09:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7553EA3C-F8DA-4188-B7BC-956894EA54F5}]
2014-11-18 16:33        225400        ----a-w-        c:\program files (x86)\chip\Internet Explorer\chip64.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-11-07 17:08        357376        ----a-w-        c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 16:17        2334928        ----a-w-        c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 16:17        2334928        ----a-w-        c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 16:17        2334928        ----a-w-        c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10        164760        ----a-w-        c:\users\Tassilo Welsch\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10        164760        ----a-w-        c:\users\Tassilo Welsch\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10        164760        ----a-w-        c:\users\Tassilo Welsch\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10        164760        ----a-w-        c:\users\Tassilo Welsch\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{014F27E2-6D75-4E42-A0E9-2A2C68498AFA}"
[HKEY_CLASSES_ROOT\CLSID\{014F27E2-6D75-4E42-A0E9-2A2C68498AFA}]
2015-01-29 19:02        726312        ----a-w-        c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-09 11821160]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"PrnStatusMX"="c:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2012-07-04 1240064]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Accelerometer
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.sweet-page.com/?type=hp&ts=1402989453&from=smt&uid=ST2000DL003-9VT166_5YD62BQ2XXXX5YD62BQ2
uDefault_Search_URL = hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
mStart Page = hxxp://www.sweet-page.com/?type=hp&ts=1402989453&from=smt&uid=ST2000DL003-9VT166_5YD62BQ2XXXX5YD62BQ2
mDefault_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1402989453&from=smt&uid=ST2000DL003-9VT166_5YD62BQ2XXXX5YD62BQ2&q={searchTerms}
mSearch Bar = hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
mSearch Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1402989453&from=smt&uid=ST2000DL003-9VT166_5YD62BQ2XXXX5YD62BQ2&q={searchTerms}
mDefault_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1402989453&from=smt&uid=ST2000DL003-9VT166_5YD62BQ2XXXX5YD62BQ2
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
IE: {{09A10376-994C-4BBF-9121-F50CF7BA237E} - {F2A56BFE-7911-451A-BC74-A9C3C2E95126} - c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll
IE: {{5f7f7e76-0f61-4de9-8ae6-e5ee565cd118} - {8d3ec233-b92d-4187-a506-284127cfba2d} - c:\users\Tassilo Welsch\AppData\Roaming\DownTango4SToolbar\DownTango4SToolbar.dll
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.0.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Steam - c:\program files (x86)\Steam\Steam.exe
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
c:\users\Tassilo Welsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Versandhelfer.lnk - c:\program files (x86)\Versandhelfer\Versandhelfer.exe
AddRemove-Steam App 231120 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 24010 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 252530 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 289950 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 50130 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 70600 - c:\program files (x86)\Steam\steam.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE]
"ImagePath"="."
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc]
"ImagePath"="."
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{855F3B16-6D32-4FE6-8A56-BBB695989046}"=hex:51,66,7a,6c,4c,1d,38,12,78,38,4c,
  81,00,23,88,0a,f5,40,f8,f6,90,c6,d4,52
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
  27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
  1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}"=hex:51,66,7a,6c,4c,1d,38,12,da,39,34,
  5d,e1,a9,97,05,de,be,2c,e9,c9,ff,c2,38
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
  94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
  ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
  df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,38,12,6c,f5,2f,
  e7,77,97,74,03,fc,e6,c2,df,73,ff,dd,ec
"{EC136321-1AE5-4A7F-B01C-5380D666175B}"=hex:51,66,7a,6c,4c,1d,38,12,4f,60,00,
  e8,d7,54,11,0f,cf,0a,10,c0,d3,38,53,4f
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:ee,b6,23,c8,19,22,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1f,4f,b2,34,93,09,a8,42,be,aa,c0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1f,4f,b2,34,93,09,a8,42,be,aa,c0,\
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avpui.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-01-30  00:12:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-01-29 23:12
.
Vor Suchlauf: 22 Verzeichnis(se), 1.428.355.858.432 Bytes frei
Nach Suchlauf: 28 Verzeichnis(se), 1.459.487.924.224 Bytes frei
.
- - End Of File - - 085D1182481750D59DBB2EC3DA2A0DB6

Gruß, Tassilo

schrauber 30.01.2015 09:51
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Tassimo 30.01.2015 13:01
Hallo Schrauber,

okay werde ich machen!

Danke

Hallo Schrauber,


also hier:



Malewarebytes.txt:


Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 30.01.2015
Scan Time: 11:53:47
Logfile: Malewarebiytes 30.01 log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.30.03
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Tassilo Welsch

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 415303
Time Elapsed: 12 min, 59 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 25
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [91fabe3fd5b4db5bcbd373894ab8dd23],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [91fabe3fd5b4db5bcbd373894ab8dd23],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [91fabe3fd5b4db5bcbd373894ab8dd23],
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{23119123-0854-469D-807A-171568457991}, , [4645ea1399f0cb6b00e0b2806a9926da],
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\CLASSES\TypeLib\{03119103-0854-469D-807A-171568457991}, , [a5e6fffe028764d25090ab878d764eb2],
PUP.Optional.SimplyTech.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{07766d44-2402-40b4-978d-0cbdaca7e945}, , [dbb0d5285336bb7b2b8c7a358c759a66],
PUP.Optional.SimplyTech.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8d3ec233-b92d-4187-a506-284127cfba2d}, , [dbb0d5285336bb7b2b8c7a358c759a66],
PUP.Optional.SimplyTech.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{8D3EC233-B92D-4187-A506-284127CFBA2D}, , [dbb0d5285336bb7b2b8c7a358c759a66],
PUP.Optional.SimplyTech.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{907b408f-64be-4812-9e58-e9a6d5b04661}, , [dbb0d5285336bb7b2b8c7a358c759a66],
PUP.Optional.SimplyTech.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{b9e6846b-455a-4c67-ac17-cf23a997c6c5}, , [dbb0d5285336bb7b2b8c7a358c759a66],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [89022bd249409b9b772b6d7a897b8c74],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MyWebFace_5a, , [addea5586a1f6ec8098f01f60400b050],
PUP.Optional.WindowsProtectManger.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsProtectManger, , [e2a903faf099d75f052562409d66ba46],
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\sweet-pageSoftware, , [4c3fdc217b0ea591225723cd60a4d927],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [672443ba5732d75f10925592976d8977],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP, , [9bf0f20b2b5efe38397c42540bf806fa],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, , [c4c7728b84052c0a0bdb2b6bcf3416ea],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-3110529466-1759550328-638498961-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MyWebFace_5a, , [315a59a4b0d9c86ef5badccf41c27c84],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-3110529466-1759550328-638498961-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MyWebFace_5a, , [e6a59c61078251e51a95317a669d27d9],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3110529466-1759550328-638498961-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Conduit_Search_Protect, , [078485789cedc96dc6f7e317cb390bf5],
PUP.Optional.Softonic.A, HKU\S-1-5-21-3110529466-1759550328-638498961-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, , [7d0ebd40296046f07c11661f976c1be5],
PUP.Optional.BlockAndSurf.A, HKU\S-1-5-21-3110529466-1759550328-638498961-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BlockAndSurf, , [2764c439f3960a2cbd4e207cd330916f],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-3110529466-1759550328-638498961-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MyWebFace_5a, , [b4d729d4bbce45f1357abeedd23149b7],
PUP.Optional.Qone8, HKU\S-1-5-21-3110529466-1759550328-638498961-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [83087b82d1b8d165f1b07d6ae61e01ff],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-3110529466-1759550328-638498961-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MyWebFace_5a, , [6d1e29d40b7e48ee6c433f6cd52e41bf],

Registry Values: 9
PUP.Optional.SimplyTech.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{8D3EC233-B92D-4187-A506-284127CFBA2D}, , [dbb0d5285336bb7b2b8c7a358c759a66],
PUP.Optional.SearchCertified.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|Search Bar, hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=, , [d7b4f9046920d75f65a88f17ed16f20e]
PUP.Optional.CertifiedToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURI|(Default), hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=2938&q=%s, , [f497926b4c3dc076e30dced65da6c739]
PUP.Optional.CertifiedToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|(Default), hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=2938&q=%s, , [6d1e3ebf147556e0cd24475dca3954ac]
PUP.Optional.QuickStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|quick_start@gmail.com, C:\Users\Tassilo Welsch\AppData\Roaming\Mozilla\Profiles\dcc8za0g.Standard-Benutzer\extensions\quick_start@gmail.com, , [bad1ba43c9c05dd92d47586223e03ac6]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP|dir, C:\Program Files (x86)\SupTab, , [9bf0f20b2b5efe38397c42540bf806fa]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, smt, , [c4c7728b84052c0a0bdb2b6bcf3416ea]
PUP.Optional.SearchCertified.A, HKU\S-1-5-21-3110529466-1759550328-638498961-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Search Bar, hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=, , [197259a45a2f66d012f97e2823e09a66]
PUP.Optional.QuickStart.A, HKU\S-1-5-21-3110529466-1759550328-638498961-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, quick_start@gmail.com, , [fd8e36c746432c0afee9594bc142956b]

Registry Data: 22
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.sweet-page.com/?type=hp&ts=1402989453&from=smt&uid=ST2000DL003-9VT166_5YD62BQ2XXXX5YD62BQ2, Good: (www.google.com), Bad: (hxxp://www.sweet-page.com/?type=hp&ts=1402989453&from=smt&uid=ST2000DL003-9VT166_5YD62BQ2XXXX5YD62BQ2),,[5f2cdb227712af87a5d1e3c81ce933cd]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[d9b25e9f5d2c56e019f7822955b054ac]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.sweet-page.com/?type=hp&ts=1402989453&from=smt&uid=ST2000DL003-9VT166_5YD62BQ2XXXX5YD62BQ2, Good: (www.google.com), Bad: (hxxp://www.sweet-page.com/?type=hp&ts=1402989453&from=smt&uid=ST2000DL003-9VT166_5YD62BQ2XXXX5YD62BQ2),,[7b10f409aedb39fdbeb8affc7e8707f9]
PUP.Optional.CertifiedToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Default_Page_URL, hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938, Good: (www.google.com), Bad: (hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938),,[acdf1de01c6def47b1d0643c020318e8]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1402989453&from=smt&uid=ST2000DL003-9VT166_5YD62BQ2XXXX5YD62BQ2&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://www.sweet-page.com/web/?type=ds&ts=1402989453&from=smt&uid=ST2000DL003-9VT166_5YD62BQ2XXXX5YD62BQ2&q={searchTerms}),,[1873926b0386ba7c4134505b1ce927d9]
Hijack.SearchPage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=, Good: (hxxp://www.google.com), Bad: (hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=),,[f497cb321772b581e7d15d4c887d33cd]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.sweet-page.com/web/?type=ds&ts=1402989453&from=smt&uid=ST2000DL003-9VT166_5YD62BQ2XXXX5YD62BQ2&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://www.sweet-page.com/web/?type=ds&ts=1402989453&from=smt&uid=ST2000DL003-9VT166_5YD62BQ2XXXX5YD62BQ2&q={searchTerms}),,[0784af4ed8b1fd39b2ca1c8444c1bb45]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.sweet-page.com/?type=hp&ts=1402989453&from=smt&uid=ST2000DL003-9VT166_5YD62BQ2XXXX5YD62BQ2, Good: (www.google.com), Bad: (hxxp://www.sweet-page.com/?type=hp&ts=1402989453&from=smt&uid=ST2000DL003-9VT166_5YD62BQ2XXXX5YD62BQ2),,[5e2d2ad30980241222520aa15ea717e9]
PUP.Optional.CertifiedToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|Start Page, hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938, Good: (www.google.com), Bad: (hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938),,[3e4d9766c3c673c3ed98e8b865a06e92]
PUP.Optional.CertifiedToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|Start Default_Page_URL, hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938, Good: (www.google.com), Bad: (hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938),,[c5c6f10c64256fc781034e5258ad45bb]
Hijack.SearchPage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=, Good: (hxxp://www.google.com/), Bad: (hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=),,[82099b620d7cfd3915a559502ed7e818]
PUP.Optional.CertifiedToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|Search Page, hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=, Good: (www.google.com), Bad: (hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=),,[305bb647cebbde58b8cadbc5bc493fc1]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[f19a5aa3d5b4a294bd536447ea1bc739]
PUP.Optional.SweetPage.A, HKU\S-1-5-21-3110529466-1759550328-638498961-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.sweet-page.com/?type=hp&ts=1402989453&from=smt&uid=ST2000DL003-9VT166_5YD62BQ2XXXX5YD62BQ2, Good: (www.google.com), Bad: (hxxp://www.sweet-page.com/?type=hp&ts=1402989453&from=smt&uid=ST2000DL003-9VT166_5YD62BQ2XXXX5YD62BQ2),,[becd07f6f49573c33839b3f8b4510cf4]
PUP.Optional.CertifiedToolBar.A, HKU\S-1-5-21-3110529466-1759550328-638498961-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Default_Page_URL, hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938, Good: (www.google.com), Bad: (hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938),,[5a31d8253c4dcd693845fea2897c748c]
Hijack.SearchPage, HKU\S-1-5-21-3110529466-1759550328-638498961-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=, Good: (hxxp://www.google.com), Bad: (hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=),,[593207f68aff2511664ec9e0669fc43c]
PUP.Optional.CertifiedToolBar.A, HKU\S-1-5-21-3110529466-1759550328-638498961-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Start Page, hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938, Good: (www.google.com), Bad: (hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938),,[86053cc1622794a279071b855da80cf4]
PUP.Optional.CertifiedToolBar.A, HKU\S-1-5-21-3110529466-1759550328-638498961-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Start Default_Page_URL, hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938, Good: (www.google.com), Bad: (hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938),,[711a1ce1daaf270f9ee1f6aa2bda9868]
Hijack.SearchPage, HKU\S-1-5-21-3110529466-1759550328-638498961-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=, Good: (hxxp://www.google.com/), Bad: (hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=),,[b4d78a73642576c0bffc159490752ad6]
PUP.Optional.CertifiedToolBar.A, HKU\S-1-5-21-3110529466-1759550328-638498961-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Search Page, hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=, Good: (www.google.com), Bad: (hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=),,[b1daf00d1f6a20165c2217894eb724dc]
PUP.Optional.SearchCertifiedTB.A, HKU\S-1-5-21-3110529466-1759550328-638498961-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURI|(Default), hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=2938&q=%s, Good: (www.google.com), Bad: (hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=2938&q=%s),,[2368d22bbecbad891b9dc6e530d5837d]
PUP.Optional.SearchCertifiedTB.A, HKU\S-1-5-21-3110529466-1759550328-638498961-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|(Default), hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=2938&q=%s, Good: (www.google.com/), Bad: (hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=2938&q=%s),,[800b0af33950e452b108268585807a86]

