Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   SoftwareUpdater.Ui.exe (https://www.trojaner-board.de/147000-softwareupdater-ui-exe.html)

hubschmid 30.12.2013 13:32
SoftwareUpdater.Ui.exe
 
Beim Starten des Computers oder auch immer mal zwischendurch kommt die Aufforderung ein Update zu tätigen "C:/Program Files(x86)/SoftwareUpdater/SoftwareUpdater.Ui.exe". Habe bereits in eurem Forum gelesen, dass dies keine positive Aufforderung ist und das Problem beseitigt werden muss.
Leider bin ich kein Fachmann wenn es um Probleme beim Computer geht und wäre sehr dankbar, wenn mir jemand mit ganz einfachen Worten und Schritt für Schritt helfen könnte.

cosinus 30.12.2013 13:39
Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

hubschmid 30.12.2013 14:54
Hallo Cosinus,

erstmal danke dafür dass du dich meinem Problem annimmst. Bitte habe nachsicht mit mir für den Fall, dass ich deine Anweisungen nicht gleich verstehe.
Mit den "schon vorhandene Logs in CODE-Tags posten" habe ich schon mal ein Problem, habe leider keine Ahnung wo ich sowas finde. Benutze den Kaspersky Internit Security.
Das Farbar's Recovery Scan Tool habe ich runter geladen und einen Scan durchgeführt. Unten die gewünschten Dateien

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013 01
Ran by Ilona (ATTENTION: The logged in user is not administrator) on HUBERT-PC on 30-12-2013 14:14:41
Running from C:\Users\Ilona\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Koninklijke Philips Electronics N.V.) C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13632216 2013-07-09] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - "C:\Windows\system32\hkcmd.exe"
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [761536 2013-12-30] ()
HKLM-x32\...\Runonce: [Del15914145] - cmd.exe /Q /D /c del "C:\Users\ADMINI~1\AppData\Local\Temp\0.del" [x]
HKLM-x32\...\Runonce: [Del15919480] - cmd.exe /Q /D /c del "C:\Users\ADMINI~1\AppData\Local\Temp\0.del" [x]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1509232 2013-02-13] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-02-06] (Samsung Electronics)
HKCU\...\Run: [DriverTurbo] - C:\Program Files (x86)\DriverTurbo\DriverTurbo.exe [6525088 2013-04-15] ()
HKCU\...\Run: [iMesh] - "C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe" --lightmode
AppInit_DLLs:  [ ] ()
AppInit_DLLs-x32:  [ ] ()
Startup: C:\Users\Ilona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.search.ask.com/?o=APN10653A&gct=hp&d=1-1487&v=n10781-212&t=4
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1379258849293&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388&st=chrome&q=
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1379258849293&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388&st=chrome&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1385925679&from=tugs&uid=ST3500413AS_Z2AT39CTXXXXZ2AT39CT&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1385925679&from=tugs&uid=ST3500413AS_Z2AT39CTXXXXZ2AT39CT
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1385925679&from=tugs&uid=ST3500413AS_Z2AT39CTXXXXZ2AT39CT
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1385925679&from=tugs&uid=ST3500413AS_Z2AT39CTXXXXZ2AT39CT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388&st=chrome&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1385925679&from=tugs&uid=ST3500413AS_Z2AT39CTXXXXZ2AT39CT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388&st=chrome&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388&st=chrome&q=
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1385925679&from=tugs&uid=ST3500413AS_Z2AT39CTXXXXZ2AT39CT
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1385925679&from=tugs&uid=ST3500413AS_Z2AT39CTXXXXZ2AT39CT&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103aw&cd=2XzuyEtN2Y1L1Qzu0E0C0AzzyC0BzyyBzytAzytB0D0E0FtDtN0D0Tzu0SyBtDtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1124419911&ir=
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1385925679&from=tugs&uid=ST3500413AS_Z2AT39CTXXXXZ2AT39CT&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.7&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388&q={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1385925679&from=tugs&uid=ST3500413AS_Z2AT39CTXXXXZ2AT39CT&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1487&systemid=1&v=n10781-212&apn_uid=6253835320944712&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1379258849293&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388&q={searchTerms}
BHO: Plus-HD-5.0 - {11111111-1111-1111-1111-110411771118} - C:\Program Files (x86)\Plus-HD-5.0\Plus-HD-5.0-bho64.dll (Plus HD)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Plus-HD-5.0 - {11111111-1111-1111-1111-110411771118} - C:\Program Files (x86)\Plus-HD-5.0\Plus-HD-5.0-bho.dll (Plus HD)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Re-markit - {d3f0af55-9cc4-4308-a238-e571a3ce249c} - C:\Program Files (x86)\Re-markit\136.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\3v1h8oh8.default
FF user.js: detected! => C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\3v1h8oh8.default\user.js
FF NewTab: hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Homepage: hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388
FF Keyword.URL: hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=1487&systemid=1&v=n10781-212&apn_dtid=IME001&apn_ptnrs=AGE&apn_uid=6253835320944712&o=APN10653&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: iMeshPlugin - C:\Program Files (x86)\iMesh Applications\iMesh\npiMeshPlugin.dll No File
FF SearchPlugin: C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\3v1h8oh8.default\searchplugins\Ask.xml
FF SearchPlugin: C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\3v1h8oh8.default\searchplugins\Mysearchdial.xml
FF SearchPlugin: C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\3v1h8oh8.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\nationzoom.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Plus-HD-5.0 - C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\3v1h8oh8.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com
FF Extension: mysearchdial.com - C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\3v1h8oh8.default\Extensions\ffxtlbr@mysearchdial.com
FF Extension: New tab - C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\3v1h8oh8.default\Extensions\{13058AF4-66EB-75FE-B521-F5B654EE2BA4}
FF Extension: Foxtab Speed Dial - C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\3v1h8oh8.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}
FF Extension: HomeTab - C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\3v1h8oh8.default\Extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}
FF Extension: MySearchDial NewTab - C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\3v1h8oh8.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
FF Extension: WEB.DE MailCheck - C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\3v1h8oh8.default\Extensions\toolbar@web.de.xpi
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [30080 2011-06-14] ()
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 SystemStoreService; C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe [297984 2013-12-30] ()
S4 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [1643184 2013-08-14] (AVG Secure Search)
R2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [658576 2013-12-01] (Wsys Co., Ltd.)

==================== Drivers (Whitelisted) ====================

S4 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-14] (AVG Technologies)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-05-01] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99800 2013-05-09] (Intel Corporation)
R3 WFMC_VAD; C:\Windows\System32\DRIVERS\wfmcvad.sys [24064 2010-02-08] (WiFi Media Connect)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-05-01] (Kaspersky Lab ZAO)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-30 14:14 - 2013-12-30 14:15 - 00024550 _____ C:\Users\Ilona\Downloads\FRST.txt
2013-12-30 14:14 - 2013-12-30 14:14 - 00000000 ____D C:\FRST
2013-12-30 14:13 - 2013-12-30 14:13 - 01931302 _____ (Farbar) C:\Users\Ilona\Downloads\FRST64.exe
2013-12-30 14:11 - 2013-12-30 14:11 - 01064199 _____ (Farbar) C:\Users\Ilona\Downloads\FRST.exe
2013-12-30 13:58 - 2013-12-30 13:58 - 00000928 _____ C:\Users\Ilona\Desktop\iMesh.lnk
2013-12-30 13:54 - 2013-12-30 13:58 - 00000958 _____ C:\Users\Ilona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk
2013-12-30 13:54 - 2013-12-30 13:54 - 00000000 ____D C:\Users\Ilona\AppData\Local\iMesh
2013-12-30 13:53 - 2013-12-30 13:53 - 01272360 _____ (iMesh Inc) C:\Users\Ilona\Downloads\iMeshSetup-r1487-w-bf.exe
2013-12-30 13:08 - 2013-12-30 13:09 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\newnext.me
2013-12-30 13:08 - 2013-12-30 13:08 - 00001344 _____ C:\Windows\Tasks\Plus-HD-5.0-updater.job
2013-12-30 13:08 - 2013-12-30 13:08 - 00001246 _____ C:\Windows\Tasks\Plus-HD-5.0-codedownloader.job
2013-12-30 13:08 - 2013-12-30 13:08 - 00001205 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-12-30 13:08 - 2013-12-30 13:08 - 00001146 _____ C:\Windows\Tasks\Plus-HD-5.0-enabler.job
2013-12-30 13:08 - 2013-12-30 13:08 - 00000000 ____D C:\Users\Administrator\.android
2013-12-30 13:08 - 2013-12-30 13:08 - 00000000 ____D C:\ProgramData\Systweak
2013-12-30 13:08 - 2013-12-30 13:08 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2013-12-30 13:08 - 2012-07-25 12:03 - 00016896 _____ C:\Windows\system32\sasnative64.exe
2013-12-30 13:07 - 2013-12-30 14:11 - 00000314 _____ C:\Windows\Tasks\Digital Sites.job
2013-12-30 13:07 - 2013-12-30 14:07 - 00000310 _____ C:\Windows\Tasks\FoxTab.job
2013-12-30 13:07 - 2013-12-30 13:08 - 00000000 ____D C:\Program Files (x86)\Plus-HD-5.0
2013-12-30 13:07 - 2013-12-30 13:07 - 00002120 _____ C:\Windows\Tasks\Plus-HD-5.0-firefoxinstaller.job
2013-12-30 13:07 - 2013-12-30 13:07 - 00001988 _____ C:\Windows\Tasks\Plus-HD-5.0-chromeinstaller.job
2013-12-30 13:07 - 2013-12-30 13:07 - 00001114 _____ C:\Users\Public\Desktop\Open It!.lnk
2013-12-30 13:07 - 2013-12-30 13:07 - 00001054 _____ C:\Users\Public\Desktop\RegClean Pro.lnk
2013-12-30 13:07 - 2013-12-30 13:07 - 00000300 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job
2013-12-30 13:07 - 2013-12-30 13:07 - 00000292 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2013-12-30 13:07 - 2013-12-30 13:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\FoxTab
2013-12-30 13:07 - 2013-12-30 13:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\DigitalSites
2013-12-30 13:07 - 2013-12-30 13:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\0D0S1L2Z1P1B
2013-12-30 13:07 - 2013-12-30 13:07 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2013-12-30 13:07 - 2013-12-30 13:07 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-12-30 13:07 - 2013-12-30 13:07 - 00000000 ____D C:\Program Files (x86)\Foxtab
2013-12-30 13:05 - 2013-12-30 13:05 - 00673048 _____ (                                                            ) C:\Users\Ilona\Downloads\ZipExtractorSetup(1).exe
2013-12-30 13:04 - 2013-12-30 13:04 - 00673048 _____ (                                                            ) C:\Users\Ilona\Downloads\ZipExtractorSetup.exe
2013-12-30 11:49 - 2013-12-30 11:49 - 00000000 _____ C:\Windows\setuperr.log
2013-12-30 11:49 - 2013-12-30 11:49 - 00000000 _____ C:\Windows\setupact.log
2013-12-29 15:41 - 2013-12-29 15:42 - 00000000 ____D C:\Users\Natascha\Desktop\Bilder
2013-12-29 12:10 - 2013-12-30 04:29 - 00000458 _____ C:\Windows\Tasks\ParetoLogic Update Version3.job
2013-12-29 12:10 - 2013-12-30 04:29 - 00000416 _____ C:\Windows\Tasks\PC Health Advisor Defrag.job
2013-12-29 12:10 - 2013-12-30 04:29 - 00000398 _____ C:\Windows\Tasks\PC Health Advisor.job
2013-12-29 12:10 - 2013-12-29 18:11 - 00000484 _____ C:\Windows\Tasks\ParetoLogic Registration3.job
2013-12-29 12:10 - 2013-12-29 12:10 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ParetoLogic
2013-12-29 12:10 - 2013-12-29 12:10 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\DriverCure
2013-12-29 12:10 - 2013-12-29 12:10 - 00000000 ____D C:\ProgramData\ParetoLogic
2013-12-29 12:10 - 2013-12-29 12:10 - 00000000 ____D C:\Program Files (x86)\ParetoLogic
2013-12-29 12:08 - 2013-12-29 12:08 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Ilona\Downloads\ParetoLogic PC Health Advisor_de.exe
2013-12-28 10:27 - 2013-12-28 10:27 - 00081256 _____ C:\Users\Ilona\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-26 17:57 - 2013-12-26 17:57 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-12-25 16:09 - 2013-12-30 12:30 - 00102098 _____ C:\Windows\WindowsUpdate.log
2013-12-22 18:34 - 2013-12-22 18:34 - 00000000 ____D C:\Program Files (x86)\Philips
2013-12-22 18:34 - 2010-02-08 05:45 - 00024064 _____ (WiFi Media Connect) C:\Windows\system32\Drivers\wfmcvad.sys
2013-12-22 18:31 - 2013-12-22 18:31 - 18084280 _____ (Koninklijke Philips Electronics N.V.) C:\Users\Ilona\Downloads\wi-fi_mediaconnect_setup_v1.06.43.exe
2013-12-20 18:46 - 2013-12-20 18:46 - 00000000 ____D C:\Users\Natascha\4.0
2013-12-20 18:46 - 2013-12-20 18:46 - 00000000 ____D C:\Users\Natascha\.tfo4
2013-12-20 16:55 - 2013-12-20 16:56 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-20 08:24 - 2013-12-20 08:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-17 14:01 - 2013-12-17 14:01 - 00000000 ____D C:\Users\Natascha\AppData\Roaming\HP
2013-12-14 20:54 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-14 20:54 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-14 20:54 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-14 20:54 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-14 20:52 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-14 20:52 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-14 20:52 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-14 20:52 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-14 20:52 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-14 20:52 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-14 20:52 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-14 20:52 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-14 20:52 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-14 20:52 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-14 20:52 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-14 20:52 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-14 20:52 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-14 20:52 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-14 20:52 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-14 20:52 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-14 20:52 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-14 20:52 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-14 20:51 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-14 20:51 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-14 20:51 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-14 20:51 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-14 20:51 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-14 20:51 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-14 20:51 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-14 20:51 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-14 20:51 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-14 20:51 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-14 20:51 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-14 20:51 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-14 20:51 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-14 20:45 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-14 20:45 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-14 20:45 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-14 20:45 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-14 20:45 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-14 20:45 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-14 20:45 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-14 20:45 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-14 20:45 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-14 20:45 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-14 20:45 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-14 20:44 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-14 20:44 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-14 20:44 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-14 20:44 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-14 20:44 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-14 20:44 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-14 20:44 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-14 20:44 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-14 14:51 - 2013-12-14 14:52 - 00000000 ____D C:\Users\Natascha\Desktop\Bluetooth
2013-12-04 19:02 - 2013-12-04 19:05 - 00000000 ____D C:\Users\Ilona\AppData\Local\{3F2E9129-D63E-4F31-8D93-68B7BAB8DCE3}
2013-12-04 19:02 - 2013-12-04 19:02 - 00000000 ____D C:\Users\Ilona\AppData\Local\{B78D14D7-5B12-496E-A5D6-66BD3DC44987}
2013-12-03 13:12 - 2013-12-08 15:20 - 00001484 _____ C:\Users\Natascha\daemonprocess.txt
2013-12-01 20:21 - 2013-12-30 08:45 - 00000000 ____D C:\ProgramData\eSafe
2013-12-01 20:21 - 2013-12-08 16:17 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-12-01 20:20 - 2013-12-29 11:55 - 00000000 ____D C:\Program Files (x86)\Re-markit
2013-12-01 20:19 - 2013-12-01 20:19 - 00461808 _____ C:\Users\Ilona\Downloads\Java.exe
2013-12-01 18:48 - 2013-12-08 14:58 - 00004002 _____ C:\Users\Ilona\daemonprocess.txt
2013-12-01 16:43 - 2013-12-04 15:37 - 00000404 _____ C:\Users\Hubert\daemonprocess.txt
2013-12-01 14:36 - 2013-12-01 14:36 - 00000000 ____D C:\Users\wangzhisong\AppData\Local\Mobogenie
2013-12-01 14:36 - 2013-12-01 14:36 - 00000000 ____D C:\Users\wangzhisong
2013-12-01 14:36 - 2013-12-01 14:36 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-12-01 14:36 - 2013-12-01 14:36 - 00000000 _____ C:\Users\Administrator\daemonprocess.txt
2013-12-01 14:35 - 2013-12-30 13:24 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-12-01 14:35 - 2013-12-08 15:50 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive
2013-12-01 14:35 - 2013-12-08 15:41 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-12-01 14:35 - 2013-12-01 14:51 - 00000000 ____D C:\Program Files (x86)\PC Speed Maximizer
2013-12-01 14:35 - 2013-12-01 14:35 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\0F1C1P1P0T1F0L1F1T1Q
2013-12-01 14:35 - 2013-12-01 14:35 - 00000000 ____D C:\ProgramData\BonanzaDealsLive
2013-12-01 14:33 - 2013-12-01 14:33 - 00669296 _____ C:\Users\Ilona\Downloads\VLC_player_Setup.exe
2013-12-01 14:26 - 2013-12-01 14:26 - 00720720 _____ C:\Users\Ilona\Downloads\adobe-flash-player-download_2013-11-30.exe
2013-12-01 14:22 - 2013-12-01 14:22 - 00001787 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-01 14:22 - 2013-12-01 14:22 - 00000000 ____D C:\Program Files\iTunes
2013-12-01 14:22 - 2013-12-01 14:22 - 00000000 ____D C:\Program Files\iPod
2013-12-01 14:22 - 2013-12-01 14:22 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-01 14:09 - 2013-12-01 14:09 - 00000000 ____D C:\Windows\Sun
2013-12-01 14:09 - 2013-12-01 14:09 - 00000000 ____D C:\ProgramData\Sun
2013-12-01 14:09 - 2013-12-01 14:09 - 00000000 ____D C:\ProgramData\Oracle
2013-12-01 14:08 - 2013-12-01 14:08 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-01 14:08 - 2013-12-01 14:08 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-01 14:08 - 2013-12-01 14:08 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-01 14:08 - 2013-12-01 14:08 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-01 14:08 - 2013-12-01 14:08 - 00000000 ____D C:\Program Files (x86)\Java

