Trojaner-Board - Werbefenster öffnen sich alle paar Sekunden automatisch

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Werbefenster öffnen sich alle paar Sekunden automatisch (https://www.trojaner-board.de/157033-werbefenster-oeffnen-alle-paar-sekunden-automatisch.html)

Werbefenster öffnen sich alle paar Sekunden automatisch

Hallo zusammen,
ich brauche mal wieder eure Hife. Am Rechner meiner Eltern öffnen sich, wenn man einen Internetbrowser geöffnet hat, alle 3-5 Sekunden irgendwelche Werbefenster. Das ist ziemlich lästig und lässt ein konzentriertes Arbeiten kaum zu. Meiner Recherche nach handelt es sich dabei um einen Virus.
Ich wäre sehr dankbar, wenn ihr mir dabei helfen könntet, diesen Virus zu beheben. Ich bin was PC etc. angeht nicht sonderlich begabt ;)

Vielen lieben Dank im Voraus,

Lena :)

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Vielen Dank für deine schnelle Antwort.
Hier nun die Dateien
FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014

Ran by mierike (administrator) on FAMILIE on 30-07-2014 11:41:07

Running from C:\Users\mierike\Desktop

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal
 

The only official download link for FRST:

Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool 

Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\Omiga Plus\omigaplusSvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

() C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe

(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe

(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(COMPANYVERS_NAME) C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe

(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\Omiga Plus\omigaplus.exe

(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe

() C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe

(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

(VER_COMPANY_NAME) C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe

(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe

() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

() C:\Program Files (x86)\SPEEDLINK\DECUS Gaming Mouse\Monitor.EXE

(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Nero AG) C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe

(Farbar) C:\Users\mierike\Desktop\x.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)

HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()

HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)

HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)

HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)

HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()

HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [75064 2011-07-07] ()

HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)

HKLM-x32\...\Run: [Guard.Mail.ru.gui] => C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-02-17] ()

HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [TelevisionFanatic Search Scope Monitor] => C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrchMn.exe [42536 2012-11-11] (MindSpark)

HKLM-x32\...\Run: [TelevisionFanatic Browser Plugin Loader] => C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe [30096 2012-11-11] (VER_COMPANY_NAME)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [606040 2013-08-15] (Razer Inc.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [SL-6397 Gaming Mouse] => C:\Program Files (x86)\SPEEDLINK\DECUS Gaming Mouse\Monitor.exe [3587584 2013-09-30] ()

HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)

HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)

HKU\S-1-5-21-3566807784-1483398079-3001521256-1000\...\Run: [Userinit] => C:\Users\mierike\AppData\Roaming\appConf32.exe 

HKU\S-1-5-21-3566807784-1483398079-3001521256-1000\...\Run: [RGSC] => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent 

HKU\S-1-5-21-3566807784-1483398079-3001521256-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1753280 2014-07-16] (Valve Corporation)

HKU\S-1-5-21-3566807784-1483398079-3001521256-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21445248 2014-05-08] (Skype Technologies S.A.)

HKU\S-1-5-21-3566807784-1483398079-3001521256-1000\...\Run: [Omiga Plus] => C:\Program Files (x86)\Omiga Plus\omigaplus.exe [1361576 2014-05-18] (Taiwan Shui Mu Chih Ching Technology Limited.)

HKU\S-1-5-21-3566807784-1483398079-3001521256-1000\...\Run: [IcfudOqmat] => regsvr32.exe " 

HKU\S-1-5-21-3566807784-1483398079-3001521256-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3566807784-1483398079-3001521256-1000\$c9450da47adbb8e1bf7b093bc2931b3f\n. ATTENTION! ====> ZeroAccess?

AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk

ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk

ShortcutTarget: simplicheck.lnk -> C:\Program Files (x86)\simplitec\simplicheck\simplicheck.exe (simplitec)

Startup: C:\Users\Jacobus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\mierike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 22Find

HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = Gol Search

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 22Find

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 22Find

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 22Find

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 22Find

URLSearchHook: HKCU - (No Name) - {0696f815-a3a9-490a-bb14-9ec3350b1276} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll (MindSpark)

URLSearchHook: HKCU - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File

StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe 22Find

SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = QVO6

SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = QVO6

SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = QVO6

SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = QVO6

SearchScopes: HKLM-x32 - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm049YYde&ptnrS=XPxdm049YYde&si=2271&ptb=8FACE686-6AE1-449F-8BD2-8E9F5CFF502B&psa=&ind=2012111111&st=sb&n=77ee6107&searchfor={searchTerms}

SearchScopes: HKCU - DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = 

SearchScopes: HKCU - bProtectorDefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68}

SearchScopes: HKCU - 57A7A818809743CA89DDFEB39A0371A8 URL = QVO6

SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 

SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=ds&from=newgdp&uid=ST31500341AS_9VS581DLXXXX9VS581DL&ts=1380215056&type=default&q={searchTerms}

SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = 

SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

SearchScopes: HKCU - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm049YYde&ptnrS=XPxdm049YYde&si=2271&ptb=8FACE686-6AE1-449F-8BD2-8E9F5CFF502B&psa=&ind=2012111111&st=sb&n=77ee6107&searchfor={searchTerms}

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File

BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} ->  No File

BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)

BHO-x32: Plus-HD-2.3 -> {11111111-1111-1111-1111-110311341126} -> C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-bho.dll No File

BHO-x32: Search Assistant BHO -> {5d79f641-c168-40df-a32f-bacea7509e75} -> C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll (MindSpark)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: DealPly Shopping -> {ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} -> C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly)

BHO-x32: Toolbar BHO -> {cb41fc95-f1b3-4797-8bb6-1012ff62abba} -> C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} ->  No File

BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)

Toolbar: HKLM-x32 - TelevisionFanatic - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\mierike\AppData\Roaming\Mozilla\Firefox\Profiles\fr8zt0np.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=10.4.0 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.4.0 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @TelevisionFanatic.com/Plugin - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll (MindSpark)

FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=3 - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)

FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=9 - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\mierike\AppData\Roaming\Mozilla\Firefox\Profiles\fr8zt0np.default\searchplugins\ask-search.xml

FF Extension: TelevisionFanatic - C:\Users\mierike\AppData\Roaming\Mozilla\Firefox\Profiles\fr8zt0np.default\Extensions\64ffxtbr@TelevisionFanatic.com [2013-12-20]

FF Extension: Plus-HD-2.3 - C:\Users\mierike\AppData\Roaming\Mozilla\Firefox\Profiles\fr8zt0np.default\Extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com [2014-07-30]

FF Extension: Adblock Plus - C:\Users\mierike\AppData\Roaming\Mozilla\Firefox\Profiles\fr8zt0np.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-06-24]

FF HKLM-x32\...\Firefox\Extensions: [64ffxtbr@TelevisionFanatic.com] - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin

FF Extension: TelevisionFanatic - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin [2012-11-11]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)

R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1028688 2014-07-03] (Avira Operations GmbH & Co. KG)

S2 dealplylive; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-06-29] (DealPly Technologies Ltd)

S3 dealplylivem; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-06-29] (DealPly Technologies Ltd)

R2 Guard.Mail.ru; C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-02-17] ()

S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]

R2 omigaplussvc; C:\Program Files (x86)\Omiga Plus\omigaplusSvc.exe [424104 2014-05-18] (Taiwan Shui Mu Chih Ching Technology Limited.)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-02-22] ()

R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)

R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)

R2 TelevisionFanaticService; C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe [42504 2012-11-11] (COMPANYVERS_NAME)

R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [424104 2013-08-23] (Taiwan Shui Mu Chih Ching Technology Limited.)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-09] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)

S1 9692b0; \??\C:\Windows\system32\drivers\9692b0.sys [X]

S1 brwtyvgg; \??\C:\Windows\system32\drivers\brwtyvgg.sys [X]

S1 dsyoqujv; \??\C:\Windows\system32\drivers\dsyoqujv.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-07-30 11:41 - 2014-07-30 11:41 - 00022697 _____ () C:\Users\mierike\Desktop\FRST.txt

2014-07-30 11:41 - 2014-07-30 11:41 - 00000000 ____D () C:\FRST

2014-07-30 11:39 - 2014-07-30 11:39 - 02093568 _____ (Farbar) C:\Users\mierike\Desktop\x.exe

2014-07-29 15:05 - 2014-07-29 15:05 - 00000000 ____D () C:\Users\mierike\AppData\Local\Windows Live

2014-07-29 15:04 - 2014-07-29 15:05 - 00000000 ____D () C:\Users\mierike\AppData\Local\{4CC8AC4A-F420-4FDB-AC83-7FFA0820A57F}

2014-07-23 19:04 - 2014-07-28 18:54 - 00000000 ____D () C:\ProgramData\IcfudOqmat

2014-07-23 15:36 - 2014-07-23 15:36 - 00000000 ____D () C:\Users\Clubberer\AppData\Local\{25D31DA7-A6F9-4F3D-98C6-B40E6F4016F6}

2014-07-20 11:17 - 2014-07-20 11:18 - 08065348 _____ () C:\Users\Jacobus\Downloads\1352281627_bentley_continental_gt_premier.rar

2014-07-20 11:16 - 2014-07-20 11:16 - 03163023 _____ () C:\Users\Jacobus\Downloads\1349424093_1349406382_alexkoenigseggepmriv.rar

2014-07-20 11:12 - 2014-07-20 11:12 - 05409472 _____ () C:\Users\Jacobus\Downloads\1389977311_POR_911TURBO_14.rar

2014-07-20 11:11 - 2014-07-20 11:11 - 17187404 _____ () C:\Users\Jacobus\Downloads\1366826519_Audi R8 5 2 Stock 2012.rar

2014-07-20 11:10 - 2014-07-20 11:10 - 05931641 _____ () C:\Users\Jacobus\Downloads\1356444601_2012LamborghiniGallardoLP5704SpyderPerformantebyDreamsky.zip

2014-07-20 11:09 - 2014-07-20 11:09 - 04025438 _____ () C:\Users\Jacobus\Downloads\1405846432_WheelsAndMore.rar

2014-07-20 11:09 - 2014-07-20 11:09 - 03467591 _____ () C:\Users\Jacobus\Downloads\1362939950_Harley Davidson Fat Boy Lo Racing Bobber.rar

2014-07-19 20:54 - 2014-07-19 20:54 - 03555001 _____ () C:\Users\Jacobus\Downloads\1405765207_GTAVbravadobisonbyAH.rar

2014-07-18 20:18 - 2014-07-18 20:22 - 52247609 _____ () C:\Users\Jacobus\Downloads\logitech_gaming_software_8_52_15_32bit_software.zip

2014-07-18 20:16 - 2014-07-18 20:16 - 00000000 ____D () C:\Users\Jacobus\AppData\Roaming\Logitech

2014-07-18 20:16 - 2014-07-18 20:16 - 00000000 ____D () C:\Users\Jacobus\AppData\Roaming\Logishrd

2014-07-18 20:12 - 2014-07-18 20:15 - 52954360 _____ (Logitech Inc.) C:\Users\Jacobus\Downloads\LGS_8.51.5_x86_Logitech.exe

2014-07-17 20:41 - 2014-07-17 20:42 - 08135660 _____ () C:\Users\Jacobus\Downloads\1364805641_VH60N_Whitehawk_1.1.RAR

2014-07-17 20:39 - 2014-07-17 20:39 - 03459426 _____ () C:\Users\Jacobus\Downloads\1361362978_Audi A4 2010.rar

2014-07-17 20:37 - 2014-07-17 20:37 - 07105145 _____ () C:\Users\Jacobus\Downloads\1369655347_Marcopolo Torino 2007 - MB 1418.rar

2014-07-17 20:33 - 2014-07-17 20:33 - 00011029 _____ () C:\Users\Clubberer\Documents\Tabu Geo Jacob.xlsx

2014-07-17 20:14 - 2014-07-17 20:14 - 00000000 ____D () C:\Users\Clubberer\AppData\Roaming\simplitec

2014-07-15 20:00 - 2014-07-15 20:00 - 01084436 _____ () C:\Users\Jacobus\Downloads\1400064767_thrust.rar

2014-07-15 19:57 - 2014-07-15 19:57 - 02827901 _____ () C:\Users\Jacobus\Downloads\1363942875_KX500.rar

2014-07-15 19:56 - 2014-07-15 19:56 - 11531251 _____ () C:\Users\Jacobus\Downloads\1399218489_AudiQ7V13Vertelvis.rar

2014-07-15 19:55 - 2014-07-15 19:55 - 05205252 _____ () C:\Users\Jacobus\Downloads\1404329443_2013LamborghiniVeneno.zip

2014-07-15 19:50 - 2014-07-15 19:50 - 01431782 _____ () C:\Users\Jacobus\Downloads\1390693360_ChevroletBlazerK51972.rar

2014-07-15 19:49 - 2014-07-15 19:50 - 22912501 _____ () C:\Users\Jacobus\Downloads\1393757826_1393725518_c2.rar

2014-07-15 19:49 - 2014-07-15 19:49 - 27787900 _____ () C:\Users\Jacobus\Downloads\1405111533_SsangYong_Kyron_Beta_by_Claptrap.rar

2014-07-15 19:47 - 2014-07-15 19:47 - 11948024 _____ () C:\Users\Jacobus\Downloads\1404687451_GTA4EVOCAMBER.rar

2014-07-15 19:46 - 2014-07-15 19:46 - 04780670 _____ () C:\Users\Jacobus\Downloads\1403622098_jetmax.rar

2014-07-15 19:43 - 2014-07-15 19:43 - 03324012 _____ () C:\Users\Jacobus\Downloads\1399326915_Eurocopter EC135 Guardia Civil Spain.rar

2014-07-14 13:44 - 2014-07-14 13:44 - 00000000 ____D () C:\Users\mierike\AppData\Roaming\simplitec

2014-07-12 14:29 - 2014-07-12 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SPEEDLINK

2014-07-12 14:29 - 2014-07-12 14:29 - 00000000 ____D () C:\Program Files (x86)\SPEEDLINK

2014-07-12 14:27 - 2014-07-12 14:27 - 00000000 ____D () C:\Users\Jacobus\AppData\Roaming\simplitec

2014-07-12 14:26 - 2014-07-12 14:27 - 00000000 ____D () C:\ProgramData\simplitec

2014-07-12 14:26 - 2014-07-12 14:26 - 00001113 _____ () C:\Users\Public\Desktop\simplicheck.lnk

2014-07-12 14:26 - 2014-07-12 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec

2014-07-12 14:26 - 2014-07-12 14:26 - 00000000 ____D () C:\Program Files (x86)\simplitec

2014-07-09 14:48 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-07-09 14:48 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-07-09 14:48 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-07-09 14:48 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-07-09 14:48 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-07-09 14:48 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-07-09 14:48 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-07-09 14:48 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-07-09 14:48 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-07-09 14:48 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-07-09 14:48 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-07-09 14:48 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-07-09 14:48 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-07-09 14:48 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-07-09 14:48 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-07-09 14:48 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-07-09 14:48 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-07-09 14:48 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-07-09 14:48 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-07-09 14:48 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-07-09 14:48 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-07-09 14:48 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-07-09 14:48 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-07-09 14:48 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-07-09 14:48 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-07-09 14:48 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-07-09 14:48 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-07-09 14:48 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-07-09 14:48 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-07-09 14:48 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-07-09 14:48 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-07-09 14:48 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-07-09 14:48 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-07-09 14:48 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-07-09 14:48 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-07-09 14:48 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-07-09 14:48 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-07-09 14:48 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-07-09 14:48 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-07-09 14:48 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-07-09 14:48 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-07-09 14:48 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-07-09 14:48 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-07-09 14:48 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-07-09 14:48 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-07-09 14:48 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-07-09 14:48 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-07-09 14:48 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-07-09 14:48 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-07-09 14:48 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-07-09 14:48 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-07-09 14:48 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-07-09 14:48 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-07-09 14:48 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-07-09 14:48 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-07-09 14:48 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-07-09 14:48 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-07-09 14:48 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-07-09 14:48 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe

2014-07-09 14:48 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe

2014-07-09 14:48 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-07-09 14:48 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-07-09 14:48 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2014-07-09 14:48 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-07-09 14:48 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2014-07-09 14:48 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2014-07-09 14:48 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2014-07-09 14:48 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2014-07-09 14:48 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-07-09 14:48 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-07-09 14:48 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-07-09 14:48 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2014-07-09 14:48 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2014-07-09 14:48 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2014-07-09 14:48 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2014-07-09 14:48 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-07-09 14:48 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-07-09 14:48 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2014-07-09 14:47 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-07-09 14:47 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-07-09 14:47 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2014-07-07 19:05 - 2014-07-07 19:05 - 00000000 ____D () C:\Crash

2014-07-07 18:00 - 2014-07-07 18:00 - 00000000 ____D () C:\Users\Jacobus\AppData\Local\SCE

2014-07-07 15:03 - 2014-07-07 15:03 - 00000222 _____ () C:\Users\Jacobus\Desktop\PlanetSide 2.url

2014-07-03 16:06 - 2014-07-03 16:06 - 00000000 ____D () C:\Users\Clubberer\AppData\Local\{62D8A03E-9C65-4D77-A845-A4A3C5DB8636}

2014-07-03 16:04 - 2014-07-03 16:10 - 00000000 ____D () C:\Users\Clubberer\AppData\Roaming\Omiga Plus
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-07-30 11:41 - 2014-07-30 11:41 - 00022697 _____ () C:\Users\mierike\Desktop\FRST.txt

2014-07-30 11:41 - 2014-07-30 11:41 - 00000000 ____D () C:\FRST

2014-07-30 11:39 - 2014-07-30 11:39 - 02093568 _____ (Farbar) C:\Users\mierike\Desktop\x.exe

2014-07-30 11:33 - 2012-04-06 13:27 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-07-30 11:32 - 2012-05-27 16:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-07-30 11:29 - 2011-10-22 13:10 - 00000000 ____D () C:\Users\mierike\AppData\Local\Nero

2014-07-30 11:24 - 2011-10-15 14:22 - 00000422 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job

2014-07-30 11:23 - 2013-09-08 17:27 - 00000000 ____D () C:\Users\mierike\AppData\Roaming\Skype

2014-07-30 11:23 - 2011-10-17 18:40 - 00003488 _____ () C:\Windows\System32\Tasks\PCDEventLauncher

2014-07-30 11:23 - 2011-10-15 14:22 - 00003450 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest

2014-07-30 11:21 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-07-30 11:21 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-07-30 11:17 - 2012-05-18 16:52 - 01222001 _____ () C:\Windows\WindowsUpdate.log

2014-07-30 11:16 - 2014-05-18 18:55 - 00000000 ____D () C:\Program Files (x86)\Omiga Plus

2014-07-30 11:16 - 2013-08-23 09:14 - 00000000 ____D () C:\Program Files (x86)\WinZipper

2014-07-30 11:14 - 2013-06-29 18:50 - 00001202 _____ () C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job

2014-07-30 11:14 - 2013-06-29 18:50 - 00001198 _____ () C:\Windows\Tasks\Plus-HD-2.3-updater.job

2014-07-30 11:14 - 2013-06-29 18:50 - 00001102 _____ () C:\Windows\Tasks\Plus-HD-2.3-enabler.job

2014-07-30 11:14 - 2013-06-29 18:49 - 00001908 _____ () C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job

2014-07-30 11:14 - 2013-06-29 18:49 - 00001834 _____ () C:\Windows\Tasks\Plus-HD-2.3-firefoxinstaller.job

2014-07-30 11:14 - 2013-06-29 18:49 - 00000904 _____ () C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job

2014-07-30 11:14 - 2013-05-29 14:58 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-07-30 11:14 - 2012-04-06 13:27 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-07-30 11:14 - 2011-10-15 14:19 - 00000000 ____D () C:\Users\mierike\AppData\Local\SoftThinks

2014-07-30 11:14 - 2011-10-06 14:20 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup

2014-07-30 11:13 - 2014-05-18 18:49 - 00009806 _____ () C:\Windows\setupact.log

2014-07-30 11:13 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-07-30 10:05 - 2013-06-29 18:56 - 00000000 ____D () C:\Users\Jacobus\AppData\Roaming\Skype

2014-07-30 09:54 - 2013-06-29 18:49 - 00000908 _____ () C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job

2014-07-30 09:49 - 2013-06-29 18:48 - 00000298 _____ () C:\Windows\Tasks\Dealply.job

2014-07-30 08:03 - 2012-01-14 19:19 - 00000000 ____D () C:\Users\Jacobus\AppData\Local\Nero