Folders: 66
Trojan.Agent.Gen, C:\Users\Tassilo Welsch\M-1-25-5432-6437-5685, , [a9e2c9344f3ad066ec065ce70102c838],
PUP.Optional.OpenCandy, C:\Users\Tassilo Welsch\AppData\Roaming\OpenCandy, , [fc8f5da0c0c942f47d1d46ff5fa4d729],
PUP.Optional.OpenCandy, C:\Users\Tassilo Welsch\AppData\Roaming\OpenCandy\9BF572F702BF44349CD3B7BEB7FA8B5D, , [fc8f5da0c0c942f47d1d46ff5fa4d729],
PUP.Optional.OpenCandy, C:\Users\Tassilo Welsch\AppData\Roaming\OpenCandy\OpenCandy_9BF572F702BF44349CD3B7BEB7FA8B5D, , [fc8f5da0c0c942f47d1d46ff5fa4d729],
PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger, , [5e2de21b9aef94a24d4bc09b857e3ec2],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\LocalLow\DownTangoLauncherToolbar, , [454612eb76136ccaec19550945be4db3],
PUP.Optional.WebEnhance.A, C:\Program Files (x86)\WebEnhance, , [3b50639ae2a70f275a640d5118ebaf51],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Users\Tassilo Welsch\AppData\Roaming\SupTab, , [f398a35af3967abc5d06e281ac5716ea],
PUP.Optional.MBot.A, C:\Users\Tassilo Welsch\AppData\Local\mbot_de_24, , [7516a15c810855e1bcc9ce9714efec14],
PUP.Optional.MBot.A, C:\Users\Tassilo Welsch\AppData\Local\mbot_de_24\mbot_de_24, , [7516a15c810855e1bcc9ce9714efec14],
PUP.Optional.MBot.A, C:\Users\Tassilo Welsch\AppData\Local\mbot_de_24\mbot_de_24\1.10, , [7516a15c810855e1bcc9ce9714efec14],
PUP.Optional.MBot.A, C:\Program Files (x86)\mbot_de_24, , [2269af4e7f0abd7902841253e71c0000],
PUP.Optional.MBot.A, C:\Program Files (x86)\mbot_de_285, , [5b3026d74b3eaf87f19554111ee53bc5],
PUP.Optional.DownTango.A, C:\Program Files (x86)\Red Sky\DownTango, , [76157f7ef7923501875981e546bdb44c],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\Downloads, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\Logs, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\scripts, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\scripts\after_reconnect, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\scripts\all_dls_finished, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\scripts\all_dls_processed, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\scripts\before_reconnect, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\scripts\download_finished, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\scripts\download_preparing, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\scripts\package_finished, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\scripts\unrar_finished, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\tmp, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\tmp\container_file, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\tmp\container_file\d, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\tmp\container_file\d\df, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\tmp\container_file_lock, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\tmp\jinja_cache, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\userplugins, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\userplugins\accounts, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\userplugins\captcha, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\userplugins\container, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\userplugins\crypter, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\userplugins\hooks, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\userplugins\hoster, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\userplugins\internal, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.GenesisOffers, C:\Users\Tassilo Welsch\AppData\Local\Genesis_08091606, , [692215e8d2b7181e5bebcb9c40c336ca],

Files: 115
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, , [91fabe3fd5b4db5bcbd373894ab8dd23],
PUP.Optional.SimplyTech.A, C:\Users\Tassilo Welsch\AppData\Roaming\DownTango4SToolbar\DownTango4SToolbar.dll, , [dbb0d5285336bb7b2b8c7a358c759a66],
Trojan.Agent.ED, C:\Users\Tassilo Welsch\AppData\Roaming\ProtectDISC\pe181da6a4.DLL, , [c0cb27d693f6dc5aa3d906fcd32f8977],
Trojan.Agent.ED, C:\Users\Tassilo Welsch\AppData\Roaming\ProtectDISC\pe181fa267.DLL, , [fd8e708dee9ba88eed8f04fe46bca060],
Trojan.Agent.ED, C:\Users\Tassilo Welsch\AppData\Roaming\ProtectDISC\pe1846d0f7.DLL, , [117a20dda7e251e546360ff33fc38878],
Trojan.Agent.ED, C:\Users\Tassilo Welsch\AppData\Roaming\ProtectDISC\pe186d44b9.DLL, , [38536d9078118fa784f8758d768c1ee2],
PUP.Optional.Softonic, C:\Users\Tassilo Welsch\Desktop\SoftonicDownloader_for_postal-2.exe, , [8b001de017724ceaf3d19396ad547b85],
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface64.dll, , [8b00a55835547fb733fd8d1e51b030d0],
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterfacef32.dll, , [4c3fcf2e93f6fe3844ecfbb047ba05fb],
PUP.Optional.IEPluginService.A, C:\Program Files (x86)\SupTab\RSHP.exe, , [43481be2becb80b690997b13867b20e0],
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SpAPPSv32.dll, , [7b10609d018851e5042cd7d4728f659b],
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SpAPPSv64.dll, , [701bb6477514d660161a1c8f25dc08f8],
PUP.Optional.WebInstr.A, C:\Windows\System32\drivers\Msft_Kernel_webinstrT_01009.Wdf, , [1873e914355442f4bf9e423e08fb936d],
PUP.Optional.SweetPage.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\sweet-page.xml, , [8a011edfd3b6122404747a76a2626f91],
PUP.Optional.OpenCandy, C:\Users\Tassilo Welsch\AppData\Roaming\OpenCandy\9BF572F702BF44349CD3B7BEB7FA8B5D\TuneUpUtilities2012_de-DE_1002174.exe, , [fc8f5da0c0c942f47d1d46ff5fa4d729],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\LocalLow\DownTangoLauncherToolbar\1367551239.png, , [454612eb76136ccaec19550945be4db3],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\LocalLow\DownTangoLauncherToolbar\152609663.png, , [454612eb76136ccaec19550945be4db3],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\LocalLow\DownTangoLauncherToolbar\424297506.png, , [454612eb76136ccaec19550945be4db3],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\LocalLow\DownTangoLauncherToolbar\796272953.png, , [454612eb76136ccaec19550945be4db3],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\LocalLow\DownTangoLauncherToolbar\contact.png, , [454612eb76136ccaec19550945be4db3],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\LocalLow\DownTangoLauncherToolbar\default_search_button.png, , [454612eb76136ccaec19550945be4db3],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\LocalLow\DownTangoLauncherToolbar\default_search_provider12.png, , [454612eb76136ccaec19550945be4db3],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\LocalLow\DownTangoLauncherToolbar\default_search_provider16.png, , [454612eb76136ccaec19550945be4db3],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\LocalLow\DownTangoLauncherToolbar\default_seperator.ico, , [454612eb76136ccaec19550945be4db3],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\LocalLow\DownTangoLauncherToolbar\freegames.png, , [454612eb76136ccaec19550945be4db3],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\LocalLow\DownTangoLauncherToolbar\help.png, , [454612eb76136ccaec19550945be4db3],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\LocalLow\DownTangoLauncherToolbar\home.png, , [454612eb76136ccaec19550945be4db3],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\LocalLow\DownTangoLauncherToolbar\refresh.png, , [454612eb76136ccaec19550945be4db3],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\LocalLow\DownTangoLauncherToolbar\shrink.png, , [454612eb76136ccaec19550945be4db3],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\LocalLow\DownTangoLauncherToolbar\upgrade.png, , [454612eb76136ccaec19550945be4db3],
PUP.Optional.WebEnhance.A, C:\Program Files (x86)\WebEnhance\webenhance.crx, , [3b50639ae2a70f275a640d5118ebaf51],
PUP.Optional.WebEnhance.A, C:\Program Files (x86)\WebEnhance\webenhance.xpi, , [3b50639ae2a70f275a640d5118ebaf51],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WebDataJs, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\arrow.png, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo.png, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo_hover.png, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_logo.png, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo.png, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo2.png, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\0.png, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ie8.js, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit.js, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, , [3457e11c44458fa7c69c451ed72cd030],
PUP.Optional.MBot.A, C:\Users\Tassilo Welsch\AppData\Local\mbot_de_24\upmbot_de_24.cyl, , [7516a15c810855e1bcc9ce9714efec14],
PUP.Optional.MBot.A, C:\Users\Tassilo Welsch\AppData\Local\mbot_de_24\user_profil.cyp, , [7516a15c810855e1bcc9ce9714efec14],
PUP.Optional.MBot.A, C:\Users\Tassilo Welsch\AppData\Local\mbot_de_24\mbot_de_24\1.10\cnf.cyl, , [7516a15c810855e1bcc9ce9714efec14],
PUP.Optional.MBot.A, C:\Users\Tassilo Welsch\AppData\Local\mbot_de_24\mbot_de_24\1.10\eorezo.cyl, , [7516a15c810855e1bcc9ce9714efec14],
PUP.Optional.MBot.A, C:\Program Files (x86)\mbot_de_24\unins000.dat, , [2269af4e7f0abd7902841253e71c0000],
PUP.Optional.MBot.A, C:\Program Files (x86)\mbot_de_24\unins000.msg, , [2269af4e7f0abd7902841253e71c0000],
PUP.Optional.MBot.A, C:\Program Files (x86)\mbot_de_285\is-2E2VG.tmp, , [5b3026d74b3eaf87f19554111ee53bc5],
PUP.Optional.DownTango.A, C:\Program Files (x86)\Red Sky\DownTango\DownTango4SToolbar.exe, , [76157f7ef7923501875981e546bdb44c],
PUP.Optional.DownTango.A, C:\Program Files (x86)\Red Sky\DownTango\DownTangoSetupFiles-TlbrFree.7z, , [76157f7ef7923501875981e546bdb44c],
PUP.Optional.DownTango.A, C:\Program Files (x86)\Red Sky\DownTango\npbrowserPlugin.dll, , [76157f7ef7923501875981e546bdb44c],
PUP.Optional.DownTango.A, C:\Program Files (x86)\Red Sky\DownTango\qgif4.dll, , [76157f7ef7923501875981e546bdb44c],
PUP.Optional.DownTango.A, C:\Program Files (x86)\Red Sky\DownTango\qico4.dll, , [76157f7ef7923501875981e546bdb44c],
PUP.Optional.DownTango.A, C:\Program Files (x86)\Red Sky\DownTango\qjpeg4.dll, , [76157f7ef7923501875981e546bdb44c],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\accounts.conf, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\application.log, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\config.db, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\files.db, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\files.version, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\initial_links.txt, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\plugin.conf, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\pyload.conf, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\pyload.pid, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\Logs\log.txt, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\tmp\container_file\d\df\df1bee84a551cd70749e8f0fe6d71eac.cache, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\userplugins\__init__.py, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\userplugins\accounts\__init__.py, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\userplugins\captcha\__init__.py, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\userplugins\container\__init__.py, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\userplugins\crypter\__init__.py, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\userplugins\hooks\UpdateManager.py, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\userplugins\hooks\__init__.py, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\userplugins\hoster\__init__.py, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.DownTango.A, C:\Users\Tassilo Welsch\AppData\Local\DownTango\userplugins\internal\__init__.py, , [e1aab449682186b0ae33a4c292711fe1],
PUP.Optional.GenesisOffers, C:\Users\Tassilo Welsch\AppData\Local\Genesis_08091606\genesis_08091606.gss, , [692215e8d2b7181e5bebcb9c40c336ca],

Physical Sectors: 0
(No malicious items detected)


(end)

AdwCleaner[S0].txt:

Code:
# AdwCleaner v4.109 - Bericht erstellt am 30/01/2015 um 12:38:58
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Tassilo Welsch - TASSILOWELSCH
# Gestartet von : C:\Users\Tassilo Welsch\Desktop\AdwCleaner_4.109.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : ICQ Service

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\SetApp
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files (x86)\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\Red Sky
Ordner Gelöscht : C:\Users\Tassilo Welsch\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\Tassilo Welsch\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Tassilo Welsch\AppData\LocalLow\SimplyTech
Ordner Gelöscht : C:\Users\Tassilo Welsch\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Tassilo Welsch\AppData\Roaming\InetStat
Ordner Gelöscht : C:\Users\Tassilo Welsch\AppData\Roaming\iPumper
Ordner Gelöscht : C:\Users\Tassilo Welsch\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\Users\Tassilo Welsch\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Tassilo Welsch\AppData\Roaming\YourFileDownloader
Datei Gelöscht : C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe

***** [ Tasks ] *****

Task Gelöscht : YourFile Update

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2263BE11-ACB7-49D9-8313-6B1D5CC42FAA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{97FC5555-8BDC-40EA-8DE2-B1E46B9EA629}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Schlüssel Gelöscht : HKCU\Software\Ciuvo
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Escolade
Schlüssel Gelöscht : HKCU\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\ProtectedSearch
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\YourFileDownloader
Schlüssel Gelöscht : HKCU\Software\Ciuvo GmbH
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\simplytech
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\DownTango
Schlüssel Gelöscht : HKLM\SOFTWARE\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : HKLM\SOFTWARE\Trymedia Systems
Schlüssel Gelöscht : HKLM\SOFTWARE\YourFileDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\icq.com