==================== One Month Modified Files and Folders =======

2013-12-30 14:15 - 2013-12-30 14:14 - 00024550 _____ C:\Users\Ilona\Downloads\FRST.txt
2013-12-30 14:14 - 2013-12-30 14:14 - 00000000 ____D C:\FRST
2013-12-30 14:13 - 2013-12-30 14:13 - 01931302 _____ (Farbar) C:\Users\Ilona\Downloads\FRST64.exe
2013-12-30 14:11 - 2013-12-30 14:11 - 01064199 _____ (Farbar) C:\Users\Ilona\Downloads\FRST.exe
2013-12-30 14:11 - 2013-12-30 13:07 - 00000314 _____ C:\Windows\Tasks\Digital Sites.job
2013-12-30 14:07 - 2013-12-30 13:07 - 00000310 _____ C:\Windows\Tasks\FoxTab.job
2013-12-30 13:59 - 2013-04-02 17:33 - 00001602 _____ C:\Windows\wininit.ini
2013-12-30 13:58 - 2013-12-30 13:58 - 00000928 _____ C:\Users\Ilona\Desktop\iMesh.lnk
2013-12-30 13:58 - 2013-12-30 13:54 - 00000958 _____ C:\Users\Ilona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk
2013-12-30 13:56 - 2013-02-09 13:26 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-12-30 13:54 - 2013-12-30 13:54 - 00000000 ____D C:\Users\Ilona\AppData\Local\iMesh
2013-12-30 13:54 - 2013-02-07 14:26 - 00000000 ____D C:\Users\Ilona\AppData\Local\VirtualStore
2013-12-30 13:53 - 2013-12-30 13:53 - 01272360 _____ (iMesh Inc) C:\Users\Ilona\Downloads\iMeshSetup-r1487-w-bf.exe
2013-12-30 13:29 - 2013-02-07 15:24 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-30 13:24 - 2013-12-01 14:35 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-12-30 13:09 - 2013-12-30 13:08 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\newnext.me
2013-12-30 13:08 - 2013-12-30 13:08 - 00001344 _____ C:\Windows\Tasks\Plus-HD-5.0-updater.job
2013-12-30 13:08 - 2013-12-30 13:08 - 00001246 _____ C:\Windows\Tasks\Plus-HD-5.0-codedownloader.job
2013-12-30 13:08 - 2013-12-30 13:08 - 00001205 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-12-30 13:08 - 2013-12-30 13:08 - 00001146 _____ C:\Windows\Tasks\Plus-HD-5.0-enabler.job
2013-12-30 13:08 - 2013-12-30 13:08 - 00000000 ____D C:\Users\Administrator\.android
2013-12-30 13:08 - 2013-12-30 13:08 - 00000000 ____D C:\ProgramData\Systweak
2013-12-30 13:08 - 2013-12-30 13:08 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2013-12-30 13:08 - 2013-12-30 13:07 - 00000000 ____D C:\Program Files (x86)\Plus-HD-5.0
2013-12-30 13:08 - 2013-10-06 16:49 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Systweak
2013-12-30 13:08 - 2013-10-06 16:49 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-12-30 13:08 - 2013-02-07 14:47 - 00000000 ____D C:\Users\Administrator
2013-12-30 13:07 - 2013-12-30 13:07 - 00002120 _____ C:\Windows\Tasks\Plus-HD-5.0-firefoxinstaller.job
2013-12-30 13:07 - 2013-12-30 13:07 - 00001988 _____ C:\Windows\Tasks\Plus-HD-5.0-chromeinstaller.job
2013-12-30 13:07 - 2013-12-30 13:07 - 00001114 _____ C:\Users\Public\Desktop\Open It!.lnk
2013-12-30 13:07 - 2013-12-30 13:07 - 00001054 _____ C:\Users\Public\Desktop\RegClean Pro.lnk
2013-12-30 13:07 - 2013-12-30 13:07 - 00000300 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job
2013-12-30 13:07 - 2013-12-30 13:07 - 00000292 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2013-12-30 13:07 - 2013-12-30 13:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\FoxTab
2013-12-30 13:07 - 2013-12-30 13:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\DigitalSites
2013-12-30 13:07 - 2013-12-30 13:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\0D0S1L2Z1P1B
2013-12-30 13:07 - 2013-12-30 13:07 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2013-12-30 13:07 - 2013-12-30 13:07 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-12-30 13:07 - 2013-12-30 13:07 - 00000000 ____D C:\Program Files (x86)\Foxtab
2013-12-30 13:05 - 2013-12-30 13:05 - 00673048 _____ (                                                            ) C:\Users\Ilona\Downloads\ZipExtractorSetup(1).exe
2013-12-30 13:04 - 2013-12-30 13:04 - 00673048 _____ (                                                            ) C:\Users\Ilona\Downloads\ZipExtractorSetup.exe
2013-12-30 12:55 - 2012-03-22 01:38 - 00701326 _____ C:\Windows\system32\perfh007.dat
2013-12-30 12:55 - 2012-03-22 01:38 - 00150226 _____ C:\Windows\system32\perfc007.dat
2013-12-30 12:55 - 2009-07-14 06:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-30 12:30 - 2013-12-25 16:09 - 00102098 _____ C:\Windows\WindowsUpdate.log
2013-12-30 11:54 - 2009-07-14 05:45 - 00016768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-30 11:54 - 2009-07-14 05:45 - 00016768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-30 11:49 - 2013-12-30 11:49 - 00000000 _____ C:\Windows\setuperr.log
2013-12-30 11:49 - 2013-12-30 11:49 - 00000000 _____ C:\Windows\setupact.log
2013-12-30 08:45 - 2013-12-01 20:21 - 00000000 ____D C:\ProgramData\eSafe
2013-12-30 08:42 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-30 04:29 - 2013-12-29 12:10 - 00000458 _____ C:\Windows\Tasks\ParetoLogic Update Version3.job
2013-12-30 04:29 - 2013-12-29 12:10 - 00000416 _____ C:\Windows\Tasks\PC Health Advisor Defrag.job
2013-12-30 04:29 - 2013-12-29 12:10 - 00000398 _____ C:\Windows\Tasks\PC Health Advisor.job
2013-12-29 18:11 - 2013-12-29 12:10 - 00000484 _____ C:\Windows\Tasks\ParetoLogic Registration3.job
2013-12-29 15:42 - 2013-12-29 15:41 - 00000000 ____D C:\Users\Natascha\Desktop\Bilder
2013-12-29 12:10 - 2013-12-29 12:10 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ParetoLogic
2013-12-29 12:10 - 2013-12-29 12:10 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\DriverCure
2013-12-29 12:10 - 2013-12-29 12:10 - 00000000 ____D C:\ProgramData\ParetoLogic
2013-12-29 12:10 - 2013-12-29 12:10 - 00000000 ____D C:\Program Files (x86)\ParetoLogic
2013-12-29 12:08 - 2013-12-29 12:08 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Ilona\Downloads\ParetoLogic PC Health Advisor_de.exe
2013-12-29 11:55 - 2013-12-01 20:20 - 00000000 ____D C:\Program Files (x86)\Re-markit
2013-12-28 10:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-28 10:27 - 2013-12-28 10:27 - 00081256 _____ C:\Users\Ilona\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-27 12:13 - 2007-07-12 02:49 - 00000000 ____D C:\Windows\Panther
2013-12-27 12:12 - 2013-04-10 18:38 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-27 12:12 - 2013-04-10 18:38 - 00000000 ____D C:\Program Files\CCleaner
2013-12-26 17:57 - 2013-12-26 17:57 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-12-26 17:57 - 2013-03-02 20:56 - 00000000 ____D C:\Users\Ilona\AppData\Roaming\Samsung
2013-12-22 18:34 - 2013-12-22 18:34 - 00000000 ____D C:\Program Files (x86)\Philips
2013-12-22 18:34 - 2011-10-19 05:31 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-22 18:31 - 2013-12-22 18:31 - 18084280 _____ (Koninklijke Philips Electronics N.V.) C:\Users\Ilona\Downloads\wi-fi_mediaconnect_setup_v1.06.43.exe
2013-12-21 15:04 - 2013-02-07 15:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-21 08:43 - 2013-11-17 11:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2013-12-20 18:46 - 2013-12-20 18:46 - 00000000 ____D C:\Users\Natascha\4.0
2013-12-20 18:46 - 2013-12-20 18:46 - 00000000 ____D C:\Users\Natascha\.tfo4
2013-12-20 18:46 - 2013-02-07 15:47 - 00000000 ____D C:\Users\Natascha
2013-12-20 16:56 - 2013-12-20 16:55 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-20 08:24 - 2013-12-20 08:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-17 14:01 - 2013-12-17 14:01 - 00000000 ____D C:\Users\Natascha\AppData\Roaming\HP
2013-12-15 11:27 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-14 21:10 - 2009-07-14 05:45 - 00366344 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-14 20:53 - 2013-02-09 20:42 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-14 20:51 - 2013-02-16 12:13 - 01597772 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-14 20:49 - 2013-08-14 21:02 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 20:46 - 2013-02-10 12:30 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 14:52 - 2013-12-14 14:51 - 00000000 ____D C:\Users\Natascha\Desktop\Bluetooth
2013-12-12 08:04 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-11 20:15 - 2013-11-08 15:54 - 00000000 ____D C:\Users\Natascha\Desktop\Schule
2013-12-11 18:35 - 2012-08-02 14:09 - 00029792 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys
2013-12-11 18:35 - 2012-06-19 16:28 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2013-12-11 04:29 - 2013-02-07 15:24 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 04:29 - 2011-10-19 06:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-09 04:38 - 2013-02-07 14:26 - 00000000 ____D C:\Users\Ilona
2013-12-08 19:36 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-12-08 19:07 - 2013-05-12 17:45 - 00000000 ____D C:\Windows\Minidump
2013-12-08 18:56 - 2013-09-15 16:28 - 00000000 ____D C:\Program Files (x86)\Plus-HD-3.8
2013-12-08 16:17 - 2013-12-01 20:21 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-12-08 15:50 - 2013-12-01 14:35 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive
2013-12-08 15:41 - 2013-12-01 14:35 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-12-08 15:20 - 2013-12-03 13:12 - 00001484 _____ C:\Users\Natascha\daemonprocess.txt
2013-12-08 15:00 - 2013-09-15 17:17 - 00000000 ____D C:\Program Files (x86)\SoftwareUpdater
2013-12-08 15:00 - 2013-02-16 12:11 - 00000000 ____D C:\Users\Hubert
2013-12-08 15:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-12-08 14:58 - 2013-12-01 18:48 - 00004002 _____ C:\Users\Ilona\daemonprocess.txt
2013-12-04 19:05 - 2013-12-04 19:02 - 00000000 ____D C:\Users\Ilona\AppData\Local\{3F2E9129-D63E-4F31-8D93-68B7BAB8DCE3}
2013-12-04 19:02 - 2013-12-04 19:02 - 00000000 ____D C:\Users\Ilona\AppData\Local\{B78D14D7-5B12-496E-A5D6-66BD3DC44987}
2013-12-04 15:37 - 2013-12-01 16:43 - 00000404 _____ C:\Users\Hubert\daemonprocess.txt
2013-12-01 20:21 - 2013-02-07 15:15 - 00001343 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-01 20:19 - 2013-12-01 20:19 - 00461808 _____ C:\Users\Ilona\Downloads\Java.exe
2013-12-01 14:51 - 2013-12-01 14:35 - 00000000 ____D C:\Program Files (x86)\PC Speed Maximizer
2013-12-01 14:37 - 2013-02-07 15:29 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\vlc
2013-12-01 14:36 - 2013-12-01 14:36 - 00000000 ____D C:\Users\wangzhisong\AppData\Local\Mobogenie
2013-12-01 14:36 - 2013-12-01 14:36 - 00000000 ____D C:\Users\wangzhisong
2013-12-01 14:36 - 2013-12-01 14:36 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-12-01 14:36 - 2013-12-01 14:36 - 00000000 _____ C:\Users\Administrator\daemonprocess.txt
2013-12-01 14:36 - 2013-05-01 12:22 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-12-01 14:35 - 2013-12-01 14:35 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\0F1C1P1P0T1F0L1F1T1Q
2013-12-01 14:35 - 2013-12-01 14:35 - 00000000 ____D C:\ProgramData\BonanzaDealsLive
2013-12-01 14:33 - 2013-12-01 14:33 - 00669296 _____ C:\Users\Ilona\Downloads\VLC_player_Setup.exe
2013-12-01 14:26 - 2013-12-01 14:26 - 00720720 _____ C:\Users\Ilona\Downloads\adobe-flash-player-download_2013-11-30.exe
2013-12-01 14:22 - 2013-12-01 14:22 - 00001787 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-01 14:22 - 2013-12-01 14:22 - 00000000 ____D C:\Program Files\iTunes
2013-12-01 14:22 - 2013-12-01 14:22 - 00000000 ____D C:\Program Files\iPod
2013-12-01 14:22 - 2013-12-01 14:22 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-01 14:09 - 2013-12-01 14:09 - 00000000 ____D C:\Windows\Sun
2013-12-01 14:09 - 2013-12-01 14:09 - 00000000 ____D C:\ProgramData\Sun
2013-12-01 14:09 - 2013-12-01 14:09 - 00000000 ____D C:\ProgramData\Oracle
2013-12-01 14:08 - 2013-12-01 14:08 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-01 14:08 - 2013-12-01 14:08 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-01 14:08 - 2013-12-01 14:08 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-01 14:08 - 2013-12-01 14:08 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-01 14:08 - 2013-12-01 14:08 - 00000000 ____D C:\Program Files (x86)\Java

Files to move or delete:
====================
C:\Users\Administrator\AppData\Roaming\burnaware.ini
C:\Users\Hubert\AppData\Roaming\burnaware.ini
C:\Users\Natascha\AppData\Roaming\burnaware.ini
C:\Users\Public\AlexaNSISPlugin.380.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
--- --- ---

FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-12-2013 01
Ran by Ilona at 2013-12-30 14:15:13
Running from C:\Users\Ilona\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

5600 (x32 Version: 130.0.365.000 - Hewlett-Packard)
5600_Help (x32 Version: 82.0.242.000 - Hewlett-Packard)
5600Trb (x32 Version: 82.0.242.000 - Hewlett-Packard)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
Acer eRecovery Management (x32 Version: 5.00.3505 - Acer Incorporated)
Acer Framework (x32 Version: 3.00.5500 - Acer Incorporated)
Acer Registration (x32 Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (x32 Version: 1.1.0609.2011 - Acer Incorporated)
Acer Updater (x32 Version: 1.02.3501 - Acer Incorporated)
Adobe AIR (x32 Version: 3.5.0.1060 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.8.638 - Adobe Systems, Inc.)
Advanced System Protector (x32 Version: 2.1.1000.12580 - Systweak Software) <==== ATTENTION
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard)
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard)
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
AVG Security Toolbar (x32 Version: 15.5.0.2 - AVG Technologies)
Bing-Desktop (x32 Version: 1.3.171.0 - Microsoft Corporation)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard)
BurnAware Free 6.5 (x32 Version:  - Burnaware)
CCleaner (Version: 4.09 - Piriform)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard)
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard)
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard)
ElsterFormular (x32 Version: 14.3.11574 - Landesfinanzdirektion Thüringen)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Foxtab (x32 Version:  - FoxTab) <==== ATTENTION
Free YouTube Download version 3.2.2.426 (x32 Version: 3.2.2.426 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.2.426 (x32 Version: 3.12.2.426 - DVDVideoSoft Ltd.)
FreePDF (Remove only) (x32 Version:  - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Google Update Helper (x32 Version: 1.3.23.0 - BonanzaDeals)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard)
GPL Ghostscript (Version: 9.04 - Artifex Software Inc.)
HP Customer Participation Program 13.0 (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (Version: 4.51 - HP)
HP Solution Center 13.0 (Version: 13.0 - HP)
HP Update (x32 Version: 4.000.011.006 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard)
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard)
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard)
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard)
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard)
iMesh (HKCU Version: 12.5.0.134242 - iMesh Inc)
Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 9.5.3.1520 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 9.17.10.3190 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (x32 Version:  - Intel Corporation)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 21 (64-bit) (Version: 7.0.210 - Oracle)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.)
Java SE Development Kit 7 Update 21 (64-bit) (Version: 1.7.0.210 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mobogenie (x32 Version:  - Mobogenie.com)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKCU Version:  - )
MyPC Backup  (Version:  - MyPC Backup) <==== ATTENTION
Network64 (Version: 130.0.572.000 - Hewlett-Packard)
Network64 (Version: 140.0.221.000 - Hewlett-Packard)
OCR Software by I.R.I.S. 13.0 (Version: 13.0 - HP)
Open It! (x32 Version: 1.1.1 - OpenIt)
OpenOffice 4.0.0 (x32 Version: 4.00.9702 - Apache Software Foundation)
ParetoLogic PC Health Advisor (x32 Version: 3.1.0.0 - ParetoLogic, Inc.)
PhotoScape (x32 Version:  - )
Plus-HD-5.0 (x32 Version: 1.31.153.3 - Plus HD) <==== ATTENTION
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
QuickTime (x32 Version: 7.73.80.64 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Realtek Ethernet Controller Driver (x32 Version: 7.37.1229.2010 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6971 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (Version:  - )
RegClean Pro (x32 Version: 6.21 - Systweak Inc) <==== ATTENTION
Re-markit (x32 Version:  - Re-markit Software)
Samsung Kies (x32 Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.18.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard)
Shop for HP Supplies (Version: 13.0 - HP)
Skype™ 5.10 (x32 Version: 5.10.116 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard)
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard)
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
VLC media player 2.0.2 (x32 Version: 2.0.2 - VideoLAN)
VLC media player 2.0.6 (Version: 2.0.6 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard)
Wi-Fi MediaConnect (x32 Version: 1.6.43 - Philips)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation)
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт)
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Utils (x32 Version:  - )
Wsys Control 16.2.1.3067 (x32 Version: 16.2.1.3067 - Wsys Co., Ltd.) <==== ATTENTION
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт)
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)

==================== Restore Points  =========================

Could not list Restore Points. Check WMI.