2014-07-30 07:48 - 2012-01-14 19:04 - 00000000 ____D () C:\Users\Jacobus\AppData\Local\SoftThinks

2014-07-29 15:05 - 2014-07-29 15:05 - 00000000 ____D () C:\Users\mierike\AppData\Local\Windows Live

2014-07-29 15:05 - 2014-07-29 15:04 - 00000000 ____D () C:\Users\mierike\AppData\Local\{4CC8AC4A-F420-4FDB-AC83-7FFA0820A57F}

2014-07-28 20:08 - 2012-03-18 18:49 - 00000000 ____D () C:\Users\mierike\Documents\Papa

2014-07-28 18:54 - 2014-07-23 19:04 - 00000000 ____D () C:\ProgramData\IcfudOqmat

2014-07-27 16:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2014-07-26 22:28 - 2013-09-06 15:45 - 00000000 ____D () C:\Users\Jacobus\Documents\FIFA 12

2014-07-26 21:42 - 2013-09-05 16:44 - 00000000 ____D () C:\Program Files (x86)\Origin

2014-07-23 15:52 - 2011-11-03 21:23 - 00000000 ____D () C:\Users\Clubberer\AppData\Local\SoftThinks

2014-07-23 15:36 - 2014-07-23 15:36 - 00000000 ____D () C:\Users\Clubberer\AppData\Local\{25D31DA7-A6F9-4F3D-98C6-B40E6F4016F6}

2014-07-23 10:52 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-07-20 11:18 - 2014-07-20 11:17 - 08065348 _____ () C:\Users\Jacobus\Downloads\1352281627_bentley_continental_gt_premier.rar

2014-07-20 11:16 - 2014-07-20 11:16 - 03163023 _____ () C:\Users\Jacobus\Downloads\1349424093_1349406382_alexkoenigseggepmriv.rar

2014-07-20 11:12 - 2014-07-20 11:12 - 05409472 _____ () C:\Users\Jacobus\Downloads\1389977311_POR_911TURBO_14.rar

2014-07-20 11:11 - 2014-07-20 11:11 - 17187404 _____ () C:\Users\Jacobus\Downloads\1366826519_Audi R8 5 2 Stock 2012.rar

2014-07-20 11:10 - 2014-07-20 11:10 - 05931641 _____ () C:\Users\Jacobus\Downloads\1356444601_2012LamborghiniGallardoLP5704SpyderPerformantebyDreamsky.zip

2014-07-20 11:09 - 2014-07-20 11:09 - 04025438 _____ () C:\Users\Jacobus\Downloads\1405846432_WheelsAndMore.rar

2014-07-20 11:09 - 2014-07-20 11:09 - 03467591 _____ () C:\Users\Jacobus\Downloads\1362939950_Harley Davidson Fat Boy Lo Racing Bobber.rar

2014-07-19 20:54 - 2014-07-19 20:54 - 03555001 _____ () C:\Users\Jacobus\Downloads\1405765207_GTAVbravadobisonbyAH.rar

2014-07-18 20:22 - 2014-07-18 20:18 - 52247609 _____ () C:\Users\Jacobus\Downloads\logitech_gaming_software_8_52_15_32bit_software.zip

2014-07-18 20:16 - 2014-07-18 20:16 - 00000000 ____D () C:\Users\Jacobus\AppData\Roaming\Logitech

2014-07-18 20:16 - 2014-07-18 20:16 - 00000000 ____D () C:\Users\Jacobus\AppData\Roaming\Logishrd

2014-07-18 20:15 - 2014-07-18 20:12 - 52954360 _____ (Logitech Inc.) C:\Users\Jacobus\Downloads\LGS_8.51.5_x86_Logitech.exe

2014-07-17 20:42 - 2014-07-17 20:41 - 08135660 _____ () C:\Users\Jacobus\Downloads\1364805641_VH60N_Whitehawk_1.1.RAR

2014-07-17 20:39 - 2014-07-17 20:39 - 03459426 _____ () C:\Users\Jacobus\Downloads\1361362978_Audi A4 2010.rar

2014-07-17 20:37 - 2014-07-17 20:37 - 07105145 _____ () C:\Users\Jacobus\Downloads\1369655347_Marcopolo Torino 2007 - MB 1418.rar

2014-07-17 20:33 - 2014-07-17 20:33 - 00011029 _____ () C:\Users\Clubberer\Documents\Tabu Geo Jacob.xlsx

2014-07-17 20:29 - 2011-11-03 21:56 - 00000000 ____D () C:\Users\Clubberer\AppData\Local\Nero

2014-07-17 20:15 - 2011-10-06 14:43 - 00000000 ____D () C:\ProgramData\Sonic

2014-07-17 20:14 - 2014-07-17 20:14 - 00000000 ____D () C:\Users\Clubberer\AppData\Roaming\simplitec

2014-07-17 20:14 - 2011-11-03 21:23 - 00086488 _____ () C:\Users\Clubberer\AppData\Local\GDIPFONTCACHEV1.DAT

2014-07-15 20:00 - 2014-07-15 20:00 - 01084436 _____ () C:\Users\Jacobus\Downloads\1400064767_thrust.rar

2014-07-15 19:57 - 2014-07-15 19:57 - 02827901 _____ () C:\Users\Jacobus\Downloads\1363942875_KX500.rar

2014-07-15 19:56 - 2014-07-15 19:56 - 11531251 _____ () C:\Users\Jacobus\Downloads\1399218489_AudiQ7V13Vertelvis.rar

2014-07-15 19:55 - 2014-07-15 19:55 - 05205252 _____ () C:\Users\Jacobus\Downloads\1404329443_2013LamborghiniVeneno.zip

2014-07-15 19:50 - 2014-07-15 19:50 - 01431782 _____ () C:\Users\Jacobus\Downloads\1390693360_ChevroletBlazerK51972.rar

2014-07-15 19:50 - 2014-07-15 19:49 - 22912501 _____ () C:\Users\Jacobus\Downloads\1393757826_1393725518_c2.rar

2014-07-15 19:49 - 2014-07-15 19:49 - 27787900 _____ () C:\Users\Jacobus\Downloads\1405111533_SsangYong_Kyron_Beta_by_Claptrap.rar

2014-07-15 19:47 - 2014-07-15 19:47 - 11948024 _____ () C:\Users\Jacobus\Downloads\1404687451_GTA4EVOCAMBER.rar

2014-07-15 19:46 - 2014-07-15 19:46 - 04780670 _____ () C:\Users\Jacobus\Downloads\1403622098_jetmax.rar

2014-07-15 19:43 - 2014-07-15 19:43 - 03324012 _____ () C:\Users\Jacobus\Downloads\1399326915_Eurocopter EC135 Guardia Civil Spain.rar

2014-07-14 13:45 - 2011-10-15 14:22 - 00086488 _____ () C:\Users\mierike\AppData\Local\GDIPFONTCACHEV1.DAT

2014-07-14 13:44 - 2014-07-14 13:44 - 00000000 ____D () C:\Users\mierike\AppData\Roaming\simplitec

2014-07-13 11:09 - 2012-01-14 19:04 - 00000000 ____D () C:\Users\Jacobus\AppData\Local\VirtualStore

2014-07-12 19:58 - 2009-07-14 06:45 - 00381272 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-07-12 14:36 - 2012-01-14 19:05 - 00086488 _____ () C:\Users\Jacobus\AppData\Local\GDIPFONTCACHEV1.DAT

2014-07-12 14:31 - 2012-10-27 15:17 - 00000000 ____D () C:\ProgramData\InstallShield

2014-07-12 14:29 - 2014-07-12 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SPEEDLINK

2014-07-12 14:29 - 2014-07-12 14:29 - 00000000 ____D () C:\Program Files (x86)\SPEEDLINK

2014-07-12 14:29 - 2011-10-06 14:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-07-12 14:27 - 2014-07-12 14:27 - 00000000 ____D () C:\Users\Jacobus\AppData\Roaming\simplitec

2014-07-12 14:27 - 2014-07-12 14:26 - 00000000 ____D () C:\ProgramData\simplitec

2014-07-12 14:26 - 2014-07-12 14:26 - 00001113 _____ () C:\Users\Public\Desktop\simplicheck.lnk

2014-07-12 14:26 - 2014-07-12 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec

2014-07-12 14:26 - 2014-07-12 14:26 - 00000000 ____D () C:\Program Files (x86)\simplitec

2014-07-10 13:32 - 2012-05-27 16:05 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-07-10 13:32 - 2012-05-20 20:35 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-07-10 13:32 - 2011-10-06 14:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-07-10 13:23 - 2013-10-28 13:52 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2014-07-09 21:00 - 2014-05-06 21:19 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-07-09 21:00 - 2010-11-21 09:00 - 00000000 ____D () C:\Program Files\Windows Journal

2014-07-09 21:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism

2014-07-09 21:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism

2014-07-09 16:24 - 2013-08-14 14:24 - 00000000 ____D () C:\Windows\system32\MRT

2014-07-09 16:24 - 2012-10-05 07:41 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-07-07 19:05 - 2014-07-07 19:05 - 00000000 ____D () C:\Crash

2014-07-07 18:00 - 2014-07-07 18:00 - 00000000 ____D () C:\Users\Jacobus\AppData\Local\SCE

2014-07-07 15:03 - 2014-07-07 15:03 - 00000222 _____ () C:\Users\Jacobus\Desktop\PlanetSide 2.url

2014-07-07 15:03 - 2013-05-29 15:16 - 00000000 ____D () C:\Users\Jacobus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2014-07-03 19:08 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

2014-07-03 16:10 - 2014-07-03 16:04 - 00000000 ____D () C:\Users\Clubberer\AppData\Roaming\Omiga Plus

2014-07-03 16:08 - 2013-10-28 13:50 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2014-07-03 16:06 - 2014-07-03 16:06 - 00000000 ____D () C:\Users\Clubberer\AppData\Local\{62D8A03E-9C65-4D77-A845-A4A3C5DB8636}

2014-07-03 16:04 - 2013-09-08 14:27 - 00000000 ____D () C:\Users\Clubberer\AppData\Roaming\Skype

2014-07-02 20:38 - 2013-02-22 17:41 - 00282104 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr

2014-07-02 20:38 - 2013-02-22 17:32 - 00282104 _____ () C:\Windows\SysWOW64\PnkBstrB.exe

2014-07-02 20:38 - 2013-02-22 17:32 - 00234768 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0

2014-07-02 19:13 - 2010-11-21 08:50 - 09218806 _____ () C:\Windows\system32\perfh007.dat

2014-07-02 19:13 - 2010-11-21 08:50 - 02805804 _____ () C:\Windows\system32\perfc007.dat

2014-07-02 19:13 - 2009-07-14 07:13 - 00006544 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-06-30 04:09 - 2014-07-09 14:48 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-06-30 04:04 - 2014-07-09 14:48 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
 

ZeroAccess:

C:\$Recycle.Bin\S-1-5-21-3566807784-1483398079-3001521256-1000\$c9450da47adbb8e1bf7b093bc2931b3f
 

Some content of TEMP:

====================

C:\Users\Clubberer\AppData\Local\Temp\AskSLib.dll

C:\Users\Clubberer\AppData\Local\Temp\avgnt.exe

C:\Users\Clubberer\AppData\Local\Temp\drm_dialogs.dll

C:\Users\Clubberer\AppData\Local\Temp\fm6zoiud.dll

C:\Users\Clubberer\AppData\Local\Temp\qehc3omp.dll

C:\Users\Clubberer\AppData\Local\Temp\setup.exe

C:\Users\Jacobus\AppData\Local\Temp\avgnt.exe

C:\Users\Jacobus\AppData\Local\Temp\CmdLineExt01.dll

C:\Users\Jacobus\AppData\Local\Temp\drm_dialogs.dll

C:\Users\Jacobus\AppData\Local\Temp\drm_dyndata_7330017.dll

C:\Users\Jacobus\AppData\Local\Temp\drm_dyndata_7380014.dll

C:\Users\Jacobus\AppData\Local\Temp\gtaivvmi_v1.5_setup.exe

C:\Users\Jacobus\AppData\Local\Temp\i4jdel0.exe

C:\Users\Jacobus\AppData\Local\Temp\SIntf16.dll

C:\Users\Jacobus\AppData\Local\Temp\SIntf32.dll

C:\Users\Jacobus\AppData\Local\Temp\SIntfNT.dll

C:\Users\Jacobus\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Jacobus\AppData\Local\Temp\_is4D0.exe

C:\Users\Jacobus\AppData\Local\Temp\_is9FB8.exe

C:\Users\Jacobus\AppData\Local\Temp\_isBDE2.exe

C:\Users\Jacobus\AppData\Local\Temp\_isE974.exe

C:\Users\mierike\AppData\Local\Temp\1blonde.dll

C:\Users\mierike\AppData\Local\Temp\2blonde.exe

C:\Users\mierike\AppData\Local\Temp\avgnt.exe

C:\Users\mierike\AppData\Local\Temp\uninst1.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
 
 

LastRegBack: 2014-07-29 19:42
 

==================== End Of Log ============================

--- --- ---
FRST Additions Logfile:

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014

Ran by mierike at 2014-07-30 11:41:53

Running from C:\Users\mierike\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)

18 WoS Extreme Trucker 1.01 (HKLM-x32\...\18 WoS Extreme Trucker) (Version: 1.01 - )

Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)

Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)

Alarm für Cobra 11 - Das Syndikat (HKLM-x32\...\Alarm für Cobra 11 - Das Syndikat_is1) (Version:  - dtp)

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)

Avira SearchFree Toolbar plus Web Protection Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.3.0.23930 - Ask.com) <==== ATTENTION

Battlefield 2(TM) (HKCU\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version: 1.00.0000 - DICE)

Battlefield Play4Free (HKCU\...\{87686C21-8A15-4b4d-A3F1-11141D9BE094}) (Version:  - EA Digital illusions)

Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden

Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden

Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - Treyarch)

Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version:  - )

Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version:  - Treyarch)

CCleaner (HKLM\...\CCleaner) (Version: 3.18 - Piriform)

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Cities in Motion 2 (HKLM-x32\...\Steam App 225420) (Version:  - )

Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.4.0 - Conexant)

CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)

CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.3225 - CyberLink Corp.) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dealply (HKCU\...\Dealply) (Version:  - ) <==== ATTENTION

DealPly (remove only) (HKLM-x32\...\DealPly) (Version: 4.8.7.2 - DealPly Technologies Ltd.) <==== ATTENTION

DECUS Gaming Mouse (HKLM-x32\...\{B62CC42A-D1D9-4E91-BEDE-8614DE2AD943}) (Version: 1.0 - SPEEDLINK)

Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.57 - Dell Inc.)

Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.57 - Dell Inc.)

Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)

Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)

Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)

Dell MusicStage (HKLM-x32\...\{3255BC3F-32BA-41ED-93A0-B9AEB6CDD9E6}) (Version: 1.5.201.0 - Fingertapps)

Dell Stage (HKLM-x32\...\{E2F57269-065E-4B19-8CDA-AB6C401FAF1A}) (Version: 1.7.209.0 - Fingertapps)

Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)

Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5803.11 - Dell Inc.)

Dell Support Center (Version: 3.1.5803.11 - PC-Doctor, Inc.) Hidden

Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)

Dell VideoStage  (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden

Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden

Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden

DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden

DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden

Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden

Easy Driver Pro (HKLM-x32\...\{FD27D456-ED8A-4027-A1E4-BBF95FAF4799}) (Version: 8.0.1 - Easy Driver Pro)

eBox (HKLM-x32\...\fr.edumedia.app.eBox.school) (Version: 1.6 - eduMedia SARL)

eBox (x32 Version: 1.6 - eduMedia SARL) Hidden

Escape Whisper Valley (TM) (x32 Version: 2.2.0.95 - WildTangent) Hidden

Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden

FarmFrenzy (HKLM-x32\...\FarmFrenzy) (Version:  - )

FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden

FIFA 12 (HKLM-x32\...\{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}) (Version: 1.6.0.0 - Electronic Arts)

Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden

Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden

FlatOut2 (HKLM-x32\...\{7E641E46-81DB-4D1D-906A-48342523051C}) (Version: 1.00.0000 - Ihr Firmenname)

Fragen-Lern-CD 4.1 (HKLM-x32\...\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1) (Version: 4.1.0 - Wendel-Verlag GmbH)

Fragen-Lern-CD 4.1 (x32 Version: 4.1.0 - Wendel-Verlag GmbH) Hidden

German Truck Simulator 1.00 (HKLM-x32\...\German Truck Simulator) (Version: 1.00 - )

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden

Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)

Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden

Grand Theft Auto San Andreas (HKLM-x32\...\{086BADF8-9B1F-4E89-B207-2EDA520972D6}) (Version: 1.00.00001 - Rockstar Games)

GTA IV Vehicle Mod Installer v1.5 (HKLM-x32\...\GTA IV Vehicle Mod Installer v1.5_is1) (Version:  - MobileD2)

Guard.ICQ (HKLM-x32\...\Guard.Mail.ru) (Version:  - Mail.ru) <==== ATTENTION

High-Definition Video Playback (x32 Version: 7.3.10000.0.0 - Nero AG) Hidden

HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)

HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)

HP Scanjet G3010 (HKLM\...\{E2A59F15-F731-4062-9BB7-3C99D8F15756}) (Version: 13.0 - HP)

HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)

hpg3010 (x32 Version: 13.0.0.0 - Ihr Firmenname) Hidden

HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden

HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden

ICQ7.7 (HKLM-x32\...\{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}) (Version: 7.7 - ICQ)

Java Auto Updater (x32 Version: 2.1.6.0 - Sun Microsystems, Inc.) Hidden

Java(TM) 7 Update 4 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217004FF}) (Version: 7.0.40 - Oracle)

Jewel Quest (x32 Version: 2.2.0.95 - WildTangent) Hidden

Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Juiced2_HIN (HKLM-x32\...\{50E4FCC7-90B9-48C6-9D17-7AE66F282878}) (Version: 1.00.0000 - THQ)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

King (HKLM-x32\...\King) (Version:  - )

KONICA MINOLTA magicolor 2530DL (HKLM\...\KONICA MINOLTA magicolor 2530DL) (Version:  - )

L.A. Noire (HKLM-x32\...\Steam App 110800) (Version:  - Team Bondi)

Landwirtschafts Simulator 2013 (HKLM-x32\...\FarmingSimulator2013DE_is1) (Version: 1.0 - GIANTS Software)

Luxor (x32 Version: 2.2.0.95 - WildTangent) Hidden

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)

Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)

Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden

Need for Speed(TM) Hot Pursuit (HKLM-x32\...\{83A606F5-BF6F-42ED-9F33-B9F74297CDED}) (Version: 1.0.0.0 - Electronic Arts)

Nero 10 Movie ThemePack Basic (x32 Version: 10.2.10200.0.0 - Nero AG) Hidden

Nero Control Center 10 (x32 Version: 10.6.12500.0.5 - Nero AG) Hidden

Nero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800 - Nero AG) Hidden

Nero Core Components 10 (x32 Version: 2.0.20000.9.12 - Nero AG) Hidden

NVIDIA Display Control Panel (HKLM\...\{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 6.14.12.6716 - NVIDIA Corporation)

NVIDIA PhysX (HKLM-x32\...\{B83FC356-B7C0-441F-8A4D-D71E088E7974}) (Version: 9.09.0428 - NVIDIA Corporation)

OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)

Omiga Plus (HKLM-x32\...\Omiga Plus) (Version: 1.6.6 - Taiwan Shui Mu Chih Ching Technology Limited.)

Origin (HKLM-x32\...\Origin) (Version: 9.3.2.2730 - Electronic Arts, Inc.)

Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden

phase-6 2.3.0 (HKLM-x32\...\phase-6) (Version: 2.3.0 - phase-6)

PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden

Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)

PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Sony Online Entertainment)

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden

Plus-HD-2.3 (HKLM-x32\...\Plus-HD-2.3) (Version: 1.27.153.5 - Plus HD) <==== ATTENTION

Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden

ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)

Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.13.1 - Razer Inc.)

RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden

RCT3 Soaked (HKLM-x32\...\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}) (Version: 1.00.000 - )

Rettungswagen Simulator 2012 (HKLM-x32\...\Rettungswagen Simulator 2012) (Version:  - )

Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)

RollerCoaster Tycoon 2 (HKLM-x32\...\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}) (Version:  - )

RollerCoaster Tycoon 3 (HKLM-x32\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - )

Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden

Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden

Roxio Burn (x32 Version: 1.8 - Roxio) Hidden

Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)

Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden

Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden

Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden

Roxio File Backup (Version: 1.3.2 - Roxio) Hidden

Samantha Swift (x32 Version: 2.2.0.95 - WildTangent) Hidden

Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden

Secunia PSI (2.0.0.4003) (HKLM-x32\...\Secunia PSI) (Version: 2.0.0.4003 - Secunia)

simplitec simplicheck (HKLM-x32\...\{4ED518EB-0018-4928-A79E-5BF5100A382B}) (Version: 1.3.10.0 - simplitec GmbH)

Skiregion Simulator 2012 (HKLM-x32\...\SkiRegionSimulator2012DE_is1) (Version: 1.0 - GIANTS Software)

Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)

SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden

Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

SyncUP (HKLM-x32\...\{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}) (Version: 1.10.11100.8.106 - Nero AG)

SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.14900 - Nero AG)

TelevisionFanatic Toolbar (HKLM-x32\...\TelevisionFanaticbar Uninstall) (Version:  - Mindspark Interactive Network) <==== ATTENTION

TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version:  - Nadeo)

Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)

Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)

Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)

Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden

Wedding Dash - Ready, Aim, Love! (x32 Version: 2.2.0.95 - WildTangent) Hidden

WildTangent Games App (Dell Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden

WildTangent-Spiele (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.2.5 - WildTangent)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

WinZipper (HKLM-x32\...\WinZipper) (Version: 1.4.8 - Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION

Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)

Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden

Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-3566807784-1483398079-3001521256-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\$Recycle.Bin ()
 

==================== Restore Points  =========================
 

27-06-2014 16:59:14 Windows Update

01-07-2014 11:31:02 Windows Update

04-07-2014 17:11:20 Windows Update

08-07-2014 15:34:15 Windows Update

09-07-2014 14:21:56 Windows Update

12-07-2014 12:26:23 Installed simplitec simplicheck

12-07-2014 12:28:19 Installiert DECUS Gaming Mouse

12-07-2014 12:28:46 Installiert DECUS Gaming Mouse

15-07-2014 17:44:32 Windows Update

18-07-2014 18:11:36 Windows Update

22-07-2014 11:54:06 Windows Update

26-07-2014 18:29:09 Windows Update
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {1A524B3D-20F2-4745-9FCF-F59917632DFF} - System32\Tasks\Plus-HD-2.3-firefoxinstaller => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-firefoxinstaller.exe

Task: {23ED6501-EC8D-46DE-A90B-D0B6A411209A} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2011-03-22] (PC-Doctor, Inc.)

Task: {2738D4F5-2FA9-4C5B-B05D-10E894A19458} - System32\Tasks\XboxStatTask => C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe [2009-10-01] (Microsoft Corporation)

Task: {44F56132-1876-4F57-86A3-5D770B85CFED} - System32\Tasks\Plus-HD-2.3-enabler => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-enabler.exe

Task: {468CA2F8-7293-4DC0-A68A-376B35416960} - System32\Tasks\Plus-HD-2.3-codedownloader => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe

Task: {4AB5FCAC-ADE0-42E4-B416-4C282D681B48} - System32\Tasks\Omiga Plus RunAsStdUser => C:\Program Files (x86)\Omiga Plus\omigaplus.exe [2014-05-18] (Taiwan Shui Mu Chih Ching Technology Limited.)

Task: {52DC963E-B3B1-436E-8775-581EE5974429} - System32\Tasks\Dealply => C:\Users\Jacobus\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe [2013-06-29] () <==== ATTENTION

Task: {5BCC9993-2AF0-4F8E-906D-ACB355330360} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-06] (Google Inc.)

Task: {7B8B64D2-9701-4749-8D17-1037F5D85122} - System32\Tasks\EPUpdater => C:\Users\Jacobus\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-08-04] () <==== ATTENTION

Task: {9FF35095-0567-4A51-B734-D2D6D554C868} - System32\Tasks\DealPlyLiveUpdateTaskMachineCore => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-06-29] (DealPly Technologies Ltd) <==== ATTENTION

Task: {AFB1E349-4CA6-4287-8157-DD11D2F1D90E} - System32\Tasks\Plus-HD-2.3-updater => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-updater.exe

Task: {B6404EB3-88E2-42DC-84CF-CFD93653856A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-10] (Adobe Systems Incorporated)

Task: {C37632D5-9CDA-436D-9B9B-D796932DD3EE} - System32\Tasks\Plus-HD-2.3-chromeinstaller => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-chromeinstaller.exe

Task: {CEF33ACD-4ADB-4121-8D05-60738E21232A} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION

Task: {D2C0A682-EAF1-4B74-8483-94EB7ECF076B} - System32\Tasks\DealPlyLiveUpdateTaskMachineUA => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-06-29] (DealPly Technologies Ltd) <==== ATTENTION

Task: {E401469E-90A2-47EF-9CB2-0CA6FFA57B78} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\pcdrcui.exe [2011-03-22] (PC-Doctor, Inc.)

Task: {ED4A2C0B-8549-4656-854B-A600693C8DA4} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2011-03-22] (PC-Doctor, Inc.)

Task: {EEF002B1-2A4B-4F65-BD04-DCCD15304A4F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-06] (Google Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\Dealply.job => C:\Users\Jacobus\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE

Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe

Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exe

Task: C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-chromeinstaller.exe

Task: C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe

Task: C:\Windows\Tasks\Plus-HD-2.3-enabler.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-enabler.exe

Task: C:\Windows\Tasks\Plus-HD-2.3-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-firefoxinstaller.exe

Task: C:\Windows\Tasks\Plus-HD-2.3-updater.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-updater.exe

Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\pcdrcui.exe
 

==================== Loaded Modules (whitelisted) =============
 

2012-02-17 15:03 - 2012-02-17 15:03 - 01564368 _____ () C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe

2013-02-22 17:32 - 2013-02-22 17:46 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2011-06-27 20:26 - 2011-06-27 20:26 - 02022976 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe

2011-10-06 14:20 - 2011-07-08 11:12 - 02749248 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

2010-11-17 11:35 - 2010-11-17 11:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

2011-06-29 09:52 - 2011-06-29 09:52 - 00474176 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe

2014-07-12 14:29 - 2013-09-30 13:40 - 03587584 _____ () C:\Program Files (x86)\SPEEDLINK\DECUS Gaming Mouse\Monitor.EXE

2014-05-18 18:55 - 2014-05-18 18:55 - 00612520 _____ () C:\Program Files (x86)\Omiga Plus\sqlite3.dll

2013-08-23 09:14 - 2013-08-23 09:13 - 00612520 _____ () C:\Program Files (x86)\WinZipper\sqlite3.dll

2010-03-16 21:28 - 2010-03-16 21:28 - 01926144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll

2010-03-22 16:52 - 2010-03-22 16:52 - 06776832 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll

2010-03-16 21:28 - 2010-03-16 21:28 - 00635904 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll

2010-03-16 21:28 - 2010-03-16 21:28 - 00326144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll

2011-06-25 00:20 - 2011-06-25 00:20 - 00565968 _____ () C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll

2011-06-27 20:25 - 2011-06-27 20:25 - 00058944 _____ () C:\Program Files (x86)\Dell\Stage Remote\DataService.dll

2011-06-25 00:32 - 2011-06-25 00:32 - 00323136 _____ () C:\Program Files (x86)\Dell\Stage Remote\de-DE\UI\ManagerUI.dll

2010-03-11 20:52 - 2010-03-11 20:52 - 00028160 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll

2010-03-05 16:07 - 2010-03-05 16:07 - 00031744 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll

2010-03-05 16:07 - 2010-03-05 16:07 - 00125952 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll

2010-03-11 20:52 - 2010-03-11 20:52 - 00225280 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll

2014-06-10 18:45 - 2014-07-12 02:53 - 01116672 _____ () C:\Program Files (x86)\Steam\libavcodec-55.dll

2014-04-23 08:38 - 2014-07-12 02:53 - 00438784 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll

2014-06-10 18:45 - 2014-07-12 02:53 - 00399360 _____ () C:\Program Files (x86)\Steam\libavformat-55.dll

2014-01-09 09:14 - 2014-07-12 02:53 - 00331264 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll

2013-04-23 18:30 - 2014-06-27 00:40 - 00764416 _____ () C:\Program Files (x86)\Steam\SDL2.dll

2014-06-10 18:45 - 2014-07-16 04:28 - 02139328 _____ () C:\Program Files (x86)\Steam\video.dll

2014-06-10 18:45 - 2014-04-29 02:37 - 00519168 _____ () C:\Program Files (x86)\Steam\libswscale-2.dll

2013-05-03 15:35 - 2014-07-16 04:28 - 01116864 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL

2013-03-26 16:16 - 2014-05-02 01:35 - 20628160 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

2014-05-18 18:55 - 2014-05-18 18:55 - 00195240 _____ () C:\Program Files (x86)\Omiga Plus\edeskcmn.dll

2014-05-18 18:55 - 2014-05-18 18:55 - 00181928 _____ () C:\Program Files (x86)\Omiga Plus\libpng.dll

2014-05-18 18:55 - 2014-05-18 18:55 - 00060072 _____ () C:\Program Files (x86)\Omiga Plus\libnotify.dll

2010-11-24 23:44 - 2010-11-24 23:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll

2014-07-12 14:29 - 2013-09-30 13:39 - 00036864 _____ () C:\Program Files (x86)\SPEEDLINK\DECUS Gaming Mouse\Lang.dll

2014-07-12 14:29 - 2013-01-29 16:15 - 00061440 _____ () C:\Program Files (x86)\SPEEDLINK\DECUS Gaming Mouse\hiddriver.dll

2014-06-23 10:40 - 2014-06-23 10:41 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

2014-07-10 13:32 - 2014-07-10 13:32 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll

2011-07-07 18:13 - 2011-07-07 18:13 - 00251688 _____ () C:\Program Files (x86)\Nero\SyncUP\System.ComponentModel.Composition.dll

2011-07-07 18:14 - 2011-07-07 18:14 - 00891688 _____ () C:\Program Files (x86)\Nero\SyncUP\System.Data.SQLite.dll

2011-07-07 18:13 - 2011-07-07 18:13 - 00026408 _____ () C:\Program Files (x86)\Nero\SyncUP\AdbDetect.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (07/30/2014 11:15:15 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (07/30/2014 07:49:02 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (07/29/2014 03:38:23 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (07/29/2014 00:44:36 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (07/28/2014 06:52:27 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (07/28/2014 02:55:40 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (07/27/2014 01:04:45 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (07/26/2014 08:27:14 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (07/24/2014 02:30:04 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (07/23/2014 06:42:42 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

System errors:

=============

Error: (07/30/2014 11:15:08 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
 

Error: (07/30/2014 11:14:38 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
 

Error: (07/30/2014 07:49:27 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
 

Error: (07/30/2014 07:48:57 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
 

Error: (07/29/2014 08:24:29 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
 

Error: (07/29/2014 06:50:48 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
 

Error: (07/29/2014 03:38:04 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
 

Error: (07/29/2014 03:37:34 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
 

Error: (07/29/2014 02:18:45 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
 

Error: (07/29/2014 00:45:21 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
 
 

Microsoft Office Sessions:

=========================
 

CodeIntegrity Errors:

===================================

  Date: 2013-05-15 22:01:21.774

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\9692b0.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2013-05-15 22:01:21.742

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\9692b0.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 43%

Total physical RAM: 6126.64 MB

Available physical RAM: 3448.21 MB

Total Pagefile: 12251.47 MB

Available Pagefile: 9158.45 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB
 

==================== Drives ================================
 

Drive c: (OS) (Fixed) (Total:1382.41 GB) (Free:1199.77 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 1397 GB) (Disk ID: A3F9F7E0)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=-714667458560) - (Type=07 NTFS)
 

==================== End Of Log ============================

--- --- ---

Adware & Co. deinstallieren

Lade Dir bitte von hier http://deeprybka.trojaner-board.de/b...ninstaller.pngRevo Uninstaller herunter.
Installiere und starte das Programm.
Suche im Uninstallerfeld nach den Programmen, die unter:
http://deeprybka.trojaner-board.de/b.../revo/add1.png
diesen Zusatz haben:
http://deeprybka.trojaner-board.de/b...e/revo/att.PNG
Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
http://deeprybka.trojaner-board.de/b.../uninstall.PNG http://deeprybka.trojaner-board.de/b...o/moderat2.PNG
Reste löschen:
Klicke auf http://deeprybka.trojaner-board.de/b.../selectall.PNG dann auf http://deeprybka.trojaner-board.de/b...evo/delete.PNG und dann auf http://deeprybka.trojaner-board.de/b...evo/weiter.PNG.

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hallo Schrauber,
vielen Dank für deine Hilfe. Ich hoffe, dass ich alles richtig erledigt habe.
Hier die txt-Datei:Combofix Logfile:

Code:

ComboFix 14-07-29.01 - mierike 30.07.2014  20:09:07.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6127.3366 [GMT 2:00]

ausgeführt von:: c:\users\mierike\Downloads\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\program files (x86)\DealPly

c:\program files (x86)\DealPly\DealPly.crx

c:\program files (x86)\DealPly\DealPly.xpi

c:\program files (x86)\DealPly\DealPlyIE.dll

c:\program files (x86)\DealPly\DealPlyIE64.dll

c:\program files (x86)\DealPly\DealPlyUpdateVer.exe

c:\program files (x86)\DealPly\icon.ico

c:\program files (x86)\DealPly\uninst.exe

c:\users\Jacobus\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec

c:\users\Jacobus\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\background.html

c:\users\Jacobus\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\crossriderManifest.json

c:\users\Jacobus\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\icons\actions\1.png

c:\users\Jacobus\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\icons\icon128.png

c:\users\Jacobus\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\icons\icon16.png

c:\users\Jacobus\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\icons\icon48.png

c:\users\Jacobus\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\api\chrome.js

c:\users\Jacobus\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\api\cookie.js

c:\users\Jacobus\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\api\message.js

c:\users\Jacobus\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\app\background.js

c:\users\Jacobus\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\app\extension.js

c:\users\Jacobus\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\background.js

c:\users\Jacobus\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\lib\app_api.js

c:\users\Jacobus\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\lib\async_api.js

c:\users\Jacobus\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\lib\bg_app_api.js

c:\users\Jacobus\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\lib\cookie_store.js

c:\users\Jacobus\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\lib\crossriderAPI.js

c:\users\Jacobus\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\lib\data_store.js

c:\users\Jacobus\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\lib\delegate.js

c:\users\Jacobus\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\lib\events.js

c:\users\Jacobus\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\lib\installer.js

c:\users\Jacobus\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\lib\logging.js

c:\users\Jacobus\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\lib\onBGDocumentLoad.js

c:\users\Jacobus\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\lib\popupResource\newPopup.js

c:\users\Jacobus\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\lib\popupResource\popup.js

c:\users\Jacobus\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\lib\reports.js

c:\users\Jacobus\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\lib\util.js

c:\users\Jacobus\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\lib\xhr.js

c:\users\Jacobus\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\manifest.json

c:\users\Jacobus\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\popup.html

c:\users\Jacobus\AppData\Roaming\AcroIEHelpe.txt

c:\users\Jacobus\AppData\Roaming\h7doijvh.default.tmp

c:\users\Jacobus\AppData\Roaming\loaupdt.jpg

c:\users\Jacobus\AppData\Roaming\srvblck5.tmp

c:\users\Jacobus\Desktop\Search.lnk

c:\users\mierike\AppData\Roaming\337

c:\users\mierike\AppData\Roaming\337\337 Wallpaper\ebase.dll

c:\users\mierike\AppData\Roaming\337\337 Wallpaper\image\default\app_close.png

c:\users\mierike\AppData\Roaming\337\337 Wallpaper\image\default\app_max.png

c:\users\mierike\AppData\Roaming\337\337 Wallpaper\image\default\app_min.png

c:\users\mierike\AppData\Roaming\337\337 Wallpaper\image\default\app_restore.png

c:\users\mierike\AppData\Roaming\337\337 Wallpaper\image\default\wallpaper_resource.xml

c:\users\mierike\AppData\Roaming\337\337 Wallpaper\image\default\window.png

c:\users\mierike\AppData\Roaming\337\337 Wallpaper\language\en_us\wallpaper_lang.ini

c:\users\mierike\AppData\Roaming\337\337 Wallpaper\language\es_es\wallpaper_lang.ini

c:\users\mierike\AppData\Roaming\337\337 Wallpaper\language\pt_br\wallpaper_lang.ini

c:\users\mierike\AppData\Roaming\337\337 Wallpaper\language\tr_tr\wallpaper_lang.ini

c:\users\mierike\AppData\Roaming\337\337 Wallpaper\language\zh_tw\wallpaper_lang.ini

c:\users\mierike\AppData\Roaming\337\337 Wallpaper\layout\default\dp_appwnd.xml

c:\users\mierike\AppData\Roaming\337\337 Wallpaper\layout\default\msgbox.xml

c:\users\mierike\AppData\Roaming\337\337 Wallpaper\libpng.dll

c:\users\mierike\AppData\Roaming\337\337 Wallpaper\main

c:\users\mierike\AppData\Roaming\337\337 Wallpaper\msvcp100.dll

c:\users\mierike\AppData\Roaming\337\337 Wallpaper\msvcr100.dll

c:\users\mierike\AppData\Roaming\337\337 Wallpaper\ouilibnl.dll

c:\users\mierike\AppData\Roaming\337\337 Wallpaper\plusapp.exe

c:\users\mierike\AppData\Roaming\337\337 Wallpaper\style\wallpaper_style.xml

c:\users\mierike\AppData\Roaming\337\337 Wallpaper\TrayDownloader.exe

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\pthreadVC.dll

c:\windows\SysWow64\wpcap.dll

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_ACEDRV11

-------\Service_acedrv11

.

.

(((((((((((((((((((((((   Dateien erstellt von 2014-06-28 bis 2014-07-30  ))))))))))))))))))))))))))))))

.

.

2014-07-30 18:15 . 2014-07-30 18:15        --------        d-----w-        c:\users\Jacobus\AppData\Local\temp

2014-07-30 18:15 . 2014-07-30 18:15        --------        d-----w-        c:\users\Default\AppData\Local\temp

2014-07-30 18:15 . 2014-07-30 18:15        --------        d-----w-        c:\users\Clubberer\AppData\Local\temp

2014-07-30 17:46 . 2014-07-30 17:46        --------        d-----w-        c:\program files (x86)\VS Revo Group

2014-07-30 09:41 . 2014-07-30 09:42        --------        d-----w-        C:\FRST

2014-07-29 13:05 . 2014-07-29 13:05        --------        d-----w-        c:\users\mierike\AppData\Local\Windows Live

2014-07-29 10:48 . 2014-07-02 03:09        10924376        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A05D8666-AF02-4566-A293-93AA009CD98D}\mpengine.dll

2014-07-23 17:04 . 2014-07-28 16:54        --------        d-----w-        c:\programdata\IcfudOqmat

2014-07-18 18:16 . 2014-07-18 18:16        --------        d-----w-        c:\users\Jacobus\AppData\Roaming\Logitech

2014-07-18 18:16 . 2014-07-18 18:16        --------        d-----w-        c:\users\Jacobus\AppData\Roaming\Logishrd

2014-07-17 18:14 . 2014-07-17 18:14        --------        d-----w-        c:\users\Clubberer\AppData\Roaming\simplitec

2014-07-14 11:44 . 2014-07-14 11:44        --------        d-----w-        c:\users\mierike\AppData\Roaming\simplitec

2014-07-12 12:29 . 2014-07-12 12:29        --------        d-----w-        c:\program files (x86)\SPEEDLINK

2014-07-12 12:27 . 2014-07-12 12:27        --------        d-----w-        c:\users\Jacobus\AppData\Roaming\simplitec

2014-07-12 12:26 . 2014-07-12 12:27        --------        d-----w-        c:\programdata\simplitec

2014-07-12 12:26 . 2014-07-12 12:26        --------        d-----w-        c:\program files (x86)\simplitec

2014-07-09 12:47 . 2014-06-05 14:45        1460736        ----a-w-        c:\windows\system32\lsasrv.dll

2014-07-09 12:47 . 2014-06-05 14:26        22016        ----a-w-        c:\windows\SysWow64\secur32.dll

2014-07-09 12:47 . 2014-06-05 14:25        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll

2014-07-07 17:05 . 2014-07-07 17:05        --------        d-----w-        C:\Crash

2014-07-07 16:00 . 2014-07-07 16:00        --------        d-----w-        c:\users\Jacobus\AppData\Local\SCE

2014-07-03 14:04 . 2014-07-03 14:10        --------        d-----w-        c:\users\Clubberer\AppData\Roaming\Omiga Plus

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-07-23 08:52 . 2010-11-21 03:27        270496        ------w-        c:\windows\system32\MpSigStub.exe

2014-07-10 11:32 . 2012-05-20 18:35        699056        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2014-07-10 11:32 . 2011-10-06 12:07        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-07-09 14:24 . 2012-10-05 05:41        96441528        ----a-w-        c:\windows\system32\MRT.exe

2014-07-02 18:38 . 2013-02-22 15:41        282104        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr

2014-07-02 18:38 . 2013-02-22 15:32        282104        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe

2014-07-02 18:38 . 2013-02-22 15:32        234768        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0

2014-06-06 10:47 . 2014-06-06 10:47        4558848        ----a-w-        c:\windows\SysWow64\GPhotos.scr

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2014-07-16 1753280]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21445248]

"Omiga Plus"="c:\program files (x86)\Omiga Plus\omigaplus.exe" [2014-05-18 1361576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]

"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]

"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-25 1117528]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2014-05-08 40312]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]

"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2011-07-07 75064]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2013-08-15 606040]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

"SL-6397 Gaming Mouse"="c:\program files (x86)\SPEEDLINK\DECUS Gaming Mouse\Monitor.exe" [2013-09-30 3587584]

.

c:\users\mierike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

phase-6 Reminder.lnk - c:\program files (x86)\phase-6\phase-6\reminder\reminder.exe [2012-7-17 724992]

Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]

simplicheck.lnk - c:\program files (x86)\simplitec\simplicheck\simplicheck.exe -timer [2012-10-22 2936168]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R1 9692b0;syshost.exe;c:\windows\system32\drivers\9692b0.sys;c:\windows\SYSNATIVE\drivers\9692b0.sys [x]

R1 brwtyvgg;brwtyvgg;c:\windows\system32\drivers\brwtyvgg.sys;c:\windows\SYSNATIVE\drivers\brwtyvgg.sys [x]

R1 dsyoqujv;dsyoqujv;c:\windows\system32\drivers\dsyoqujv.sys;c:\windows\SYSNATIVE\drivers\dsyoqujv.sys [x]

R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 dealplylive;DealPly Live-Dienst (dealplylive);c:\program files (x86)\DealPlyLive\Update\DealPlyLive.exe;c:\program files (x86)\DealPlyLive\Update\DealPlyLive.exe [x]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 dealplylivem;DealPly Live-Dienst (dealplylivem);c:\program files (x86)\DealPlyLive\Update\DealPlyLive.exe;c:\program files (x86)\DealPlyLive\Update\DealPlyLive.exe [x]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

S2 omigaplussvc;Omiga plus service;c:\program files (x86)\Omiga Plus\omigaplusSvc.exe;c:\program files (x86)\Omiga Plus\omigaplusSvc.exe [x]

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]

S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]

S3 BCMH43XX;Treiber für Broadcom 802.11-USB-Netzwerkadapter;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]

S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt        REG_MULTI_SZ           hpqcxs08

.