***** [ Browser ] *****

-\\ Internet Explorer v0.0.0.0

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Google Chrome v12.0.742.91


*************************

AdwCleaner[R0].txt - [8380 octets] - [30/01/2015 12:33:18]
AdwCleaner[R1].txt - [8440 octets] - [30/01/2015 12:36:04]
AdwCleaner[S0].txt - [7427 octets] - [30/01/2015 12:38:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7487 octets] ##########


JRT.txt:

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Tassilo Welsch on 30.01.2015 at 12:48:16,59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{84EC4205-EC93-43C3-912A-684A257AF5CE}



~~~ Files

Successfully deleted: [File] "C:\Windows\launcher.exe"
Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
Successfully deleted: [Empty Folder] C:\Users\Tassilo Welsch\appdata\local\{011A1551-5D8D-43B6-8CE8-67E679354068}
Successfully deleted: [Empty Folder] C:\Users\Tassilo Welsch\appdata\local\{0C83444E-55E8-4242-9F40-F2C58FDDC1F5}
Successfully deleted: [Empty Folder] C:\Users\Tassilo Welsch\appdata\local\{2056AD57-601B-43D7-B781-A6B6035C0864}
Successfully deleted: [Empty Folder] C:\Users\Tassilo Welsch\appdata\local\{35E4C5EB-5ADF-481C-92FD-EF523321DFE4}
Successfully deleted: [Empty Folder] C:\Users\Tassilo Welsch\appdata\local\{5B0E114A-9DF0-45D4-BCF3-BAAC8EF0CED5}
Successfully deleted: [Empty Folder] C:\Users\Tassilo Welsch\appdata\local\{6F7B04DD-F021-42FA-BC1F-2062E44B660E}
Successfully deleted: [Empty Folder] C:\Users\Tassilo Welsch\appdata\local\{7A2D1BF0-C073-4845-92CD-EE2EBEF7556F}
Successfully deleted: [Empty Folder] C:\Users\Tassilo Welsch\appdata\local\{80093045-D797-4EA6-9E65-A336329CBFA9}
Successfully deleted: [Empty Folder] C:\Users\Tassilo Welsch\appdata\local\{917F2505-1FC6-4D0F-8713-D73C65D36CF2}
Successfully deleted: [Empty Folder] C:\Users\Tassilo Welsch\appdata\local\{9EC8D21B-F075-42E8-A6EA-7C804BC7849F}
Successfully deleted: [Empty Folder] C:\Users\Tassilo Welsch\appdata\local\{A798CFF6-8E1D-4762-9C26-A2789F5B8BB1}
Successfully deleted: [Empty Folder] C:\Users\Tassilo Welsch\appdata\local\{D81F442F-D49E-4919-8803-A1A9440B54C3}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.01.2015 at 12:51:33,00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


und hier FRST.txt



FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by Tassilo Welsch (administrator) on TASSILOWELSCH on 30-01-2015 12:53:10
Running from C:\Users\Tassilo Welsch\Desktop
Loaded Profiles: Tassilo Welsch (Available profiles: Tassilo Welsch & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Users\Tassilo Welsch\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Broadcom Corporation.) C:\Program Files\ASUS\Bluetooth Software\btwdins.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
() C:\Program Files (x86)\watchmi\TvdService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Marvell Semiconductor, Inc.) C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(RemoteMouse.net) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
(Broadcom Corporation.) C:\Program Files\ASUS\Bluetooth Software\BTTray.exe
() C:\Program Files (x86)\watchmi\TvdTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Broadcom Corporation.) C:\Program Files\ASUS\Bluetooth Software\BTStackServer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Neuber Software) C:\Program Files (x86)\Visual TimeAnalyzer\tbaction.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11821160 2011-05-09] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [PrnStatusMX] => C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [1240064 2012-07-04] (Marvell Semiconductor, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-03] (CyberLink)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [TBAction] => C:\Program Files (x86)\Visual TimeAnalyzer\tbaction.exe [129408 2011-10-13] (Neuber Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [439440 2011-09-27] (CANON INC.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-10-23] (Power Software Ltd)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49152 2005-02-16] (Hewlett-Packard Co.)
HKU\S-1-5-21-3110529466-1759550328-638498961-1002\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-24] (Google Inc.)
HKU\S-1-5-21-3110529466-1759550328-638498961-1002\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-07-25] (Samsung)
HKU\S-1-5-21-3110529466-1759550328-638498961-1002\...\Run: [Remote Mouse] => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [1238528 2014-04-28] (RemoteMouse.net)
HKU\S-1-5-21-3110529466-1759550328-638498961-1002\...\Run: [Amazon Music] => C:\Users\Tassilo Welsch\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-06] ()
Lsa: [Notification Packages] scecli C:\Program Files\ASUS\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ASUS\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk
ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe (Acresso Software Inc.)
Startup: C:\Users\Tassilo Welsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GM_DevUpdate.lnk
ShortcutTarget: GM_DevUpdate.lnk -> C:\Program Files (x86)\Hama PC-Vibra joystick Outlandish\GM_DevUpdate.exe ()
Startup: C:\Users\Tassilo Welsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OMSI Addon Manager.lnk
ShortcutTarget: OMSI Addon Manager.lnk -> C:\Program Files (x86)\OMSI Addon Manager\OMSI Addon Manager.exe (Jan Kiesewalter)
Startup: C:\Users\Tassilo Welsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\shellex.dll (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\shellex.dll (Kaspersky Lab ZAO)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3110529466-1759550328-638498961-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3110529466-1759550328-638498961-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-3110529466-1759550328-638498961-1002 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3110529466-1759550328-638498961-1002 -> DefaultScope {84EC4205-EC93-43C3-912A-684A257AF5CE} URL =
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CHIP Best Deal BHO -> {7553EA3C-F8DA-4188-B7BC-956894EA54F5} -> C:\Program Files (x86)\chip\Internet Explorer\chip64.dll ()
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: CHIP Best Deal BHO -> {7553EA3C-F8DA-4188-B7BC-956894EA54F5} -> C:\Program Files (x86)\chip\Internet Explorer\chip32.dll ()
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: ICQ Sparberater -> {EC136321-1AE5-4A7F-B01C-5380D666175B} -> C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3110529466-1759550328-638498961-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Tassilo Welsch\AppData\Roaming\Mozilla\Profiles\dcc8za0g.Standard-Benutzer
FF SelectedSearchEngine: Google
FF Homepage: https://www.facebook.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3110529466-1759550328-638498961-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Tassilo Welsch\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3110529466-1759550328-638498961-1002: facebook.com/fbDesktopPlugin -> C:\Users\Tassilo Welsch\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Plugin HKU\S-1-5-21-3110529466-1759550328-638498961-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF user.js: detected! => C:\Users\Tassilo Welsch\AppData\Roaming\Mozilla\Profiles\dcc8za0g.Standard-Benutzer\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Oracle Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPSibelius.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll (PDFTron Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll ()
FF SearchPlugin: C:\Users\Tassilo Welsch\AppData\Roaming\Mozilla\Profiles\dcc8za0g.Standard-Benutzer\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Tassilo Welsch\AppData\Roaming\Mozilla\Profiles\dcc8za0g.Standard-Benutzer\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Tassilo Welsch\AppData\Roaming\Mozilla\Profiles\dcc8za0g.Standard-Benutzer\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Tassilo Welsch\AppData\Roaming\Mozilla\Profiles\dcc8za0g.Standard-Benutzer\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Tassilo Welsch\AppData\Roaming\Mozilla\Profiles\dcc8za0g.Standard-Benutzer\searchplugins\webde-suche.xml
FF Extension: Quick Start - C:\Users\Tassilo Welsch\AppData\Roaming\Mozilla\Profiles\dcc8za0g.Standard-Benutzer\Extensions\quick_start@gmail.com [2014-06-17]
FF Extension: WEB.DE MailCheck - C:\Users\Tassilo Welsch\AppData\Roaming\Mozilla\Profiles\dcc8za0g.Standard-Benutzer\Extensions\toolbar@web.de [2014-12-17]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-29]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-29]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-29]
FF HKU\S-1-5-21-3110529466-1759550328-638498961-1002\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-18]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 Accelerometer; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 Accelerometer; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
S3 BFE; . [0 2015-01-30] () <==== ATTENTION (zero size file/folder)
R2 btwdins; C:\Program Files\ASUS\Bluetooth Software\btwdins.exe [1005944 2012-12-06] (Broadcom Corporation.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2011-09-06] ()
S3 MpsSvc; . [0 2015-01-30] () <==== ATTENTION (zero size file/folder)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] () [File not signed]
R2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [62464 2010-12-06] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-06-06] ()
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2012-09-24] (Broadcom Corporation.)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-12-30] () [File not signed]
U3 GMFilter; C:\Windows\SysWOW64\Drivers\GMFilter.sys [21760 2005-08-23] () [File not signed]
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2015-01-29] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [818888 2015-01-29] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2015-01-29] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-06-06] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S0 nvpciflt; system32\DRIVERS\nvpciflt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: Accelerometer -> No ServiceDLL Path.

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-30 12:53 - 2015-01-30 12:54 - 00028172 _____ () C:\Users\Tassilo Welsch\Desktop\FRST.txt
2015-01-30 12:51 - 2015-01-30 12:51 - 00002379 _____ () C:\Users\Tassilo Welsch\Desktop\JRT.txt
2015-01-30 12:48 - 2015-01-30 12:48 - 00000000 ____D () C:\Windows\ERUNT
2015-01-30 12:47 - 2015-01-30 12:47 - 01707939 _____ (Thisisu) C:\Users\Tassilo Welsch\Desktop\JRT.exe
2015-01-30 12:44 - 2015-01-30 12:44 - 00007611 _____ () C:\Users\Tassilo Welsch\Desktop\AdwCleaner[S0].txt
2015-01-30 12:33 - 2015-01-30 12:39 - 00000000 ____D () C:\AdwCleaner
2015-01-30 11:53 - 2015-01-30 12:34 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-30 11:53 - 2015-01-30 11:53 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-30 11:53 - 2015-01-30 11:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-30 11:53 - 2015-01-30 11:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-30 11:53 - 2015-01-30 11:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-30 11:53 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-30 11:53 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-30 11:53 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-30 11:51 - 2015-01-30 11:51 - 02194432 _____ () C:\Users\Tassilo Welsch\Desktop\AdwCleaner_4.109.exe
2015-01-30 11:42 - 2015-01-29 08:23 - 02130432 _____ (Farbar) C:\Users\Tassilo Welsch\Desktop\FRST64.exe
2015-01-30 00:12 - 2015-01-30 00:12 - 00039191 _____ () C:\ComboFix.txt
2015-01-29 23:51 - 2015-01-30 00:12 - 00000000 ____D () C:\Qoobox
2015-01-29 23:51 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-29 23:51 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-29 23:51 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-29 23:51 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-29 23:51 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-29 23:51 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-29 23:51 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-29 23:51 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-29 23:50 - 2015-01-30 00:10 - 00000000 ____D () C:\Windows\erdnt
2015-01-29 23:30 - 2012-05-03 16:18 - 00693648 _____ (MindSpark) C:\Program Files (x86)\5aUninstall MyWebFace.dll
2015-01-29 23:30 - 2012-05-03 16:18 - 00174008 _____ () C:\Program Files (x86)\5ares.dll
2015-01-29 22:36 - 2015-01-29 22:36 - 00001268 _____ () C:\Users\Tassilo Welsch\Desktop\Revo Uninstaller.lnk
2015-01-29 22:36 - 2015-01-29 22:36 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-29 19:45 - 2015-01-29 19:45 - 00002307 _____ () C:\Users\Tassilo Welsch\Desktop\Sicherer Zahlungsverkehr.lnk
2015-01-29 19:44 - 2015-01-29 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2015-01-29 19:44 - 2015-01-29 19:43 - 00002057 _____ () C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2015-01-29 19:43 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-01-29 19:42 - 2015-01-30 12:43 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-29 19:42 - 2015-01-29 19:42 - 00000000 ____D () C:\Windows\ELAMBKUP
2015-01-29 19:42 - 2015-01-29 19:42 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-01-29 19:42 - 2014-08-12 18:33 - 00246456 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-01-29 08:23 - 2015-01-30 12:53 - 00000000 ____D () C:\FRST