==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\Digital Sites.job => ?
Task: C:\Windows\Tasks\FoxTab.job => ?
Task: C:\Windows\Tasks\ParetoLogic Registration3.job => ?
Task: C:\Windows\Tasks\ParetoLogic Update Version3.job => ?
Task: C:\Windows\Tasks\PC Health Advisor Defrag.job => ?
Task: C:\Windows\Tasks\PC Health Advisor.job => ?
Task: C:\Windows\Tasks\Plus-HD-5.0-chromeinstaller.job => ?
Task: C:\Windows\Tasks\Plus-HD-5.0-codedownloader.job => ?
Task: C:\Windows\Tasks\Plus-HD-5.0-enabler.job => ?
Task: C:\Windows\Tasks\Plus-HD-5.0-firefoxinstaller.job => ?
Task: C:\Windows\Tasks\Plus-HD-5.0-updater.job => ?
Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => ?
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => ?

==================== Loaded Modules (whitelisted) =============

2011-10-19 06:18 - 2011-06-10 18:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-08-17 20:38 - 2012-08-17 20:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-14 17:32 - 2013-08-14 17:32 - 00521904 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\log4cplusU.dll
2013-08-14 17:32 - 2013-08-14 17:32 - 00144560 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\SiteSafety.dll
2013-12-10 10:51 - 2013-12-10 10:51 - 00057856 _____ () C:\Users\Ilona\AppData\Local\Temp\nsgC384.tmp\~nsr39CC.tmp
2013-12-20 08:24 - 2013-12-20 08:24 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-12-11 04:29 - 2013-12-11 04:29 - 16242056 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/30/2013 08:43:52 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/30/2013 04:30:47 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/29/2013 07:00:01 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "F:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (12/29/2013 03:34:58 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Kies.exe, Version: 1.0.0.1199, Zeitstempel: 0x511b6cb8
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0x1984
Startzeit der fehlerhaften Anwendung: 0xKies.exe0
Pfad der fehlerhaften Anwendung: Kies.exe1
Pfad des fehlerhaften Moduls: Kies.exe2
Berichtskennung: Kies.exe3

Error: (12/29/2013 03:34:53 PM) (Source: .NET Runtime) (User: )
Description: Anwendung: Kies.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Win32Exception
Stapel:
  bei System.Diagnostics.ProcessManager.OpenProcess(Int32, Int32, Boolean)
  bei System.Diagnostics.Process.GetProcessHandle(Int32, Boolean)
  bei System.Diagnostics.Process.OpenProcessHandle(Int32)
  bei System.Diagnostics.Process.get_Handle()
  bei Kies.App.CheckExistenceTrayAgent()
  bei Kies.App..ctor()
  bei Kies.App.Main()

Error: (12/29/2013 11:51:33 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/29/2013 07:41:55 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/28/2013 05:57:50 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: hpqtra08.exe, Version: 130.0.422.0, Zeitstempel: 0x4ab683ef
Name des fehlerhaften Moduls: hpodio08.dll, Version: 130.0.80.0, Zeitstempel: 0x4ab64cc0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00031843
ID des fehlerhaften Prozesses: 0x1020
Startzeit der fehlerhaften Anwendung: 0xhpqtra08.exe0
Pfad der fehlerhaften Anwendung: hpqtra08.exe1
Pfad des fehlerhaften Moduls: hpqtra08.exe2
Berichtskennung: hpqtra08.exe3

Error: (12/28/2013 07:06:41 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/27/2013 06:49:05 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/30/2013 00:52:57 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (12/28/2013 08:51:26 PM) (Source: DCOM) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (12/28/2013 10:26:41 AM) (Source: DCOM) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (12/27/2013 00:54:43 PM) (Source: DCOM) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (12/27/2013 00:54:43 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (12/27/2013 10:10:29 AM) (Source: DCOM) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (12/26/2013 10:56:16 PM) (Source: DCOM) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (12/08/2013 03:27:54 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (12/08/2013 03:27:54 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.

Error: (12/08/2013 03:02:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053


Microsoft Office Sessions:
=========================
Error: (11/02/2013 00:17:02 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1635 seconds with 840 seconds of active time.  This session ended with a crash.

Error: (10/29/2013 01:04:01 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1382 seconds with 60 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-12-30 12:09:45.744
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-30 12:09:45.744
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-30 12:09:45.744
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-30 12:09:45.724
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-30 12:09:45.724
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-30 12:09:45.724
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-29 13:05:21.117
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-29 13:05:21.117
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-29 13:05:21.117
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-29 13:05:21.097
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 49%
Total physical RAM: 4037.01 MB
Available physical RAM: 2024.5 MB
Total Pagefile: 8072.2 MB
Available Pagefile: 5548.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:221.83 GB) (Free:164.11 GB) NTFS
Drive d: (DATA) (Fixed) (Total:221.83 GB) (Free:221.74 GB) NTFS
Drive f: (Expansion Drive) (Fixed) (Total:931.51 GB) (Free:485.99 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================
--- --- ---

hubschmid 30.12.2013 18:22

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013 01
Ran by Ilona (ATTENTION: The logged in user is not administrator) on HUBERT-PC on 30-12-2013 14:14:41
Running from C:\Users\Ilona\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Koninklijke Philips Electronics N.V.) C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13632216 2013-07-09] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - "C:\Windows\system32\hkcmd.exe"
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [761536 2013-12-30] ()
HKLM-x32\...\Runonce: [Del15914145] - cmd.exe /Q /D /c del "C:\Users\ADMINI~1\AppData\Local\Temp\0.del" [x]
HKLM-x32\...\Runonce: [Del15919480] - cmd.exe /Q /D /c del "C:\Users\ADMINI~1\AppData\Local\Temp\0.del" [x]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1509232 2013-02-13] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-02-06] (Samsung Electronics)
HKCU\...\Run: [DriverTurbo] - C:\Program Files (x86)\DriverTurbo\DriverTurbo.exe [6525088 2013-04-15] ()
HKCU\...\Run: [iMesh] - "C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe" --lightmode
AppInit_DLLs:  [ ] ()
AppInit_DLLs-x32:  [ ] ()
Startup: C:\Users\Ilona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.search.ask.com/?o=APN10653A&gct=hp&d=1-1487&v=n10781-212&t=4
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1379258849293&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388&st=chrome&q=
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.4&ts=1379258849293&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388&st=chrome&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1385925679&from=tugs&uid=ST3500413AS_Z2AT39CTXXXXZ2AT39CT&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1385925679&from=tugs&uid=ST3500413AS_Z2AT39CTXXXXZ2AT39CT
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1385925679&from=tugs&uid=ST3500413AS_Z2AT39CTXXXXZ2AT39CT
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1385925679&from=tugs&uid=ST3500413AS_Z2AT39CTXXXXZ2AT39CT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388&st=chrome&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1385925679&from=tugs&uid=ST3500413AS_Z2AT39CTXXXXZ2AT39CT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388&st=chrome&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388&st=chrome&q=
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1385925679&from=tugs&uid=ST3500413AS_Z2AT39CTXXXXZ2AT39CT
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1385925679&from=tugs&uid=ST3500413AS_Z2AT39CTXXXXZ2AT39CT&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103aw&cd=2XzuyEtN2Y1L1Qzu0E0C0AzzyC0BzyyBzytAzytB0D0E0FtDtN0D0Tzu0SyBtDtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1124419911&ir=
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1385925679&from=tugs&uid=ST3500413AS_Z2AT39CTXXXXZ2AT39CT&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.7&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388&q={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1385925679&from=tugs&uid=ST3500413AS_Z2AT39CTXXXXZ2AT39CT&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1487&systemid=1&v=n10781-212&apn_uid=6253835320944712&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.4&ts=1379258849293&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388&q={searchTerms}
BHO: Plus-HD-5.0 - {11111111-1111-1111-1111-110411771118} - C:\Program Files (x86)\Plus-HD-5.0\Plus-HD-5.0-bho64.dll (Plus HD)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Plus-HD-5.0 - {11111111-1111-1111-1111-110411771118} - C:\Program Files (x86)\Plus-HD-5.0\Plus-HD-5.0-bho.dll (Plus HD)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Re-markit - {d3f0af55-9cc4-4308-a238-e571a3ce249c} - C:\Program Files (x86)\Re-markit\136.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\3v1h8oh8.default
FF user.js: detected! => C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\3v1h8oh8.default\user.js
FF NewTab: hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Homepage: hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388
FF Keyword.URL: hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=1487&systemid=1&v=n10781-212&apn_dtid=IME001&apn_ptnrs=AGE&apn_uid=6253835320944712&o=APN10653&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: iMeshPlugin - C:\Program Files (x86)\iMesh Applications\iMesh\npiMeshPlugin.dll No File
FF SearchPlugin: C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\3v1h8oh8.default\searchplugins\Ask.xml
FF SearchPlugin: C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\3v1h8oh8.default\searchplugins\Mysearchdial.xml
FF SearchPlugin: C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\3v1h8oh8.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\nationzoom.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Plus-HD-5.0 - C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\3v1h8oh8.default\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com
FF Extension: mysearchdial.com - C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\3v1h8oh8.default\Extensions\ffxtlbr@mysearchdial.com
FF Extension: New tab - C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\3v1h8oh8.default\Extensions\{13058AF4-66EB-75FE-B521-F5B654EE2BA4}
FF Extension: Foxtab Speed Dial - C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\3v1h8oh8.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}
FF Extension: HomeTab - C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\3v1h8oh8.default\Extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}
FF Extension: MySearchDial NewTab - C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\3v1h8oh8.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
FF Extension: WEB.DE MailCheck - C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\3v1h8oh8.default\Extensions\toolbar@web.de.xpi
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [30080 2011-06-14] ()
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 SystemStoreService; C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe [297984 2013-12-30] ()
S4 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [1643184 2013-08-14] (AVG Secure Search)
R2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [658576 2013-12-01] (Wsys Co., Ltd.)