Inhalt des "geplante Tasks" Ordners

.

2014-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 11:32]

.

2014-07-30 c:\windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job

- c:\program files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-06-29 16:48]

.

2014-07-30 c:\windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job

- c:\program files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-06-29 16:48]

.

2014-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-06 11:26]

.

2014-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-06 11:26]

.

2013-10-11 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-03-22 17:20]

.

2014-07-30 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\pcdrcui.exe [2011-03-22 17:20]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-27 2022976]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]

"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://www.google.de/

mDefault_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=ST31500341AS_9VS581DLXXXX9VS581DL&ts=1380305657

mStart Page = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=ST31500341AS_9VS581DLXXXX9VS581DL&ts=1380305657

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Free YouTube to MP3 Converter - c:\users\mierike\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe

IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\mierike\AppData\Roaming\Mozilla\Firefox\Profiles\fr8zt0np.default\

FF - ExtSQL: !HIDDEN! 2012-11-11 17:45; 64ffxtbr@TelevisionFanatic.com; c:\program files (x86)\TelevisionFanatic\bar\1.bin

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

BHO-{11111111-1111-1111-1111-110311341126} - c:\program files (x86)\Plus-HD-2.3\Plus-HD-2.3-bho.dll

BHO-{ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} - c:\program files (x86)\DealPly\DealPlyIE.dll

BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)

Wow6432Node-HKCU-Run-RGSC - c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

Wow6432Node-HKCU-Run-IcfudOqmat - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)

AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready

AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files (x86)\Ask.com\Updater\Updater.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.14"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

.

**************************************************************************

.

Zeit der Fertigstellung: 2014-07-30  20:23:10 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2014-07-30 18:23

.

Vor Suchlauf: 18 Verzeichnis(se), 1.292.047.044.608 Bytes frei

Nach Suchlauf: 22 Verzeichnis(se), 1.294.274.367.488 Bytes frei

.

- - End Of File - - 87DFCA05FADF3BD784E13B9CBD000A96

--- --- ---
5C616939100B85E558DA92B899A0FC36

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Hallo Schrauber,
hier nun alle meine files :) und schon mal vielen dank für deine hilfe :)

Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Scan Date: 10.08.2014
Scan Time: 16:11:50
Logfile: anit-malware.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.10.03
Rootkit Database: v2014.08.04.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: mierike

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 393147
Time Elapsed: 9 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Scan Date: 10.08.2014

Scan Time: 16:11:50

Logfile: anit-malware.txt

Administrator: Yes
 

Version: 2.00.2.1012

Malware Database: v2014.08.10.03

Rootkit Database: v2014.08.04.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled
 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: mierike
 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 393147

Time Elapsed: 9 min, 2 sec
 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled
 

Processes: 0

(No malicious items detected)
 

Modules: 0

(No malicious items detected)
 

Registry Keys: 0

(No malicious items detected)
 

Registry Values: 0

(No malicious items detected)
 

Registry Data: 0

(No malicious items detected)
 

Folders: 0

(No malicious items detected)
 

Files: 0

(No malicious items detected)
 

Physical Sectors: 0

(No malicious items detected)
 
 

(end)

Code:

# AdwCleaner v3.304 - Bericht erstellt am 10/08/2014 um 16:32:22

# Aktualisiert 08/08/2014 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzername : mierike - FAMILIE

# Gestartet von : C:\Users\mierike\Downloads\adwcleaner_3.304.exe

# Option : Löschen
 

***** [ Dienste ] *****
 

[#] Dienst Gelöscht : dealplylive

[#] Dienst Gelöscht : dealplylivem

Dienst Gelöscht : omigaplussvc
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\ProgramData\apn

Ordner Gelöscht : C:\ProgramData\Babylon

Ordner Gelöscht : C:\ProgramData\DSearchLink

Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Omiga Plus

Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar

Ordner Gelöscht : C:\Program Files (x86)\Omiga Plus

Ordner Gelöscht : C:\Program Files (x86)\WinZipper

Ordner Gelöscht : C:\Program Files (x86)\Common Files\337

Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB

Ordner Gelöscht : C:\Users\Clubberer\AppData\Local\TelevisionFanatic

Ordner Gelöscht : C:\Users\Clubberer\AppData\LocalLow\AskToolbar

Ordner Gelöscht : C:\Users\Clubberer\AppData\Roaming\Desk 365

Ordner Gelöscht : C:\Users\Clubberer\AppData\Roaming\Omiga Plus

Ordner Gelöscht : C:\Users\Clubberer\AppData\Roaming\WinZipper

Ordner Gelöscht : C:\Users\Jacobus\AppData\Local\TelevisionFanatic

Ordner Gelöscht : C:\Users\Jacobus\AppData\LocalLow\AskToolbar

Ordner Gelöscht : C:\Users\Jacobus\AppData\Roaming\BabSolution

Ordner Gelöscht : C:\Users\Jacobus\AppData\Roaming\Babylon

Ordner Gelöscht : C:\Users\Jacobus\AppData\Roaming\dvdvideosoftiehelpers

Ordner Gelöscht : C:\Users\Jacobus\AppData\Roaming\eIntaller

Ordner Gelöscht : C:\Users\Jacobus\AppData\Roaming\eUpdate

Ordner Gelöscht : C:\Users\Jacobus\AppData\Roaming\Omiga Plus

Ordner Gelöscht : C:\Users\Jacobus\AppData\Roaming\WinZipper

Ordner Gelöscht : C:\Users\Jacobus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard

Ordner Gelöscht : C:\Users\mierike\AppData\Roaming\337 Wallpaper

Ordner Gelöscht : C:\Users\mierike\AppData\Roaming\Omiga Plus

Ordner Gelöscht : C:\Users\mierike\AppData\Roaming\WinZipper

Ordner Gelöscht : C:\Users\Clubberer\AppData\Roaming\Mozilla\Firefox\Profiles\hvls8k10.default\ICQToolbarData

Ordner Gelöscht : C:\Users\Jacobus\AppData\Roaming\Mozilla\Firefox\Profiles\h7doijvh.default\ICQToolbarData

Ordner Gelöscht : C:\Users\Clubberer\AppData\Roaming\Mozilla\Firefox\Profiles\hvls8k10.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

Ordner Gelöscht : C:\Users\Clubberer\AppData\Roaming\Mozilla\Firefox\Profiles\hvls8k10.default\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}

Ordner Gelöscht : C:\Users\Jacobus\AppData\Roaming\Mozilla\Firefox\Profiles\h7doijvh.default\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}

Datei Gelöscht : C:\Users\Public\Desktop\simplicheck.lnk

Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk

Datei Gelöscht : C:\Users\Jacobus\AppData\Roaming\Mozilla\Firefox\Profiles\h7doijvh.default\invalidprefs.js

Datei Gelöscht : C:\Users\mierike\AppData\Roaming\Mozilla\Firefox\Profiles\fr8zt0np.default\invalidprefs.js

Datei Gelöscht : C:\Users\Clubberer\AppData\Roaming\Mozilla\Firefox\Profiles\hvls8k10.default\searchplugins\Askcom.xml

Datei Gelöscht : C:\Users\Clubberer\AppData\Roaming\Mozilla\Firefox\Profiles\hvls8k10.default\searchplugins\ask-search.xml

Datei Gelöscht : C:\Users\Jacobus\AppData\Roaming\Mozilla\Firefox\Profiles\h7doijvh.default\searchplugins\ask-search.xml

Datei Gelöscht : C:\Users\mierike\AppData\Roaming\Mozilla\Firefox\Profiles\fr8zt0np.default\searchplugins\ask-search.xml

Datei Gelöscht : C:\Users\Jacobus\AppData\Roaming\Mozilla\Firefox\Profiles\h7doijvh.default\searchplugins\bingp.xml

Datei Gelöscht : C:\Users\Clubberer\AppData\Roaming\Mozilla\Firefox\Profiles\hvls8k10.default\searchplugins\icqplugin.gif

Datei Gelöscht : C:\Users\Jacobus\AppData\Roaming\Mozilla\Firefox\Profiles\h7doijvh.default\searchplugins\icqplugin.gif

Datei Gelöscht : C:\Users\Clubberer\AppData\Roaming\Mozilla\Firefox\Profiles\hvls8k10.default\searchplugins\icqplugin.src

Datei Gelöscht : C:\Users\Jacobus\AppData\Roaming\Mozilla\Firefox\Profiles\h7doijvh.default\searchplugins\icqplugin.src

Datei Gelöscht : C:\Users\Clubberer\AppData\Roaming\Mozilla\Firefox\Profiles\hvls8k10.default\searchplugins\icqplugin.xml

Datei Gelöscht : C:\Users\Jacobus\AppData\Roaming\Mozilla\Firefox\Profiles\h7doijvh.default\searchplugins\icqplugin.xml

Datei Gelöscht : C:\Users\Clubberer\AppData\Roaming\Mozilla\Firefox\Profiles\hvls8k10.default\searchplugins\icqplugin-1.xml

Datei Gelöscht : C:\Users\Jacobus\AppData\Roaming\Mozilla\Firefox\Profiles\h7doijvh.default\searchplugins\icqplugin-1.xml

Datei Gelöscht : C:\Users\Clubberer\AppData\Roaming\Mozilla\Firefox\Profiles\hvls8k10.default\searchplugins\icqplugin-10.xml

Datei Gelöscht : C:\Users\Jacobus\AppData\Roaming\Mozilla\Firefox\Profiles\h7doijvh.default\searchplugins\icqplugin-10.xml

Datei Gelöscht : C:\Users\Clubberer\AppData\Roaming\Mozilla\Firefox\Profiles\hvls8k10.default\searchplugins\icqplugin-11.xml

Datei Gelöscht : C:\Users\Jacobus\AppData\Roaming\Mozilla\Firefox\Profiles\h7doijvh.default\searchplugins\icqplugin-11.xml

Datei Gelöscht : C:\Users\Clubberer\AppData\Roaming\Mozilla\Firefox\Profiles\hvls8k10.default\searchplugins\icqplugin-12.xml

Datei Gelöscht : C:\Users\Jacobus\AppData\Roaming\Mozilla\Firefox\Profiles\h7doijvh.default\searchplugins\icqplugin-12.xml

Datei Gelöscht : C:\Users\Clubberer\AppData\Roaming\Mozilla\Firefox\Profiles\hvls8k10.default\searchplugins\icqplugin-13.xml

Datei Gelöscht : C:\Users\Jacobus\AppData\Roaming\Mozilla\Firefox\Profiles\h7doijvh.default\searchplugins\icqplugin-13.xml

Datei Gelöscht : C:\Users\Clubberer\AppData\Roaming\Mozilla\Firefox\Profiles\hvls8k10.default\searchplugins\icqplugin-14.xml

Datei Gelöscht : C:\Users\Jacobus\AppData\Roaming\Mozilla\Firefox\Profiles\h7doijvh.default\searchplugins\icqplugin-14.xml

Datei Gelöscht : C:\Users\Clubberer\AppData\Roaming\Mozilla\Firefox\Profiles\hvls8k10.default\searchplugins\icqplugin-15.xml

Datei Gelöscht : C:\Users\Jacobus\AppData\Roaming\Mozilla\Firefox\Profiles\h7doijvh.default\searchplugins\icqplugin-15.xml

Datei Gelöscht : C:\Users\Clubberer\AppData\Roaming\Mozilla\Firefox\Profiles\hvls8k10.default\searchplugins\icqplugin-16.xml

Datei Gelöscht : C:\Users\Jacobus\AppData\Roaming\Mozilla\Firefox\Profiles\h7doijvh.default\searchplugins\icqplugin-16.xml

Datei Gelöscht : C:\Users\Clubberer\AppData\Roaming\Mozilla\Firefox\Profiles\hvls8k10.default\searchplugins\icqplugin-17.xml

Datei Gelöscht : C:\Users\Jacobus\AppData\Roaming\Mozilla\Firefox\Profiles\h7doijvh.default\searchplugins\icqplugin-17.xml

Datei Gelöscht : C:\Users\Clubberer\AppData\Roaming\Mozilla\Firefox\Profiles\hvls8k10.default\searchplugins\icqplugin-18.xml

Datei Gelöscht : C:\Users\Jacobus\AppData\Roaming\Mozilla\Firefox\Profiles\h7doijvh.default\searchplugins\icqplugin-18.xml

Datei Gelöscht : C:\Users\Clubberer\AppData\Roaming\Mozilla\Firefox\Profiles\hvls8k10.default\searchplugins\icqplugin-19.xml

Datei Gelöscht : C:\Users\Jacobus\AppData\Roaming\Mozilla\Firefox\Profiles\h7doijvh.default\searchplugins\icqplugin-19.xml

Datei Gelöscht : C:\Users\Clubberer\AppData\Roaming\Mozilla\Firefox\Profiles\hvls8k10.default\searchplugins\icqplugin-2.xml

Datei Gelöscht : C:\Users\Jacobus\AppData\Roaming\Mozilla\Firefox\Profiles\h7doijvh.default\searchplugins\icqplugin-2.xml

Datei Gelöscht : C:\Users\Clubberer\AppData\Roaming\Mozilla\Firefox\Profiles\hvls8k10.default\searchplugins\icqplugin-20.xml

Datei Gelöscht : C:\Users\Jacobus\AppData\Roaming\Mozilla\Firefox\Profiles\h7doijvh.default\searchplugins\icqplugin-20.xml

Datei Gelöscht : C:\Users\Clubberer\AppData\Roaming\Mozilla\Firefox\Profiles\hvls8k10.default\searchplugins\icqplugin-21.xml

Datei Gelöscht : C:\Users\Jacobus\AppData\Roaming\Mozilla\Firefox\Profiles\h7doijvh.default\searchplugins\icqplugin-21.xml

Datei Gelöscht : C:\Users\Clubberer\AppData\Roaming\Mozilla\Firefox\Profiles\hvls8k10.default\searchplugins\icqplugin-22.xml

Datei Gelöscht : C:\Users\Clubberer\AppData\Roaming\Mozilla\Firefox\Profiles\hvls8k10.default\searchplugins\icqplugin-23.xml

Datei Gelöscht : C:\Users\Clubberer\AppData\Roaming\Mozilla\Firefox\Profiles\hvls8k10.default\searchplugins\icqplugin-24.xml

Datei Gelöscht : C:\Users\Clubberer\AppData\Roaming\Mozilla\Firefox\Profiles\hvls8k10.default\searchplugins\icqplugin-25.xml

Datei Gelöscht : C:\Users\Clubberer\AppData\Roaming\Mozilla\Firefox\Profiles\hvls8k10.default\searchplugins\icqplugin-3.xml

Datei Gelöscht : C:\Users\Jacobus\AppData\Roaming\Mozilla\Firefox\Profiles\h7doijvh.default\searchplugins\icqplugin-3.xml

Datei Gelöscht : C:\Users\Clubberer\AppData\Roaming\Mozilla\Firefox\Profiles\hvls8k10.default\searchplugins\icqplugin-26.xml

Datei Gelöscht : C:\Users\Clubberer\AppData\Roaming\Mozilla\Firefox\Profiles\hvls8k10.default\searchplugins\icqplugin-4.xml

Datei Gelöscht : C:\Users\Jacobus\AppData\Roaming\Mozilla\Firefox\Profiles\h7doijvh.default\searchplugins\icqplugin-4.xml

Datei Gelöscht : C:\Users\Clubberer\AppData\Roaming\Mozilla\Firefox\Profiles\hvls8k10.default\searchplugins\icqplugin-5.xml

Datei Gelöscht : C:\Users\Jacobus\AppData\Roaming\Mozilla\Firefox\Profiles\h7doijvh.default\searchplugins\icqplugin-5.xml

Datei Gelöscht : C:\Users\Clubberer\AppData\Roaming\Mozilla\Firefox\Profiles\hvls8k10.default\searchplugins\icqplugin-6.xml

Datei Gelöscht : C:\Users\Jacobus\AppData\Roaming\Mozilla\Firefox\Profiles\h7doijvh.default\searchplugins\icqplugin-6.xml

Datei Gelöscht : C:\Users\Clubberer\AppData\Roaming\Mozilla\Firefox\Profiles\hvls8k10.default\searchplugins\icqplugin-7.xml

Datei Gelöscht : C:\Users\Jacobus\AppData\Roaming\Mozilla\Firefox\Profiles\h7doijvh.default\searchplugins\icqplugin-7.xml

Datei Gelöscht : C:\Users\Clubberer\AppData\Roaming\Mozilla\Firefox\Profiles\hvls8k10.default\searchplugins\icqplugin-8.xml

Datei Gelöscht : C:\Users\Jacobus\AppData\Roaming\Mozilla\Firefox\Profiles\h7doijvh.default\searchplugins\icqplugin-8.xml

Datei Gelöscht : C:\Users\Clubberer\AppData\Roaming\Mozilla\Firefox\Profiles\hvls8k10.default\searchplugins\icqplugin-9.xml

Datei Gelöscht : C:\Users\Jacobus\AppData\Roaming\Mozilla\Firefox\Profiles\h7doijvh.default\searchplugins\icqplugin-9.xml

Datei Gelöscht : C:\Users\Clubberer\AppData\Roaming\Mozilla\Firefox\Profiles\hvls8k10.default\user.js

Datei Gelöscht : C:\Users\Jacobus\AppData\Roaming\Mozilla\Firefox\Profiles\h7doijvh.default\user.js
 

***** [ Tasks ] *****
 

Task Gelöscht : Desk 365 RunAsStdUser

Task Gelöscht : EPUpdater

Task Gelöscht : Omiga Plus RunAsStdUser
 

***** [ Verknüpfungen ] *****
 

Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk

Verknüpfung Desinfiziert : C:\Users\mierike\Desktop\Internet Explorer.lnk

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

Verknüpfung Desinfiziert : C:\Users\mierike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

Verknüpfung Desinfiziert : C:\Users\mierike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

Verknüpfung Desinfiziert : C:\Users\mierike\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

Verknüpfung Desinfiziert : C:\Users\mierike\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\plus-hd-2_rasapi32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\plus-hd-2_rasmancs

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS

Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc

Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\omigaplussvc

Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc

Schlüssel Gelöscht : HKCU\Software\5257d78cb43db945

Schlüssel Gelöscht : HKLM\SOFTWARE\5257d78cb43db945

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322342226}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355345526}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366346626}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A5B9C0F5-5616-47CD-A95F-E43B488FACCF}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A5B9C0F5-5616-47CD-A95F-E43B488FACCF}

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355345526}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366346626}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}

Schlüssel Gelöscht : HKCU\Software\VIS

Schlüssel Gelöscht : HKLM\Software\Delta

Schlüssel Gelöscht : HKLM\Software\Desksvc

Schlüssel Gelöscht : HKLM\Software\eSafeSecControl

Schlüssel Gelöscht : HKLM\Software\hdcode

Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar

Schlüssel Gelöscht : HKLM\Software\omigaplusSvc

Schlüssel Gelöscht : HKLM\Software\simplitec

Schlüssel Gelöscht : HKLM\Software\V9

Schlüssel Gelöscht : HKLM\Software\winzipersvc
 

***** [ Browser ] *****
 

-\\ Internet Explorer v11.0.9600.17207
 

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
 

-\\ Mozilla Firefox v31.0 (x86 en-US)
 

[ Datei : C:\Users\Clubberer\AppData\Roaming\Mozilla\Firefox\Profiles\hvls8k10.default\prefs.js ]
 

Zeile gelöscht : user_pref("extensions.APN_TB.first-previous-keyword-url", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=8FACE686-6AE1-449F-8BD2-8E9F5CFF502B&n=77fd8281&ind=2013102721&id=XPxdm049Y[...]