2015-01-28 15:34 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-28 15:34 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-28 15:34 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-28 15:34 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-28 15:34 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-28 15:34 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-28 15:34 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-28 15:34 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-28 15:34 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-28 15:34 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-28 15:34 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-28 15:34 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-28 15:34 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-20 12:10 - 2015-01-20 12:16 - 00000000 ____D () C:\Users\Tassilo Welsch\Documents\Leitz vorlagen
2015-01-18 20:11 - 2015-01-19 17:20 - 00000000 ____D () C:\Users\Tassilo Welsch\AppData\Local\Spotify
2015-01-18 20:10 - 2015-01-28 15:08 - 00000000 ____D () C:\Users\Tassilo Welsch\AppData\Roaming\Spotify
2015-01-15 09:28 - 2015-01-27 16:44 - 00000000 ____D () C:\Users\Tassilo Welsch\Documents\Online Banking
2015-01-14 22:50 - 2015-01-28 15:08 - 00000000 ____D () C:\99b715753655f64069c8
2015-01-10 14:35 - 2015-01-10 22:00 - 00000000 ____D () C:\Users\Tassilo Welsch\Desktop\Blasmusik Timi
2015-01-10 14:32 - 2015-01-28 15:09 - 00000000 ____D () C:\Users\Tassilo Welsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2015-01-06 15:56 - 2015-01-06 15:56 - 00001536 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2015-01-06 15:56 - 2015-01-06 15:56 - 00001245 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-30 12:49 - 2009-07-14 05:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-30 12:49 - 2009-07-14 05:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-30 12:48 - 2011-12-24 19:49 - 01163067 _____ () C:\Windows\WindowsUpdate.log
2015-01-30 12:42 - 2011-12-24 19:52 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-30 12:42 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-30 12:41 - 2011-09-05 23:57 - 00000000 ____D () C:\Windows\sv
2015-01-30 12:41 - 2011-09-05 23:24 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-30 12:41 - 2010-11-21 04:47 - 00266562 _____ () C:\Windows\PFRO.log
2015-01-30 12:41 - 2009-07-14 05:51 - 00222604 _____ () C:\Windows\setupact.log
2015-01-30 12:39 - 2012-04-12 15:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-30 12:38 - 2011-12-25 21:06 - 00000000 ____D () C:\ProgramData\ICQ
2015-01-30 12:32 - 2012-10-26 10:33 - 00000000 ____D () C:\Users\Tassilo Welsch\AppData\Roaming\DownTango4SToolbar
2015-01-30 12:32 - 2012-04-13 15:53 - 00000000 ____D () C:\Users\Tassilo Welsch\AppData\Roaming\ProtectDISC
2015-01-30 12:32 - 2011-12-24 19:56 - 00000000 ____D () C:\Users\Tassilo Welsch
2015-01-30 12:32 - 2011-12-24 19:52 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-30 11:47 - 2012-04-11 22:05 - 00001174 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3110529466-1759550328-638498961-1002UA.job
2015-01-30 09:12 - 2014-11-24 19:17 - 00000000 ____D () C:\Users\Tassilo Welsch\Documents\Wichtige Dokumente
2015-01-30 00:31 - 2012-04-13 15:36 - 00000000 ____D () C:\Program Files (x86)\Quadriga Games
2015-01-30 00:12 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-01-30 00:06 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-30 00:03 - 2009-07-14 03:34 - 99614720 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-01-30 00:03 - 2009-07-14 03:34 - 27787264 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-01-30 00:03 - 2009-07-14 03:34 - 01048576 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-01-30 00:03 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-01-30 00:03 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-01-29 23:47 - 2012-04-11 22:05 - 00001152 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3110529466-1759550328-638498961-1002Core.job
2015-01-29 20:02 - 2014-08-20 18:04 - 00818888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-01-29 20:02 - 2014-08-18 14:43 - 00150536 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-01-29 20:02 - 2014-08-13 19:34 - 00077512 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klwtp.sys
2015-01-29 19:27 - 2012-03-04 19:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-29 16:40 - 2011-05-16 15:04 - 00710046 _____ () C:\Windows\system32\perfh007.dat
2015-01-29 16:40 - 2011-05-16 15:04 - 00154482 _____ () C:\Windows\system32\perfc007.dat
2015-01-29 16:40 - 2009-07-14 06:13 - 01649664 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-29 13:01 - 2014-11-10 18:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-28 18:39 - 2012-04-12 15:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-28 18:39 - 2012-04-12 15:18 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-28 18:39 - 2011-08-10 20:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-28 18:23 - 2013-05-18 20:51 - 01756160 ___SH () C:\Users\Tassilo Welsch\Desktop\Thumbs.db
2015-01-28 16:10 - 2013-08-15 22:28 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-28 16:09 - 2011-07-18 21:31 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-28 15:09 - 2012-02-28 13:57 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-28 15:09 - 2012-01-08 20:43 - 00000000 ____D () C:\Users\Tassilo Welsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-28 15:09 - 2011-12-24 22:40 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-01-28 15:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-28 15:07 - 2012-01-08 20:51 - 00000000 ___RD () C:\Users\Tassilo Welsch\Dropbox
2015-01-28 15:07 - 2012-01-08 20:43 - 00000000 ____D () C:\Users\Tassilo Welsch\AppData\Roaming\Dropbox
2015-01-19 23:30 - 2014-09-29 10:33 - 00000000 ____D () C:\Users\Tassilo Welsch\Documents\Studium
2015-01-12 09:41 - 2012-05-13 21:53 - 00000000 ____D () C:\Users\Tassilo Welsch\Documents\Orchestren-Bands
2015-01-06 15:56 - 2014-11-18 23:16 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-01-06 15:56 - 2014-11-18 23:15 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-01-06 15:56 - 2014-08-11 22:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-01-06 15:56 - 2012-06-25 22:01 - 00000000 ____D () C:\Users\Tassilo Welsch\AppData\Roaming\DVDVideoSoft
2015-01-01 16:03 - 2013-01-07 19:25 - 00000000 ____D () C:\ProgramData\CanonIJPLM

==================== Files in the root of some directories =======

2015-01-29 23:30 - 2012-05-03 16:18 - 0174008 _____ () C:\Program Files (x86)\5ares.dll
2015-01-29 23:30 - 2012-05-03 16:18 - 0693648 _____ (MindSpark) C:\Program Files (x86)\5aUninstall MyWebFace.dll
2012-10-05 19:23 - 2012-10-05 19:23 - 0000604 ____H () C:\Program Files (x86)\_Z2
2012-04-24 13:45 - 2012-04-24 13:45 - 0000000 _____ () C:\Users\Tassilo Welsch\AppData\Roaming\domRK.txt
2012-02-12 16:11 - 2013-02-25 00:38 - 0005120 _____ () C:\Users\Tassilo Welsch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-01 21:07 - 2014-12-02 16:58 - 0000058 _____ () C:\Users\Tassilo Welsch\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2013-06-09 19:32 - 2013-06-09 19:32 - 0000102 _____ () C:\Users\Tassilo Welsch\AppData\Local\fusioncache.dat
2012-06-02 20:27 - 2012-06-02 20:27 - 0000218 _____ () C:\Users\Tassilo Welsch\AppData\Local\recently-used.xbel
2012-01-04 12:04 - 2013-03-26 21:55 - 0007605 _____ () C:\Users\Tassilo Welsch\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\Tassilo Welsch\SkiRegionSimulator2012Patch1.0.1DE.exe


Some content of TEMP:
====================
C:\Users\Tassilo Welsch\AppData\Local\Temp\Quarantine.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64


LastRegBack: 2015-01-24 00:55

==================== End Of Log ============================
--- --- ---

--- --- ---





Vielen Dank,

Tassimo

Tassimo 30.01.2015 13:04
Und zur kompletten Vollständigkeit auch noch der addition.txt

Code:

Addition.txt:



       
Code:

       
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2015
Ran by Tassilo Welsch at 2015-01-30 12:54:20
Running from C:\Users\Tassilo Welsch\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Total Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Total Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
FW: Kaspersky Total Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

18 Wheels of Steel - Extreme Trucker (entfernen) (HKLM-x32\...\18 Wheels of Steel - Extreme Trucker) (Version:  - )
18 WoS Extreme Trucker 2 (HKLM-x32\...\{2070D91D-5C3C-4E9C-BA77-EC0ADE0FE671}) (Version: 1.00.0000 - Valusoft)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Aerosoft's - Aerosoft Launcher (HKLM-x32\...\{EE11CFFC-898C-4875-8A63-8B732A9AD43B}) (Version: 1.1.0.2 - Aerosoft)
Amazon Music (HKU\S-1-5-21-3110529466-1759550328-638498961-1002\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC)
ANNO 1503 GOLD (HKLM-x32\...\{DB833EF9-A198-49BE-970A-BD46F30BFBB4}) (Version: 1.05.00 - )
Anno 1701 (HKLM-x32\...\{A2433A63-5F5D-40E5-B529-9123C2B3E734}) (Version: 1.02 - Sunflowers)
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio (HKLM-x32\...\Ashampoo Burning Studio_is1) (Version: 10.0.10 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander (HKLM-x32\...\Ashampoo Photo Commander_is1) (Version: 9.2.0 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer (HKLM-x32\...\Ashampoo Photo Optimizer_is1) (Version: 4.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Snap (HKLM-x32\...\Ashampoo Snap_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology)
ASUS Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.3700 - ASUS)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
Avid License Control (HKLM-x32\...\{89A9B9EE-839E-4820-9450-2912C82F46AF}) (Version: 6.0.1 - Avid Technology, Inc.)
Bagger-Simulator 2011 (Demo) (HKLM-x32\...\Bagger-Simulator 2011 (Demo)) (Version:  - )
BestPractice (remove only) (HKLM-x32\...\BestPractice) (Version:  - )
Bridge Builder 2 Demo (HKLM-x32\...\Bridge Builder 2 Demo) (Version:  - (c) 2012 Halycon Media GmbH & Co.KG)
Brothers in Arms: Hell's Highway (HKLM-x32\...\Brothers in Arms - Hell's Highway) (Version: 1.0.0.0 - Ubisoft)
Bus-Simulator 2012 (HKLM-x32\...\Bus-Simulator 2012_is1) (Version:  - astragon)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon Kurzwahlprogramm (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version:  - )
Canon MX430 series Benutzerregistrierung (HKLM-x32\...\Canon MX430 series Benutzerregistrierung) (Version:  - )
Canon MX430 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX430_series) (Version:  - )
Canon MX430 series On-screen Manual (HKLM-x32\...\Canon MX430 series On-screen Manual) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
capella 7 (HKLM-x32\...\{39E95738-42E2-4B1D-A079-7548359D7B4A}) (Version: 7.1.10 - capella software AG)
capella playAlong 3.0 (HKLM-x32\...\{E53699F2-7E51-4616-A4BF-B5237F17A22F}) (Version: 3.0.38 - capella software)
capella-scan 7.0 (HKLM-x32\...\{59AD5D9B-C4E7-40D0-AA58-C9EF41000795}) (Version: 7.0.20 - capella-software)
Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version:  - Dark Byte)
CHIP Best Deal (HKLM-x32\...\{7553EA3C-F8DA-4188-B7BC-956894EA54F5}) (Version: 1.4.21 - Ciuvo GmbH)
City Bus Simulator 2010 - New York (HKLM-x32\...\{0190000A-A5F5-41EE-9E20-BE784015214C}) (Version: 1.21 - TML-Studios)
City Bus Simulator 2010 - Regiobus Usedom (HKLM-x32\...\{1E24084C-1619-46A3-940A-6A827D3F1404}) (Version: 1.20 - TML-Studios)
ClipMem Advanced (HKLM-x32\...\{E62952D9-52CC-4D65-B112-91DCD22856C5}_is1) (Version: 2.0 beta - Ingo Elsholz)
Construction-Simulator 2015 (HKLM-x32\...\Steam App 289950) (Version:  - weltenbauer. Software Entwicklung GmbH)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Extra Content (HKLM-x32\...\_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}) (Version:  - Corel Corporation)
CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - WT (x32 Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Essentials X5 (HKLM-x32\...\_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}) (Version: 15.2.0.686 - Corel Corporation)
CorelDRAW Essentials X5 (x32 Version: 15.3 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3418 - CyberLink Corp.)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1817_38674 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1327 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.4125 - CyberLink Corp.)
CyberLink YouPaint (HKLM-x32\...\InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}) (Version: 1.2.1928 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-3110529466-1759550328-638498961-1002\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
EarMaster Pro 6.1 (HKLM-x32\...\EarMaster Pro 6_is1) (Version: 6.1 - EarMaster ApS)
Emergency 2013 (HKLM-x32\...\Emergency 2013) (Version:  - Quadriga Games)
Euro Truck Simulator 2 Demo (HKLM-x32\...\Steam App 231120) (Version:  - )
Euro Truck Simulator Gold (entfernen) (HKLM-x32\...\Euro Truck Simulator Gold) (Version:  - )
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
FBW_549 (HKU\S-1-5-21-3110529466-1759550328-638498961-1002\...\FBW_549) (Version:  - )
Finale 2011 Demo (HKLM-x32\...\Finale 2011 Demo) (Version: 2011.b.r2.0 - MakeMusic)
Finale 2012 (HKLM-x32\...\Finale 2012) (Version: 2012.a.r3.10 - MakeMusic)
Finale 2012 Demo (HKLM-x32\...\Finale 2012 Demo) (Version: 2012.a.r5.2 - MakeMusic)
Finale NotePad 2012 (HKLM-x32\...\Finale NotePad 2012) (Version: 2012..r1.1 - MakeMusic)
FlightGear 2.10.0.3 (HKLM\...\FlightGear_is1) (Version:  - The FlightGear Team)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 5.4.4.1023 - Foxit Corporation)
Free M4a to MP3 Converter 8.1 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free YouTube Download version 3.2.49.1111 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.49.1111 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.52.1215 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.52.1215 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GCH Guitar academy (HKLM-x32\...\GCH Guitar academy) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 12.0.742.91 - Google Inc.)