==================== Drivers (Whitelisted) ====================

S4 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-14] (AVG Technologies)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-05-01] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99800 2013-05-09] (Intel Corporation)
R3 WFMC_VAD; C:\Windows\System32\DRIVERS\wfmcvad.sys [24064 2010-02-08] (WiFi Media Connect)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-05-01] (Kaspersky Lab ZAO)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-30 14:14 - 2013-12-30 14:15 - 00024550 _____ C:\Users\Ilona\Downloads\FRST.txt
2013-12-30 14:14 - 2013-12-30 14:14 - 00000000 ____D C:\FRST
2013-12-30 14:13 - 2013-12-30 14:13 - 01931302 _____ (Farbar) C:\Users\Ilona\Downloads\FRST64.exe
2013-12-30 14:11 - 2013-12-30 14:11 - 01064199 _____ (Farbar) C:\Users\Ilona\Downloads\FRST.exe
2013-12-30 13:58 - 2013-12-30 13:58 - 00000928 _____ C:\Users\Ilona\Desktop\iMesh.lnk
2013-12-30 13:54 - 2013-12-30 13:58 - 00000958 _____ C:\Users\Ilona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk
2013-12-30 13:54 - 2013-12-30 13:54 - 00000000 ____D C:\Users\Ilona\AppData\Local\iMesh
2013-12-30 13:53 - 2013-12-30 13:53 - 01272360 _____ (iMesh Inc) C:\Users\Ilona\Downloads\iMeshSetup-r1487-w-bf.exe
2013-12-30 13:08 - 2013-12-30 13:09 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\newnext.me
2013-12-30 13:08 - 2013-12-30 13:08 - 00001344 _____ C:\Windows\Tasks\Plus-HD-5.0-updater.job
2013-12-30 13:08 - 2013-12-30 13:08 - 00001246 _____ C:\Windows\Tasks\Plus-HD-5.0-codedownloader.job
2013-12-30 13:08 - 2013-12-30 13:08 - 00001205 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-12-30 13:08 - 2013-12-30 13:08 - 00001146 _____ C:\Windows\Tasks\Plus-HD-5.0-enabler.job
2013-12-30 13:08 - 2013-12-30 13:08 - 00000000 ____D C:\Users\Administrator\.android
2013-12-30 13:08 - 2013-12-30 13:08 - 00000000 ____D C:\ProgramData\Systweak
2013-12-30 13:08 - 2013-12-30 13:08 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2013-12-30 13:08 - 2012-07-25 12:03 - 00016896 _____ C:\Windows\system32\sasnative64.exe
2013-12-30 13:07 - 2013-12-30 14:11 - 00000314 _____ C:\Windows\Tasks\Digital Sites.job
2013-12-30 13:07 - 2013-12-30 14:07 - 00000310 _____ C:\Windows\Tasks\FoxTab.job
2013-12-30 13:07 - 2013-12-30 13:08 - 00000000 ____D C:\Program Files (x86)\Plus-HD-5.0
2013-12-30 13:07 - 2013-12-30 13:07 - 00002120 _____ C:\Windows\Tasks\Plus-HD-5.0-firefoxinstaller.job
2013-12-30 13:07 - 2013-12-30 13:07 - 00001988 _____ C:\Windows\Tasks\Plus-HD-5.0-chromeinstaller.job
2013-12-30 13:07 - 2013-12-30 13:07 - 00001114 _____ C:\Users\Public\Desktop\Open It!.lnk
2013-12-30 13:07 - 2013-12-30 13:07 - 00001054 _____ C:\Users\Public\Desktop\RegClean Pro.lnk
2013-12-30 13:07 - 2013-12-30 13:07 - 00000300 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job
2013-12-30 13:07 - 2013-12-30 13:07 - 00000292 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2013-12-30 13:07 - 2013-12-30 13:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\FoxTab
2013-12-30 13:07 - 2013-12-30 13:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\DigitalSites
2013-12-30 13:07 - 2013-12-30 13:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\0D0S1L2Z1P1B
2013-12-30 13:07 - 2013-12-30 13:07 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2013-12-30 13:07 - 2013-12-30 13:07 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-12-30 13:07 - 2013-12-30 13:07 - 00000000 ____D C:\Program Files (x86)\Foxtab
2013-12-30 13:05 - 2013-12-30 13:05 - 00673048 _____ (                                                            ) C:\Users\Ilona\Downloads\ZipExtractorSetup(1).exe
2013-12-30 13:04 - 2013-12-30 13:04 - 00673048 _____ (                                                            ) C:\Users\Ilona\Downloads\ZipExtractorSetup.exe
2013-12-30 11:49 - 2013-12-30 11:49 - 00000000 _____ C:\Windows\setuperr.log
2013-12-30 11:49 - 2013-12-30 11:49 - 00000000 _____ C:\Windows\setupact.log
2013-12-29 15:41 - 2013-12-29 15:42 - 00000000 ____D C:\Users\Natascha\Desktop\Bilder
2013-12-29 12:10 - 2013-12-30 04:29 - 00000458 _____ C:\Windows\Tasks\ParetoLogic Update Version3.job
2013-12-29 12:10 - 2013-12-30 04:29 - 00000416 _____ C:\Windows\Tasks\PC Health Advisor Defrag.job
2013-12-29 12:10 - 2013-12-30 04:29 - 00000398 _____ C:\Windows\Tasks\PC Health Advisor.job
2013-12-29 12:10 - 2013-12-29 18:11 - 00000484 _____ C:\Windows\Tasks\ParetoLogic Registration3.job
2013-12-29 12:10 - 2013-12-29 12:10 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ParetoLogic
2013-12-29 12:10 - 2013-12-29 12:10 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\DriverCure
2013-12-29 12:10 - 2013-12-29 12:10 - 00000000 ____D C:\ProgramData\ParetoLogic
2013-12-29 12:10 - 2013-12-29 12:10 - 00000000 ____D C:\Program Files (x86)\ParetoLogic
2013-12-29 12:08 - 2013-12-29 12:08 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Ilona\Downloads\ParetoLogic PC Health Advisor_de.exe
2013-12-28 10:27 - 2013-12-28 10:27 - 00081256 _____ C:\Users\Ilona\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-26 17:57 - 2013-12-26 17:57 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-12-25 16:09 - 2013-12-30 12:30 - 00102098 _____ C:\Windows\WindowsUpdate.log
2013-12-22 18:34 - 2013-12-22 18:34 - 00000000 ____D C:\Program Files (x86)\Philips
2013-12-22 18:34 - 2010-02-08 05:45 - 00024064 _____ (WiFi Media Connect) C:\Windows\system32\Drivers\wfmcvad.sys
2013-12-22 18:31 - 2013-12-22 18:31 - 18084280 _____ (Koninklijke Philips Electronics N.V.) C:\Users\Ilona\Downloads\wi-fi_mediaconnect_setup_v1.06.43.exe
2013-12-20 18:46 - 2013-12-20 18:46 - 00000000 ____D C:\Users\Natascha\4.0
2013-12-20 18:46 - 2013-12-20 18:46 - 00000000 ____D C:\Users\Natascha\.tfo4
2013-12-20 16:55 - 2013-12-20 16:56 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-20 08:24 - 2013-12-20 08:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-17 14:01 - 2013-12-17 14:01 - 00000000 ____D C:\Users\Natascha\AppData\Roaming\HP
2013-12-14 20:54 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-14 20:54 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-14 20:54 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-14 20:54 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-14 20:52 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-14 20:52 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-14 20:52 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-14 20:52 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-14 20:52 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-14 20:52 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-14 20:52 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-14 20:52 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-14 20:52 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-14 20:52 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-14 20:52 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-14 20:52 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-14 20:52 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-14 20:52 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-14 20:52 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-14 20:52 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-14 20:52 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-14 20:52 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-14 20:51 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-14 20:51 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-14 20:51 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-14 20:51 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-14 20:51 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-14 20:51 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-14 20:51 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-14 20:51 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-14 20:51 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-14 20:51 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-14 20:51 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-14 20:51 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-14 20:51 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-14 20:45 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-14 20:45 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-14 20:45 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-14 20:45 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-14 20:45 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-14 20:45 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-14 20:45 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-14 20:45 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-14 20:45 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-14 20:45 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-14 20:45 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-14 20:44 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-14 20:44 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-14 20:44 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-14 20:44 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-14 20:44 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-14 20:44 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-14 20:44 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-14 20:44 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-14 14:51 - 2013-12-14 14:52 - 00000000 ____D C:\Users\Natascha\Desktop\Bluetooth
2013-12-04 19:02 - 2013-12-04 19:05 - 00000000 ____D C:\Users\Ilona\AppData\Local\{3F2E9129-D63E-4F31-8D93-68B7BAB8DCE3}
2013-12-04 19:02 - 2013-12-04 19:02 - 00000000 ____D C:\Users\Ilona\AppData\Local\{B78D14D7-5B12-496E-A5D6-66BD3DC44987}
2013-12-03 13:12 - 2013-12-08 15:20 - 00001484 _____ C:\Users\Natascha\daemonprocess.txt
2013-12-01 20:21 - 2013-12-30 08:45 - 00000000 ____D C:\ProgramData\eSafe
2013-12-01 20:21 - 2013-12-08 16:17 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-12-01 20:20 - 2013-12-29 11:55 - 00000000 ____D C:\Program Files (x86)\Re-markit
2013-12-01 20:19 - 2013-12-01 20:19 - 00461808 _____ C:\Users\Ilona\Downloads\Java.exe
2013-12-01 18:48 - 2013-12-08 14:58 - 00004002 _____ C:\Users\Ilona\daemonprocess.txt
2013-12-01 16:43 - 2013-12-04 15:37 - 00000404 _____ C:\Users\Hubert\daemonprocess.txt
2013-12-01 14:36 - 2013-12-01 14:36 - 00000000 ____D C:\Users\wangzhisong\AppData\Local\Mobogenie
2013-12-01 14:36 - 2013-12-01 14:36 - 00000000 ____D C:\Users\wangzhisong
2013-12-01 14:36 - 2013-12-01 14:36 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-12-01 14:36 - 2013-12-01 14:36 - 00000000 _____ C:\Users\Administrator\daemonprocess.txt
2013-12-01 14:35 - 2013-12-30 13:24 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-12-01 14:35 - 2013-12-08 15:50 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive
2013-12-01 14:35 - 2013-12-08 15:41 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-12-01 14:35 - 2013-12-01 14:51 - 00000000 ____D C:\Program Files (x86)\PC Speed Maximizer
2013-12-01 14:35 - 2013-12-01 14:35 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\0F1C1P1P0T1F0L1F1T1Q
2013-12-01 14:35 - 2013-12-01 14:35 - 00000000 ____D C:\ProgramData\BonanzaDealsLive
2013-12-01 14:33 - 2013-12-01 14:33 - 00669296 _____ C:\Users\Ilona\Downloads\VLC_player_Setup.exe
2013-12-01 14:26 - 2013-12-01 14:26 - 00720720 _____ C:\Users\Ilona\Downloads\adobe-flash-player-download_2013-11-30.exe
2013-12-01 14:22 - 2013-12-01 14:22 - 00001787 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-01 14:22 - 2013-12-01 14:22 - 00000000 ____D C:\Program Files\iTunes
2013-12-01 14:22 - 2013-12-01 14:22 - 00000000 ____D C:\Program Files\iPod
2013-12-01 14:22 - 2013-12-01 14:22 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-01 14:09 - 2013-12-01 14:09 - 00000000 ____D C:\Windows\Sun
2013-12-01 14:09 - 2013-12-01 14:09 - 00000000 ____D C:\ProgramData\Sun
2013-12-01 14:09 - 2013-12-01 14:09 - 00000000 ____D C:\ProgramData\Oracle
2013-12-01 14:08 - 2013-12-01 14:08 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-01 14:08 - 2013-12-01 14:08 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-01 14:08 - 2013-12-01 14:08 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-01 14:08 - 2013-12-01 14:08 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-01 14:08 - 2013-12-01 14:08 - 00000000 ____D C:\Program Files (x86)\Java

==================== One Month Modified Files and Folders =======

2013-12-30 14:15 - 2013-12-30 14:14 - 00024550 _____ C:\Users\Ilona\Downloads\FRST.txt
2013-12-30 14:14 - 2013-12-30 14:14 - 00000000 ____D C:\FRST
2013-12-30 14:13 - 2013-12-30 14:13 - 01931302 _____ (Farbar) C:\Users\Ilona\Downloads\FRST64.exe
2013-12-30 14:11 - 2013-12-30 14:11 - 01064199 _____ (Farbar) C:\Users\Ilona\Downloads\FRST.exe
2013-12-30 14:11 - 2013-12-30 13:07 - 00000314 _____ C:\Windows\Tasks\Digital Sites.job
2013-12-30 14:07 - 2013-12-30 13:07 - 00000310 _____ C:\Windows\Tasks\FoxTab.job
2013-12-30 13:59 - 2013-04-02 17:33 - 00001602 _____ C:\Windows\wininit.ini
2013-12-30 13:58 - 2013-12-30 13:58 - 00000928 _____ C:\Users\Ilona\Desktop\iMesh.lnk
2013-12-30 13:58 - 2013-12-30 13:54 - 00000958 _____ C:\Users\Ilona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk
2013-12-30 13:56 - 2013-02-09 13:26 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-12-30 13:54 - 2013-12-30 13:54 - 00000000 ____D C:\Users\Ilona\AppData\Local\iMesh
2013-12-30 13:54 - 2013-02-07 14:26 - 00000000 ____D C:\Users\Ilona\AppData\Local\VirtualStore
2013-12-30 13:53 - 2013-12-30 13:53 - 01272360 _____ (iMesh Inc) C:\Users\Ilona\Downloads\iMeshSetup-r1487-w-bf.exe
2013-12-30 13:29 - 2013-02-07 15:24 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-30 13:24 - 2013-12-01 14:35 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-12-30 13:09 - 2013-12-30 13:08 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\newnext.me
2013-12-30 13:08 - 2013-12-30 13:08 - 00001344 _____ C:\Windows\Tasks\Plus-HD-5.0-updater.job
2013-12-30 13:08 - 2013-12-30 13:08 - 00001246 _____ C:\Windows\Tasks\Plus-HD-5.0-codedownloader.job
2013-12-30 13:08 - 2013-12-30 13:08 - 00001205 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-12-30 13:08 - 2013-12-30 13:08 - 00001146 _____ C:\Windows\Tasks\Plus-HD-5.0-enabler.job
2013-12-30 13:08 - 2013-12-30 13:08 - 00000000 ____D C:\Users\Administrator\.android
2013-12-30 13:08 - 2013-12-30 13:08 - 00000000 ____D C:\ProgramData\Systweak
2013-12-30 13:08 - 2013-12-30 13:08 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2013-12-30 13:08 - 2013-12-30 13:07 - 00000000 ____D C:\Program Files (x86)\Plus-HD-5.0
2013-12-30 13:08 - 2013-10-06 16:49 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Systweak
2013-12-30 13:08 - 2013-10-06 16:49 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-12-30 13:08 - 2013-02-07 14:47 - 00000000 ____D C:\Users\Administrator
2013-12-30 13:07 - 2013-12-30 13:07 - 00002120 _____ C:\Windows\Tasks\Plus-HD-5.0-firefoxinstaller.job
2013-12-30 13:07 - 2013-12-30 13:07 - 00001988 _____ C:\Windows\Tasks\Plus-HD-5.0-chromeinstaller.job
2013-12-30 13:07 - 2013-12-30 13:07 - 00001114 _____ C:\Users\Public\Desktop\Open It!.lnk
2013-12-30 13:07 - 2013-12-30 13:07 - 00001054 _____ C:\Users\Public\Desktop\RegClean Pro.lnk
2013-12-30 13:07 - 2013-12-30 13:07 - 00000300 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job
2013-12-30 13:07 - 2013-12-30 13:07 - 00000292 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2013-12-30 13:07 - 2013-12-30 13:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\FoxTab
2013-12-30 13:07 - 2013-12-30 13:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\DigitalSites
2013-12-30 13:07 - 2013-12-30 13:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\0D0S1L2Z1P1B
2013-12-30 13:07 - 2013-12-30 13:07 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2013-12-30 13:07 - 2013-12-30 13:07 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-12-30 13:07 - 2013-12-30 13:07 - 00000000 ____D C:\Program Files (x86)\Foxtab
2013-12-30 13:05 - 2013-12-30 13:05 - 00673048 _____ (                                                            ) C:\Users\Ilona\Downloads\ZipExtractorSetup(1).exe
2013-12-30 13:04 - 2013-12-30 13:04 - 00673048 _____ (                                                            ) C:\Users\Ilona\Downloads\ZipExtractorSetup.exe
2013-12-30 12:55 - 2012-03-22 01:38 - 00701326 _____ C:\Windows\system32\perfh007.dat
2013-12-30 12:55 - 2012-03-22 01:38 - 00150226 _____ C:\Windows\system32\perfc007.dat
2013-12-30 12:55 - 2009-07-14 06:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-30 12:30 - 2013-12-25 16:09 - 00102098 _____ C:\Windows\WindowsUpdate.log
2013-12-30 11:54 - 2009-07-14 05:45 - 00016768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-30 11:54 - 2009-07-14 05:45 - 00016768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-30 11:49 - 2013-12-30 11:49 - 00000000 _____ C:\Windows\setuperr.log
2013-12-30 11:49 - 2013-12-30 11:49 - 00000000 _____ C:\Windows\setupact.log
2013-12-30 08:45 - 2013-12-01 20:21 - 00000000 ____D C:\ProgramData\eSafe
2013-12-30 08:42 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-30 04:29 - 2013-12-29 12:10 - 00000458 _____ C:\Windows\Tasks\ParetoLogic Update Version3.job
2013-12-30 04:29 - 2013-12-29 12:10 - 00000416 _____ C:\Windows\Tasks\PC Health Advisor Defrag.job
2013-12-30 04:29 - 2013-12-29 12:10 - 00000398 _____ C:\Windows\Tasks\PC Health Advisor.job
2013-12-29 18:11 - 2013-12-29 12:10 - 00000484 _____ C:\Windows\Tasks\ParetoLogic Registration3.job
2013-12-29 15:42 - 2013-12-29 15:41 - 00000000 ____D C:\Users\Natascha\Desktop\Bilder
2013-12-29 12:10 - 2013-12-29 12:10 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ParetoLogic
2013-12-29 12:10 - 2013-12-29 12:10 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\DriverCure
2013-12-29 12:10 - 2013-12-29 12:10 - 00000000 ____D C:\ProgramData\ParetoLogic
2013-12-29 12:10 - 2013-12-29 12:10 - 00000000 ____D C:\Program Files (x86)\ParetoLogic
2013-12-29 12:08 - 2013-12-29 12:08 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Ilona\Downloads\ParetoLogic PC Health Advisor_de.exe
2013-12-29 11:55 - 2013-12-01 20:20 - 00000000 ____D C:\Program Files (x86)\Re-markit
2013-12-28 10:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-28 10:27 - 2013-12-28 10:27 - 00081256 _____ C:\Users\Ilona\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-27 12:13 - 2007-07-12 02:49 - 00000000 ____D C:\Windows\Panther
2013-12-27 12:12 - 2013-04-10 18:38 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-27 12:12 - 2013-04-10 18:38 - 00000000 ____D C:\Program Files\CCleaner
2013-12-26 17:57 - 2013-12-26 17:57 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-12-26 17:57 - 2013-03-02 20:56 - 00000000 ____D C:\Users\Ilona\AppData\Roaming\Samsung
2013-12-22 18:34 - 2013-12-22 18:34 - 00000000 ____D C:\Program Files (x86)\Philips
2013-12-22 18:34 - 2011-10-19 05:31 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-22 18:31 - 2013-12-22 18:31 - 18084280 _____ (Koninklijke Philips Electronics N.V.) C:\Users\Ilona\Downloads\wi-fi_mediaconnect_setup_v1.06.43.exe
2013-12-21 15:04 - 2013-02-07 15:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-21 08:43 - 2013-11-17 11:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2013-12-20 18:46 - 2013-12-20 18:46 - 00000000 ____D C:\Users\Natascha\4.0
2013-12-20 18:46 - 2013-12-20 18:46 - 00000000 ____D C:\Users\Natascha\.tfo4
2013-12-20 18:46 - 2013-02-07 15:47 - 00000000 ____D C:\Users\Natascha
2013-12-20 16:56 - 2013-12-20 16:55 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-20 08:24 - 2013-12-20 08:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-17 14:01 - 2013-12-17 14:01 - 00000000 ____D C:\Users\Natascha\AppData\Roaming\HP
2013-12-15 11:27 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-14 21:10 - 2009-07-14 05:45 - 00366344 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-14 20:53 - 2013-02-09 20:42 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-14 20:51 - 2013-02-16 12:13 - 01597772 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-14 20:49 - 2013-08-14 21:02 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 20:46 - 2013-02-10 12:30 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 14:52 - 2013-12-14 14:51 - 00000000 ____D C:\Users\Natascha\Desktop\Bluetooth
2013-12-12 08:04 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-11 20:15 - 2013-11-08 15:54 - 00000000 ____D C:\Users\Natascha\Desktop\Schule
2013-12-11 18:35 - 2012-08-02 14:09 - 00029792 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys
2013-12-11 18:35 - 2012-06-19 16:28 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2013-12-11 04:29 - 2013-02-07 15:24 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 04:29 - 2011-10-19 06:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-09 04:38 - 2013-02-07 14:26 - 00000000 ____D C:\Users\Ilona
2013-12-08 19:36 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-12-08 19:07 - 2013-05-12 17:45 - 00000000 ____D C:\Windows\Minidump
2013-12-08 18:56 - 2013-09-15 16:28 - 00000000 ____D C:\Program Files (x86)\Plus-HD-3.8
2013-12-08 16:17 - 2013-12-01 20:21 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-12-08 15:50 - 2013-12-01 14:35 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive
2013-12-08 15:41 - 2013-12-01 14:35 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-12-08 15:20 - 2013-12-03 13:12 - 00001484 _____ C:\Users\Natascha\daemonprocess.txt
2013-12-08 15:00 - 2013-09-15 17:17 - 00000000 ____D C:\Program Files (x86)\SoftwareUpdater
2013-12-08 15:00 - 2013-02-16 12:11 - 00000000 ____D C:\Users\Hubert
2013-12-08 15:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-12-08 14:58 - 2013-12-01 18:48 - 00004002 _____ C:\Users\Ilona\daemonprocess.txt
2013-12-04 19:05 - 2013-12-04 19:02 - 00000000 ____D C:\Users\Ilona\AppData\Local\{3F2E9129-D63E-4F31-8D93-68B7BAB8DCE3}
2013-12-04 19:02 - 2013-12-04 19:02 - 00000000 ____D C:\Users\Ilona\AppData\Local\{B78D14D7-5B12-496E-A5D6-66BD3DC44987}
2013-12-04 15:37 - 2013-12-01 16:43 - 00000404 _____ C:\Users\Hubert\daemonprocess.txt
2013-12-01 20:21 - 2013-02-07 15:15 - 00001343 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-01 20:19 - 2013-12-01 20:19 - 00461808 _____ C:\Users\Ilona\Downloads\Java.exe
2013-12-01 14:51 - 2013-12-01 14:35 - 00000000 ____D C:\Program Files (x86)\PC Speed Maximizer
2013-12-01 14:37 - 2013-02-07 15:29 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\vlc
2013-12-01 14:36 - 2013-12-01 14:36 - 00000000 ____D C:\Users\wangzhisong\AppData\Local\Mobogenie
2013-12-01 14:36 - 2013-12-01 14:36 - 00000000 ____D C:\Users\wangzhisong
2013-12-01 14:36 - 2013-12-01 14:36 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-12-01 14:36 - 2013-12-01 14:36 - 00000000 _____ C:\Users\Administrator\daemonprocess.txt
2013-12-01 14:36 - 2013-05-01 12:22 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-12-01 14:35 - 2013-12-01 14:35 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\0F1C1P1P0T1F0L1F1T1Q
2013-12-01 14:35 - 2013-12-01 14:35 - 00000000 ____D C:\ProgramData\BonanzaDealsLive
2013-12-01 14:33 - 2013-12-01 14:33 - 00669296 _____ C:\Users\Ilona\Downloads\VLC_player_Setup.exe
2013-12-01 14:26 - 2013-12-01 14:26 - 00720720 _____ C:\Users\Ilona\Downloads\adobe-flash-player-download_2013-11-30.exe
2013-12-01 14:22 - 2013-12-01 14:22 - 00001787 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-01 14:22 - 2013-12-01 14:22 - 00000000 ____D C:\Program Files\iTunes
2013-12-01 14:22 - 2013-12-01 14:22 - 00000000 ____D C:\Program Files\iPod
2013-12-01 14:22 - 2013-12-01 14:22 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-01 14:09 - 2013-12-01 14:09 - 00000000 ____D C:\Windows\Sun
2013-12-01 14:09 - 2013-12-01 14:09 - 00000000 ____D C:\ProgramData\Sun
2013-12-01 14:09 - 2013-12-01 14:09 - 00000000 ____D C:\ProgramData\Oracle
2013-12-01 14:08 - 2013-12-01 14:08 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-01 14:08 - 2013-12-01 14:08 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-01 14:08 - 2013-12-01 14:08 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-01 14:08 - 2013-12-01 14:08 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-01 14:08 - 2013-12-01 14:08 - 00000000 ____D C:\Program Files (x86)\Java