Zeile gelöscht : user_pref("extensions.AVIRA-V7.previous-keyword-url", "\"hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=8FACE686-6AE1-449F-8BD2-8E9F5CFF502B&n=77fd8281&ind=2013102721&id=XPxdm049YYd[...]

Zeile gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.c[...]

Zeile gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]

Zeile gelöscht : user_pref("extensions.mywebsearch.prevDefaultEngine", "Google");

Zeile gelöscht : user_pref("extensions.mywebsearch.prevKwdEnabled", true);

Zeile gelöscht : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=8FACE686-6AE1-449F-8BD2-8E9F5CFF502B&n=77fd8281&ind=2013102721&id=XPxdm049YYde&ptnrS=X[...]

Zeile gelöscht : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=8FACE686-6AE1-449F-8BD2-8E9F5CFF502B&n=77fd8281&ptnrS=XPxdm049YYde&si=2271");

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.hp.enabled", false);

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.hp.lastGuardTime", 858823727);

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.hp.numGuards", 1);

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.hp.user.defined", true);

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.initialized", true);

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.installation.contextKey", "");

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.installation.installDate", "2013102721");

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerId", "XPxdm049YYde");

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerSubId", "2271");

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.installation.success", true);

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.installation.toolbarId", "8FACE686-6AE1-449F-8BD2-8E9F5CFF502B");

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.lastActivePing", "1406122680306");

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.options.defaultSearch", true);

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.options.homePageEnabled", true);

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.options.keywordEnabled", true);

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.options.tabEnabled", true);

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.weather.location", "10001");

Zeile gelöscht : user_pref("extensions.toolbar.mindspark.hp.enabled", false);

Zeile gelöscht : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");

Zeile gelöscht : user_pref("extensions.toolbar.mindspark.lastInstalled", "televisionfanatic@mindspark.com");

Zeile gelöscht : user_pref("icqtoolbar.allowSendURL", false);

Zeile gelöscht : user_pref("icqtoolbar.engineVerified", false);

Zeile gelöscht : user_pref("icqtoolbar.firstTbRun", false);

Zeile gelöscht : user_pref("icqtoolbar.geolastmodified", 1405621016);

Zeile gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options itb_people itb_zoom_in itb_zoom_out itb_zoom_default itb_games itb_highlight");

Zeile gelöscht : user_pref("icqtoolbar.history", "hxxp%3A%2F%2Famadeus.dyndns-home.com%3A8087%5Bhxxp%3A%2F%2Famadeus.dyndns-home.com%3A8087%5D%2Ffbsharing%2FDae4JByF||mozilla%20firefox%20deutsch||typische%20fragen%20v[...]

Zeile gelöscht : user_pref("icqtoolbar.icqgeo", 49);

Zeile gelöscht : user_pref("icqtoolbar.installTime", "1382905926");

Zeile gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);

Zeile gelöscht : user_pref("icqtoolbar.previousFFVersion", "30.0");

Zeile gelöscht : user_pref("icqtoolbar.skip_default_search", "no");

Zeile gelöscht : user_pref("icqtoolbar.uniqueID", "169538033917716910241382905926672");

Zeile gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1406122683);

Zeile gelöscht : user_pref("icqtoolbar.version", "1.5.3");

Zeile gelöscht : user_pref("icqtoolbar.voucherHideClicks", 0);

Zeile gelöscht : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);

Zeile gelöscht : user_pref("icqtoolbar.voucherRedeemClicks", 0);

Zeile gelöscht : user_pref("icqtoolbar.voucherWasShown", 0);

Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=8FACE686-6AE1-449F-8BD2-8E9F5CFF502B&n=77fd8281&ind=2013102721&id=XPxdm049YYde&ptnrS=XPxdm049YYde&si=2271&se[...]
 

[ Datei : C:\Users\Jacobus\AppData\Roaming\Mozilla\Firefox\Profiles\h7doijvh.default\prefs.js ]
 

Zeile gelöscht : user_pref("browser.search.defaultenginename", "My Web Search");

Zeile gelöscht : user_pref("browser.search.selectedEngine", "My Web Search");

Zeile gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.backgroundjs", "\n\n/*****************************************************************************[...]

Zeile gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.cookie.previous_page.value", "%22hxxp%3A//www.amazon.de/product-reviews/B00KM18AP4/ref%3Dcm_cr_pr_[...]

Zeile gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.internaldb.__GAM__gam_domains.value", "%7B%22gambling%22%3A%22casino.williamhill.com%7Cvegas.willi[...]

Zeile gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.c[...]

Zeile gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.internaldb.cache/5cdf8a7ef2ec84abac286c67587b78d9.value", "%22function%20tcmMarkWindow%28a%29%7Bva[...]

Zeile gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]

Zeile gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.js", "\n\n  /************************************************************************************\[...]

Zeile gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return app[...]

Zeile gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_102.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]

Zeile gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_104.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]

Zeile gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_119.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]

Zeile gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_120.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]

Zeile gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_123.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]

Zeile gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_13.name", "CrossriderAppUtils");

Zeile gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_138.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]

Zeile gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_14.name", "CrossriderUtils");

Zeile gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_155.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]

Zeile gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _[...]

Zeile gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1[...]

Zeile gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.a[...]

Zeile gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.que[...]

Zeile gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_con[...]

Zeile gelöscht : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.backgroundjs", "\n\n/************************************************************************************\n  This is your bac[...]

Zeile gelöscht : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.internaldb.__GAM__gam_domains.value", "%7B%22gambling%22%3A%22casino.williamhill.com%7Cvegas.williamhill.com%7Ccasino.bet365.[...]

Zeile gelöscht : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.com%22%[...]

Zeile gelöscht : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.internaldb.cache/5cdf8a7ef2ec84abac286c67587b78d9.value", "%22function%20tcmMarkWindow%28a%29%7Bvar%20b%3D%27%3Cdiv%20%20id%3[...]

Zeile gelöscht : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22deal[...]

Zeile gelöscht : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.js", "\n\n  /************************************************************************************\n  This is your Page Code. [...]

Zeile gelöscht : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return[...]

Zeile gelöscht : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.plugins.plugin_102.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAPI.internal.monetization = {[...]

Zeile gelöscht : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.plugins.plugin_104.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAPI.internal.monetization = {[...]

Zeile gelöscht : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.plugins.plugin_119.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAPI.internal.monetization = {[...]

Zeile gelöscht : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.plugins.plugin_120.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAPI.internal.monetization = {[...]

Zeile gelöscht : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.plugins.plugin_123.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAPI.internal.monetization = {[...]

Zeile gelöscht : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.plugins.plugin_13.name", "CrossriderAppUtils");

Zeile gelöscht : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.plugins.plugin_138.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAPI.internal.monetization = {[...]

Zeile gelöscht : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.plugins.plugin_14.name", "CrossriderUtils");

Zeile gelöscht : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.plugins.plugin_155.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAPI.internal.monetization = {[...]

Zeile gelöscht : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _firefoxVersion!==\"undefine[...]

Zeile gelöscht : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/[...]

Zeile gelöscht : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_confi[...]

Zeile gelöscht : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=[...]

Zeile gelöscht : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Defe[...]

Zeile gelöscht : user_pref("extensions.mywebsearch.prevDefaultEngine", "Google");

Zeile gelöscht : user_pref("extensions.mywebsearch.prevKwdEnabled", true);

Zeile gelöscht : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=8FACE686-6AE1-449F-8BD2-8E9F5CFF502B&n=77fd82e3&ind=2013102819&id=XPxdm049YYde&ptnrS=X[...]

Zeile gelöscht : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=8FACE686-6AE1-449F-8BD2-8E9F5CFF502B&n=77fd82e3&ptnrS=XPxdm049YYde&si=2271");

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.hp.enabled", false);

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.hp.lastGuardTime", -2062741637);

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.hp.numGuards", 1);

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.hp.user.defined", true);

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.initialized", true);

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.installation.contextKey", "");

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.installation.installDate", "2013102819");

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerId", "XPxdm049YYde");

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerSubId", "2271");

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.installation.success", true);

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.installation.toolbarId", "8FACE686-6AE1-449F-8BD2-8E9F5CFF502B");

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.lastActivePing", "1406701954569");

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.options.defaultSearch", true);

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.options.homePageEnabled", true);

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.options.keywordEnabled", true);

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.options.tabEnabled", true);

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.weather.location", "10001");

Zeile gelöscht : user_pref("extensions.toolbar.mindspark.hp.enabled", false);

Zeile gelöscht : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");

Zeile gelöscht : user_pref("extensions.toolbar.mindspark.lastInstalled", "televisionfanatic@mindspark.com");

Zeile gelöscht : user_pref("icqtoolbar.allowSendURL", false);

Zeile gelöscht : user_pref("icqtoolbar.engineVerified", true);

Zeile gelöscht : user_pref("icqtoolbar.firstTbRun", false);

Zeile gelöscht : user_pref("icqtoolbar.geolastmodified", 1407264901);

Zeile gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options itb_people itb_zoom_in itb_zoom_out itb_zoom_default itb_games itb_highlight");

Zeile gelöscht : user_pref("icqtoolbar.history", "g%C3%BCnstige%20handyvertr%C3%A4ge%20mit%20smartphone%20im||roccat||mediamarkt||billiger||modhoster||google||bancroft%20nerf||saturn||scott%20fahrrad||mmoga||krankheit[...]

Zeile gelöscht : user_pref("icqtoolbar.icqgeo", 49);

Zeile gelöscht : user_pref("icqtoolbar.installTime", "1382985218");

Zeile gelöscht : user_pref("icqtoolbar.newtab_most_visited_state", "1");

Zeile gelöscht : user_pref("icqtoolbar.newtab_recently_closed_state", "1");

Zeile gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);

Zeile gelöscht : user_pref("icqtoolbar.previousFFVersion", "30.0");

Zeile gelöscht : user_pref("icqtoolbar.skip_default_search", "no");

Zeile gelöscht : user_pref("icqtoolbar.uniqueID", "138289591513828993161382985218659");

Zeile gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1407658593);

Zeile gelöscht : user_pref("icqtoolbar.version", "1.5.3");

Zeile gelöscht : user_pref("icqtoolbar.voucherHideClicks", 0);

Zeile gelöscht : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);

Zeile gelöscht : user_pref("icqtoolbar.voucherRedeemClicks", 0);

Zeile gelöscht : user_pref("icqtoolbar.voucherWasShown", 1);

Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=8FACE686-6AE1-449F-8BD2-8E9F5CFF502B&n=77fd82e3&ind=2013102819&id=XPxdm049YYde&ptnrS=XPxdm049YYde&si=2271&se[...]
 

[ Datei : C:\Users\mierike\AppData\Roaming\Mozilla\Firefox\Profiles\fr8zt0np.default\prefs.js ]
 

Zeile gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.internaldb.__GAM__gam_domains.value", "%7B%22gambling%22%3A%22casino.williamhill.com%7Cvegas.willi[...]

Zeile gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.c[...]

Zeile gelöscht : user_pref("extensions.a7125a2857e6847aa9d72e81874f4d47ed3fcdb92135d4a8a8cf611e3b57c5fdacom33426.33426.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]

Zeile gelöscht : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.internaldb.__GAM__gam_domains.value", "%7B%22gambling%22%3A%22casino.williamhill.com%7Cvegas.williamhill.com%7Ccasino.bet365.[...]

Zeile gelöscht : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.com%22%[...]

Zeile gelöscht : user_pref("extensions.a92f62b97e4e94505ab9dbd29c855bdfegmailcom62002.62002.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22deal[...]

Zeile gelöscht : user_pref("extensions.crossrider.bic", "1438c948fd80b5c5afea777d701feac9");
 

*************************
 

AdwCleaner[R0].txt - [38153 octets] - [10/08/2014 16:31:40]

AdwCleaner[S0].txt - [36602 octets] - [10/08/2014 16:32:22]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [36663 octets] ##########

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.3 (03.23.2014:1)

OS: Windows 7 Home Premium x64

Ran by mierike on 10.08.2014 at 16:42:43,09

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3566807784-1483398079-3001521256-1000\Software\sweetim

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\asknpavbb_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\asknpavbb_RASMANCS
 
 
 

~~~ Files
 
 
 

~~~ Folders
 

Successfully deleted: [Folder] "C:\ProgramData\simplitec"

Successfully deleted: [Folder] "C:\Users\mierike\AppData\Roaming\simplitec"

Successfully deleted: [Folder] "C:\Program Files (x86)\simplitec"

Successfully deleted: [Empty Folder] C:\Users\mierike\appdata\local\{4CC8AC4A-F420-4FDB-AC83-7FFA0820A57F}
 