Google Earth (HKLM-x32\...\{528145C0-462A-11E1-B8B4-B8AC6F97B88E}) (Version: 6.2.0.5905 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Grand Theft Auto(TM): San Andreas (HKLM-x32\...\{77B07EA9-570E-472B-8B5A-1C8D5232D328}_is1) (Version:  - Rockstar)
Hama PC-Vibra joystick Outlandish (HKLM-x32\...\Hama PC-Vibra joystick Outlandish) (Version:  - )
HP Color LaserJet CP1210 Series (HKLM\...\HP Color LaserJet CP1210 Series) (Version:  - )
HP Color LaserJet CP1210 Series Toolbox (HKLM\...\{F323676A-B911-4B57-827F-32D02DCD4971}) (Version: 1.0.21 - Hewlett-Packard)
HP Software Update (HKLM-x32\...\{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}) (Version: 3.0.7.014 - Hewlett-Packard)
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Ihr Firmenname)
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation)
ICQ Sparberater (HKLM-x32\...\{EC136321-1AE5-4A7F-B01C-5380D666175B}) (Version: 1.3.667 - solute gmbh)
ICQ7.7 (HKLM-x32\...\{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}) (Version: 7.7 - ICQ)
Inkscape 0.48.3.1 (HKLM-x32\...\Inkscape) (Version: 0.48.3.1 - )
Installer (x32 Version: 1.0.0 - Sierra Entertainment, Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.)
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Java(TM) 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417000FF}) (Version: 7.0.0 - Oracle)
Java(TM) 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217000FF}) (Version: 7.0.0 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
KMSpico v9.2.3 (HKLM\...\KMSpico_is1) (Version: 9.2.3 - )
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Mafia II (HKLM-x32\...\Steam App 50130) (Version:  - 2K Czech)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.2926 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Access database engine 2007 (German) (HKLM-x32\...\{90120000-00D1-0407-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Thunderbird 12.0.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 12.0.1 (x86 de)) (Version: 12.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-3110529466-1759550328-638498961-1002\...\MyFreeCodec) (Version:  - )
myMugle (HKLM-x32\...\myMugle3.0.0.0) (Version: 3.0.0.0 - Computer Business Solutions)
MyTomTom 3.1.0.530 (HKLM-x32\...\MyTomTom) (Version: 3.1.0.530 - TomTom)
NVIDIA 3D Vision Controller-Treiber 295.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 295.73 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.12.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.12.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.0209 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0209 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
OMSI - Der Omnibussimulator (HKLM-x32\...\{9AE850A4-B89D-4875-A159-B1B64D717EFB}) (Version: 1.04 - aerosoft)
OMSI - Stadtbus O305 (HKLM-x32\...\{3EF2A817-4ADC-46F7-8441-46DFCE158D72}) (Version: 1.00 - aerosoft)
OMSI 2 (HKLM-x32\...\Steam App 252530) (Version:  - MR-Software GbR)
OMSI Addon Manager Version 1.2.4 (HKLM-x32\...\{32B08666-1587-435D-988C-7958A04B218A}_is1) (Version: 1.2.4 - Jan Kiesewalter)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Password Remover v3.1 (HKLM-x32\...\PDF Password Remover v3.1_is1) (Version:  - VeryPDF.com Inc)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
Playboy Screensaver (HKLM-x32\...\Playboy Screensaver_is1) (Version:  - )
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Postal 2 Share The Pain Demo (HKLM-x32\...\Postal 2 Share The Pain Demo) (Version:  - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.8 - Power Software Ltd)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6368 - Realtek Semiconductor Corp.)
Remote Mouse version 2.54 (HKLM-x32\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 2.54 - Remote Mouse)
Renault Karosa Citybus 12M (HKLM-x32\...\Renault Karosa Citybus 12M) (Version:  - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Safe Knacker (HKU\S-1-5-21-3110529466-1759550328-638498961-1002\...\Safe Knacker) (Version:  - )
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.2.12074_13 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.2.12074_13 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
San Andreas Mod Installer (HKLM-x32\...\San Andreas Mod Installer1.1) (Version: 1.1 - cpmusick)
SAP Crystal Reports runtime engine for .NET Framework (32-bit) (HKLM-x32\...\{FBAB5DC0-657B-424F-BE58-07DEFF68917C}) (Version: 13.0.5.891 - SAP)
Screenshot Captor 4.03.00 (HKLM-x32\...\ScreenshotCaptor_is1) (Version:  - )
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Shape Collage (HKLM-x32\...\ShapeCollage) (Version:  - Shape Collage Inc.)
Ship Simulator Extremes (HKLM-x32\...\ShipSimExtremes) (Version:  - )
Sibelius 7 OpenType Fonts (HKLM-x32\...\{44998978-7DDB-4AD0-BDF5-D226FBC029FE}) (Version: 7.1.2 - Avid)
Sibelius 7.0.1.45 (HKLM\...\Sibelius 7.0.0.23_is1) (Version: 7.0.1.45 - Avid)
Sibelius Scorch (Firefox, Opera, Netscape only) (HKLM-x32\...\{10ABE49D-343A-463E-9753-C4C5A05ECEF9}) (Version: 6.2.0 - Sibelius Software)
Silent Hunter 4 Wolves of the Pacific (HKLM-x32\...\{0D005F09-A5F4-473B-A901-5735C6AF5628}) (Version: 1.05.0000 - Ubisoft)
Simulationsprogramm Integrierte Leitstelle V4 (HKLM-x32\...\{4B60A7A4-49F6-4D2A-8AE7-BCBAFA6224CE}) (Version: 4.0.14 - BK Elektronik)
Skiregion Simulator 2012 (HKLM-x32\...\SkiRegionSimulator2012DE_is1) (Version: 1.0 - GIANTS Software)
SoftNoteDemo 3.2.0.0 (HKLM-x32\...\{48E35CA4-B3E0-49B3-A950-22A5F060743A}_is1) (Version: 3.2.0.0 - Dieter Klingl)
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
SWAT 4 - THE STETCHKOV SYNDICATE (HKLM-x32\...\InstallShield_{97E12F84-C033-4DA2-97D2-F540C3E292EA}) (Version: 1.0.0 - Sierra Entertainment, Inc.)
SWAT 4 (HKLM-x32\...\InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}) (Version: 1.0.31763 - Ihr Firmenname)
SWAT 4 (x32 Version: 1.0.31763 - Ihr Firmenname) Hidden
SWAT 4 Single Player Demo (HKLM-x32\...\InstallShield_{F2CA85EF-D86E-4F4C-99E7-8ED7AA18E7B8}) (Version: 1.10.29930 - Vivendi Universal Games)
SWAT 4 Single Player Demo (x32 Version: 1.10.29930 - Vivendi Universal Games) Hidden
Switch Sound File Converter (HKLM-x32\...\Switch) (Version:  - NCH Software)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.13989 - TeamViewer)
TmUnitedForever (HKLM-x32\...\TmUnitedForever_is1) (Version:  - Nadeo)
Tom Clancy's H.A.W.X (HKLM-x32\...\{6E36A172-06FB-4BC8-B7FC-D30D219E6776}) (Version: 1.02.00000 - Ubisoft)
Tom Clancy's H.A.W.X Demo (HKLM-x32\...\{6C596FD6-C378-4399-93F1-43A206759B23}) (Version: 1.00.00000 - Ubisoft)
Tom Clancy's H.A.W.X. 2 (HKLM-x32\...\{76A232AF-B7D6-41A4-B795-6B355E6D32B1}) (Version: 1.0.1 - Ubisoft)
tonica fugata 10.0  (HKLM-x32\...\{AF27FA1B-CD05-48E3-A86A-A0736C7F4170}) (Version: 10.0.3 - capella software)
Train Simulator 2015 (HKLM-x32\...\Steam App 24010) (Version:  - RailSimulator.com)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKU\S-1-5-21-3110529466-1759550328-638498961-1002\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
Visitenkarten in 2 Minuten (HKLM-x32\...\Visitenkarten in 2 Minuten) (Version:  - )
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Visual TimeAnalyzer 1.5 (HKLM-x32\...\Visual TimeAnalyzer) (Version: 1.5 - Neuber Software)
War Thunder Launcher 1.0.1.252 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - 2013 Gaijin Entertainment Corporation)
watchmi (HKLM-x32\...\{AA4D1C5E-116A-4FF4-AA91-28F526868203}) (Version: 2.5.0 - Axel Springer Digital TV Guide GmbH)
WAV To MP3 V2 (HKLM-x32\...\WAV To MP3_is1) (Version:  - hxxp://www.WAVMP3.net)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version:  - NCH Software)
WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 2.1.4.1300 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung (HKLM-x32\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.0.55 - 1&1 Mail & Media GmbH)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Liven asennustyökalu (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinRAR 4.10 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
Worms Ultimate Mayhem (HKLM-x32\...\Steam App 70600) (Version:  - )
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3110529466-1759550328-638498961-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tassilo Welsch\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3110529466-1759550328-638498961-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tassilo Welsch\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3110529466-1759550328-638498961-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tassilo Welsch\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3110529466-1759550328-638498961-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tassilo Welsch\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3110529466-1759550328-638498961-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tassilo Welsch\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3110529466-1759550328-638498961-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tassilo Welsch\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3110529466-1759550328-638498961-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tassilo Welsch\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3110529466-1759550328-638498961-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tassilo Welsch\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3110529466-1759550328-638498961-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tassilo Welsch\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

29-01-2015 22:43:27 Revo Uninstaller's restore point - iLivid
29-01-2015 22:59:06 Revo Uninstaller's restore point - DownTango Launcher
29-01-2015 23:15:07 Revo Uninstaller's restore point - GoSave
29-01-2015 23:26:04 Revo Uninstaller's restore point - MyWebFace Toolbar
29-01-2015 23:31:59 Revo Uninstaller's restore point - sweet-page uninstaller
29-01-2015 23:36:31 Revo Uninstaller's restore point - sweet-page uninstaller
29-01-2015 23:38:42 Revo Uninstaller's restore point - YoutubeAdBlocke
29-01-2015 23:40:53 Revo Uninstaller's restore point - WindowsProtectManger20.0.0.401
30-01-2015 00:28:08 Revo Uninstaller's restore point - Emergency 2012 Demo

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-01-30 00:02 - 2015-01-30 00:06 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02025390-5726-4719-A2BB-ACAB192884F7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3110529466-1759550328-638498961-1002Core => C:\Users\Tassilo Welsch\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {043FF251-D067-4ADE-AEDD-2AFC847E1D0F} - System32\Tasks\{0AE2D788-F196-46AB-BE15-15A9605BE958} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {04D46FE5-0D9E-46D2-8798-2666BDCE309D} - System32\Tasks\{1ED58AB2-8029-4E9C-A213-5C7894B1CA35} => pcalua.exe -a C:\m-r-software\Omsi\Omsi.exe -d C:\m-r-software\Omsi -c "-fullscreen"
Task: {05EDD863-B371-4899-A7D7-FA2980942271} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {0ADB3337-B023-4353-8286-31A63D09D241} - System32\Tasks\{1A3F48C3-253E-4168-BD92-9241CFF2A4D8} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {15104991-C26D-4167-8394-27B328193225} - System32\Tasks\{25A6C881-AD79-4A85-A0BB-0C6056602419} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {1AF891CF-6756-47B8-854C-C23DD6BA4C07} - System32\Tasks\{6D819BE8-C6CF-4F28-9AC9-A7E2AE497829} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {1E1ABE2D-B62E-496D-B537-88EA82AEEC26} - System32\Tasks\Amazon Music Helper => C:\Users\Tassilo Welsch\AppData\Local\Amazon Music\Amazon Music Helper.exe [2014-09-06] ()
Task: {20C90576-D021-42E2-AEA5-06E029D5A080} - System32\Tasks\{B238AEDF-DE81-4E43-9330-FA6CC0F867A0} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {29E822E6-8756-4E4F-A21F-0D033A1C330C} - System32\Tasks\{12F9ACDA-CA6A-431A-B4A4-3E2BC21F2250} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {35944AB0-ADF1-4882-A2D4-AECB50B52975} - System32\Tasks\chipSWU => Cscript.exe "C:\Program Files (x86)\chip\Internet Explorer\swu.vbs"
Task: {364047D3-C5D1-4D24-8FB5-C2DD6DDF481C} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {46788C87-0C37-4FF1-A45A-AFB9A6D61350} - System32\Tasks\{44DCC17B-8C14-4418-BF73-310FB40AC60D} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {4921EC05-F17D-48C5-920B-3213A9FC0047} - System32\Tasks\{B3B0ECF1-0811-461C-A0E3-B737D0131314} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {4A76E701-557A-4868-914C-32D9253282CE} - System32\Tasks\{B83F56F7-41C0-4041-B880-6CF52C3F1FA2} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {4D2D5124-9062-44C9-A917-9C3AE33E6B0E} - System32\Tasks\{750A1C66-B661-4846-92BA-390FEC272DAF} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {5E14173A-DEFD-4920-B10C-36ECAFB52B2B} - System32\Tasks\{5B7B4B03-B99E-4BA0-BBD9-2A2EA7E65036} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {5F3EA573-8819-423E-93DD-2DDC7C4FD56E} - System32\Tasks\{D09E4CC6-A05F-4FFA-8244-6D8FB05E6160} => C:\Users\Tassilo Welsch\AppData\Local\Amazon Cloud Player\Amazon Cloud Player.exe