Files to move or delete:
====================
C:\Users\Administrator\AppData\Roaming\burnaware.ini
C:\Users\Hubert\AppData\Roaming\burnaware.ini
C:\Users\Natascha\AppData\Roaming\burnaware.ini
C:\Users\Public\AlexaNSISPlugin.380.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-12-2013 01
Ran by Ilona at 2013-12-30 14:15:13
Running from C:\Users\Ilona\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

5600 (x32 Version: 130.0.365.000 - Hewlett-Packard)
5600_Help (x32 Version: 82.0.242.000 - Hewlett-Packard)
5600Trb (x32 Version: 82.0.242.000 - Hewlett-Packard)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
Acer eRecovery Management (x32 Version: 5.00.3505 - Acer Incorporated)
Acer Framework (x32 Version: 3.00.5500 - Acer Incorporated)
Acer Registration (x32 Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (x32 Version: 1.1.0609.2011 - Acer Incorporated)
Acer Updater (x32 Version: 1.02.3501 - Acer Incorporated)
Adobe AIR (x32 Version: 3.5.0.1060 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.8.638 - Adobe Systems, Inc.)
Advanced System Protector (x32 Version: 2.1.1000.12580 - Systweak Software) <==== ATTENTION
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard)
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard)
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
AVG Security Toolbar (x32 Version: 15.5.0.2 - AVG Technologies)
Bing-Desktop (x32 Version: 1.3.171.0 - Microsoft Corporation)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard)
BurnAware Free 6.5 (x32 Version:  - Burnaware)
CCleaner (Version: 4.09 - Piriform)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard)
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard)
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard)
ElsterFormular (x32 Version: 14.3.11574 - Landesfinanzdirektion Thüringen)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Foxtab (x32 Version:  - FoxTab) <==== ATTENTION
Free YouTube Download version 3.2.2.426 (x32 Version: 3.2.2.426 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.2.426 (x32 Version: 3.12.2.426 - DVDVideoSoft Ltd.)
FreePDF (Remove only) (x32 Version:  - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Google Update Helper (x32 Version: 1.3.23.0 - BonanzaDeals)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard)
GPL Ghostscript (Version: 9.04 - Artifex Software Inc.)
HP Customer Participation Program 13.0 (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (Version: 4.51 - HP)
HP Solution Center 13.0 (Version: 13.0 - HP)
HP Update (x32 Version: 4.000.011.006 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard)
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard)
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard)
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard)
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard)
iMesh (HKCU Version: 12.5.0.134242 - iMesh Inc)
Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 9.5.3.1520 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 9.17.10.3190 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (x32 Version:  - Intel Corporation)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 21 (64-bit) (Version: 7.0.210 - Oracle)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.)
Java SE Development Kit 7 Update 21 (64-bit) (Version: 1.7.0.210 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mobogenie (x32 Version:  - Mobogenie.com)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKCU Version:  - )
MyPC Backup  (Version:  - MyPC Backup) <==== ATTENTION
Network64 (Version: 130.0.572.000 - Hewlett-Packard)
Network64 (Version: 140.0.221.000 - Hewlett-Packard)
OCR Software by I.R.I.S. 13.0 (Version: 13.0 - HP)
Open It! (x32 Version: 1.1.1 - OpenIt)
OpenOffice 4.0.0 (x32 Version: 4.00.9702 - Apache Software Foundation)
ParetoLogic PC Health Advisor (x32 Version: 3.1.0.0 - ParetoLogic, Inc.)
PhotoScape (x32 Version:  - )
Plus-HD-5.0 (x32 Version: 1.31.153.3 - Plus HD) <==== ATTENTION
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
QuickTime (x32 Version: 7.73.80.64 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Realtek Ethernet Controller Driver (x32 Version: 7.37.1229.2010 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6971 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (Version:  - )
RegClean Pro (x32 Version: 6.21 - Systweak Inc) <==== ATTENTION
Re-markit (x32 Version:  - Re-markit Software)
Samsung Kies (x32 Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.18.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard)
Shop for HP Supplies (Version: 13.0 - HP)
Skype™ 5.10 (x32 Version: 5.10.116 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard)
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard)
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
VLC media player 2.0.2 (x32 Version: 2.0.2 - VideoLAN)
VLC media player 2.0.6 (Version: 2.0.6 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard)
Wi-Fi MediaConnect (x32 Version: 1.6.43 - Philips)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation)
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт)
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Utils (x32 Version:  - )
Wsys Control 16.2.1.3067 (x32 Version: 16.2.1.3067 - Wsys Co., Ltd.) <==== ATTENTION
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт)
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation)

==================== Restore Points  =========================

Could not list Restore Points. Check WMI.


==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\Digital Sites.job => ?
Task: C:\Windows\Tasks\FoxTab.job => ?
Task: C:\Windows\Tasks\ParetoLogic Registration3.job => ?
Task: C:\Windows\Tasks\ParetoLogic Update Version3.job => ?
Task: C:\Windows\Tasks\PC Health Advisor Defrag.job => ?
Task: C:\Windows\Tasks\PC Health Advisor.job => ?
Task: C:\Windows\Tasks\Plus-HD-5.0-chromeinstaller.job => ?
Task: C:\Windows\Tasks\Plus-HD-5.0-codedownloader.job => ?
Task: C:\Windows\Tasks\Plus-HD-5.0-enabler.job => ?
Task: C:\Windows\Tasks\Plus-HD-5.0-firefoxinstaller.job => ?
Task: C:\Windows\Tasks\Plus-HD-5.0-updater.job => ?
Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => ?
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => ?

==================== Loaded Modules (whitelisted) =============

2011-10-19 06:18 - 2011-06-10 18:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-08-17 20:38 - 2012-08-17 20:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-14 17:32 - 2013-08-14 17:32 - 00521904 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\log4cplusU.dll
2013-08-14 17:32 - 2013-08-14 17:32 - 00144560 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\SiteSafety.dll
2013-12-10 10:51 - 2013-12-10 10:51 - 00057856 _____ () C:\Users\Ilona\AppData\Local\Temp\nsgC384.tmp\~nsr39CC.tmp
2013-12-20 08:24 - 2013-12-20 08:24 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-12-11 04:29 - 2013-12-11 04:29 - 16242056 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/30/2013 08:43:52 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/30/2013 04:30:47 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/29/2013 07:00:01 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "F:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (12/29/2013 03:34:58 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Kies.exe, Version: 1.0.0.1199, Zeitstempel: 0x511b6cb8
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0x1984
Startzeit der fehlerhaften Anwendung: 0xKies.exe0
Pfad der fehlerhaften Anwendung: Kies.exe1
Pfad des fehlerhaften Moduls: Kies.exe2
Berichtskennung: Kies.exe3

Error: (12/29/2013 03:34:53 PM) (Source: .NET Runtime) (User: )
Description: Anwendung: Kies.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Win32Exception
Stapel:
  bei System.Diagnostics.ProcessManager.OpenProcess(Int32, Int32, Boolean)
  bei System.Diagnostics.Process.GetProcessHandle(Int32, Boolean)
  bei System.Diagnostics.Process.OpenProcessHandle(Int32)
  bei System.Diagnostics.Process.get_Handle()
  bei Kies.App.CheckExistenceTrayAgent()
  bei Kies.App..ctor()
  bei Kies.App.Main()

Error: (12/29/2013 11:51:33 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/29/2013 07:41:55 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/28/2013 05:57:50 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: hpqtra08.exe, Version: 130.0.422.0, Zeitstempel: 0x4ab683ef
Name des fehlerhaften Moduls: hpodio08.dll, Version: 130.0.80.0, Zeitstempel: 0x4ab64cc0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00031843
ID des fehlerhaften Prozesses: 0x1020
Startzeit der fehlerhaften Anwendung: 0xhpqtra08.exe0
Pfad der fehlerhaften Anwendung: hpqtra08.exe1
Pfad des fehlerhaften Moduls: hpqtra08.exe2
Berichtskennung: hpqtra08.exe3

Error: (12/28/2013 07:06:41 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/27/2013 06:49:05 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/30/2013 00:52:57 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (12/28/2013 08:51:26 PM) (Source: DCOM) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (12/28/2013 10:26:41 AM) (Source: DCOM) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (12/27/2013 00:54:43 PM) (Source: DCOM) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (12/27/2013 00:54:43 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (12/27/2013 10:10:29 AM) (Source: DCOM) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (12/26/2013 10:56:16 PM) (Source: DCOM) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (12/08/2013 03:27:54 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (12/08/2013 03:27:54 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.

Error: (12/08/2013 03:02:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053


Microsoft Office Sessions:
=========================
Error: (11/02/2013 00:17:02 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1635 seconds with 840 seconds of active time.  This session ended with a crash.

Error: (10/29/2013 01:04:01 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1382 seconds with 60 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-12-30 12:09:45.744
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-30 12:09:45.744
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-30 12:09:45.744
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-30 12:09:45.724
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-30 12:09:45.724
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-30 12:09:45.724
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-29 13:05:21.117
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-29 13:05:21.117
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-29 13:05:21.117
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-29 13:05:21.097
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 49%
Total physical RAM: 4037.01 MB
Available physical RAM: 2024.5 MB
Total Pagefile: 8072.2 MB
Available Pagefile: 5548.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:221.83 GB) (Free:164.11 GB) NTFS
Drive d: (DATA) (Fixed) (Total:221.83 GB) (Free:221.74 GB) NTFS
Drive f: (Expansion Drive) (Fixed) (Total:931.51 GB) (Free:485.99 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

cosinus 30.12.2013 18:37
Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

hubschmid 30.12.2013 20:53
habe alles bis zum drücken des CleanUp Button getan, nur der Computer macht keinen Neustart. Soll ich den jetzt selbst veranlassen?

cosinus 30.12.2013 21:11
ja mach es selbst, oder hast du das Log schon?

hubschmid 30.12.2013 21:38
lag mal wieder an meiner Unwissenheit. War nicht als Admin angemeldet und habe dehalb auch die .txt Datei nicht gefunden, aber scheinbar hat es geklappt. Hier das Log.

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
Malwarebytes : Free Anti-Malware

Database version: v2013.12.30.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Administrator :: HUBERT-PC [administrator]

30.12.2013 20:30:29
mbar-log-2013-12-30 (20-30-29).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 332645
Time elapsed: 12 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 10
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page (Hijack.SearchPage) -> Bad: (Certified-Toolbar Search) Good: (Google) -> Replace on reboot.
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page (Hijack.StartPage) -> Bad: (Certified-Toolbar Search) Good: (Google) -> Replace on reboot.
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL (Hijack.SearchPage) -> Bad: (Certified-Toolbar Search) Good: (Google) -> Replace on reboot.
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar (Hijack.SearchPage) -> Bad: (Certified-Toolbar Search) Good: (Google) -> Replace on reboot.
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL (Hijack.SearchPage) -> Bad: (Certified-Toolbar Search) Good: (Google) -> Replace on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL (Hijack.SearchPage) -> Bad: (Certified-Toolbar Search) Good: (Google) -> Replace on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page (Hijack.StartPage) -> Bad: (Certified-Toolbar Search) Good: (Google) -> Replace on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page (Hijack.SearchPage) -> Bad: (Certified-Toolbar Search) Good: (Google) -> Replace on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar (Hijack.SearchPage) -> Bad: (Certified-Toolbar Search) Good: (Google) -> Replace on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL (Hijack.SearchPage) -> Bad: (Certified-Toolbar Search) Good: (Google) -> Replace on reboot.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus 30.12.2013 22:00
Ok, MBAR wiederholen wie in der Anleitung beschrieben

Zitat:
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

hubschmid 31.12.2013 11:51
Hallo,
habe MBAR nochmals scannen lassen und es kam die Meldung, frei übersetzt, nichts gefunden, keine Maleware vorhanden.
Zu meiner Enttäuschung hat sich die Anfangs beschriebene Aufforderung zum Update heute Morgen wieder geöffnet und neuerdings öffnet sich auch unten stehende Seite sobald ich mit der Maus auf eure Seite drücke.

hxxp://gir.driveropti.net/sd/cpops-1.2.0.html?u=http%3A%2F%2Fgir.driveropti.net%2Fsd%2Fapps%2Ffusionx%2F0.0.4.html%3Faff%3D2040-2081&p=Remarkit

Habe ich was falsch gemacht, oder muss ich noch eine Aktion durchführen?

cosinus 31.12.2013 16:19
Es wurde doch hier nirgend geschrieben, dass hier nach MBAR alles ok sei :( also wie kommst du bitte darauf
Mit MBAR wollte ich sicherstellen, dass keine böseren Schädlinge auf diesem System werkeln

Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


hubschmid 01.01.2014 18:47
Hey sorry wenn ich da was falsch verstanden habe, hier nun die Logdatei von adwcleaner

Code:
# AdwCleaner v3.016 - Bericht erstellt am 01/01/2014 um 18:02:55
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Administrator - HUBERT-PC
# Gestartet von : C:\Users\Administrator\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : SystemStoreService
Dienst Gelöscht : WsysSvc