 
 

~~~ FireFox
 

Emptied folder: C:\Users\mierike\AppData\Roaming\mozilla\firefox\profiles\fr8zt0np.default\minidumps [12 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 10.08.2014 at 16:44:27,80

Computer was rebooted

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-08-2014 01

Ran by mierike (administrator) on FAMILIE on 10-08-2014 16:46:04

Running from C:\Users\mierike\Desktop

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal
 
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe

(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe

(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe

() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

() C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe

(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe

() C:\Program Files (x86)\SPEEDLINK\DECUS Gaming Mouse\Monitor.EXE

(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)

HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7406392 2012-11-29] (Logitech Inc.)

HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)

HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)

HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)

HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()

HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [75064 2011-07-07] ()

HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)

HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [606040 2013-08-15] (Razer Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [SL-6397 Gaming Mouse] => C:\Program Files (x86)\SPEEDLINK\DECUS Gaming Mouse\Monitor.exe [3587584 2013-09-30] ()

HKU\S-1-5-21-3566807784-1483398079-3001521256-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1753280 2014-07-16] (Valve Corporation)

HKU\S-1-5-21-3566807784-1483398079-3001521256-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)

HKU\S-1-5-21-3566807784-1483398079-3001521256-1000\...\Run: [Omiga Plus] => "C:\Program Files (x86)\Omiga Plus\omigaplus.exe" /autorun

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk

ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

Startup: C:\Users\Jacobus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\mierike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKCU - 57A7A818809743CA89DDFEB39A0371A8 URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST31500341AS_9VS581DLXXXX9VS581DL&ts=3342393

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File

BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\mierike\AppData\Roaming\Mozilla\Firefox\Profiles\fr8zt0np.default

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=10.4.0 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.4.0 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: Adblock Plus - C:\Users\mierike\AppData\Roaming\Mozilla\Firefox\Profiles\fr8zt0np.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-06-24]
 

Chrome: 

=======
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-02-22] ()

R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)

R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)

S2 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

S1 9692b0; \??\C:\Windows\system32\drivers\9692b0.sys [X]

S1 brwtyvgg; \??\C:\Windows\system32\drivers\brwtyvgg.sys [X]

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S1 dsyoqujv; \??\C:\Windows\system32\drivers\dsyoqujv.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-08-10 16:45 - 2014-08-10 16:45 - 02099712 _____ (Farbar) C:\Users\mierike\Desktop\FRST64.exe

2014-08-10 16:45 - 2014-08-10 16:45 - 00000000 ____D () C:\Users\mierike\Desktop\FRST-OlderVersion

2014-08-10 16:44 - 2014-08-10 16:44 - 00001517 _____ () C:\Users\mierike\Desktop\JRT.txt

2014-08-10 16:37 - 2014-08-10 16:37 - 00000000 ____D () C:\Windows\ERUNT

2014-08-10 16:35 - 2014-08-10 16:35 - 01016261 _____ (Thisisu) C:\Users\mierike\Downloads\JRT.exe

2014-08-10 16:31 - 2014-08-10 16:32 - 00000000 ____D () C:\AdwCleaner

2014-08-10 16:31 - 2014-08-10 16:31 - 01366203 _____ () C:\Users\mierike\Downloads\adwcleaner_3.304.exe

2014-08-10 16:30 - 2014-08-10 16:30 - 00001064 _____ () C:\Users\mierike\Desktop\anit-malware.txt

2014-08-10 16:11 - 2014-08-10 16:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-08-10 16:11 - 2014-08-10 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-08-10 16:11 - 2014-08-10 16:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-08-10 16:11 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-08-10 16:11 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-08-10 16:11 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-08-10 16:10 - 2014-08-10 16:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\mierike\Downloads\mbam-setup-2.0.2.1012.exe

2014-08-09 14:56 - 2014-08-09 14:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-08-09 14:56 - 2014-08-09 14:56 - 00000000 ____D () C:\Users\mierike\AppData\Local\Logitech

2014-08-01 10:32 - 2014-08-01 10:32 - 00000000 ____D () C:\Users\Jacobus\AppData\Local\Logitech

2014-08-01 10:31 - 2014-08-01 10:32 - 00000000 ____D () C:\Program Files\Logitech Gaming Software

2014-08-01 10:31 - 2014-08-01 10:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech

2014-08-01 10:31 - 2014-08-01 10:31 - 00000000 ____D () C:\ProgramData\LogiShrd

2014-08-01 10:29 - 2014-08-01 10:30 - 62673992 _____ (Logitech Inc.) C:\Users\Jacobus\Downloads\lgs840_x64.exe

2014-08-01 10:15 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2014-08-01 10:15 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2014-08-01 10:15 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2014-08-01 10:15 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2014-08-01 10:15 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2014-08-01 10:15 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2014-08-01 10:15 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2014-08-01 10:15 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2014-08-01 10:15 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2014-08-01 10:15 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2014-08-01 10:14 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2014-08-01 10:14 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2014-08-01 10:14 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2014-08-01 10:14 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2014-07-30 20:23 - 2014-07-30 20:23 - 00027150 _____ () C:\ComboFix.txt

2014-07-30 20:05 - 2014-07-30 20:23 - 00000000 ____D () C:\ComboFix

2014-07-30 19:57 - 2014-07-30 20:23 - 00000000 ____D () C:\Qoobox

2014-07-30 19:57 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-07-30 19:57 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-07-30 19:57 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-07-30 19:57 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-07-30 19:57 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-07-30 19:57 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe

2014-07-30 19:57 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe

2014-07-30 19:57 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe

2014-07-30 19:56 - 2014-07-30 20:22 - 00000000 ____D () C:\Windows\erdnt

2014-07-30 19:56 - 2014-07-30 19:56 - 05563986 ____R (Swearware) C:\Users\mierike\Downloads\ComboFix.exe

2014-07-30 19:46 - 2014-07-30 19:46 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\mierike\Downloads\revosetup95.exe

2014-07-30 19:46 - 2014-07-30 19:46 - 00001270 _____ () C:\Users\mierike\Desktop\Revo Uninstaller.lnk

2014-07-30 19:46 - 2014-07-30 19:46 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-07-30 11:41 - 2014-08-10 16:46 - 00013171 _____ () C:\Users\mierike\Desktop\FRST.txt

2014-07-30 11:41 - 2014-08-10 16:46 - 00000000 ____D () C:\FRST

2014-07-30 11:41 - 2014-07-30 11:42 - 00040534 _____ () C:\Users\mierike\Desktop\Addition.txt

2014-07-30 11:39 - 2014-07-30 11:39 - 02093568 _____ (Farbar) C:\Users\mierike\Desktop\x.exe

2014-07-29 15:05 - 2014-07-29 15:05 - 00000000 ____D () C:\Users\mierike\AppData\Local\Windows Live

2014-07-23 19:04 - 2014-07-28 18:54 - 00000000 ____D () C:\ProgramData\IcfudOqmat

2014-07-23 15:36 - 2014-07-23 15:36 - 00000000 ____D () C:\Users\Clubberer\AppData\Local\{25D31DA7-A6F9-4F3D-98C6-B40E6F4016F6}

2014-07-20 11:17 - 2014-07-20 11:18 - 08065348 _____ () C:\Users\Jacobus\Downloads\1352281627_bentley_continental_gt_premier.rar

2014-07-20 11:16 - 2014-07-20 11:16 - 03163023 _____ () C:\Users\Jacobus\Downloads\1349424093_1349406382_alexkoenigseggepmriv.rar

2014-07-20 11:12 - 2014-07-20 11:12 - 05409472 _____ () C:\Users\Jacobus\Downloads\1389977311_POR_911TURBO_14.rar

2014-07-20 11:11 - 2014-07-20 11:11 - 17187404 _____ () C:\Users\Jacobus\Downloads\1366826519_Audi R8 5 2 Stock 2012.rar

2014-07-20 11:10 - 2014-07-20 11:10 - 05931641 _____ () C:\Users\Jacobus\Downloads\1356444601_2012LamborghiniGallardoLP5704SpyderPerformantebyDreamsky.zip

2014-07-20 11:09 - 2014-07-20 11:09 - 04025438 _____ () C:\Users\Jacobus\Downloads\1405846432_WheelsAndMore.rar

2014-07-20 11:09 - 2014-07-20 11:09 - 03467591 _____ () C:\Users\Jacobus\Downloads\1362939950_Harley Davidson Fat Boy Lo Racing Bobber.rar

2014-07-19 20:54 - 2014-07-19 20:54 - 03555001 _____ () C:\Users\Jacobus\Downloads\1405765207_GTAVbravadobisonbyAH.rar

2014-07-18 20:18 - 2014-07-18 20:22 - 52247609 _____ () C:\Users\Jacobus\Downloads\logitech_gaming_software_8_52_15_32bit_software.zip

2014-07-18 20:16 - 2014-08-01 10:30 - 00000000 ____D () C:\Users\Jacobus\AppData\Roaming\Logishrd

2014-07-18 20:16 - 2014-07-18 20:16 - 00000000 ____D () C:\Users\Jacobus\AppData\Roaming\Logitech

2014-07-18 20:12 - 2014-07-18 20:15 - 52954360 _____ (Logitech Inc.) C:\Users\Jacobus\Downloads\LGS_8.51.5_x86_Logitech.exe

2014-07-17 20:41 - 2014-07-17 20:42 - 08135660 _____ () C:\Users\Jacobus\Downloads\1364805641_VH60N_Whitehawk_1.1.RAR

2014-07-17 20:39 - 2014-07-17 20:39 - 03459426 _____ () C:\Users\Jacobus\Downloads\1361362978_Audi A4 2010.rar

2014-07-17 20:37 - 2014-07-17 20:37 - 07105145 _____ () C:\Users\Jacobus\Downloads\1369655347_Marcopolo Torino 2007 - MB 1418.rar

2014-07-17 20:33 - 2014-07-17 20:33 - 00011029 _____ () C:\Users\Clubberer\Documents\Tabu Geo Jacob.xlsx

2014-07-17 20:14 - 2014-07-17 20:14 - 00000000 ____D () C:\Users\Clubberer\AppData\Roaming\simplitec

2014-07-15 20:00 - 2014-07-15 20:00 - 01084436 _____ () C:\Users\Jacobus\Downloads\1400064767_thrust.rar

2014-07-15 19:57 - 2014-07-15 19:57 - 02827901 _____ () C:\Users\Jacobus\Downloads\1363942875_KX500.rar

2014-07-15 19:56 - 2014-07-15 19:56 - 11531251 _____ () C:\Users\Jacobus\Downloads\1399218489_AudiQ7V13Vertelvis.rar

2014-07-15 19:55 - 2014-07-15 19:55 - 05205252 _____ () C:\Users\Jacobus\Downloads\1404329443_2013LamborghiniVeneno.zip

2014-07-15 19:50 - 2014-07-15 19:50 - 01431782 _____ () C:\Users\Jacobus\Downloads\1390693360_ChevroletBlazerK51972.rar

2014-07-15 19:49 - 2014-07-15 19:50 - 22912501 _____ () C:\Users\Jacobus\Downloads\1393757826_1393725518_c2.rar

2014-07-15 19:49 - 2014-07-15 19:49 - 27787900 _____ () C:\Users\Jacobus\Downloads\1405111533_SsangYong_Kyron_Beta_by_Claptrap.rar

2014-07-15 19:47 - 2014-07-15 19:47 - 11948024 _____ () C:\Users\Jacobus\Downloads\1404687451_GTA4EVOCAMBER.rar

2014-07-15 19:46 - 2014-07-15 19:46 - 04780670 _____ () C:\Users\Jacobus\Downloads\1403622098_jetmax.rar

2014-07-15 19:43 - 2014-07-15 19:43 - 03324012 _____ () C:\Users\Jacobus\Downloads\1399326915_Eurocopter EC135 Guardia Civil Spain.rar

2014-07-12 14:29 - 2014-07-12 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SPEEDLINK

2014-07-12 14:29 - 2014-07-12 14:29 - 00000000 ____D () C:\Program Files (x86)\SPEEDLINK

2014-07-12 14:27 - 2014-07-12 14:27 - 00000000 ____D () C:\Users\Jacobus\AppData\Roaming\simplitec

2014-07-12 14:26 - 2014-07-12 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-08-10 16:46 - 2014-07-30 11:41 - 00013171 _____ () C:\Users\mierike\Desktop\FRST.txt

2014-08-10 16:46 - 2014-07-30 11:41 - 00000000 ____D () C:\FRST

2014-08-10 16:45 - 2014-08-10 16:45 - 02099712 _____ (Farbar) C:\Users\mierike\Desktop\FRST64.exe

2014-08-10 16:45 - 2014-08-10 16:45 - 00000000 ____D () C:\Users\mierike\Desktop\FRST-OlderVersion

2014-08-10 16:44 - 2014-08-10 16:44 - 00001517 _____ () C:\Users\mierike\Desktop\JRT.txt

2014-08-10 16:42 - 2013-09-08 17:27 - 00000000 ____D () C:\Users\mierike\AppData\Roaming\Skype

2014-08-10 16:42 - 2013-05-29 14:58 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-08-10 16:42 - 2012-04-06 13:27 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-08-10 16:42 - 2011-10-15 14:19 - 00000000 ____D () C:\Users\mierike\AppData\Local\SoftThinks

2014-08-10 16:42 - 2011-10-06 14:20 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup

2014-08-10 16:41 - 2014-05-19 07:08 - 00643186 _____ () C:\Windows\PFRO.log

2014-08-10 16:41 - 2014-05-18 18:49 - 00011352 _____ () C:\Windows\setupact.log

2014-08-10 16:41 - 2012-05-18 16:52 - 01690791 _____ () C:\Windows\WindowsUpdate.log

2014-08-10 16:41 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-08-10 16:40 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-08-10 16:40 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-08-10 16:37 - 2014-08-10 16:37 - 00000000 ____D () C:\Windows\ERUNT

2014-08-10 16:35 - 2014-08-10 16:35 - 01016261 _____ (Thisisu) C:\Users\mierike\Downloads\JRT.exe

2014-08-10 16:33 - 2012-05-20 20:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-08-10 16:32 - 2014-08-10 16:31 - 00000000 ____D () C:\AdwCleaner

2014-08-10 16:32 - 2013-07-08 07:29 - 00000961 _____ () C:\Users\mierike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-08-10 16:32 - 2013-01-13 18:08 - 00001055 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-08-10 16:32 - 2012-05-27 16:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-08-10 16:32 - 2012-05-20 20:30 - 00001067 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-08-10 16:32 - 2011-10-15 14:22 - 00001158 _____ () C:\Users\mierike\Desktop\Internet Explorer.lnk

2014-08-10 16:31 - 2014-08-10 16:31 - 01366203 _____ () C:\Users\mierike\Downloads\adwcleaner_3.304.exe

2014-08-10 16:30 - 2014-08-10 16:30 - 00001064 _____ () C:\Users\mierike\Desktop\anit-malware.txt

2014-08-10 16:11 - 2014-08-10 16:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-08-10 16:11 - 2014-08-10 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-08-10 16:11 - 2014-08-10 16:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-08-10 16:11 - 2012-05-20 14:13 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-08-10 16:10 - 2014-08-10 16:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\mierike\Downloads\mbam-setup-2.0.2.1012.exe

2014-08-10 15:58 - 2011-10-22 13:10 - 00000000 ____D () C:\Users\mierike\AppData\Local\Nero

2014-08-10 15:57 - 2011-10-15 14:22 - 00000422 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job

2014-08-10 15:56 - 2011-10-17 18:40 - 00003488 _____ () C:\Windows\System32\Tasks\PCDEventLauncher

2014-08-10 15:56 - 2011-10-15 14:22 - 00003450 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest

2014-08-10 13:33 - 2012-04-06 13:27 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-08-10 12:00 - 2013-09-05 16:44 - 00000000 ____D () C:\Program Files (x86)\Origin

2014-08-10 09:30 - 2012-01-14 19:19 - 00000000 ____D () C:\Users\Jacobus\AppData\Local\Nero

2014-08-10 09:14 - 2012-01-14 19:04 - 00000000 ____D () C:\Users\Jacobus\AppData\Local\SoftThinks

2014-08-10 09:00 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-08-09 14:57 - 2014-08-09 14:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-08-09 14:56 - 2014-08-09 14:56 - 00000000 ____D () C:\Users\mierike\AppData\Local\Logitech

2014-08-08 15:08 - 2011-10-06 14:43 - 00000000 ____D () C:\ProgramData\Sonic

2014-08-08 15:07 - 2013-06-29 18:56 - 00000000 ____D () C:\Users\Jacobus\AppData\Roaming\Skype

2014-08-08 15:04 - 2011-10-06 14:22 - 00000000 ____D () C:\ProgramData\Skype

2014-08-07 18:08 - 2012-02-03 16:40 - 00000000 ____D () C:\Users\Jacobus\AppData\Roaming\.minecraft

2014-08-07 17:14 - 2013-02-22 17:41 - 00282104 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr

2014-08-07 17:14 - 2013-02-22 17:32 - 00282104 _____ () C:\Windows\SysWOW64\PnkBstrB.exe

2014-08-07 17:14 - 2013-02-22 17:32 - 00234768 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0

2014-08-06 18:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2014-08-05 14:26 - 2012-01-14 19:04 - 00000000 ____D () C:\Users\Jacobus\AppData\Local\VirtualStore

2014-08-01 12:07 - 2013-09-06 15:45 - 00000000 ____D () C:\Users\Jacobus\Documents\FIFA 12

2014-08-01 10:32 - 2014-08-01 10:32 - 00000000 ____D () C:\Users\Jacobus\AppData\Local\Logitech

2014-08-01 10:32 - 2014-08-01 10:31 - 00000000 ____D () C:\Program Files\Logitech Gaming Software

2014-08-01 10:32 - 2012-12-24 17:43 - 00000000 ____D () C:\Users\Jacobus\AppData\Local\CrashDumps

2014-08-01 10:31 - 2014-08-01 10:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech

2014-08-01 10:31 - 2014-08-01 10:31 - 00000000 ____D () C:\ProgramData\LogiShrd

2014-08-01 10:30 - 2014-08-01 10:29 - 62673992 _____ (Logitech Inc.) C:\Users\Jacobus\Downloads\lgs840_x64.exe

2014-08-01 10:30 - 2014-07-18 20:16 - 00000000 ____D () C:\Users\Jacobus\AppData\Roaming\Logishrd

2014-07-30 20:23 - 2014-07-30 20:23 - 00027150 _____ () C:\ComboFix.txt

2014-07-30 20:23 - 2014-07-30 20:05 - 00000000 ____D () C:\ComboFix

2014-07-30 20:23 - 2014-07-30 19:57 - 00000000 ____D () C:\Qoobox

2014-07-30 20:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Users\Default

2014-07-30 20:22 - 2014-07-30 19:56 - 00000000 ____D () C:\Windows\erdnt

2014-07-30 20:18 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini

2014-07-30 20:16 - 2009-07-14 04:34 - 78381056 _____ () C:\Windows\system32\config\software.bak

2014-07-30 20:16 - 2009-07-14 04:34 - 18874368 _____ () C:\Windows\system32\config\system.bak

2014-07-30 20:16 - 2009-07-14 04:34 - 01310720 _____ () C:\Windows\system32\config\default.bak

2014-07-30 20:16 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\security.bak

2014-07-30 20:16 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak

2014-07-30 19:59 - 2013-10-28 13:50 - 00000000 ____D () C:\ProgramData\Avira

2014-07-30 19:56 - 2014-07-30 19:56 - 05563986 ____R (Swearware) C:\Users\mierike\Downloads\ComboFix.exe

2014-07-30 19:46 - 2014-07-30 19:46 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\mierike\Downloads\revosetup95.exe

2014-07-30 19:46 - 2014-07-30 19:46 - 00001270 _____ () C:\Users\mierike\Desktop\Revo Uninstaller.lnk

2014-07-30 19:46 - 2014-07-30 19:46 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-07-30 11:42 - 2014-07-30 11:41 - 00040534 _____ () C:\Users\mierike\Desktop\Addition.txt

2014-07-30 11:39 - 2014-07-30 11:39 - 02093568 _____ (Farbar) C:\Users\mierike\Desktop\x.exe

2014-07-29 15:05 - 2014-07-29 15:05 - 00000000 ____D () C:\Users\mierike\AppData\Local\Windows Live

2014-07-28 20:08 - 2012-03-18 18:49 - 00000000 ____D () C:\Users\mierike\Documents\Papa

2014-07-28 18:54 - 2014-07-23 19:04 - 00000000 ____D () C:\ProgramData\IcfudOqmat

2014-07-23 15:52 - 2011-11-03 21:23 - 00000000 ____D () C:\Users\Clubberer\AppData\Local\SoftThinks

2014-07-23 15:36 - 2014-07-23 15:36 - 00000000 ____D () C:\Users\Clubberer\AppData\Local\{25D31DA7-A6F9-4F3D-98C6-B40E6F4016F6}

2014-07-23 10:52 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-07-20 11:18 - 2014-07-20 11:17 - 08065348 _____ () C:\Users\Jacobus\Downloads\1352281627_bentley_continental_gt_premier.rar

2014-07-20 11:16 - 2014-07-20 11:16 - 03163023 _____ () C:\Users\Jacobus\Downloads\1349424093_1349406382_alexkoenigseggepmriv.rar

2014-07-20 11:12 - 2014-07-20 11:12 - 05409472 _____ () C:\Users\Jacobus\Downloads\1389977311_POR_911TURBO_14.rar

2014-07-20 11:11 - 2014-07-20 11:11 - 17187404 _____ () C:\Users\Jacobus\Downloads\1366826519_Audi R8 5 2 Stock 2012.rar

2014-07-20 11:10 - 2014-07-20 11:10 - 05931641 _____ () C:\Users\Jacobus\Downloads\1356444601_2012LamborghiniGallardoLP5704SpyderPerformantebyDreamsky.zip

2014-07-20 11:09 - 2014-07-20 11:09 - 04025438 _____ () C:\Users\Jacobus\Downloads\1405846432_WheelsAndMore.rar

2014-07-20 11:09 - 2014-07-20 11:09 - 03467591 _____ () C:\Users\Jacobus\Downloads\1362939950_Harley Davidson Fat Boy Lo Racing Bobber.rar

2014-07-19 20:54 - 2014-07-19 20:54 - 03555001 _____ () C:\Users\Jacobus\Downloads\1405765207_GTAVbravadobisonbyAH.rar

2014-07-18 20:22 - 2014-07-18 20:18 - 52247609 _____ () C:\Users\Jacobus\Downloads\logitech_gaming_software_8_52_15_32bit_software.zip

2014-07-18 20:16 - 2014-07-18 20:16 - 00000000 ____D () C:\Users\Jacobus\AppData\Roaming\Logitech

2014-07-18 20:15 - 2014-07-18 20:12 - 52954360 _____ (Logitech Inc.) C:\Users\Jacobus\Downloads\LGS_8.51.5_x86_Logitech.exe

2014-07-17 20:42 - 2014-07-17 20:41 - 08135660 _____ () C:\Users\Jacobus\Downloads\1364805641_VH60N_Whitehawk_1.1.RAR

2014-07-17 20:39 - 2014-07-17 20:39 - 03459426 _____ () C:\Users\Jacobus\Downloads\1361362978_Audi A4 2010.rar

2014-07-17 20:37 - 2014-07-17 20:37 - 07105145 _____ () C:\Users\Jacobus\Downloads\1369655347_Marcopolo Torino 2007 - MB 1418.rar

2014-07-17 20:33 - 2014-07-17 20:33 - 00011029 _____ () C:\Users\Clubberer\Documents\Tabu Geo Jacob.xlsx

2014-07-17 20:29 - 2011-11-03 21:56 - 00000000 ____D () C:\Users\Clubberer\AppData\Local\Nero

2014-07-17 20:14 - 2014-07-17 20:14 - 00000000 ____D () C:\Users\Clubberer\AppData\Roaming\simplitec

2014-07-17 20:14 - 2011-11-03 21:23 - 00086488 _____ () C:\Users\Clubberer\AppData\Local\GDIPFONTCACHEV1.DAT

2014-07-15 20:00 - 2014-07-15 20:00 - 01084436 _____ () C:\Users\Jacobus\Downloads\1400064767_thrust.rar

2014-07-15 19:57 - 2014-07-15 19:57 - 02827901 _____ () C:\Users\Jacobus\Downloads\1363942875_KX500.rar

2014-07-15 19:56 - 2014-07-15 19:56 - 11531251 _____ () C:\Users\Jacobus\Downloads\1399218489_AudiQ7V13Vertelvis.rar

2014-07-15 19:55 - 2014-07-15 19:55 - 05205252 _____ () C:\Users\Jacobus\Downloads\1404329443_2013LamborghiniVeneno.zip

2014-07-15 19:50 - 2014-07-15 19:50 - 01431782 _____ () C:\Users\Jacobus\Downloads\1390693360_ChevroletBlazerK51972.rar

2014-07-15 19:50 - 2014-07-15 19:49 - 22912501 _____ () C:\Users\Jacobus\Downloads\1393757826_1393725518_c2.rar

2014-07-15 19:49 - 2014-07-15 19:49 - 27787900 _____ () C:\Users\Jacobus\Downloads\1405111533_SsangYong_Kyron_Beta_by_Claptrap.rar

2014-07-15 19:47 - 2014-07-15 19:47 - 11948024 _____ () C:\Users\Jacobus\Downloads\1404687451_GTA4EVOCAMBER.rar

2014-07-15 19:46 - 2014-07-15 19:46 - 04780670 _____ () C:\Users\Jacobus\Downloads\1403622098_jetmax.rar

2014-07-15 19:43 - 2014-07-15 19:43 - 03324012 _____ () C:\Users\Jacobus\Downloads\1399326915_Eurocopter EC135 Guardia Civil Spain.rar

2014-07-14 13:45 - 2011-10-15 14:22 - 00086488 _____ () C:\Users\mierike\AppData\Local\GDIPFONTCACHEV1.DAT

2014-07-12 19:58 - 2009-07-14 06:45 - 00381272 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-07-12 14:36 - 2012-01-14 19:05 - 00086488 _____ () C:\Users\Jacobus\AppData\Local\GDIPFONTCACHEV1.DAT

2014-07-12 14:31 - 2012-10-27 15:17 - 00000000 ____D () C:\ProgramData\InstallShield

2014-07-12 14:29 - 2014-07-12 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SPEEDLINK

2014-07-12 14:29 - 2014-07-12 14:29 - 00000000 ____D () C:\Program Files (x86)\SPEEDLINK

2014-07-12 14:29 - 2011-10-06 14:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-07-12 14:27 - 2014-07-12 14:27 - 00000000 ____D () C:\Users\Jacobus\AppData\Roaming\simplitec

2014-07-12 14:26 - 2014-07-12 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec
 

Some content of TEMP:

====================

C:\Users\Jacobus\AppData\Local\Temp\CmdLineExt01.dll

C:\Users\Jacobus\AppData\Local\Temp\drm_dyndata_7380014.dll

C:\Users\Jacobus\AppData\Local\Temp\i4jdel0.exe

C:\Users\Jacobus\AppData\Local\Temp\SIntf16.dll

C:\Users\Jacobus\AppData\Local\Temp\SIntf32.dll

C:\Users\Jacobus\AppData\Local\Temp\SIntfNT.dll

C:\Users\mierike\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
 
 

LastRegBack: 2014-07-29 19:42
 

==================== End Of Log ============================

--- --- ---

--- --- ---

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Code:

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=7e23456c8bd381409b5edb585142710e

# engine=19593

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2014-08-11 09:17:14

# local_time=2014-08-11 11:17:14 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1031

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1=''

# compatibility_mode=5893 16776573 100 94 64843 159378484 0 0

# scanned=307898

# found=62

# cleaned=0

# scan_time=5749

sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"

sh=42B1B52E708F9A3DC642A6B6C7EE8C00CB44FDB8 ft=1 fh=8c2cc9b4788f10ad vn="Variante von Win32/ELEX.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Omiga Plus\omigaplusSvc.exe.vir"

sh=8157D0C50CDAD9F608FCC1698D945A9C16114B35 ft=1 fh=1ad04c244ddba60d vn="Variante von Win32/ELEX.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jacobus\AppData\Roaming\eIntaller\293DC02F5211425fACE7414CAF349AD4\eGdpSvc.exe.vir"

sh=F37FDAAD49B857DC99DCEDB9603915502237F567 ft=1 fh=ae37f09b0a9f5c78 vn="Variante von Win32/ELEX.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jacobus\AppData\Roaming\eIntaller\293DC02F5211425fACE7414CAF349AD4\eXQ.exe.vir"

sh=5339ABEE428B92A04DF04A1D1B81896A68CF7CBD ft=0 fh=0000000000000000 vn="Win32/DealPly.J evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\DealPly\DealPly.crx.vir"

sh=B93A611E29C3BD6E13E9F3A2BD98F17EED127102 ft=0 fh=0000000000000000 vn="Win32/DealPly.J evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\DealPly\DealPly.xpi.vir"

sh=30D457E18D2B8CAF0B8900A4D64146CB171B57E0 ft=1 fh=c5d4173284eff9c1 vn="Variante von Win32/DealPly.G evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\DealPly\DealPlyIE.dll.vir"

sh=2D6B1EC0EFA47C992C32AD9CECFB0EC4543ACA0A ft=1 fh=7076499debea4e9c vn="Variante von Win32/DealPly.F evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\DealPly\DealPlyUpdateVer.exe.vir"

sh=383AB040028E9A8B92EF468449247295BCA4E504 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Jacobus\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\app\background.js.vir"

sh=B562DFC092C3B1481E3C43E617AF44F88B28F5A0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Jacobus\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\app\extension.js.vir"

sh=21DE00AE44690F8EC3C4A3D3F3F12E65C55F0485 ft=1 fh=7c473fc799eb532a vn="Variante von Win32/Kryptik.AMGL Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Jacobus\AppData\Roaming\loaupdt.jpg.vir"

sh=0E249E2DC1CBCFD21AE1F9BCF819C08022FA334E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Clubberer\AppData\Local\Mozilla\Firefox\Profiles\hvls8k10.default\Cache\2\51\DCAA5d01"

sh=2E9E48B3AC028A17AA92EC6D770854EA28EA68EE ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Clubberer\AppData\Local\Mozilla\Firefox\Profiles\hvls8k10.default\Cache\3\5F\75281d01"

sh=F7EBAA7EAA2FFD14F72F60388452C6766443D3D6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Clubberer\AppData\Local\Mozilla\Firefox\Profiles\hvls8k10.default\Cache\8\9D\3D042d01"

sh=7F88F1865FBE0A134FAEA5DA7B88C7264BBC1606 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Clubberer\AppData\Local\Mozilla\Firefox\Profiles\hvls8k10.default\Cache\A\8E\7B0BFd01"

sh=6BFF50A0465FB2B1165796CB47841DB876BA1D4B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Clubberer\AppData\Local\Mozilla\Firefox\Profiles\hvls8k10.default\Cache\D\51\AFAA9d01"

sh=9E444BD9CAFE2B9682721D4E074D0CB03E737B93 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Clubberer\AppData\Local\Mozilla\Firefox\Profiles\hvls8k10.default\Cache\D\D4\F8FBCd01"

sh=8904E5EB2B62F4990C389BF96A83156BC8EF8B78 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Clubberer\AppData\Local\Mozilla\Firefox\Profiles\hvls8k10.default\Cache\E\E8\F8B8Bd01"

sh=BD99029E3E064DE3BDC009BED86CE5F9F6556130 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1PTEB80S\ciuvo_m[1].js"

sh=928B3A0AAB8E65FB9E3A586D99E80AD24A68A831 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1PTEB80S\corticas_m[1].js"

sh=A683550DA906D5B94A7903747C190E32971BCF8A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RJO9UW3\dealply_m[1].js"

sh=4C03BD17B87EC994B75AC8B7E99F3B70FBB71719 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RJO9UW3\monetizationLoader[1].js"

sh=B4853CCBF4F400FB3A12155815CFFD0D74C8EEAC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RJO9UW3\noproblemppc_m[1].js"

sh=316AD88F43CC33313DB30CA9C001AE6BB1FBC414 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RJO9UW3\revizer_p_dynamic_m[1].js"

sh=399782A2AB704FCF977DD8C511424301382F4659 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Y3M0K8K\50onred_ads_only_no_fb_m[1].js"

sh=E34752C2716F4AA9A438EB6BB4268C357C1FA160 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Y3M0K8K\gam_manager[1].js"

sh=F4ED2E70B2B8D0F1C4EA381BC928D4DD0438F0F7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Y3M0K8K\revizer_p_dynamic_m[1].js"

sh=09E41DAB84A351A234F471879A1C5FC682957ABA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Y3M0K8K\revizer_p_dynamic_m[2].js"

sh=5A2E194F65251D63A145311F957D0A94061D2159 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Y3M0K8K\superfish_no_search_no_coupons_plushd_m[1].js"

sh=76383B8DE33E6BBFB98D545DEA12B018A0A8F2C8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E63FGNV7\icm_m[1].js"

sh=1D05F40721A499CDC6AA0944B9757B2A6E3FE6A6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E63FGNV7\monetizationLoader[1].js"

sh=1B82157104A9F645095DF7AE7B5CF872400DF531 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E63FGNV7\revizer_ws_dynamic_m[1].js"

sh=7004C50EC82BFA560814E4094FC5D424F58161D3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6KCADCZ\intext_5_m[1].js"

sh=DA00D43895202044AAF7EFA3BD388B190B155367 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MSO9YSKM\icm_convertmedia_m[1].js"

sh=705F7674C554A2BDA26E88C6776C54FDBF379002 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MSO9YSKM\icm_convertmedia_m[2].js"

sh=57F74C3FAF6723290F6FA3341542A17948A76BCD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MSO9YSKM\revizer_ws_dynamic_m[1].js"

sh=075CCE375A95F47C55CE0FF0FFACA5A5156008FF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PP29HLBM\bpo_serp_m[1].js"

sh=81ECD53ECC5EB6E17063A90F3EB31526347E730F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PP29HLBM\monetizationLoader[1].js"

sh=8C65267C1AADD4AB670D6D979C4A686D16A86869 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PP29HLBM\similar_web_m[1].js"

sh=2CF9673BEBBF43F647E03F92E7B59240B7339E06 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RS97U4WJ\50onred_ads_only_no_fb_m[1].js"

sh=F5C88EA43CAB5305B3DD429370A60597BBF3BBEE ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RS97U4WJ\intext_adv_m[1].js"

sh=B683C210045A4133B80E4ECC0C23BC3196B66514 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RXLRKQCQ\bpo_serp_m[1].js"

sh=4AFB1A8A9B6234518266E5EC2312F6F5FF90B499 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RXLRKQCQ\monetizationLoader[1].js"

sh=6BAE4634957305EA02B0FED1E9CDDBE6A14914E0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RXLRKQCQ\noproblemppc_m[1].js"

sh=93D7AD0FC7A7EC62E220FBD9A5501C61B0743EC9 ft=0 fh=0000000000000000 vn="Win32/bProtector.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RXLRKQCQ\pack[1].7z"

sh=BFD0F29067CAE71544784708FE5554D6518AD6AD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RXLRKQCQ\superfish_no_coupons_m[1].js"

sh=340C42F0D5E93EBEA1197BFB0EDD1B9680462756 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TG1YVM2D\ibario_pops_m[1].js"

sh=F4047FA127C3997FC8D4611885D9C339A0EDF946 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TG1YVM2D\monetizationLoader[1].js"

sh=3893C701FC34D1821AD7219306ECFBD1EDE3AF8F ft=0 fh=0000000000000000 vn="Variante von Win32/bProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TG1YVM2D\pack[1].7z"

sh=9832E303AF1F020C6DD37DB8D8E7A0FF40979142 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WFN1SHNE\intext_adv_m[1].js"

sh=FE140788B9C42FA5DE196C9E1A63BC2AF81C2172 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WFN1SHNE\jollywallet_m[1].js"

sh=73E3DE6407B972684132A0542884E6109B387FFE ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WFN1SHNE\retargeting_bi_m[1].js"

sh=7F88F1865FBE0A134FAEA5DA7B88C7264BBC1606 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WFN1SHNE\retargeting_bi_m[2].js"

sh=EBC6B605C382391DB57EAF46206ADD0D7CEBF803 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YSNULV09\ciuvo_m[1].js"

sh=B09166ED1B1E138E78F807E6E7B4A19E0934E5A5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YSNULV09\icm_convertmedia_m[1].js"

sh=FDBA68AA29F1385C6CD0465F45934AF7BAB39721 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YSNULV09\intext_5_m[1].js"

sh=CC9B5D471D8C379CBAA0E63FE16033287F90F82D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YSNULV09\jollywallet_m[1].js"

sh=6BA20A190D6CE386008B306796860611C85A9A2F ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-1723.X Trojaner" ac=I fn="C:\Users\Jacobus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\3d3a6975-6f2c0ba1"

sh=3837DCC6FC0D2C7D2CD6765EE18175468E314815 ft=1 fh=404bf2cda126427a vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jacobus\Downloads\FreeYouTubeToMP3Converter31126.exe"

sh=0AEC9F3C6AF6DB53700FC5330A7B8E0B8D68ECF7 ft=0 fh=0000000000000000 vn="JS/Kryptik.ART Trojaner" ac=I fn="C:\Users\mierike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00LJLFH4\bdda8632fa4523a77d6db14c7aeb8202[1].htm"

sh=5F518673A37B333A2A78F423AF7628C2EB752434 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\mierike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\3ce01717-7b8b5b3f"

sh=4ED54D05CE2F68E91B12DD469AC8C7A5B7F003B5 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\mierike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\3021d9f5-5e4a4a29"

Code:

 Results of screen317's Security Check version 0.99.86  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  
 ``````````````Antivirus/Firewall Check:`````````````` 