Task: {5F57D93D-38A2-45F4-A423-9DFAAC6FF869} - System32\Tasks\{243BADA1-A22B-4B16-8043-39F74EDF3C77} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {6101C5EA-B462-48CD-B035-2C6E9C2A6CA3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {64D5AA50-CDB3-4B3D-A40F-D820B91058F3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {66255517-79A3-4F02-B460-0370432F317D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {783E54CB-F145-430E-B287-F1C0C24415B1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {79D30614-991C-443A-ABC3-776ABCC330FD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {7AEB562E-4247-493F-8996-0137D2A2850C} - System32\Tasks\{FCCC9FFA-FC10-4E1B-AE34-78B87BC36E68} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {8938AFA7-F868-4D96-844B-EA1671232A93} - System32\Tasks\{C746D4EC-C1D8-40D3-9DA2-EF0E2328DC71} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {8A0B9FA0-5173-4285-B3A2-82018DB4A25C} - System32\Tasks\{AC17E5B0-4CF9-498D-9D60-C362574FC48B} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {8D818155-7C81-46C9-9171-E08E6621E1D8} - System32\Tasks\{C43FC5A4-1B2C-4F37-BBBB-D3EEB8947BBD} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {9D90C69D-D749-4E94-BA55-C172914A30CE} - System32\Tasks\{E0DD3A53-07DA-4236-A62E-6A42664D024F} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {A80A92C6-9FE6-4096-9D2D-FD595711CC1E} - System32\Tasks\{63F7B680-1B36-4ACF-A86E-59FC74504873} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {D4138801-55D3-4902-8FF1-5136EA21594B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3110529466-1759550328-638498961-1002UA => C:\Users\Tassilo Welsch\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {D5CFB42B-2507-4E20-B209-4C10C758D6B8} - System32\Tasks\{1BED51C9-F658-49C5-B86C-D31BF8A961E8} => C:\Program Files (x86)\TML-Studios\World of Subways Vol.2\WoS.exe
Task: {D779D6CC-EA9A-4207-AD9E-3BA663E94A72} - System32\Tasks\{15271AA7-DA3A-44C0-BCAE-6CC3CAADDDC0} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {DA6C0C70-D803-4C93-AB58-D06DEFF453D0} - System32\Tasks\{9BDB2E1A-6737-4103-80BB-A45643C92345} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {DB7CC111-37BE-488A-B7B6-BA571B8F8D52} - System32\Tasks\{9FD97733-AE8A-4759-8825-39DECB04E12A} => C:\Program Files (x86)\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\biahh.exe [2008-09-30] ()
Task: {E891FE67-EE89-4838-AF1A-8060BF2B54EE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-28] (Adobe Systems Incorporated)
Task: {E8DC9438-CB3A-4157-8187-61C6688AF50A} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-03-02] ()
Task: {E9464586-5878-4940-8EC7-741AA781CC31} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {F30F424C-468A-4687-A7FB-1A7376E20D2E} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH)
Task: {F3324A00-BF44-4504-B517-F21BAE717E2E} - System32\Tasks\{8C1D70BB-D416-4688-AFB9-173239B33133} => C:\Program Files (x86)\TML-Studios\World of Subways Vol.2\WoS.exe
Task: {FDF6D008-0166-466E-BF7D-48B32299C963} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3110529466-1759550328-638498961-1002Core.job => C:\Users\Tassilo Welsch\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3110529466-1759550328-638498961-1002UA.job => C:\Users\Tassilo Welsch\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-01-19 21:08 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2012-02-21 21:44 - 2013-01-18 16:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-10-12 13:22 - 2014-09-06 01:54 - 06281536 _____ () C:\Users\Tassilo Welsch\AppData\Local\Amazon Music\Amazon Music Helper.exe
2013-01-07 19:36 - 2011-09-06 03:02 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2012-03-23 14:25 - 2012-03-23 14:25 - 00087040 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2010-12-06 12:52 - 2010-12-06 12:52 - 00062464 _____ () C:\Program Files (x86)\watchmi\TvdService.exe
2011-12-24 19:51 - 2011-12-24 19:51 - 00061952 _____ () C:\Windows\assembly\GAC_MSIL\Tvd.Remote\2.5.0.5__f722db7bec59a14b\Tvd.Remote.dll
2011-12-24 19:51 - 2011-12-24 19:51 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\FingerPrint\1.0.0.0__a62e68e935d72fa6\FingerPrint.dll
2011-12-24 19:51 - 2011-12-24 19:51 - 00078848 _____ () C:\Windows\assembly\GAC_MSIL\Tvd.Reporting\2.5.0.5__f722db7bec59a14b\Tvd.Reporting.dll
2011-12-24 19:51 - 2011-12-24 19:51 - 00148480 _____ () C:\Windows\assembly\GAC_MSIL\Tvd.Aprico\2.5.0.5__f722db7bec59a14b\Tvd.Aprico.dll
2010-12-06 12:52 - 2010-12-06 12:52 - 01070080 _____ () C:\Program Files (x86)\watchmi\TvdTray.exe
2010-12-06 12:52 - 2010-12-06 12:52 - 00004608 _____ () C:\Program Files (x86)\watchmi\de\TvdTray.resources.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-21 20:25 - 2013-11-19 21:34 - 00152576 _____ () C:\Program Files (x86)\Remote Mouse\FileS.dll
2010-08-03 23:39 - 2010-08-03 23:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-03 23:39 - 2010-08-03 23:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2011-01-17 16:19 - 2012-02-28 21:57 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2014-10-17 11:03 - 2014-10-17 11:03 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c152a64e30c5b94894d75ac86aa7aad2\IsdiInterop.ni.dll
2011-08-11 21:01 - 2011-04-30 08:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-11-28 23:49 - 2015-01-29 13:01 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-08-30 17:12 - 2015-01-29 20:02 - 00332584 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com\nponlinebanking.dll
2014-08-30 17:12 - 2015-01-29 20:02 - 00459048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-08-30 17:12 - 2015-01-29 20:02 - 00587048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:02B2B479
AlternateDataStreams: C:\ProgramData\Temp:2C14C495
AlternateDataStreams: C:\ProgramData\Temp:40D3D3E8
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
AlternateDataStreams: C:\ProgramData\Temp:F1A5FE8B

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3110529466-1759550328-638498961-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3110529466-1759550328-638498961-1007 - Limited - Enabled)
Gast (S-1-5-21-3110529466-1759550328-638498961-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3110529466-1759550328-638498961-1004 - Limited - Enabled)
Tassilo Welsch (S-1-5-21-3110529466-1759550328-638498961-1002 - Administrator - Enabled) => C:\Users\Tassilo Welsch
UpdatusUser (S-1-5-21-3110529466-1759550328-638498961-1005 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-01-30 00:01:19.277
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-30 00:01:19.215
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-29 19:47:27.622
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-29 19:47:27.619
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-29 19:47:27.617
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-29 19:47:27.607
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-28 15:44:27.380
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-28 15:44:27.380
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-28 15:44:27.317
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-28 15:44:27.317
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 47%
Total physical RAM: 4077.64 MB
Available physical RAM: 2151.06 MB
Total Pagefile: 8153.46 MB
Available Pagefile: 5943.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:1811.92 GB) (Free:1360.12 GB) NTFS
Drive d: (Recover) (Fixed) (Total:50 GB) (Free:25.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1811.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================

schrauber 30.01.2015 14:32

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Tassimo 30.01.2015 23:20
Hallo Schrauber,


ist das normal, dass ESET so lange läuft? Es läuft jetzt 2:06 h und hat erst 43% durch.

Gruß,

Tassimo

Guten Abend Schrauber,


hier der Checkup.txt
Code:
Results of screen317's Security Check version 0.99.95 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Total Security 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Java(TM) 6 Update 22 
 Java(TM) 7   
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31 
 Adobe Flash Player 16.0.0.296 
 Adobe Reader 10.1.13 Adobe Reader out of Date! 
 Mozilla Firefox (Firefox,. Firefox out of Date! 
 Mozilla Thunderbird 12.0.1 Thunderbird out of Date! 
 Google Chrome 12.0.742.91 Google Chrome out of date! 
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

und der ESET log



Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6105e4a656a356488c5df08713af130a
# engine=22230
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-30 07:17:22
# local_time=2015-01-30 08:17:22 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Total Security'
# compatibility_mode=1298 16777213 100 100 19994 50217072 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 49081418 174275292 0 0
# scanned=330515
# found=26
# cleaned=0
# scan_time=8506
sh=2FEC3C9DD8FF091F0BA16F3E018A64C035561E43 ft=1 fh=23985e90161d10c7 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Switch\switch.exe.vir"
sh=05C49B01852F39F7DE2A1D3BF81021ADA2252364 ft=1 fh=e53cd9d154c98b29 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Switch\switchsetup4.24_v4.22.exe.vir"
sh=383C43CCA4895DB14383F31517A6EA5C6A2D880F ft=1 fh=d9a61a5a161d10c7 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Switch\uninst.exe.vir"
sh=65D308DA213F4875F96F505E231F10A97D053DD5 ft=1 fh=8404c49611aa3692 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\WavePad\uninst.exe.vir"
sh=D2B904C7870A714DC3FA24ADD7AEB4AD1EFCA41F ft=1 fh=7e3a805c11aa3692 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\WavePad\wavepad.exe.vir"
sh=FF4166E350CEF77DB6FC3AB70C8FD4C6DA7F8CA3 ft=1 fh=931359d5cb4dd8e8 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\WavePad\wpsetup_v5.10.exe.vir"
sh=3D09B4A1E2E55E7D1DF62B739D434F3F4E51DB90 ft=1 fh=31688d33c108b3f2 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe.vir"
sh=1A3AD1993FCF8C08C3E3112EAA1E6227470EBFC5 ft=1 fh=42671f1e7c122a0f vn="Variante von Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\5aUninstall MyWebFace.dll"
sh=05C9C1C418CB1626EA3E1CF4D98E7C19C2D5270B ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.NBD Trojaner" ac=I fn="C:\Users\Tassilo Welsch\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\68fd1fcf-43d721a7"
sh=05C49B01852F39F7DE2A1D3BF81021ADA2252364 ft=1 fh=e53cd9d154c98b29 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tassilo Welsch\Desktop\Programme\switchsetup4.24.exe"
sh=2C6CA656D8042FDD21F1510B4E5DB769B8C972A5 ft=0 fh=0000000000000000 vn="Android/TrojanSMS.Agent.GA Trojaner" ac=I fn="C:\Users\Tassilo Welsch\Documents\Handy 24.01.2013\download\Worms (0.0.15).apk"
sh=F939B381FB157B23D9A7D40791CAC1A6A45C7683 ft=1 fh=d46bffc61161ad62 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tassilo Welsch\Music\Saarbagage 28.05\Probe vorm Konzert\ShapeCollage-2.5.3-Setup.exe"
sh=64B8AA35A33A0FE7E9A15D211EEDB1C1B0ABF485 ft=1 fh=50d54871a6c5948b vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tassilo Welsch\Pictures\Downloads\Amazon Music - CHIP-Installer.exe"
sh=22683000B1E796DA41FF6C06CAB2CD50933C204D ft=1 fh=62d111bdd0960ba5 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tassilo Welsch\Pictures\Downloads\Firefox - CHIP-Installer.exe"
sh=0E5DD54E0B7050027C91217CBAF9E69C41320FA0 ft=1 fh=768413e8c6e2a282 vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tassilo Welsch\Pictures\Downloads\Flughafen-Feuerwehr-Simulator-lnstall.exe"
sh=BA7141F84F63929375185B310E2F481425905D5A ft=1 fh=84dd0fbe7b430ae7 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tassilo Welsch\Pictures\Downloads\FurMark - CHIP-Installer.exe"
sh=3C4378D1E09B0ACA15B922EFA9EDA2F5B0B1A072 ft=1 fh=94ef4611bcdd5bdc vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tassilo Welsch\Pictures\Downloads\GPU Z - CHIP-Installer.exe"
sh=8E7BEF6AB3186398D3D82956BB3D9C38146FEBE7 ft=1 fh=ba061e50cf94325f vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tassilo Welsch\Pictures\Downloads\lame3.99.5 - CHIP-Installer.exe"
sh=9DF97B417C53958902D1876867B1B5233E107868 ft=1 fh=b6fea5969f17fc17 vn="Win32/Somoto.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tassilo Welsch\Pictures\Downloads\m4a-to-mp3-81converter.exe"
sh=2265BF2C27F6B45C07674C97C0090E866D180C7A ft=1 fh=54648a7a66c0afb8 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tassilo Welsch\Pictures\Downloads\Nano SIM Schablone PDF Vorlage - CHIP-Installer.exe"
sh=564E54593C824F9338F11D455FE95E010D02131C ft=1 fh=cdb2436de2068836 vn="Variante von Win32/ExpressDownloader.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tassilo Welsch\Pictures\Downloads\Omsi2.ru_Mercedes_o530_V2.7z_downloader.exe"
sh=6CF8A9F031B45F70BE3E66E7ACC7449CDA15FA34 ft=1 fh=2de4b6f517306153 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tassilo Welsch\Pictures\Downloads\PDFCreator-1_2_3_setup.exe"
sh=33AF70679720CE5C79D4EEFAED33695FA92274BA ft=1 fh=a9dd3b111cd673d6 vn="Variante von Win32/YourFileDownloader evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tassilo Welsch\Pictures\Downloads\sibelius_7_keygen_downloader_224.exe"
sh=8DF562B5B805DDEA815F5E784603DDEE8382C6BF ft=1 fh=25d11aea66da9d97 vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tassilo Welsch\Pictures\Downloads\SoftonicDownloader_fuer_bestpractice.exe"
sh=B09B3CA5BB010C92E669DDC339D96B1ABE346359 ft=1 fh=7e6737701ba9e43d vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tassilo Welsch\Pictures\Downloads\SoftonicDownloader_fuer_visitenkarten-in-2-minuten.exe"
sh=48C026F6B0F6206FE86949230AD3457B91362685 ft=1 fh=c79879ef67b7bb09 vn="Variante von Win32/SweetIM.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tassilo Welsch\Pictures\Downloads\sweetimsetup.exe"
ESETSmartInstaller@High as downloader log:
all ok

und der FRSTlog



FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by Tassilo Welsch (administrator) on TASSILOWELSCH on 30-01-2015 23:12:54
Running from C:\Users\Tassilo Welsch\Desktop
Loaded Profiles: Tassilo Welsch (Available profiles: Tassilo Welsch & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Program Files\ASUS\Bluetooth Software\btwdins.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
() C:\Program Files (x86)\watchmi\TvdService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Users\Tassilo Welsch\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Marvell Semiconductor, Inc.) C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(RemoteMouse.net) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