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\BitGuard
Ordner Gelöscht : C:\ProgramData\BonanzaDealsLive
Ordner Gelöscht : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\ProgramData\ParetoLogic
Ordner Gelöscht : C:\Program Files (x86)\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\BonanzaDeals
Ordner Gelöscht : C:\Program Files (x86)\BonanzaDealsLive
Ordner Gelöscht : C:\Program Files (x86)\Mobogenie
Ordner Gelöscht : C:\Program Files (x86)\myfree codec
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files (x86)\optimizer pro
Ordner Gelöscht : C:\Program Files (x86)\ParetoLogic
Ordner Gelöscht : C:\Program Files (x86)\PC Speed Maximizer
Ordner Gelöscht : C:\Program Files (x86)\Re-markit
Ordner Gelöscht : C:\Program Files (x86)\SoftwareUpdater
Ordner Gelöscht : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\Common Files\ParetoLogic
Ordner Gelöscht : C:\Program Files\SoftwareUpdater
Ordner Gelöscht : C:\Users\Ilona\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\Ilona\AppData\Local\iMesh
Ordner Gelöscht : C:\Users\Ilona\AppData\LocalLow\AVG Secure Search
Ordner Gelöscht : C:\Users\Ilona\AppData\LocalLow\GutscheinCodes
Ordner Gelöscht : C:\Users\Ilona\AppData\LocalLow\SimplyTech
Ordner Gelöscht : C:\Users\Ilona\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Natascha\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\Natascha\AppData\Local\iLivid
Ordner Gelöscht : C:\Users\Natascha\AppData\LocalLow\AVG Secure Search
Ordner Gelöscht : C:\Users\Natascha\AppData\LocalLow\GutscheinCodes
Ordner Gelöscht : C:\Users\Natascha\AppData\LocalLow\SimplyTech
Ordner Gelöscht : C:\Users\Natascha\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Hubert\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\Hubert\AppData\LocalLow\AVG Secure Search
Ordner Gelöscht : C:\Users\Hubert\AppData\LocalLow\SimplyTech
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\BonanzaDealsLive
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\SoftwareUpdater
Ordner Gelöscht : C:\Users\Administrator\AppData\LocalLow\AVG Secure Search
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\DriverCure
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\ParetoLogic
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\Windows Net Data
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
Ordner Gelöscht : C:\Users\Administrator\Documents\Mobogenie
Ordner Gelöscht : C:\Users\Administrator\Documents\optimizer pro
Ordner Gelöscht : C:\Users\Administrator\Documents\PC Speed Maximizer
Ordner Gelöscht : C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\3v1h8oh8.default\Extensions\{5EBDCA98-43B3-45BB-87E0-716029FB42AB}
Ordner Gelöscht : C:\Users\Natascha\AppData\Roaming\Mozilla\Firefox\Profiles\7z1es6og.default\Extensions\{5EBDCA98-43B3-45BB-87E0-716029FB42AB}
Ordner Gelöscht : C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\qx4xrllm.default\Extensions\{5EBDCA98-43B3-45BB-87E0-716029FB42AB}
Ordner Gelöscht : C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\3v1h8oh8.default\Extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}
Ordner Gelöscht : C:\Users\Natascha\AppData\Roaming\Mozilla\Firefox\Profiles\7z1es6og.default\Extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}
Ordner Gelöscht : C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\qx4xrllm.default\Extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}
Ordner Gelöscht : C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\3v1h8oh8.default\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}
Ordner Gelöscht : C:\Users\Natascha\AppData\Roaming\Mozilla\Firefox\Profiles\7z1es6og.default\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}
Ordner Gelöscht : C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\qx4xrllm.default\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3blu7wtb.default\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3blu7wtb.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_535500\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
Ordner Gelöscht : C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\3v1h8oh8.default\Extensions\ffxtlbr@mysearchdial.com
Ordner Gelöscht : C:\Users\Natascha\AppData\Roaming\Mozilla\Firefox\Profiles\7z1es6og.default\Extensions\ffxtlbr@mysearchdial.com
Ordner Gelöscht : C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\qx4xrllm.default\Extensions\ffxtlbr@mysearchdial.com
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Ilona\Desktop\iMesh.lnk
Datei Gelöscht : C:\Users\Administrator\AppData\Local\mysearchdial-speeddial.crx
Datei Gelöscht : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
Datei Gelöscht : C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\3v1h8oh8.default\searchplugins\Ask.xml
Datei Gelöscht : C:\Users\Natascha\AppData\Roaming\Mozilla\Firefox\Profiles\7z1es6og.default\searchplugins\Ask.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\3v1h8oh8.default\searchplugins\Mysearchdial.xml
Datei Gelöscht : C:\Users\Natascha\AppData\Roaming\Mozilla\Firefox\Profiles\7z1es6og.default\searchplugins\Mysearchdial.xml
Datei Gelöscht : C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\qx4xrllm.default\searchplugins\Mysearchdial.xml
Datei Gelöscht : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3blu7wtb.default\searchplugins\Mysearchdial.xml
Datei Gelöscht : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_535500\searchplugins\Mysearchdial.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\nationzoom.xml
Datei Gelöscht : C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\3v1h8oh8.default\searchplugins\Web Search.xml
Datei Gelöscht : C:\Users\Natascha\AppData\Roaming\Mozilla\Firefox\Profiles\7z1es6og.default\searchplugins\Web Search.xml
Datei Gelöscht : C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\qx4xrllm.default\searchplugins\Web Search.xml
Datei Gelöscht : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3blu7wtb.default\searchplugins\Web Search.xml
Datei Gelöscht : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_535500\searchplugins\Web Search.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Web Search.xml
Datei Gelöscht : C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\3v1h8oh8.default\user.js
Datei Gelöscht : C:\Users\Natascha\AppData\Roaming\Mozilla\Firefox\Profiles\7z1es6og.default\user.js
Datei Gelöscht : C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\qx4xrllm.default\user.js
Datei Gelöscht : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3blu7wtb.default\user.js
Datei Gelöscht : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_535500\user.js
Datei Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage
Datei Gelöscht : C:\Windows\Tasks\FoxTab.job
Datei Gelöscht : C:\Windows\System32\Tasks\FoxTab
Datei Gelöscht : C:\Windows\System32\Tasks\FreeDriverScout
Datei Gelöscht : C:\Windows\System32\Tasks\LaunchApp
Datei Gelöscht : C:\Windows\Tasks\paretologic registration3.job
Datei Gelöscht : C:\Windows\System32\Tasks\paretologic registration3
Datei Gelöscht : C:\Windows\Tasks\paretologic update version3.job
Datei Gelöscht : C:\Windows\System32\Tasks\paretologic update version3
Datei Gelöscht : C:\Windows\Tasks\PC Health Advisor Defrag.job
Datei Gelöscht : C:\Windows\System32\Tasks\PC Health Advisor Defrag
Datei Gelöscht : C:\Windows\Tasks\PC Health Advisor.job
Datei Gelöscht : C:\Windows\System32\Tasks\PC Health Advisor
Datei Gelöscht : C:\Windows\System32\Tasks\Software Updater Ui
Datei Gelöscht : C:\Windows\System32\Tasks\Software Updater

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D0EC4142-5808-41D2-A4DC-6081CF1A9693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{396ECD31-EDF7-489F-BDA1-83DBA4C36E81}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F443A627-5009-4323-9C1D-7FD598D0D712}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D0EC4142-5808-41D2-A4DC-6081CF1A9693}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\Alexa Internet
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\BonanzaDealsLive
Schlüssel Gelöscht : HKCU\Software\distromatic
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\mysearchdial.com
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\ParetoLogic
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\Software\BonanzaDealsLive
Schlüssel Gelöscht : HKLM\Software\eSafeSecControl
Schlüssel Gelöscht : HKLM\Software\nationzoomSoftware
Schlüssel Gelöscht : HKLM\Software\ParetoLogic
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WsysControl

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Default_Page_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Start Default_Page_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\Ilona\AppData\Roaming\Mozilla\Firefox\Profiles\3v1h8oh8.default\prefs.js ]

Zeile gelöscht : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\15.5.0.2");
Zeile gelöscht : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");
Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388");
Zeile gelöscht : user_pref("browser.search.defaultengine", "Web Search");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Zeile gelöscht : user_pref("browser.search.order.1", "Ask.com");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388");
Zeile gelöscht : user_pref("extensions.crossrider.bic", "141273622b68b5aad98f9a577dbf4353");
Zeile gelöscht : user_pref("extensions.mysearchdial.aflt", "irmsd1103aw");
Zeile gelöscht : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Zeile gelöscht : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0E0C0AzzyC0BzyyBzytAzytB0D0E0FtDtN0D0Tzu0SyBtDtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");
Zeile gelöscht : user_pref("extensions.mysearchdial.cntry", "DE");
Zeile gelöscht : user_pref("extensions.mysearchdial.cr", "1124419911");
Zeile gelöscht : user_pref("extensions.mysearchdial.dfltLng", "");
Zeile gelöscht : user_pref("extensions.mysearchdial.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.dnsErr", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.dspFFXOld", "Web Search");
Zeile gelöscht : user_pref("extensions.mysearchdial.excTlbr", false);
Zeile gelöscht : user_pref("extensions.mysearchdial.hdrMd5", "1330614D5CC93AB286DDC791975564DE");
Zeile gelöscht : user_pref("extensions.mysearchdial.hmpg", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103aw&cd=2XzuyEtN2Y1L1Qzu0E0C0AzzyC0BzyyBzytAzytB0D0E0FtDtN0D0Tzu0SyBtDtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1Czu[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.hpFFXOld", "hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.id", "ECA86B979392DEF0");
Zeile gelöscht : user_pref("extensions.mysearchdial.instlDay", "16040");
Zeile gelöscht : user_pref("extensions.mysearchdial.instlRef", "");
Zeile gelöscht : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103aw&cd=2XzuyEtN2Y1L1Qzu0E0C0AzzyC0BzyyBzytAzytB0D0E0FtDtN0D0Tzu0SyBtDtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutC[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.lastVrsnTs", "");
Zeile gelöscht : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd1103aw&cd=2XzuyEtN2Y1L1Qzu0E0C0AzzyC0BzyyBzytAzytB0D0E0FtDtN0D0Tzu0SyBtDtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1C[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"89\",\"lastVrsn\":\"89\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Zeile gelöscht : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.sg", "{smplGrp}");
Zeile gelöscht : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd1103aw&cd=2XzuyEtN2Y1L1Qzu0E0C0AzzyC0BzyyBzytAzytB0D0E0FtDtN0D0Tzu0SyBtDtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Zeile gelöscht : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Zeile gelöscht : user_pref("extensions.mysearchdial_i.hmpg", true);
Zeile gelöscht : user_pref("extensions.mysearchdial_i.newTab", false);
Zeile gelöscht : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.014:34:47");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=1487&systemid=1&v=n10781-212&apn_dtid=IME001&apn_ptnrs=AGE&apn_uid=6253835320944712&o=APN10653&q=");
Zeile gelöscht : user_pref("wtb6787.homepage", "hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388");
Zeile gelöscht : user_pref("wtb6787.newtab", "hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388");

[ Datei : C:\Users\Natascha\AppData\Roaming\Mozilla\Firefox\Profiles\7z1es6og.default\prefs.js ]

Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388");
Zeile gelöscht : user_pref("browser.search.defaultengine", "Web Search");
Zeile gelöscht : user_pref("browser.search.order.1", "Mysearchdial");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388");
Zeile gelöscht : user_pref("extensions.crossrider.bic", "14122720a328e909ca1f765fab601feb");
Zeile gelöscht : user_pref("extensions.mysearchdial.aflt", "irmsd1103aw");
Zeile gelöscht : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Zeile gelöscht : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0E0C0AzzyC0BzyyBzytAzytB0D0E0FtDtN0D0Tzu0SyBtDtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");
Zeile gelöscht : user_pref("extensions.mysearchdial.cntry", "DE");
Zeile gelöscht : user_pref("extensions.mysearchdial.cr", "1124419911");
Zeile gelöscht : user_pref("extensions.mysearchdial.dfltLng", "");
Zeile gelöscht : user_pref("extensions.mysearchdial.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.dnsErr", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.dspFFXOld", "Web Search");
Zeile gelöscht : user_pref("extensions.mysearchdial.excTlbr", false);
Zeile gelöscht : user_pref("extensions.mysearchdial.hdrMd5", "1330614D5CC93AB286DDC791975564DE");
Zeile gelöscht : user_pref("extensions.mysearchdial.hmpg", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103aw&cd=2XzuyEtN2Y1L1Qzu0E0C0AzzyC0BzyyBzytAzytB0D0E0FtDtN0D0Tzu0SyBtDtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1Czu[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.hpFFXOld", "hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.id", "ECA86B979392DEF0");
Zeile gelöscht : user_pref("extensions.mysearchdial.instlDay", "16040");
Zeile gelöscht : user_pref("extensions.mysearchdial.instlRef", "");
Zeile gelöscht : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103aw&cd=2XzuyEtN2Y1L1Qzu0E0C0AzzyC0BzyyBzytAzytB0D0E0FtDtN0D0Tzu0SyBtDtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutC[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.lastVrsnTs", "");
Zeile gelöscht : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd1103aw&cd=2XzuyEtN2Y1L1Qzu0E0C0AzzyC0BzyyBzytAzytB0D0E0FtDtN0D0Tzu0SyBtDtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1C[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"89\",\"lastVrsn\":\"89\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Zeile gelöscht : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.sg", "{smplGrp}");
Zeile gelöscht : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd1103aw&cd=2XzuyEtN2Y1L1Qzu0E0C0AzzyC0BzyyBzytAzytB0D0E0FtDtN0D0Tzu0SyBtDtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Zeile gelöscht : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Zeile gelöscht : user_pref("extensions.mysearchdial_i.hmpg", true);
Zeile gelöscht : user_pref("extensions.mysearchdial_i.newTab", false);
Zeile gelöscht : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.014:34:47");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388&st=chrome&q=");
Zeile gelöscht : user_pref("wtb6787.homepage", "hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388");
Zeile gelöscht : user_pref("wtb6787.newtab", "hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388");

[ Datei : C:\Users\Hubert\AppData\Roaming\Mozilla\Firefox\Profiles\qx4xrllm.default\prefs.js ]

Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388");
Zeile gelöscht : user_pref("browser.search.defaultengine", "Web Search");
Zeile gelöscht : user_pref("browser.search.order.1", "Mysearchdial");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388");
Zeile gelöscht : user_pref("extensions.crossrider.bic", "141637c31c025e789a14f9c0280333c9");
Zeile gelöscht : user_pref("extensions.mysearchdial.aflt", "irmsd1103aw");
Zeile gelöscht : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Zeile gelöscht : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0E0C0AzzyC0BzyyBzytAzytB0D0E0FtDtN0D0Tzu0SyBtDtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");
Zeile gelöscht : user_pref("extensions.mysearchdial.cntry", "DE");
Zeile gelöscht : user_pref("extensions.mysearchdial.cr", "1124419911");
Zeile gelöscht : user_pref("extensions.mysearchdial.dfltLng", "");
Zeile gelöscht : user_pref("extensions.mysearchdial.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.dnsErr", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.dspFFXOld", "Web Search");
Zeile gelöscht : user_pref("extensions.mysearchdial.excTlbr", false);
Zeile gelöscht : user_pref("extensions.mysearchdial.hdrMd5", "1330614D5CC93AB286DDC791975564DE");
Zeile gelöscht : user_pref("extensions.mysearchdial.hmpg", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103aw&cd=2XzuyEtN2Y1L1Qzu0E0C0AzzyC0BzyyBzytAzytB0D0E0FtDtN0D0Tzu0SyBtDtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1Czu[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.hpFFXOld", "hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.id", "ECA86B979392DEF0");
Zeile gelöscht : user_pref("extensions.mysearchdial.instlDay", "16040");
Zeile gelöscht : user_pref("extensions.mysearchdial.instlRef", "");
Zeile gelöscht : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103aw&cd=2XzuyEtN2Y1L1Qzu0E0C0AzzyC0BzyyBzytAzytB0D0E0FtDtN0D0Tzu0SyBtDtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutC[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.lastVrsnTs", "");
Zeile gelöscht : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd1103aw&cd=2XzuyEtN2Y1L1Qzu0E0C0AzzyC0BzyyBzytAzytB0D0E0FtDtN0D0Tzu0SyBtDtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1C[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"89\",\"lastVrsn\":\"89\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Zeile gelöscht : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.sg", "{smplGrp}");
Zeile gelöscht : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd1103aw&cd=2XzuyEtN2Y1L1Qzu0E0C0AzzyC0BzyyBzytAzytB0D0E0FtDtN0D0Tzu0SyBtDtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Zeile gelöscht : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Zeile gelöscht : user_pref("extensions.mysearchdial_i.hmpg", true);
Zeile gelöscht : user_pref("extensions.mysearchdial_i.newTab", false);
Zeile gelöscht : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.014:34:47");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388&st=chrome&q=");
Zeile gelöscht : user_pref("wtb6787.homepage", "hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388");
Zeile gelöscht : user_pref("wtb6787.newtab", "hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388");

[ Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3blu7wtb.default\prefs.js ]

Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://search.certified-toolbar.com?si=66920&st=newtab&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388");
Zeile gelöscht : user_pref("browser.search.defaultengine", "Web Search");
Zeile gelöscht : user_pref("browser.search.order.1", "Web Search");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388");
Zeile gelöscht : user_pref("extensions.crossrider.bic", "141223da39f83493b0387c4c2cd18392");
Zeile gelöscht : user_pref("extensions.mysearchdial.aflt", "irmsd1103aw");
Zeile gelöscht : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Zeile gelöscht : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0E0C0AzzyC0BzyyBzytAzytB0D0E0FtDtN0D0Tzu0SyBtDtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");
Zeile gelöscht : user_pref("extensions.mysearchdial.cntry", "DE");
Zeile gelöscht : user_pref("extensions.mysearchdial.cr", "1124419911");
Zeile gelöscht : user_pref("extensions.mysearchdial.dfltLng", "");
Zeile gelöscht : user_pref("extensions.mysearchdial.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.dnsErr", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.excTlbr", false);
Zeile gelöscht : user_pref("extensions.mysearchdial.hdrMd5", "238570157E5A8E5D633F744B7FA81921");
Zeile gelöscht : user_pref("extensions.mysearchdial.hmpg", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103aw&cd=2XzuyEtN2Y1L1Qzu0E0C0AzzyC0BzyyBzytAzytB0D0E0FtDtN0D0Tzu0SyBtDtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1Czu[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.id", "ECA86B979392DEF0");
Zeile gelöscht : user_pref("extensions.mysearchdial.instlDay", "16040");
Zeile gelöscht : user_pref("extensions.mysearchdial.instlRef", "");
Zeile gelöscht : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103aw&cd=2XzuyEtN2Y1L1Qzu0E0C0AzzyC0BzyyBzytAzytB0D0E0FtDtN0D0Tzu0SyBtDtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutC[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.014:34:47");
Zeile gelöscht : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd1103aw&cd=2XzuyEtN2Y1L1Qzu0E0C0AzzyC0BzyyBzytAzytB0D0E0FtDtN0D0Tzu0SyBtDtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1C[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"89\",\"lastVrsn\":\"89\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Zeile gelöscht : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.sg", "none");
Zeile gelöscht : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd1103aw&cd=2XzuyEtN2Y1L1Qzu0E0C0AzzyC0BzyyBzytAzytB0D0E0FtDtN0D0Tzu0SyBtDtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Zeile gelöscht : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Zeile gelöscht : user_pref("extensions.mysearchdial_i.hmpg", true);
Zeile gelöscht : user_pref("extensions.mysearchdial_i.newTab", false);
Zeile gelöscht : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.014:34:47");
Zeile gelöscht : user_pref("wtb6787.homepage", "hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388");
Zeile gelöscht : user_pref("wtb6787.newtab", "hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388");

[ Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_535500\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultengine", "Web Search");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Web Search");
Zeile gelöscht : user_pref("browser.search.order.1", "Web Search");
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.backgroundjs", "\n\n/*****************************************************************************[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.internaldb.cache/2a71b3b28494cf1854d333288ccc18ba_DE.value", "%22var%20cat_2a71b3b28494cf1854d3332[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.internaldb.cache/3518e1eac042730aa1274618984462b3_DE.value", "%22var%20cat_3518e1eac042730aa127461[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.internaldb.cache/5cdf8a7ef2ec84abac286c67587b78d9.value", "%22function%20tcmMarkWindow%28a%29%7Bva[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.internaldb.cache/d5baae4ef839769f8eb7e9f9d82d8a40_DE.value", "%22var%20cat_d5baae4ef839769f8eb7e9f[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.js", "\n\n  /************************************************************************************\[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return app[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_102.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_104.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_119.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_120.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_123.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_13.name", "CrossriderAppUtils");
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_138.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_14.name", "CrossriderUtils");
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_155.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.a[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.que[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_con[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a};}()var [...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_78.name", "CrossriderInfo");
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_87.code", "var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jquery;if(appAPI.platform==\[...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_91.code", "(function(h){var p=(function(){var R=0;var Z=\"\";function Q(ac){return [...]
Zeile gelöscht : user_pref("extensions.ac17236e8fd6644bcaeef1e00981cbb640a4ee0fe53564fd3b37c5cd5671a315ccom39030.39030.plugins.plugin_92.code", "if(typeof appAPI.internal.monetization===\"undefined\"){appAPI.internal.[...]
Zeile gelöscht : user_pref("extensions.crossrider.bic", "141223da39f83493b0387c4c2cd18392");
Zeile gelöscht : user_pref("wtb6787.homepage", "hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388");
Zeile gelöscht : user_pref("wtb6787.newtab", "hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388");
Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://search.certified-toolbar.com?si=66920&st=newtab&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=66920&tid=6787&ver=4.8&ts=1379258849293.000008&tguid=66920-6787-1379258849293-64884ED618C27EA13BBC6512A7AA6388&st=chrome&q=");

*************************

AdwCleaner[R0].txt - [54425 octets] - [01/01/2014 18:00:37]
AdwCleaner[S0].txt - [50132 octets] - [01/01/2014 18:02:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [50193 octets] ##########
Jetzt mach ich den 2. Schritt mit JRT - Junkware Removal Tool

hier nun die JRT.txt Datei
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Professional x64
Ran by Administrator on 01.01.2014 at 18:16:50,46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d3f0af55-9cc4-4308-a238-e571a3ce249c}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{d3f0af55-9cc4-4308-a238-e571a3ce249c}