 WMI entry may not exist for antivirus; attempting automatic update. 
 `````````Anti-malware/Other Utilities Check:````````` 

 Secunia PSI (2.0.0.4003)   

 Java(TM) 7 Update 4  

 Java version out of Date! 

 Adobe Flash Player 14.0.0.145  

 Adobe Reader 10.1.10 Adobe Reader out of Date!  

 Mozilla Firefox (31.0) 
 ````````Process Check: objlist.exe by Laurent````````  
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-08-2014 01

Ran by mierike (administrator) on FAMILIE on 11-08-2014 11:28:59

Running from C:\Users\mierike\Desktop

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal
 
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe

(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe

(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe

() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe

(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe

() C:\Program Files (x86)\SPEEDLINK\DECUS Gaming Mouse\Monitor.EXE

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Nero AG) C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe

() C:\Users\mierike\Downloads\SecurityCheck.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)

HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7406392 2012-11-29] (Logitech Inc.)

HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)

HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)

HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)

HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()

HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [75064 2011-07-07] ()

HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)

HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [606040 2013-08-15] (Razer Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [SL-6397 Gaming Mouse] => C:\Program Files (x86)\SPEEDLINK\DECUS Gaming Mouse\Monitor.exe [3587584 2013-09-30] ()

HKU\S-1-5-21-3566807784-1483398079-3001521256-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1753280 2014-07-16] (Valve Corporation)

HKU\S-1-5-21-3566807784-1483398079-3001521256-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)

HKU\S-1-5-21-3566807784-1483398079-3001521256-1000\...\Run: [Omiga Plus] => "C:\Program Files (x86)\Omiga Plus\omigaplus.exe" /autorun

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk

ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

Startup: C:\Users\Jacobus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\mierike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKCU - 57A7A818809743CA89DDFEB39A0371A8 URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST31500341AS_9VS581DLXXXX9VS581DL&ts=3342393

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File

BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\mierike\AppData\Roaming\Mozilla\Firefox\Profiles\fr8zt0np.default

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=10.4.0 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.4.0 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: Adblock Plus - C:\Users\mierike\AppData\Roaming\Mozilla\Firefox\Profiles\fr8zt0np.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-06-24]
 

Chrome: 

=======
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-02-22] ()

R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)

R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)

S2 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

S1 9692b0; \??\C:\Windows\system32\drivers\9692b0.sys [X]

S1 brwtyvgg; \??\C:\Windows\system32\drivers\brwtyvgg.sys [X]

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S1 dsyoqujv; \??\C:\Windows\system32\drivers\dsyoqujv.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-08-11 11:24 - 2014-08-11 11:24 - 00854410 _____ () C:\Users\mierike\Downloads\SecurityCheck.exe

2014-08-11 09:37 - 2014-08-11 09:37 - 02347384 _____ (ESET) C:\Users\mierike\Downloads\esetsmartinstaller_deu.exe

2014-08-11 09:37 - 2014-08-11 09:37 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-08-10 16:45 - 2014-08-10 16:45 - 02099712 _____ (Farbar) C:\Users\mierike\Desktop\FRST64.exe

2014-08-10 16:45 - 2014-08-10 16:45 - 00000000 ____D () C:\Users\mierike\Desktop\FRST-OlderVersion

2014-08-10 16:44 - 2014-08-10 16:44 - 00001517 _____ () C:\Users\mierike\Desktop\JRT.txt

2014-08-10 16:37 - 2014-08-10 16:37 - 00000000 ____D () C:\Windows\ERUNT

2014-08-10 16:35 - 2014-08-10 16:35 - 01016261 _____ (Thisisu) C:\Users\mierike\Downloads\JRT.exe

2014-08-10 16:31 - 2014-08-10 16:32 - 00000000 ____D () C:\AdwCleaner

2014-08-10 16:31 - 2014-08-10 16:31 - 01366203 _____ () C:\Users\mierike\Downloads\adwcleaner_3.304.exe

2014-08-10 16:30 - 2014-08-10 16:30 - 00001064 _____ () C:\Users\mierike\Desktop\anit-malware.txt

2014-08-10 16:11 - 2014-08-10 16:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-08-10 16:11 - 2014-08-10 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-08-10 16:11 - 2014-08-10 16:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-08-10 16:11 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-08-10 16:11 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-08-10 16:11 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-08-10 16:10 - 2014-08-10 16:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\mierike\Downloads\mbam-setup-2.0.2.1012.exe

2014-08-09 14:56 - 2014-08-09 14:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-08-09 14:56 - 2014-08-09 14:56 - 00000000 ____D () C:\Users\mierike\AppData\Local\Logitech

2014-08-01 10:32 - 2014-08-01 10:32 - 00000000 ____D () C:\Users\Jacobus\AppData\Local\Logitech

2014-08-01 10:31 - 2014-08-01 10:32 - 00000000 ____D () C:\Program Files\Logitech Gaming Software

2014-08-01 10:31 - 2014-08-01 10:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech

2014-08-01 10:31 - 2014-08-01 10:31 - 00000000 ____D () C:\ProgramData\LogiShrd

2014-08-01 10:29 - 2014-08-01 10:30 - 62673992 _____ (Logitech Inc.) C:\Users\Jacobus\Downloads\lgs840_x64.exe

2014-08-01 10:15 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2014-08-01 10:15 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2014-08-01 10:15 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2014-08-01 10:15 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2014-08-01 10:15 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2014-08-01 10:15 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2014-08-01 10:15 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2014-08-01 10:15 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2014-08-01 10:15 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2014-08-01 10:15 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2014-08-01 10:14 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2014-08-01 10:14 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2014-08-01 10:14 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2014-08-01 10:14 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2014-07-30 20:23 - 2014-07-30 20:23 - 00027150 _____ () C:\ComboFix.txt

2014-07-30 20:05 - 2014-07-30 20:23 - 00000000 ____D () C:\ComboFix

2014-07-30 19:57 - 2014-07-30 20:23 - 00000000 ____D () C:\Qoobox

2014-07-30 19:57 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-07-30 19:57 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-07-30 19:57 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-07-30 19:57 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-07-30 19:57 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-07-30 19:57 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe

2014-07-30 19:57 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe

2014-07-30 19:57 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe

2014-07-30 19:56 - 2014-07-30 20:22 - 00000000 ____D () C:\Windows\erdnt

2014-07-30 19:56 - 2014-07-30 19:56 - 05563986 ____R (Swearware) C:\Users\mierike\Downloads\ComboFix.exe

2014-07-30 19:46 - 2014-07-30 19:46 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\mierike\Downloads\revosetup95.exe

2014-07-30 19:46 - 2014-07-30 19:46 - 00001270 _____ () C:\Users\mierike\Desktop\Revo Uninstaller.lnk

2014-07-30 19:46 - 2014-07-30 19:46 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-07-30 11:41 - 2014-08-11 11:29 - 00013361 _____ () C:\Users\mierike\Desktop\FRST.txt

2014-07-30 11:41 - 2014-08-11 11:29 - 00000000 ____D () C:\FRST

2014-07-30 11:41 - 2014-07-30 11:42 - 00040534 _____ () C:\Users\mierike\Desktop\Addition.txt

2014-07-30 11:39 - 2014-07-30 11:39 - 02093568 _____ (Farbar) C:\Users\mierike\Desktop\x.exe

2014-07-29 15:05 - 2014-07-29 15:05 - 00000000 ____D () C:\Users\mierike\AppData\Local\Windows Live

2014-07-23 19:04 - 2014-07-28 18:54 - 00000000 ____D () C:\ProgramData\IcfudOqmat

2014-07-23 15:36 - 2014-07-23 15:36 - 00000000 ____D () C:\Users\Clubberer\AppData\Local\{25D31DA7-A6F9-4F3D-98C6-B40E6F4016F6}

2014-07-20 11:17 - 2014-07-20 11:18 - 08065348 _____ () C:\Users\Jacobus\Downloads\1352281627_bentley_continental_gt_premier.rar

2014-07-20 11:16 - 2014-07-20 11:16 - 03163023 _____ () C:\Users\Jacobus\Downloads\1349424093_1349406382_alexkoenigseggepmriv.rar

2014-07-20 11:12 - 2014-07-20 11:12 - 05409472 _____ () C:\Users\Jacobus\Downloads\1389977311_POR_911TURBO_14.rar

2014-07-20 11:11 - 2014-07-20 11:11 - 17187404 _____ () C:\Users\Jacobus\Downloads\1366826519_Audi R8 5 2 Stock 2012.rar

2014-07-20 11:10 - 2014-07-20 11:10 - 05931641 _____ () C:\Users\Jacobus\Downloads\1356444601_2012LamborghiniGallardoLP5704SpyderPerformantebyDreamsky.zip

2014-07-20 11:09 - 2014-07-20 11:09 - 04025438 _____ () C:\Users\Jacobus\Downloads\1405846432_WheelsAndMore.rar

2014-07-20 11:09 - 2014-07-20 11:09 - 03467591 _____ () C:\Users\Jacobus\Downloads\1362939950_Harley Davidson Fat Boy Lo Racing Bobber.rar

2014-07-19 20:54 - 2014-07-19 20:54 - 03555001 _____ () C:\Users\Jacobus\Downloads\1405765207_GTAVbravadobisonbyAH.rar

2014-07-18 20:18 - 2014-07-18 20:22 - 52247609 _____ () C:\Users\Jacobus\Downloads\logitech_gaming_software_8_52_15_32bit_software.zip

2014-07-18 20:16 - 2014-08-01 10:30 - 00000000 ____D () C:\Users\Jacobus\AppData\Roaming\Logishrd