(Broadcom Corporation.) C:\Program Files\ASUS\Bluetooth Software\BTTray.exe
() C:\Program Files (x86)\watchmi\TvdTray.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\ASUS\Bluetooth Software\BTStackServer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11821160 2011-05-09] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [PrnStatusMX] => C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [1240064 2012-07-04] (Marvell Semiconductor, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-03] (CyberLink)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [TBAction] => C:\Program Files (x86)\Visual TimeAnalyzer\tbaction.exe [129408 2011-10-13] (Neuber Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [439440 2011-09-27] (CANON INC.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-10-23] (Power Software Ltd)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49152 2005-02-16] (Hewlett-Packard Co.)
HKU\S-1-5-21-3110529466-1759550328-638498961-1002\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-07-25] (Samsung)
HKU\S-1-5-21-3110529466-1759550328-638498961-1002\...\Run: [Remote Mouse] => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [1238528 2014-04-28] (RemoteMouse.net)
HKU\S-1-5-21-3110529466-1759550328-638498961-1002\...\Run: [Amazon Music] => C:\Users\Tassilo Welsch\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-06] ()
Lsa: [Notification Packages] scecli C:\Program Files\ASUS\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ASUS\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk
ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe (Acresso Software Inc.)
Startup: C:\Users\Tassilo Welsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GM_DevUpdate.lnk
ShortcutTarget: GM_DevUpdate.lnk -> C:\Program Files (x86)\Hama PC-Vibra joystick Outlandish\GM_DevUpdate.exe ()
Startup: C:\Users\Tassilo Welsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OMSI Addon Manager.lnk
ShortcutTarget: OMSI Addon Manager.lnk -> C:\Program Files (x86)\OMSI Addon Manager\OMSI Addon Manager.exe (Jan Kiesewalter)
Startup: C:\Users\Tassilo Welsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\shellex.dll (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\shellex.dll (Kaspersky Lab ZAO)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3110529466-1759550328-638498961-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3110529466-1759550328-638498961-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-3110529466-1759550328-638498961-1002 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3110529466-1759550328-638498961-1002 -> DefaultScope {84EC4205-EC93-43C3-912A-684A257AF5CE} URL =
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CHIP Best Deal BHO -> {7553EA3C-F8DA-4188-B7BC-956894EA54F5} -> C:\Program Files (x86)\chip\Internet Explorer\chip64.dll ()
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: CHIP Best Deal BHO -> {7553EA3C-F8DA-4188-B7BC-956894EA54F5} -> C:\Program Files (x86)\chip\Internet Explorer\chip32.dll ()
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: ICQ Sparberater -> {EC136321-1AE5-4A7F-B01C-5380D666175B} -> C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3110529466-1759550328-638498961-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Tassilo Welsch\AppData\Roaming\Mozilla\Profiles\dcc8za0g.Standard-Benutzer
FF SelectedSearchEngine: Google
FF Homepage: https://www.facebook.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3110529466-1759550328-638498961-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Tassilo Welsch\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3110529466-1759550328-638498961-1002: facebook.com/fbDesktopPlugin -> C:\Users\Tassilo Welsch\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Plugin HKU\S-1-5-21-3110529466-1759550328-638498961-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF user.js: detected! => C:\Users\Tassilo Welsch\AppData\Roaming\Mozilla\Profiles\dcc8za0g.Standard-Benutzer\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Oracle Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPSibelius.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll (PDFTron Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll ()
FF SearchPlugin: C:\Users\Tassilo Welsch\AppData\Roaming\Mozilla\Profiles\dcc8za0g.Standard-Benutzer\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Tassilo Welsch\AppData\Roaming\Mozilla\Profiles\dcc8za0g.Standard-Benutzer\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Tassilo Welsch\AppData\Roaming\Mozilla\Profiles\dcc8za0g.Standard-Benutzer\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Tassilo Welsch\AppData\Roaming\Mozilla\Profiles\dcc8za0g.Standard-Benutzer\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Tassilo Welsch\AppData\Roaming\Mozilla\Profiles\dcc8za0g.Standard-Benutzer\searchplugins\webde-suche.xml
FF Extension: Quick Start - C:\Users\Tassilo Welsch\AppData\Roaming\Mozilla\Profiles\dcc8za0g.Standard-Benutzer\Extensions\quick_start@gmail.com [2014-06-17]
FF Extension: WEB.DE MailCheck - C:\Users\Tassilo Welsch\AppData\Roaming\Mozilla\Profiles\dcc8za0g.Standard-Benutzer\Extensions\toolbar@web.de [2014-12-17]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-29]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-29]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-29]
FF HKU\S-1-5-21-3110529466-1759550328-638498961-1002\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-18]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 Accelerometer; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 Accelerometer; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
S3 BFE; . [0 2015-01-30] () <==== ATTENTION (zero size file/folder)
R2 btwdins; C:\Program Files\ASUS\Bluetooth Software\btwdins.exe [1005944 2012-12-06] (Broadcom Corporation.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2011-09-06] ()
S3 MpsSvc; . [0 2015-01-30] () <==== ATTENTION (zero size file/folder)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] () [File not signed]
R2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [62464 2010-12-06] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-06-06] ()
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2012-09-24] (Broadcom Corporation.)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-12-30] () [File not signed]
U3 GMFilter; C:\Windows\SysWOW64\Drivers\GMFilter.sys [21760 2005-08-23] () [File not signed]
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2015-01-29] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [818888 2015-01-29] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2015-01-29] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-06-06] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S0 nvpciflt; system32\DRIVERS\nvpciflt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: Accelerometer -> No ServiceDLL Path.

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-30 22:59 - 2015-01-30 22:59 - 00852573 _____ () C:\Users\Tassilo Welsch\Desktop\SecurityCheck.exe
2015-01-30 16:05 - 2015-01-30 16:05 - 02347384 _____ (ESET) C:\Users\Tassilo Welsch\Desktop\esetsmartinstaller_deu.exe
2015-01-30 12:54 - 2015-01-30 12:54 - 00049910 _____ () C:\Users\Tassilo Welsch\Desktop\Addition.txt
2015-01-30 12:53 - 2015-01-30 23:12 - 00027932 _____ () C:\Users\Tassilo Welsch\Desktop\FRST.txt
2015-01-30 12:51 - 2015-01-30 12:51 - 00002379 _____ () C:\Users\Tassilo Welsch\Desktop\JRT.txt
2015-01-30 12:48 - 2015-01-30 12:48 - 00000000 ____D () C:\Windows\ERUNT
2015-01-30 12:47 - 2015-01-30 12:47 - 01707939 _____ (Thisisu) C:\Users\Tassilo Welsch\Desktop\JRT.exe
2015-01-30 12:44 - 2015-01-30 12:44 - 00007611 _____ () C:\Users\Tassilo Welsch\Desktop\AdwCleaner[S0].txt
2015-01-30 12:33 - 2015-01-30 12:39 - 00000000 ____D () C:\AdwCleaner
2015-01-30 11:53 - 2015-01-30 12:34 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-30 11:53 - 2015-01-30 11:53 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-30 11:53 - 2015-01-30 11:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-30 11:53 - 2015-01-30 11:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-30 11:53 - 2015-01-30 11:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-30 11:53 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-30 11:53 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-30 11:53 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-30 11:51 - 2015-01-30 11:51 - 02194432 _____ () C:\Users\Tassilo Welsch\Desktop\AdwCleaner_4.109.exe
2015-01-30 11:42 - 2015-01-29 08:23 - 02130432 _____ (Farbar) C:\Users\Tassilo Welsch\Desktop\FRST64.exe
2015-01-30 00:12 - 2015-01-30 00:12 - 00039191 _____ () C:\ComboFix.txt
2015-01-29 23:51 - 2015-01-30 00:12 - 00000000 ____D () C:\Qoobox
2015-01-29 23:51 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-29 23:51 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-29 23:51 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-29 23:51 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-29 23:51 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-29 23:51 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-29 23:51 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-29 23:51 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-29 23:50 - 2015-01-30 00:10 - 00000000 ____D () C:\Windows\erdnt
2015-01-29 23:30 - 2012-05-03 16:18 - 00693648 _____ (MindSpark) C:\Program Files (x86)\5aUninstall MyWebFace.dll
2015-01-29 23:30 - 2012-05-03 16:18 - 00174008 _____ () C:\Program Files (x86)\5ares.dll
2015-01-29 22:36 - 2015-01-29 22:36 - 00001268 _____ () C:\Users\Tassilo Welsch\Desktop\Revo Uninstaller.lnk
2015-01-29 22:36 - 2015-01-29 22:36 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-29 19:45 - 2015-01-29 19:45 - 00002307 _____ () C:\Users\Tassilo Welsch\Desktop\Sicherer Zahlungsverkehr.lnk
2015-01-29 19:44 - 2015-01-29 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2015-01-29 19:44 - 2015-01-29 19:43 - 00002057 _____ () C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2015-01-29 19:43 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-01-29 19:42 - 2015-01-30 15:59 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-29 19:42 - 2015-01-29 19:42 - 00000000 ____D () C:\Windows\ELAMBKUP
2015-01-29 19:42 - 2015-01-29 19:42 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-01-29 19:42 - 2014-08-12 18:33 - 00246456 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-01-29 08:23 - 2015-01-30 23:12 - 00000000 ____D () C:\FRST
2015-01-28 15:34 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-28 15:34 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-28 15:34 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-28 15:34 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-28 15:34 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-28 15:34 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-28 15:34 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-28 15:34 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-28 15:34 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-28 15:34 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-28 15:34 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-28 15:34 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-28 15:34 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-20 12:10 - 2015-01-20 12:16 - 00000000 ____D () C:\Users\Tassilo Welsch\Documents\Leitz vorlagen
2015-01-18 20:11 - 2015-01-19 17:20 - 00000000 ____D () C:\Users\Tassilo Welsch\AppData\Local\Spotify
2015-01-18 20:10 - 2015-01-28 15:08 - 00000000 ____D () C:\Users\Tassilo Welsch\AppData\Roaming\Spotify
2015-01-15 09:28 - 2015-01-27 16:44 - 00000000 ____D () C:\Users\Tassilo Welsch\Documents\Online Banking
2015-01-14 22:50 - 2015-01-28 15:08 - 00000000 ____D () C:\99b715753655f64069c8
2015-01-10 14:35 - 2015-01-10 22:00 - 00000000 ____D () C:\Users\Tassilo Welsch\Desktop\Blasmusik Timi
2015-01-10 14:32 - 2015-01-28 15:09 - 00000000 ____D () C:\Users\Tassilo Welsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2015-01-06 15:56 - 2015-01-06 15:56 - 00001536 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2015-01-06 15:56 - 2015-01-06 15:56 - 00001245 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-30 23:04 - 2009-07-14 05:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-30 23:04 - 2009-07-14 05:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-30 22:39 - 2012-04-12 15:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-30 22:32 - 2011-12-24 19:52 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-30 21:34 - 2011-12-24 19:49 - 01185267 _____ () C:\Windows\WindowsUpdate.log
2015-01-30 20:47 - 2012-04-11 22:05 - 00001174 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3110529466-1759550328-638498961-1002UA.job
2015-01-30 15:49 - 2011-12-24 19:52 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-30 15:44 - 2011-09-05 23:24 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-30 15:44 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-30 15:44 - 2009-07-14 05:51 - 00222660 _____ () C:\Windows\setupact.log
2015-01-30 15:43 - 2010-11-21 04:47 - 00266916 _____ () C:\Windows\PFRO.log
2015-01-30 12:41 - 2011-09-05 23:57 - 00000000 ____D () C:\Windows\sv
2015-01-30 12:38 - 2011-12-25 21:06 - 00000000 ____D () C:\ProgramData\ICQ
2015-01-30 12:32 - 2012-10-26 10:33 - 00000000 ____D () C:\Users\Tassilo Welsch\AppData\Roaming\DownTango4SToolbar
2015-01-30 12:32 - 2012-04-13 15:53 - 00000000 ____D () C:\Users\Tassilo Welsch\AppData\Roaming\ProtectDISC
2015-01-30 12:32 - 2011-12-24 19:56 - 00000000 ____D () C:\Users\Tassilo Welsch
2015-01-30 09:12 - 2014-11-24 19:17 - 00000000 ____D () C:\Users\Tassilo Welsch\Documents\Wichtige Dokumente