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\sho171F.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho308D.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho64FE.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9251.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoA1E4.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC1F1.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoE607.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\datamngr"
Successfully deleted: [Folder] "C:\Program Files (x86)\plus-hd-3.8"



~~~ FireFox

Emptied folder: C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\3blu7wtb.default\minidumps [8 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.01.2014 at 18:22:44,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ich vermute mal, jetzt habe ich wieder was falsch gemacht. Ich schick dir mal die Datei die ich nach den Scan gefunden habe, leider habe ich vorher keine FRST.txt und danach keine Addition.txt gefunden. Sei bitte nicht sauer


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013 01
Ran by Administrator (administrator) on HUBERT-PC on 01-01-2014 18:35:09
Running from C:\Users\Administrator\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Koninklijke Philips Electronics N.V.) C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13632216 2013-07-09] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - "C:\Windows\system32\hkcmd.exe"
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1509232 2013-02-13] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-02-06] (Samsung Electronics)
HKCU\...\Run: [DriverTurbo] - C:\Program Files (x86)\DriverTurbo\DriverTurbo.exe [6525088 2013-04-15] ()
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Hubert\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1509232 2013-02-13] (Samsung)
HKU\Hubert\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-02-06] (Samsung Electronics)
HKU\Hubert\...\Run: [DriverTurbo] - C:\Program Files (x86)\DriverTurbo\DriverTurbo.exe [6525088 2013-04-15] ()
HKU\Ilona\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)
HKU\Ilona\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1509232 2013-02-13] (Samsung)
HKU\Ilona\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-02-06] (Samsung Electronics)
HKU\Ilona\...\Run: [DriverTurbo] - C:\Program Files (x86)\DriverTurbo\DriverTurbo.exe [6525088 2013-04-15] ()
HKU\Ilona\...\Run: [iMesh] - "C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe" --lightmode
HKU\Natascha\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)
HKU\Natascha\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1509232 2013-02-13] (Samsung)
HKU\Natascha\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-02-06] (Samsung Electronics)
HKU\Natascha\...\Run: [DriverTurbo] - C:\Program Files (x86)\DriverTurbo\DriverTurbo.exe [6525088 2013-04-15] ()
HKU\Natascha\...\Run: [ccleaner] - C:\Program Files\CCleaner\CCleaner64.exe [5973272 2013-12-17] (Piriform Ltd)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Ilona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103aw&cd=2XzuyEtN2Y1L1Qzu0E0C0AzzyC0BzyyBzytAzytB0D0E0FtDtN0D0Tzu0SyBtDtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1124419911&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3blu7wtb.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WEB.DE MailCheck - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3blu7wtb.default\Extensions\toolbar@web.de.xpi
FF Extension: Adblock Plus - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3blu7wtb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [{50ac7052-4c6c-4bb2-98d7-6b5a5a4cd8d1}] - C:\Program Files (x86)\Re-markit\136.xpi

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [30080 2011-06-14] ()
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
S4 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]

==================== Drivers (Whitelisted) ====================

S4 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-14] (AVG Technologies)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-05-01] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99800 2013-05-09] (Intel Corporation)
R1 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 WFMC_VAD; C:\Windows\System32\DRIVERS\wfmcvad.sys [24064 2010-02-08] (WiFi Media Connect)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-05-01] (Kaspersky Lab ZAO)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-01 18:35 - 2014-01-01 18:35 - 00019327 _____ C:\Users\Administrator\Downloads\FRST.txt
2014-01-01 18:33 - 2014-01-01 18:33 - 01931302 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2014-01-01 18:22 - 2014-01-01 18:22 - 00001926 _____ C:\Users\Administrator\Desktop\JRT.txt
2014-01-01 18:16 - 2014-01-01 18:16 - 01036305 _____ (Thisisu) C:\Users\Administrator\Downloads\JRT.exe
2014-01-01 18:16 - 2014-01-01 18:16 - 00000000 ____D C:\Windows\ERUNT
2014-01-01 18:11 - 2014-01-01 18:11 - 00000099 _____ C:\Users\Administrator\AppData\Roaming\WB.CFG
2014-01-01 18:00 - 2014-01-01 18:03 - 00000000 ____D C:\AdwCleaner
2014-01-01 17:59 - 2014-01-01 17:59 - 01233962 _____ C:\Users\Administrator\Downloads\adwcleaner.exe
2014-01-01 17:07 - 2014-01-01 18:05 - 00000224 _____ C:\Windows\setupact.log
2014-01-01 17:07 - 2014-01-01 17:07 - 00000000 _____ C:\Windows\setuperr.log
2014-01-01 16:57 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-01-01 16:57 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-01-01 16:57 - 2012-08-23 15:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-01-01 16:57 - 2012-08-23 15:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-01-01 16:57 - 2012-08-23 14:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-01-01 16:57 - 2012-08-23 14:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-01-01 16:57 - 2012-08-23 14:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-01-01 16:57 - 2012-08-23 14:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-01-01 16:57 - 2012-08-23 14:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-01-01 16:57 - 2012-08-23 14:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-01-01 16:57 - 2012-08-23 14:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-01-01 16:57 - 2012-08-23 14:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-01-01 16:57 - 2012-08-23 14:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-01-01 16:57 - 2012-08-23 13:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-01-01 16:57 - 2012-08-23 12:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-01-01 16:57 - 2012-08-23 12:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-01-01 16:57 - 2012-08-23 12:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-01-01 16:57 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-01-01 16:57 - 2012-08-23 11:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-01-01 16:57 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-01-01 16:57 - 2012-08-23 11:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-01-01 16:57 - 2012-08-23 11:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-01-01 16:57 - 2012-08-23 10:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-01-01 16:57 - 2012-08-23 09:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-01-01 16:57 - 2012-08-23 09:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-01-01 16:55 - 2012-05-04 12:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-01-01 16:55 - 2012-05-04 10:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-12-31 19:08 - 2014-01-01 18:08 - 00083913 _____ C:\Windows\WindowsUpdate.log
2013-12-31 04:33 - 2013-12-31 04:33 - 00081256 _____ C:\Users\Ilona\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-30 20:30 - 2013-12-31 11:45 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-30 20:30 - 2013-12-31 11:22 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-30 20:30 - 2013-12-30 20:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-30 20:29 - 2013-12-31 11:44 - 00000000 ____D C:\Users\Administrator\Desktop\mbar
2013-12-30 20:29 - 2013-12-31 11:21 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-30 20:28 - 2013-12-30 20:28 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Natascha\Downloads\mbar-1.07.0.1008.exe
2013-12-30 20:18 - 2013-12-30 20:18 - 00001350 _____ C:\Users\Natascha\Desktop\Clean Registry for Free!.lnk
2013-12-30 14:15 - 2013-12-30 14:15 - 00027919 _____ C:\Users\Ilona\Downloads\Addition.txt
2013-12-30 14:14 - 2013-12-30 14:15 - 00053073 _____ C:\Users\Ilona\Downloads\FRST.txt
2013-12-30 14:14 - 2013-12-30 14:14 - 00000000 ____D C:\FRST
2013-12-30 14:13 - 2013-12-30 14:13 - 01931302 _____ (Farbar) C:\Users\Ilona\Downloads\FRST64.exe
2013-12-30 14:11 - 2013-12-30 14:11 - 01064199 _____ (Farbar) C:\Users\Ilona\Downloads\FRST.exe
2013-12-30 13:53 - 2013-12-30 13:53 - 01272360 _____ (iMesh Inc) C:\Users\Ilona\Downloads\iMeshSetup-r1487-w-bf.exe
2013-12-30 13:08 - 2014-01-01 17:53 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\newnext.me
2013-12-30 13:08 - 2013-12-30 13:08 - 00000000 ____D C:\Users\Administrator\AppData\Local\genienext
2013-12-30 13:08 - 2013-12-30 13:08 - 00000000 ____D C:\Users\Administrator\.android
2013-12-30 13:07 - 2014-01-01 18:11 - 00000314 _____ C:\Windows\Tasks\Digital Sites.job
2013-12-30 13:07 - 2013-12-30 22:07 - 00000000 ____D C:\Program Files (x86)\Plus-HD-5.0
2013-12-30 13:07 - 2013-12-30 13:11 - 00003272 _____ C:\Windows\System32\Tasks\Digital Sites
2013-12-30 13:07 - 2013-12-30 13:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\DigitalSites
2013-12-30 13:07 - 2013-12-30 13:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\0D0S1L2Z1P1B
2013-12-30 13:05 - 2013-12-30 13:05 - 00673048 _____ (                                                            ) C:\Users\Ilona\Downloads\ZipExtractorSetup(1).exe
2013-12-30 13:04 - 2013-12-30 13:04 - 00673048 _____ (                                                            ) C:\Users\Ilona\Downloads\ZipExtractorSetup.exe
2013-12-29 18:25 - 2013-12-29 18:25 - 00000000 ____D C:\Users\Natascha\AppData\Local\{C5070DB1-6B36-43A0-84DA-70540457DB8D}
2013-12-29 15:41 - 2013-12-29 15:42 - 00000000 ____D C:\Users\Natascha\Desktop\Bilder
2013-12-29 12:10 - 2013-12-29 12:10 - 00001101 _____ C:\Users\Administrator\Desktop\ParetoLogic PC Health Advisor.lnk
2013-12-29 12:08 - 2013-12-29 12:08 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Ilona\Downloads\ParetoLogic PC Health Advisor_de.exe
2013-12-27 12:10 - 2013-12-27 12:10 - 04645232 _____ (Piriform Ltd) C:\Users\Administrator\Downloads\ccsetup409.exe
2013-12-26 22:41 - 2013-12-26 22:41 - 00000000 ____D C:\Users\Natascha\AppData\Local\{FD51CE90-05EE-497D-91CE-9157D8A44789}
2013-12-26 17:57 - 2013-12-26 17:57 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-12-22 18:34 - 2013-12-22 18:34 - 00000000 ____D C:\Program Files (x86)\Philips
2013-12-22 18:34 - 2010-02-08 05:45 - 00024064 _____ (WiFi Media Connect) C:\Windows\system32\Drivers\wfmcvad.sys
2013-12-22 18:31 - 2013-12-22 18:31 - 18084280 _____ (Koninklijke Philips Electronics N.V.) C:\Users\Ilona\Downloads\wi-fi_mediaconnect_setup_v1.06.43.exe
2013-12-20 18:46 - 2013-12-20 18:46 - 00000000 ____D C:\Users\Natascha\4.0
2013-12-20 18:46 - 2013-12-20 18:46 - 00000000 ____D C:\Users\Natascha\.tfo4
2013-12-20 16:55 - 2013-12-20 16:56 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-20 08:24 - 2013-12-20 08:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-17 14:01 - 2013-12-17 14:01 - 00000000 ____D C:\Users\Natascha\AppData\Roaming\HP
2013-12-14 20:54 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-14 20:54 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-14 20:54 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-14 20:54 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-14 20:52 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-14 20:52 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-14 20:52 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-14 20:52 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-14 20:52 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-14 20:52 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-14 20:52 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-14 20:52 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-14 20:52 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-14 20:52 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-14 20:52 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-14 20:52 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-14 20:52 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-14 20:52 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-14 20:52 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-14 20:52 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-14 20:52 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-14 20:52 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-14 20:51 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-14 20:51 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-14 20:51 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-14 20:51 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-14 20:51 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-14 20:51 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-14 20:51 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-14 20:51 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-14 20:51 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-14 20:51 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-14 20:51 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-14 20:51 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-14 20:51 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-14 20:45 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-14 20:45 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-14 20:45 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-14 20:45 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-14 20:45 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-14 20:45 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-14 20:45 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-14 20:45 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-14 20:45 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-14 20:45 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-14 20:45 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-14 20:44 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-14 20:44 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-14 20:44 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-14 20:44 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-14 20:44 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-14 20:44 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-14 20:44 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-14 20:44 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-14 14:51 - 2013-12-14 14:52 - 00000000 ____D C:\Users\Natascha\Desktop\Bluetooth
2013-12-08 15:21 - 2013-12-08 15:21 - 00262144 _____ C:\Windows\system32\config\elam
2013-12-04 19:02 - 2013-12-04 19:05 - 00000000 ____D C:\Users\Ilona\AppData\Local\{3F2E9129-D63E-4F31-8D93-68B7BAB8DCE3}
2013-12-04 19:02 - 2013-12-04 19:02 - 00000000 ____D C:\Users\Ilona\AppData\Local\{B78D14D7-5B12-496E-A5D6-66BD3DC44987}
2013-12-03 13:12 - 2013-12-30 21:15 - 00001756 _____ C:\Users\Natascha\daemonprocess.txt

==================== One Month Modified Files and Folders =======

2014-01-01 18:35 - 2014-01-01 18:35 - 00019327 _____ C:\Users\Administrator\Downloads\FRST.txt
2014-01-01 18:33 - 2014-01-01 18:33 - 01931302 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2014-01-01 18:29 - 2013-02-07 15:24 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-01 18:22 - 2014-01-01 18:22 - 00001926 _____ C:\Users\Administrator\Desktop\JRT.txt
2014-01-01 18:20 - 2013-02-09 13:26 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2014-01-01 18:16 - 2014-01-01 18:16 - 01036305 _____ (Thisisu) C:\Users\Administrator\Downloads\JRT.exe
2014-01-01 18:16 - 2014-01-01 18:16 - 00000000 ____D C:\Windows\ERUNT
2014-01-01 18:12 - 2009-07-14 05:45 - 00016768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-01 18:12 - 2009-07-14 05:45 - 00016768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-01 18:11 - 2014-01-01 18:11 - 00000099 _____ C:\Users\Administrator\AppData\Roaming\WB.CFG
2014-01-01 18:11 - 2013-12-30 13:07 - 00000314 _____ C:\Windows\Tasks\Digital Sites.job
2014-01-01 18:08 - 2013-12-31 19:08 - 00083913 _____ C:\Windows\WindowsUpdate.log
2014-01-01 18:05 - 2014-01-01 17:07 - 00000224 _____ C:\Windows\setupact.log
2014-01-01 18:05 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-01 18:03 - 2014-01-01 18:00 - 00000000 ____D C:\AdwCleaner
2014-01-01 18:03 - 2013-02-07 15:15 - 00001053 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-01 18:03 - 2013-02-07 14:47 - 00001015 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-01 18:03 - 2013-02-07 14:47 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-01 17:59 - 2014-01-01 17:59 - 01233962 _____ C:\Users\Administrator\Downloads\adwcleaner.exe
2014-01-01 17:53 - 2013-12-30 13:08 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\newnext.me
2014-01-01 17:52 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2014-01-01 17:07 - 2014-01-01 17:07 - 00000000 _____ C:\Windows\setuperr.log
2014-01-01 16:58 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-31 11:45 - 2013-12-30 20:30 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-31 11:44 - 2013-12-30 20:29 - 00000000 ____D C:\Users\Administrator\Desktop\mbar
2013-12-31 11:22 - 2013-12-30 20:30 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-31 11:21 - 2013-12-30 20:29 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-31 04:33 - 2013-12-31 04:33 - 00081256 _____ C:\Users\Ilona\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-30 22:07 - 2013-12-30 13:07 - 00000000 ____D C:\Program Files (x86)\Plus-HD-5.0
2013-12-30 21:40 - 2013-12-01 14:36 - 00000272 _____ C:\Users\Administrator\daemonprocess.txt
2013-12-30 21:15 - 2013-12-03 13:12 - 00001756 _____ C:\Users\Natascha\daemonprocess.txt
2013-12-30 20:30 - 2013-12-30 20:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-30 20:28 - 2013-12-30 20:28 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Natascha\Downloads\mbar-1.07.0.1008.exe
2013-12-30 20:18 - 2013-12-30 20:18 - 00001350 _____ C:\Users\Natascha\Desktop\Clean Registry for Free!.lnk
2013-12-30 14:15 - 2013-12-30 14:15 - 00027919 _____ C:\Users\Ilona\Downloads\Addition.txt
2013-12-30 14:15 - 2013-12-30 14:14 - 00053073 _____ C:\Users\Ilona\Downloads\FRST.txt
2013-12-30 14:14 - 2013-12-30 14:14 - 00000000 ____D C:\FRST
2013-12-30 14:13 - 2013-12-30 14:13 - 01931302 _____ (Farbar) C:\Users\Ilona\Downloads\FRST64.exe
2013-12-30 14:11 - 2013-12-30 14:11 - 01064199 _____ (Farbar) C:\Users\Ilona\Downloads\FRST.exe
2013-12-30 13:59 - 2013-04-02 17:33 - 00001602 _____ C:\Windows\wininit.ini
2013-12-30 13:54 - 2013-02-07 14:26 - 00000000 ____D C:\Users\Ilona\AppData\Local\VirtualStore
2013-12-30 13:53 - 2013-12-30 13:53 - 01272360 _____ (iMesh Inc) C:\Users\Ilona\Downloads\iMeshSetup-r1487-w-bf.exe
2013-12-30 13:25 - 2013-12-01 14:36 - 00000000 ____D C:\Users\Administrator\AppData\Local\cache
2013-12-30 13:11 - 2013-12-30 13:07 - 00003272 _____ C:\Windows\System32\Tasks\Digital Sites
2013-12-30 13:08 - 2013-12-30 13:08 - 00000000 ____D C:\Users\Administrator\AppData\Local\genienext
2013-12-30 13:08 - 2013-12-30 13:08 - 00000000 ____D C:\Users\Administrator\.android
2013-12-30 13:08 - 2013-02-07 14:47 - 00000000 ____D C:\Users\Administrator
2013-12-30 13:07 - 2013-12-30 13:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\DigitalSites
2013-12-30 13:07 - 2013-12-30 13:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\0D0S1L2Z1P1B
2013-12-30 13:05 - 2013-12-30 13:05 - 00673048 _____ (                                                            ) C:\Users\Ilona\Downloads\ZipExtractorSetup(1).exe
2013-12-30 13:04 - 2013-12-30 13:04 - 00673048 _____ (                                                            ) C:\Users\Ilona\Downloads\ZipExtractorSetup.exe
2013-12-30 12:55 - 2012-03-22 01:38 - 00701326 _____ C:\Windows\system32\perfh007.dat
2013-12-30 12:55 - 2012-03-22 01:38 - 00150226 _____ C:\Windows\system32\perfc007.dat
2013-12-30 12:55 - 2009-07-14 06:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-29 18:25 - 2013-12-29 18:25 - 00000000 ____D C:\Users\Natascha\AppData\Local\{C5070DB1-6B36-43A0-84DA-70540457DB8D}
2013-12-29 15:42 - 2013-12-29 15:41 - 00000000 ____D C:\Users\Natascha\Desktop\Bilder
2013-12-29 12:10 - 2013-12-29 12:10 - 00001101 _____ C:\Users\Administrator\Desktop\ParetoLogic PC Health Advisor.lnk
2013-12-29 12:08 - 2013-12-29 12:08 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Ilona\Downloads\ParetoLogic PC Health Advisor_de.exe
2013-12-28 10:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-27 12:13 - 2007-07-12 02:49 - 00000000 ____D C:\Windows\Panther
2013-12-27 12:12 - 2013-04-10 18:38 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-27 12:12 - 2013-04-10 18:38 - 00000000 ____D C:\Program Files\CCleaner
2013-12-27 12:10 - 2013-12-27 12:10 - 04645232 _____ (Piriform Ltd) C:\Users\Administrator\Downloads\ccsetup409.exe
2013-12-26 22:41 - 2013-12-26 22:41 - 00000000 ____D C:\Users\Natascha\AppData\Local\{FD51CE90-05EE-497D-91CE-9157D8A44789}
2013-12-26 17:57 - 2013-12-26 17:57 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-12-26 17:57 - 2013-03-02 20:56 - 00000000 ____D C:\Users\Ilona\AppData\Roaming\Samsung
2013-12-23 19:25 - 2013-02-07 15:15 - 00000000 ____D C:\Users\Administrator\AppData\Local\Mozilla
2013-12-23 19:17 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-22 18:34 - 2013-12-22 18:34 - 00000000 ____D C:\Program Files (x86)\Philips
2013-12-22 18:34 - 2011-10-19 05:31 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-22 18:31 - 2013-12-22 18:31 - 18084280 _____ (Koninklijke Philips Electronics N.V.) C:\Users\Ilona\Downloads\wi-fi_mediaconnect_setup_v1.06.43.exe
2013-12-21 15:04 - 2013-02-07 15:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-21 08:43 - 2013-11-17 11:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2013-12-20 18:46 - 2013-12-20 18:46 - 00000000 ____D C:\Users\Natascha\4.0
2013-12-20 18:46 - 2013-12-20 18:46 - 00000000 ____D C:\Users\Natascha\.tfo4
2013-12-20 18:46 - 2013-02-07 15:47 - 00000000 ____D C:\Users\Natascha
2013-12-20 16:56 - 2013-12-20 16:55 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-20 08:24 - 2013-12-20 08:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-17 14:01 - 2013-12-17 14:01 - 00000000 ____D C:\Users\Natascha\AppData\Roaming\HP
2013-12-14 21:10 - 2009-07-14 05:45 - 00366344 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-14 20:53 - 2013-02-09 20:42 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-14 20:51 - 2013-02-16 12:13 - 01597772 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-14 20:49 - 2013-08-14 21:02 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 20:46 - 2013-02-10 12:30 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 14:52 - 2013-12-14 14:51 - 00000000 ____D C:\Users\Natascha\Desktop\Bluetooth
2013-12-12 08:04 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-11 20:15 - 2013-11-08 15:54 - 00000000 ____D C:\Users\Natascha\Desktop\Schule
2013-12-11 18:35 - 2012-08-02 14:09 - 00029792 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys
2013-12-11 18:35 - 2012-06-19 16:28 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2013-12-11 04:29 - 2013-02-07 15:24 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 04:29 - 2013-02-07 15:24 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 04:29 - 2011-10-19 06:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-09 04:38 - 2013-02-07 14:26 - 00000000 ____D C:\Users\Ilona
2013-12-08 19:36 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-12-08 19:07 - 2013-05-12 17:45 - 00000000 ____D C:\Windows\Minidump
2013-12-08 15:21 - 2013-12-08 15:21 - 00262144 _____ C:\Windows\system32\config\elam
2013-12-08 15:00 - 2013-02-16 12:11 - 00000000 ____D C:\Users\Hubert
2013-12-08 15:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-12-08 14:58 - 2013-12-01 18:48 - 00004002 _____ C:\Users\Ilona\daemonprocess.txt
2013-12-04 19:05 - 2013-12-04 19:02 - 00000000 ____D C:\Users\Ilona\AppData\Local\{3F2E9129-D63E-4F31-8D93-68B7BAB8DCE3}
2013-12-04 19:02 - 2013-12-04 19:02 - 00000000 ____D C:\Users\Ilona\AppData\Local\{B78D14D7-5B12-496E-A5D6-66BD3DC44987}
2013-12-04 15:37 - 2013-12-01 16:43 - 00000404 _____ C:\Users\Hubert\daemonprocess.txt

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.380.dll


Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\23395uninstall.exe
C:\Users\Administrator\AppData\Local\Temp\BackupSetup.exe
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
C:\Users\Administrator\AppData\Local\Temp\Sqlite3.dll
C:\Users\Ilona\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Ilona\AppData\Local\Temp\Delta.exe
C:\Users\Ilona\AppData\Local\Temp\DeltaTB.exe
C:\Users\Ilona\AppData\Local\Temp\MybabylonTB.exe
C:\Users\Ilona\AppData\Local\Temp\WSSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-30 10:36

==================== End Of Log ============================
--- --- ---

--- --- ---

cosinus 01.01.2014 19:29
Zitat:
FRST.txt und danach keine Addition.txt gefunden. Sei bitte nicht sauer
Desegen bin ich nicht sauer :D du musst nur einen Haken bei additions.txt setzen damit FRST auch eine derartige Logdatei erstellt

hubschmid 02.01.2014 05:07
ich glaub jetzt hab ich die richtige Datei
FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2014 01
Ran by Administrator at 2014-01-02 05:04:33
Running from C:\Users\Administrator\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

5600 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
5600_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
5600Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
Acer eRecovery Management (x32 Version: 5.00.3505 - Acer Incorporated)
Acer Framework (x32 Version: 3.00.5500 - Acer Incorporated)
Acer Registration (x32 Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (x32 Version: 1.1.0609.2011 - Acer Incorporated)
Acer Updater (x32 Version: 1.02.3501 - Acer Incorporated)
Adobe AIR (x32 Version: 3.5.0.1060 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.5.0.1060 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.8.638 - Adobe Systems, Inc.)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Bing-Desktop (x32 Version: 1.3.171.0 - Microsoft Corporation)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
BurnAware Free 6.5 (x32 Version:  - Burnaware)
CCleaner (Version: 4.09 - Piriform)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
ElsterFormular (x32 Version: 14.3.11574 - Landesfinanzdirektion Thüringen)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free YouTube Download version 3.2.2.426 (x32 Version: 3.2.2.426 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.2.426 (x32 Version: 3.12.2.426 - DVDVideoSoft Ltd.)
FreePDF (Remove only) (x32 Version:  - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Update Helper (x32 Version: 1.3.23.0 - BonanzaDeals) Hidden <==== ATTENTION
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
GPL Ghostscript (Version: 9.04 - Artifex Software Inc.)
HP Customer Participation Program 13.0 (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (Version: 4.51 - HP)
HP Solution Center 13.0 (Version: 13.0 - HP)
HP Update (x32 Version: 4.000.011.006 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 9.5.3.1520 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 9.17.10.3347 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
Intel® Watchdog Timer Driver (Intel® WDT) (x32 Version:  - Intel Corporation)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 21 (64-bit) (Version: 7.0.210 - Oracle)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 21 (64-bit) (Version: 1.7.0.210 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (Version: 13.0 - HP)
OpenOffice 4.0.0 (x32 Version: 4.00.9702 - Apache Software Foundation)
PhotoScape (x32 Version:  - )
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickTime (x32 Version: 7.73.80.64 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (x32 Version: 7.37.1229.2010 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6971 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (Version:  - )
Re-markit (x32 Version:  - Re-markit Software)
Samsung Kies (x32 Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.18.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (Version: 13.0 - HP)
Skype™ 5.10 (x32 Version: 5.10.116 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Zip Extractor (HKCU Version:  - Update for Zip Extractor) <==== ATTENTION
Update für Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
VLC media player 2.0.2 (x32 Version: 2.0.2 - VideoLAN)
VLC media player 2.0.6 (Version: 2.0.6 - VideoLAN)
VLC Media Player Setup Packages (HKCU Version:  - )
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Wi-Fi MediaConnect (x32 Version: 1.6.43 - Philips)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Utils (x32 Version:  - )
Zip Extractor Packages (HKCU Version:  - )
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

14-12-2013 19:45:43 Windows Update
19-12-2013 06:05:43 Windows Update
25-12-2013 07:07:34 Windows Update
29-12-2013 10:54:54 Windows Defender Checkpoint
30-12-2013 19:45:31 Malwarebytes Anti-Rootkit Restore Point
01-01-2014 15:55:53 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {04C08803-464E-48EB-B1B8-CAE8249B453F} - \ParetoLogic Registration3 No Task File
Task: {05EC1B2D-4D61-4580-94D5-42A414330FA0} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1706221257-3501333290-431181506-500
Task: {08C34683-F6F9-4839-A6C6-EC2674B1877D} - System32\Tasks\Digital Sites => C:\Users\Administrator\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {26EA5ABC-AB97-46E8-A622-1B1EF2A0FEF7} - \Software Updater No Task File
Task: {2D3DAA81-041E-4BB4-ABF2-661DD8E7206B} - \PC Health Advisor Defrag No Task File
Task: {353CC91E-2383-4D0A-9DFC-CF2E8C6520F5} - \Software Updater Ui No Task File
Task: {4269A0BE-13B1-4A21-8D62-400121D1C7F0} - \ParetoLogic Update Version3 No Task File
Task: {538CAFD1-72F5-4F23-889E-F48F186349AE} - \PC Health Advisor No Task File
Task: {5D741691-1B3E-4EC1-87E2-B7E909D95796} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {61051FCF-B578-4986-BD12-983AE747AEFB} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {83E9F652-65BE-4B59-A8FA-98F777DA016C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {86EBD3F1-B4E6-425E-99F5-B7D46F399A25} - \FreeDriverScout No Task File
Task: {ABCB641E-533C-424E-8BB5-03BA60ADC8B3} - System32\Tasks\PCCleaner1ClickMaint => C:\Program Files (x86)\Covus Freemium\Free Computer Cleaner\1Click.exe
Task: {B8B33E05-2341-4E3C-B51E-9F0435FA41BB} - \FoxTab No Task File
Task: {BE5D89EA-A1D3-4787-842B-E61E336ABEA0} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-06] (Acer Incorporated)
Task: {EA55671F-FC8D-4166-AFB2-E27F7FC24F02} - \LaunchApp No Task File
Task: {FB6DB629-6DE2-4B91-AFEF-EF024B6479AB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe <==== ATTENTION
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\ADMINI~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2011-10-19 06:18 - 2011-06-10 18:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-17 20:39 - 2013-05-01 10:58 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2012-08-17 20:38 - 2012-08-17 20:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2013-09-15 16:52 - 2013-05-09 03:23 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2013-12-20 08:24 - 2013-12-20 08:24 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/02/2014 04:57:02 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/01/2014 07:40:46 PM) (Source: DCOM) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}


Microsoft Office Sessions:
=========================
Error: (11/02/2013 00:17:02 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1635 seconds with 840 seconds of active time.  This session ended with a crash.

Error: (10/29/2013 01:04:01 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1382 seconds with 60 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-01-01 16:44:22.883
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-01 16:44:22.867
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-01 16:44:22.867
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-01 16:44:22.852
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-01 16:44:22.852
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-01-01 16:44:22.852
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-31 10:55:25.318
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-31 10:55:25.318
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-31 10:55:25.318
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-12-31 10:55:25.302
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 42%
Total physical RAM: 4037.01 MB
Available physical RAM: 2325.29 MB
Total Pagefile: 8072.2 MB
Available Pagefile: 6122.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:221.83 GB) (Free:161.66 GB) NTFS
Drive d: (DATA) (Fixed) (Total:221.83 GB) (Free:221.74 GB) NTFS
Drive f: (Expansion Drive) (Fixed) (Total:931.51 GB) (Free:486.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: F9FD6441)
Partition 1: (Not Active) - (Size=22 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=222 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=222 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 932 GB) (Disk ID: 02B431E7)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

cosinus 02.01.2014 11:45
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Alle Zeitangaben in WEZ +1. Es ist jetzt 10:56 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27