2014-07-18 20:16 - 2014-07-18 20:16 - 00000000 ____D () C:\Users\Jacobus\AppData\Roaming\Logitech

2014-07-18 20:12 - 2014-07-18 20:15 - 52954360 _____ (Logitech Inc.) C:\Users\Jacobus\Downloads\LGS_8.51.5_x86_Logitech.exe

2014-07-17 20:41 - 2014-07-17 20:42 - 08135660 _____ () C:\Users\Jacobus\Downloads\1364805641_VH60N_Whitehawk_1.1.RAR

2014-07-17 20:39 - 2014-07-17 20:39 - 03459426 _____ () C:\Users\Jacobus\Downloads\1361362978_Audi A4 2010.rar

2014-07-17 20:37 - 2014-07-17 20:37 - 07105145 _____ () C:\Users\Jacobus\Downloads\1369655347_Marcopolo Torino 2007 - MB 1418.rar

2014-07-17 20:33 - 2014-07-17 20:33 - 00011029 _____ () C:\Users\Clubberer\Documents\Tabu Geo Jacob.xlsx

2014-07-17 20:14 - 2014-07-17 20:14 - 00000000 ____D () C:\Users\Clubberer\AppData\Roaming\simplitec

2014-07-15 20:00 - 2014-07-15 20:00 - 01084436 _____ () C:\Users\Jacobus\Downloads\1400064767_thrust.rar

2014-07-15 19:57 - 2014-07-15 19:57 - 02827901 _____ () C:\Users\Jacobus\Downloads\1363942875_KX500.rar

2014-07-15 19:56 - 2014-07-15 19:56 - 11531251 _____ () C:\Users\Jacobus\Downloads\1399218489_AudiQ7V13Vertelvis.rar

2014-07-15 19:55 - 2014-07-15 19:55 - 05205252 _____ () C:\Users\Jacobus\Downloads\1404329443_2013LamborghiniVeneno.zip

2014-07-15 19:50 - 2014-07-15 19:50 - 01431782 _____ () C:\Users\Jacobus\Downloads\1390693360_ChevroletBlazerK51972.rar

2014-07-15 19:49 - 2014-07-15 19:50 - 22912501 _____ () C:\Users\Jacobus\Downloads\1393757826_1393725518_c2.rar

2014-07-15 19:49 - 2014-07-15 19:49 - 27787900 _____ () C:\Users\Jacobus\Downloads\1405111533_SsangYong_Kyron_Beta_by_Claptrap.rar

2014-07-15 19:47 - 2014-07-15 19:47 - 11948024 _____ () C:\Users\Jacobus\Downloads\1404687451_GTA4EVOCAMBER.rar

2014-07-15 19:46 - 2014-07-15 19:46 - 04780670 _____ () C:\Users\Jacobus\Downloads\1403622098_jetmax.rar

2014-07-15 19:43 - 2014-07-15 19:43 - 03324012 _____ () C:\Users\Jacobus\Downloads\1399326915_Eurocopter EC135 Guardia Civil Spain.rar

2014-07-12 14:29 - 2014-07-12 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SPEEDLINK

2014-07-12 14:29 - 2014-07-12 14:29 - 00000000 ____D () C:\Program Files (x86)\SPEEDLINK

2014-07-12 14:27 - 2014-07-12 14:27 - 00000000 ____D () C:\Users\Jacobus\AppData\Roaming\simplitec

2014-07-12 14:26 - 2014-07-12 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-08-11 11:29 - 2014-07-30 11:41 - 00013361 _____ () C:\Users\mierike\Desktop\FRST.txt

2014-08-11 11:29 - 2014-07-30 11:41 - 00000000 ____D () C:\FRST

2014-08-11 11:24 - 2014-08-11 11:24 - 00854410 _____ () C:\Users\mierike\Downloads\SecurityCheck.exe

2014-08-11 10:33 - 2012-04-06 13:27 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-08-11 10:32 - 2012-05-27 16:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-08-11 09:49 - 2011-10-22 13:10 - 00000000 ____D () C:\Users\mierike\AppData\Local\Nero

2014-08-11 09:41 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-08-11 09:41 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-08-11 09:40 - 2011-10-15 14:22 - 00000422 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job

2014-08-11 09:39 - 2011-10-17 18:40 - 00003488 _____ () C:\Windows\System32\Tasks\PCDEventLauncher

2014-08-11 09:39 - 2011-10-15 14:22 - 00003450 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest

2014-08-11 09:38 - 2012-05-18 16:52 - 01756809 _____ () C:\Windows\WindowsUpdate.log

2014-08-11 09:37 - 2014-08-11 09:37 - 02347384 _____ (ESET) C:\Users\mierike\Downloads\esetsmartinstaller_deu.exe

2014-08-11 09:37 - 2014-08-11 09:37 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-08-11 09:35 - 2013-09-08 17:27 - 00000000 ____D () C:\Users\mierike\AppData\Roaming\Skype

2014-08-11 09:34 - 2014-05-18 18:49 - 00011408 _____ () C:\Windows\setupact.log

2014-08-11 09:34 - 2013-05-29 14:58 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-08-11 09:34 - 2012-04-06 13:27 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-08-11 09:34 - 2011-10-15 14:19 - 00000000 ____D () C:\Users\mierike\AppData\Local\SoftThinks

2014-08-11 09:34 - 2011-10-06 14:20 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup

2014-08-11 09:34 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-08-10 16:45 - 2014-08-10 16:45 - 02099712 _____ (Farbar) C:\Users\mierike\Desktop\FRST64.exe

2014-08-10 16:45 - 2014-08-10 16:45 - 00000000 ____D () C:\Users\mierike\Desktop\FRST-OlderVersion

2014-08-10 16:44 - 2014-08-10 16:44 - 00001517 _____ () C:\Users\mierike\Desktop\JRT.txt

2014-08-10 16:41 - 2014-05-19 07:08 - 00643186 _____ () C:\Windows\PFRO.log

2014-08-10 16:37 - 2014-08-10 16:37 - 00000000 ____D () C:\Windows\ERUNT

2014-08-10 16:35 - 2014-08-10 16:35 - 01016261 _____ (Thisisu) C:\Users\mierike\Downloads\JRT.exe

2014-08-10 16:33 - 2012-05-20 20:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-08-10 16:32 - 2014-08-10 16:31 - 00000000 ____D () C:\AdwCleaner

2014-08-10 16:32 - 2013-07-08 07:29 - 00000961 _____ () C:\Users\mierike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-08-10 16:32 - 2013-01-13 18:08 - 00001055 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-08-10 16:32 - 2012-05-20 20:30 - 00001067 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-08-10 16:32 - 2011-11-03 21:50 - 00000000 ____D () C:\ProgramData\ICQ

2014-08-10 16:32 - 2011-10-15 14:22 - 00001158 _____ () C:\Users\mierike\Desktop\Internet Explorer.lnk

2014-08-10 16:31 - 2014-08-10 16:31 - 01366203 _____ () C:\Users\mierike\Downloads\adwcleaner_3.304.exe

2014-08-10 16:30 - 2014-08-10 16:30 - 00001064 _____ () C:\Users\mierike\Desktop\anit-malware.txt

2014-08-10 16:11 - 2014-08-10 16:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-08-10 16:11 - 2014-08-10 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-08-10 16:11 - 2014-08-10 16:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-08-10 16:11 - 2012-05-20 14:13 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-08-10 16:10 - 2014-08-10 16:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\mierike\Downloads\mbam-setup-2.0.2.1012.exe

2014-08-10 12:00 - 2013-09-05 16:44 - 00000000 ____D () C:\Program Files (x86)\Origin

2014-08-10 09:30 - 2012-01-14 19:19 - 00000000 ____D () C:\Users\Jacobus\AppData\Local\Nero

2014-08-10 09:14 - 2012-01-14 19:04 - 00000000 ____D () C:\Users\Jacobus\AppData\Local\SoftThinks

2014-08-10 09:00 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-08-09 14:57 - 2014-08-09 14:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-08-09 14:56 - 2014-08-09 14:56 - 00000000 ____D () C:\Users\mierike\AppData\Local\Logitech

2014-08-08 15:08 - 2011-10-06 14:43 - 00000000 ____D () C:\ProgramData\Sonic

2014-08-08 15:07 - 2013-06-29 18:56 - 00000000 ____D () C:\Users\Jacobus\AppData\Roaming\Skype

2014-08-08 15:04 - 2011-10-06 14:22 - 00000000 ____D () C:\ProgramData\Skype

2014-08-07 18:08 - 2012-02-03 16:40 - 00000000 ____D () C:\Users\Jacobus\AppData\Roaming\.minecraft

2014-08-07 17:14 - 2013-02-22 17:41 - 00282104 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr

2014-08-07 17:14 - 2013-02-22 17:32 - 00282104 _____ () C:\Windows\SysWOW64\PnkBstrB.exe

2014-08-07 17:14 - 2013-02-22 17:32 - 00234768 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0

2014-08-06 18:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2014-08-05 14:26 - 2012-01-14 19:04 - 00000000 ____D () C:\Users\Jacobus\AppData\Local\VirtualStore

2014-08-01 12:07 - 2013-09-06 15:45 - 00000000 ____D () C:\Users\Jacobus\Documents\FIFA 12

2014-08-01 10:32 - 2014-08-01 10:32 - 00000000 ____D () C:\Users\Jacobus\AppData\Local\Logitech

2014-08-01 10:32 - 2014-08-01 10:31 - 00000000 ____D () C:\Program Files\Logitech Gaming Software

2014-08-01 10:32 - 2012-12-24 17:43 - 00000000 ____D () C:\Users\Jacobus\AppData\Local\CrashDumps

2014-08-01 10:31 - 2014-08-01 10:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech

2014-08-01 10:31 - 2014-08-01 10:31 - 00000000 ____D () C:\ProgramData\LogiShrd

2014-08-01 10:30 - 2014-08-01 10:29 - 62673992 _____ (Logitech Inc.) C:\Users\Jacobus\Downloads\lgs840_x64.exe

2014-08-01 10:30 - 2014-07-18 20:16 - 00000000 ____D () C:\Users\Jacobus\AppData\Roaming\Logishrd

2014-07-30 20:23 - 2014-07-30 20:23 - 00027150 _____ () C:\ComboFix.txt

2014-07-30 20:23 - 2014-07-30 20:05 - 00000000 ____D () C:\ComboFix

2014-07-30 20:23 - 2014-07-30 19:57 - 00000000 ____D () C:\Qoobox

2014-07-30 20:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Users\Default

2014-07-30 20:22 - 2014-07-30 19:56 - 00000000 ____D () C:\Windows\erdnt

2014-07-30 20:18 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini

2014-07-30 20:16 - 2009-07-14 04:34 - 78381056 _____ () C:\Windows\system32\config\software.bak

2014-07-30 20:16 - 2009-07-14 04:34 - 18874368 _____ () C:\Windows\system32\config\system.bak

2014-07-30 20:16 - 2009-07-14 04:34 - 01310720 _____ () C:\Windows\system32\config\default.bak

2014-07-30 20:16 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\security.bak

2014-07-30 20:16 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak

2014-07-30 19:59 - 2013-10-28 13:50 - 00000000 ____D () C:\ProgramData\Avira

2014-07-30 19:56 - 2014-07-30 19:56 - 05563986 ____R (Swearware) C:\Users\mierike\Downloads\ComboFix.exe

2014-07-30 19:46 - 2014-07-30 19:46 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\mierike\Downloads\revosetup95.exe

2014-07-30 19:46 - 2014-07-30 19:46 - 00001270 _____ () C:\Users\mierike\Desktop\Revo Uninstaller.lnk

2014-07-30 19:46 - 2014-07-30 19:46 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-07-30 11:42 - 2014-07-30 11:41 - 00040534 _____ () C:\Users\mierike\Desktop\Addition.txt

2014-07-30 11:39 - 2014-07-30 11:39 - 02093568 _____ (Farbar) C:\Users\mierike\Desktop\x.exe

2014-07-29 15:05 - 2014-07-29 15:05 - 00000000 ____D () C:\Users\mierike\AppData\Local\Windows Live

2014-07-28 20:08 - 2012-03-18 18:49 - 00000000 ____D () C:\Users\mierike\Documents\Papa

2014-07-28 18:54 - 2014-07-23 19:04 - 00000000 ____D () C:\ProgramData\IcfudOqmat

2014-07-23 15:52 - 2011-11-03 21:23 - 00000000 ____D () C:\Users\Clubberer\AppData\Local\SoftThinks

2014-07-23 15:36 - 2014-07-23 15:36 - 00000000 ____D () C:\Users\Clubberer\AppData\Local\{25D31DA7-A6F9-4F3D-98C6-B40E6F4016F6}

2014-07-23 10:52 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-07-20 11:18 - 2014-07-20 11:17 - 08065348 _____ () C:\Users\Jacobus\Downloads\1352281627_bentley_continental_gt_premier.rar

2014-07-20 11:16 - 2014-07-20 11:16 - 03163023 _____ () C:\Users\Jacobus\Downloads\1349424093_1349406382_alexkoenigseggepmriv.rar

2014-07-20 11:12 - 2014-07-20 11:12 - 05409472 _____ () C:\Users\Jacobus\Downloads\1389977311_POR_911TURBO_14.rar

2014-07-20 11:11 - 2014-07-20 11:11 - 17187404 _____ () C:\Users\Jacobus\Downloads\1366826519_Audi R8 5 2 Stock 2012.rar

2014-07-20 11:10 - 2014-07-20 11:10 - 05931641 _____ () C:\Users\Jacobus\Downloads\1356444601_2012LamborghiniGallardoLP5704SpyderPerformantebyDreamsky.zip

2014-07-20 11:09 - 2014-07-20 11:09 - 04025438 _____ () C:\Users\Jacobus\Downloads\1405846432_WheelsAndMore.rar

2014-07-20 11:09 - 2014-07-20 11:09 - 03467591 _____ () C:\Users\Jacobus\Downloads\1362939950_Harley Davidson Fat Boy Lo Racing Bobber.rar

2014-07-19 20:54 - 2014-07-19 20:54 - 03555001 _____ () C:\Users\Jacobus\Downloads\1405765207_GTAVbravadobisonbyAH.rar

2014-07-18 20:22 - 2014-07-18 20:18 - 52247609 _____ () C:\Users\Jacobus\Downloads\logitech_gaming_software_8_52_15_32bit_software.zip

2014-07-18 20:16 - 2014-07-18 20:16 - 00000000 ____D () C:\Users\Jacobus\AppData\Roaming\Logitech

2014-07-18 20:15 - 2014-07-18 20:12 - 52954360 _____ (Logitech Inc.) C:\Users\Jacobus\Downloads\LGS_8.51.5_x86_Logitech.exe

2014-07-17 20:42 - 2014-07-17 20:41 - 08135660 _____ () C:\Users\Jacobus\Downloads\1364805641_VH60N_Whitehawk_1.1.RAR

2014-07-17 20:39 - 2014-07-17 20:39 - 03459426 _____ () C:\Users\Jacobus\Downloads\1361362978_Audi A4 2010.rar

2014-07-17 20:37 - 2014-07-17 20:37 - 07105145 _____ () C:\Users\Jacobus\Downloads\1369655347_Marcopolo Torino 2007 - MB 1418.rar

2014-07-17 20:33 - 2014-07-17 20:33 - 00011029 _____ () C:\Users\Clubberer\Documents\Tabu Geo Jacob.xlsx

2014-07-17 20:29 - 2011-11-03 21:56 - 00000000 ____D () C:\Users\Clubberer\AppData\Local\Nero

2014-07-17 20:14 - 2014-07-17 20:14 - 00000000 ____D () C:\Users\Clubberer\AppData\Roaming\simplitec

2014-07-17 20:14 - 2011-11-03 21:23 - 00086488 _____ () C:\Users\Clubberer\AppData\Local\GDIPFONTCACHEV1.DAT

2014-07-15 20:00 - 2014-07-15 20:00 - 01084436 _____ () C:\Users\Jacobus\Downloads\1400064767_thrust.rar

2014-07-15 19:57 - 2014-07-15 19:57 - 02827901 _____ () C:\Users\Jacobus\Downloads\1363942875_KX500.rar

2014-07-15 19:56 - 2014-07-15 19:56 - 11531251 _____ () C:\Users\Jacobus\Downloads\1399218489_AudiQ7V13Vertelvis.rar

2014-07-15 19:55 - 2014-07-15 19:55 - 05205252 _____ () C:\Users\Jacobus\Downloads\1404329443_2013LamborghiniVeneno.zip

2014-07-15 19:50 - 2014-07-15 19:50 - 01431782 _____ () C:\Users\Jacobus\Downloads\1390693360_ChevroletBlazerK51972.rar

2014-07-15 19:50 - 2014-07-15 19:49 - 22912501 _____ () C:\Users\Jacobus\Downloads\1393757826_1393725518_c2.rar

2014-07-15 19:49 - 2014-07-15 19:49 - 27787900 _____ () C:\Users\Jacobus\Downloads\1405111533_SsangYong_Kyron_Beta_by_Claptrap.rar

2014-07-15 19:47 - 2014-07-15 19:47 - 11948024 _____ () C:\Users\Jacobus\Downloads\1404687451_GTA4EVOCAMBER.rar

2014-07-15 19:46 - 2014-07-15 19:46 - 04780670 _____ () C:\Users\Jacobus\Downloads\1403622098_jetmax.rar

2014-07-15 19:43 - 2014-07-15 19:43 - 03324012 _____ () C:\Users\Jacobus\Downloads\1399326915_Eurocopter EC135 Guardia Civil Spain.rar

2014-07-14 13:45 - 2011-10-15 14:22 - 00086488 _____ () C:\Users\mierike\AppData\Local\GDIPFONTCACHEV1.DAT

2014-07-12 19:58 - 2009-07-14 06:45 - 00381272 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-07-12 14:36 - 2012-01-14 19:05 - 00086488 _____ () C:\Users\Jacobus\AppData\Local\GDIPFONTCACHEV1.DAT

2014-07-12 14:31 - 2012-10-27 15:17 - 00000000 ____D () C:\ProgramData\InstallShield

2014-07-12 14:29 - 2014-07-12 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SPEEDLINK

2014-07-12 14:29 - 2014-07-12 14:29 - 00000000 ____D () C:\Program Files (x86)\SPEEDLINK

2014-07-12 14:29 - 2011-10-06 14:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-07-12 14:27 - 2014-07-12 14:27 - 00000000 ____D () C:\Users\Jacobus\AppData\Roaming\simplitec

2014-07-12 14:26 - 2014-07-12 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec
 

Some content of TEMP:

====================

C:\Users\Jacobus\AppData\Local\Temp\CmdLineExt01.dll

C:\Users\Jacobus\AppData\Local\Temp\drm_dyndata_7380014.dll

C:\Users\Jacobus\AppData\Local\Temp\i4jdel0.exe

C:\Users\Jacobus\AppData\Local\Temp\SIntf16.dll

C:\Users\Jacobus\AppData\Local\Temp\SIntf32.dll

C:\Users\Jacobus\AppData\Local\Temp\SIntfNT.dll

C:\Users\mierike\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
 
 

LastRegBack: 2014-08-10 17:03
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

sooooo, das ist alles :) Nein, ich glaube es gibt keine probleme mehr. der rechner läuft wieder einwandfrei :) soll ich nun noch iwas tun?
dankbare grüße :)

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

S1 9692b0; \??\C:\Windows\system32\drivers\9692b0.sys [X]

S1 brwtyvgg; \??\C:\Windows\system32\drivers\brwtyvgg.sys [X]

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S1 dsyoqujv; \??\C:\Windows\system32\drivers\dsyoqujv.sys [X]

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Java und Adobe updaten.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Fertig :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-08-2014 01

Ran by mierike at 2014-08-12 09:29:42 Run:1

Running from C:\Users\mierike\Desktop

Boot Mode: Normal

==============================================
 

Content of fixlist:

*****************

S1 9692b0; \??\C:\Windows\system32\drivers\9692b0.sys [X]

S1 brwtyvgg; \??\C:\Windows\system32\drivers\brwtyvgg.sys [X]

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S1 dsyoqujv; \??\C:\Windows\system32\drivers\dsyoqujv.sys [X]

         

*****************
 

9692b0 => Service deleted successfully.

brwtyvgg => Service deleted successfully.

catchme => Service deleted successfully.

dsyoqujv => Service deleted successfully.
 

==== End of Fixlog ====

Vielen Dank für deine Hilfe. Es funktioniert jetzt wieder alles einwandfrei :)