2015-01-30 00:31 - 2012-04-13 15:36 - 00000000 ____D () C:\Program Files (x86)\Quadriga Games
2015-01-30 00:12 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-01-30 00:06 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-30 00:03 - 2009-07-14 03:34 - 99614720 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-01-30 00:03 - 2009-07-14 03:34 - 27787264 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-01-30 00:03 - 2009-07-14 03:34 - 01048576 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-01-30 00:03 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-01-30 00:03 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-01-29 23:47 - 2012-04-11 22:05 - 00001152 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3110529466-1759550328-638498961-1002Core.job
2015-01-29 20:02 - 2014-08-20 18:04 - 00818888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-01-29 20:02 - 2014-08-18 14:43 - 00150536 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-01-29 20:02 - 2014-08-13 19:34 - 00077512 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klwtp.sys
2015-01-29 19:27 - 2012-03-04 19:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-29 16:40 - 2011-05-16 15:04 - 00710046 _____ () C:\Windows\system32\perfh007.dat
2015-01-29 16:40 - 2011-05-16 15:04 - 00154482 _____ () C:\Windows\system32\perfc007.dat
2015-01-29 16:40 - 2009-07-14 06:13 - 01649664 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-29 13:01 - 2014-11-10 18:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-28 18:39 - 2012-04-12 15:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-28 18:39 - 2012-04-12 15:18 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-28 18:39 - 2011-08-10 20:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-28 18:23 - 2013-05-18 20:51 - 01756160 ___SH () C:\Users\Tassilo Welsch\Desktop\Thumbs.db
2015-01-28 16:10 - 2013-08-15 22:28 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-28 16:09 - 2011-07-18 21:31 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-28 15:09 - 2012-02-28 13:57 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-28 15:09 - 2012-01-08 20:43 - 00000000 ____D () C:\Users\Tassilo Welsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-01-28 15:09 - 2011-12-24 22:40 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-01-28 15:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-28 15:07 - 2012-01-08 20:51 - 00000000 ___RD () C:\Users\Tassilo Welsch\Dropbox
2015-01-28 15:07 - 2012-01-08 20:43 - 00000000 ____D () C:\Users\Tassilo Welsch\AppData\Roaming\Dropbox
2015-01-19 23:30 - 2014-09-29 10:33 - 00000000 ____D () C:\Users\Tassilo Welsch\Documents\Studium
2015-01-12 09:41 - 2012-05-13 21:53 - 00000000 ____D () C:\Users\Tassilo Welsch\Documents\Orchestren-Bands
2015-01-06 15:56 - 2014-11-18 23:16 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-01-06 15:56 - 2014-11-18 23:15 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-01-06 15:56 - 2014-08-11 22:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-01-06 15:56 - 2012-06-25 22:01 - 00000000 ____D () C:\Users\Tassilo Welsch\AppData\Roaming\DVDVideoSoft
2015-01-01 16:03 - 2013-01-07 19:25 - 00000000 ____D () C:\ProgramData\CanonIJPLM

==================== Files in the root of some directories =======

2015-01-29 23:30 - 2012-05-03 16:18 - 0174008 _____ () C:\Program Files (x86)\5ares.dll
2015-01-29 23:30 - 2012-05-03 16:18 - 0693648 _____ (MindSpark) C:\Program Files (x86)\5aUninstall MyWebFace.dll
2012-10-05 19:23 - 2012-10-05 19:23 - 0000604 ____H () C:\Program Files (x86)\_Z2
2012-04-24 13:45 - 2012-04-24 13:45 - 0000000 _____ () C:\Users\Tassilo Welsch\AppData\Roaming\domRK.txt
2012-02-12 16:11 - 2013-02-25 00:38 - 0005120 _____ () C:\Users\Tassilo Welsch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-01 21:07 - 2014-12-02 16:58 - 0000058 _____ () C:\Users\Tassilo Welsch\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2013-06-09 19:32 - 2013-06-09 19:32 - 0000102 _____ () C:\Users\Tassilo Welsch\AppData\Local\fusioncache.dat
2012-06-02 20:27 - 2012-06-02 20:27 - 0000218 _____ () C:\Users\Tassilo Welsch\AppData\Local\recently-used.xbel
2012-01-04 12:04 - 2013-03-26 21:55 - 0007605 _____ () C:\Users\Tassilo Welsch\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\Tassilo Welsch\SkiRegionSimulator2012Patch1.0.1DE.exe


Some content of TEMP:
====================
C:\Users\Tassilo Welsch\AppData\Local\Temp\Quarantine.exe
C:\Users\Tassilo Welsch\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64


LastRegBack: 2015-01-24 00:55

==================== End Of Log ============================
--- --- ---

--- --- ---





leider kommt die Fehlermeldung immernoch, wenn ich die Firewall öffnen möchte.

Gruß,

Tassilo

Und ich weiß, dass du dir die Logfiles jetzt zwar nich nicht angeschaut hast, aber ich Frage trotzdem.

Kann/darf ich die Programme, die du mich gebeten hast runter zu laden wieder löschen, oder sollen die drauf bleiben?


Vielen Dank nochmal,


Tassimo

schrauber 31.01.2015 13:24
Java, Adobe, Firefox, Thunderbird und Chrome updaten.

Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Program Files (x86)\5aUninstall MyWebFace.dll

C:\Users\Tassilo Welsch\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\68fd1fcf-43d721a7

C:\Users\Tassilo Welsch\Desktop\Programme\switchsetup4.24.exe

C:\Users\Tassilo Welsch\Documents\Handy 24.01.2013\download\Worms (0.0.15).apk

C:\Users\Tassilo Welsch\Music\Saarbagage 28.05\Probe vorm Konzert\ShapeCollage-2.5.3-Setup.exe

C:\Users\Tassilo Welsch\Pictures\Downloads\Amazon Music - CHIP-Installer.exe

C:\Users\Tassilo Welsch\Pictures\Downloads\Firefox - CHIP-Installer.exe

C:\Users\Tassilo Welsch\Pictures\Downloads\Flughafen-Feuerwehr-Simulator-lnstall.exe

C:\Users\Tassilo Welsch\Pictures\Downloads\FurMark - CHIP-Installer.exe

C:\Users\Tassilo Welsch\Pictures\Downloads\GPU Z - CHIP-Installer.exe

C:\Users\Tassilo Welsch\Pictures\Downloads\lame3.99.5 - CHIP-Installer.exe

C:\Users\Tassilo Welsch\Pictures\Downloads\m4a-to-mp3-81converter.exe

C:\Users\Tassilo Welsch\Pictures\Downloads\Nano SIM Schablone PDF Vorlage - CHIP-Installer.exe

C:\Users\Tassilo Welsch\Pictures\Downloads\Omsi2.ru_Mercedes_o530_V2.7z_downloader.exe

C:\Users\Tassilo Welsch\Pictures\Downloads\PDFCreator-1_2_3_setup.exe

C:\Users\Tassilo Welsch\Pictures\Downloads\sibelius_7_keygen_downloader_224.exe

C:\Users\Tassilo Welsch\Pictures\Downloads\SoftonicDownloader_fuer_bestpractice.exe

C:\Users\Tassilo Welsch\Pictures\Downloads\SoftonicDownloader_fuer_visitenkarten-in-2-minuten.exe

C:\Users\Tassilo Welsch\Pictures\Downloads\sweetimsetup.exe
S3 BFE; . [0 2015-01-30] () <==== ATTENTION (zero size file/folder)
S3 MpsSvc; . [0 2015-01-30] () <==== ATTENTION (zero size file/folder)
DeleteJunctionsIndirectory: C:\Windows\system64
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





http://www.deeprybka.trojaner-board....r/wraioneu.PNG
  • Lade Dir bitte Windows Repair - All in one von tweaking.com hier herunter und installiere es.
  • Deaktiviere bitte (wenn möglich) Dein Antivirusprogramm.
  • Bedenke, dass die einzelnen Reparaturen einige Zeit benötigen. Starte keine anderen Anwendungen in dieser Zeit.
  • Starte das Programm und führe die Punkte 1-5 durch. (Siehe Bildanleitung)
  • Achte darauf, dass bei Dir die Häkchen so gesetzt sind wie unter Punkt 4.
  • Setze auch ein Häkchen bei "Restart/Shutdown System" und klicke "Restart System" an bevor Du Punkt 5 durchführst.
http://deeprybka.trojaner-board.de/b...srepair271.png

Tassimo 31.01.2015 15:14
Da ich mit chrome sowiso nix mache: kann ich Chrome auch einfach mit Revo deinstallieren?

Genau das Selbe gilt eig für den Adobe Reader, da ich Dateien nur mit dem Roxit Reader öffne.

Gruß,
Tassimo

Hallo schrauber,



hier der Fix.log

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-01-2015
Ran by Tassilo Welsch at 2015-01-31 13:58:54 Run:1
Running from C:\Users\Tassilo Welsch\Desktop
Loaded Profiles: Tassilo Welsch (Available profiles: Tassilo Welsch & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\5aUninstall MyWebFace.dll

C:\Users\Tassilo Welsch\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\68fd1fcf-43d721a7

C:\Users\Tassilo Welsch\Desktop\Programme\switchsetup4.24.exe

C:\Users\Tassilo Welsch\Documents\Handy 24.01.2013\download\Worms (0.0.15).apk

C:\Users\Tassilo Welsch\Music\Saarbagage 28.05\Probe vorm Konzert\ShapeCollage-2.5.3-Setup.exe

C:\Users\Tassilo Welsch\Pictures\Downloads\Amazon Music - CHIP-Installer.exe

C:\Users\Tassilo Welsch\Pictures\Downloads\Firefox - CHIP-Installer.exe

C:\Users\Tassilo Welsch\Pictures\Downloads\Flughafen-Feuerwehr-Simulator-lnstall.exe

C:\Users\Tassilo Welsch\Pictures\Downloads\FurMark - CHIP-Installer.exe

C:\Users\Tassilo Welsch\Pictures\Downloads\GPU Z - CHIP-Installer.exe

C:\Users\Tassilo Welsch\Pictures\Downloads\lame3.99.5 - CHIP-Installer.exe

C:\Users\Tassilo Welsch\Pictures\Downloads\m4a-to-mp3-81converter.exe

C:\Users\Tassilo Welsch\Pictures\Downloads\Nano SIM Schablone PDF Vorlage - CHIP-Installer.exe

C:\Users\Tassilo Welsch\Pictures\Downloads\Omsi2.ru_Mercedes_o530_V2.7z_downloader.exe

C:\Users\Tassilo Welsch\Pictures\Downloads\PDFCreator-1_2_3_setup.exe

C:\Users\Tassilo Welsch\Pictures\Downloads\sibelius_7_keygen_downloader_224.exe

C:\Users\Tassilo Welsch\Pictures\Downloads\SoftonicDownloader_fuer_bestpractice.exe

C:\Users\Tassilo Welsch\Pictures\Downloads\SoftonicDownloader_fuer_visitenkarten-in-2-minuten.exe

C:\Users\Tassilo Welsch\Pictures\Downloads\sweetimsetup.exe
S3 BFE; . [0 2015-01-30] () <==== ATTENTION (zero size file/folder)
S3 MpsSvc; . [0 2015-01-30] () <==== ATTENTION (zero size file/folder)
DeleteJunctionsIndirectory: C:\Windows\system64
Emptytemp:
*****************

C:\Program Files (x86)\5aUninstall MyWebFace.dll => Moved successfully.
C:\Users\Tassilo Welsch\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\68fd1fcf-43d721a7 => Moved successfully.
C:\Users\Tassilo Welsch\Desktop\Programme\switchsetup4.24.exe => Moved successfully.
C:\Users\Tassilo Welsch\Documents\Handy 24.01.2013\download\Worms (0.0.15).apk => Moved successfully.
C:\Users\Tassilo Welsch\Music\Saarbagage 28.05\Probe vorm Konzert\ShapeCollage-2.5.3-Setup.exe => Moved successfully.
C:\Users\Tassilo Welsch\Pictures\Downloads\Amazon Music - CHIP-Installer.exe => Moved successfully.
C:\Users\Tassilo Welsch\Pictures\Downloads\Firefox - CHIP-Installer.exe => Moved successfully.
C:\Users\Tassilo Welsch\Pictures\Downloads\Flughafen-Feuerwehr-Simulator-lnstall.exe => Moved successfully.
C:\Users\Tassilo Welsch\Pictures\Downloads\FurMark - CHIP-Installer.exe => Moved successfully.
C:\Users\Tassilo Welsch\Pictures\Downloads\GPU Z - CHIP-Installer.exe => Moved successfully.
C:\Users\Tassilo Welsch\Pictures\Downloads\lame3.99.5 - CHIP-Installer.exe => Moved successfully.
C:\Users\Tassilo Welsch\Pictures\Downloads\m4a-to-mp3-81converter.exe => Moved successfully.
C:\Users\Tassilo Welsch\Pictures\Downloads\Nano SIM Schablone PDF Vorlage - CHIP-Installer.exe => Moved successfully.
C:\Users\Tassilo Welsch\Pictures\Downloads\Omsi2.ru_Mercedes_o530_V2.7z_downloader.exe => Moved successfully.
C:\Users\Tassilo Welsch\Pictures\Downloads\PDFCreator-1_2_3_setup.exe => Moved successfully.
C:\Users\Tassilo Welsch\Pictures\Downloads\sibelius_7_keygen_downloader_224.exe => Moved successfully.
C:\Users\Tassilo Welsch\Pictures\Downloads\SoftonicDownloader_fuer_bestpractice.exe => Moved successfully.
C:\Users\Tassilo Welsch\Pictures\Downloads\SoftonicDownloader_fuer_visitenkarten-in-2-minuten.exe => Moved successfully.
C:\Users\Tassilo Welsch\Pictures\Downloads\sweetimsetup.exe => Moved successfully.
BFE => Service deleted successfully.
MpsSvc => Service deleted successfully.
"C:\Windows\system64" => Deleting reparse point and unlocking started.
"C:\Windows\system64" => Deleting reparse point and unlocking done.
"C:\Windows\system64" => Deleting reparse point and unlocking completed.
EmptyTemp: => Removed 9.4 GB temporary data.


The system needed a reboot.

==== End of Fixlog 14:01:44 ====

Ich denke die Fireall läuft wieder Danke.

Was soll ich als nächstes tun?

schrauber 31.01.2015 19:12
Ja kannst beides dann mit Revo deinstallieren.


Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Tassimo 01.02.2015 11:51
Hallo Schrauber,

vielen vielen Dank für die richtig gute Hilfe. Lob werde ich hinterlassen, Kritik gibt es keine. :)

Ich hätte aber noch zwei letzte Fragen.

1. Ich habe immer die "Web.de-Toolbar" benutzt. Diese wurde jetzt ja gelöscht. Kann ich die wieder installieren, oder soll ich das lieber sein lassen?

2. Und wie man dem Thread entnehmen kann benutze ich Kaspersky. Reicht das aus, oder ist das Programm an sich doch nicht so toll(,wie ich dachte)? Bzw. soll ich mir ein anderes Anti-Vierenprogramm zulegen? Und falls ja kann ich warten bis diese Lizens abgelaufen ist, oder eher nicht?


Vielen Dank nochmal,

Tassimo

Sorry ich muss noch eine Frage anfügen!

Ich hatte ja "Steam" deinstalliert, weil mir jemand (ich weiss nicht mehr wer) geraten hat das zu deinstallieren. Kann ich das wieder installieren oder soll ich es besser lassen?

Gruß,

Tassilo

schrauber 01.02.2015 16:10
Zitat:
1. Ich habe immer die "Web.de-Toolbar" benutzt. Diese wurde jetzt ja gelöscht. Kann ich die wieder installieren, oder soll ich das lieber sein lassen?
Ich weiß zwar nicht warum man freiwillig auf Toolbar/Werbung/Datenklau steht, aber ja, kannste installieren :)

KAV st schon ok, kein AV Programm schützt 100% :)

Steam kannste auch installieren.

Tassimo 01.02.2015 16:13
Okay Danke sehr.

Ich denke du kannst den Thread jetzt schließen ;)


Vielen Dank nochmal für alles,


Tassimo

schrauber 01.02.2015 19:24
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:37 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131