Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Java update erforderlich, Virus ? Alles wird geblockt... (https://www.trojaner-board.de/160759-java-update-erforderlich-virus-alles-geblockt.html)

Instantender 14.11.2014 15:58
Java update erforderlich, Virus ? Alles wird geblockt...
 
Hallo Trojaner-Board.

Ich habe ein Problem mit meinem Computer oder eher demn Internet und schon viele Antivirus Programme Versucht aber es Hilft nichts. Sobald Ich Google oder irgendeinen Webbrowser öffne und auf eine Seite gehe poppt die meldung :

Java update erforderlich

auf, und ich werde ohne zu fragen auf eine andere Seite geleitet die dann auch noch automatisch ein Setup runterläd. Avira hat bis jetzt immer sofort bei diesem Setup Alarm geschlagen. Nun kann ich aber kam noch was im Internet machen :( wenn ich auf die Java Seite geleitet werde und dann auf zurück drücke poppt die Meldung nach 1-3 Sekunden wider auf. Manchmal sogar während ich auf der Java Seite bin. Die Firewall ist an und ich bin echt am ende. Das macht so agressiv wenn man irgendwas googelt oder schreibt und plötzlich ist die seite weg und alles gelöscht. Ich hoffe jemand kann mir Helfen :daumenhoc

Mfg Instantender

schrauber 14.11.2014 16:25
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Instantender 14.11.2014 20:00
Hier die FRST

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-11-2014 02
Ran by User (administrator) on USER-PC on 14-11-2014 19:55:44
Running from C:\Users\User\Downloads
Loaded Profile: User (Available profiles: User & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Fuyu LIMITED) C:\ProgramData\WindowsProtectManger\wprotectmanager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(PC Utilities Software Limited) C:\Program Files (x86)\Driver Pro\DPTray.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Bandoo Media Inc.) C:\Users\User\AppData\Local\iLivid\iLivid.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(PC Utilities Software Limited) C:\Program Files (x86)\LiveSupport\LiveSupport.exe
(SkypEmoticons) C:\Users\User\AppData\Roaming\SkypEmoticons\SE.exe
() C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
(TECOM) C:\Program Files (x86)\DT\Sinus 154 stick\Wifiusb.exe
() C:\Users\User\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Local Weather LLC) C:\Users\User\AppData\Local\WeatherAlerts\WeatherAlerts.exe
(Cyberlink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Visicom Media Inc. (Powered by Panda Security)) C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
(ScanSoft, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
() C:\Users\User\AppData\Roaming\pushbullet\pushbullet_104\pushbullet_app.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Beepa P/L) C:\Fraps\fraps.exe
(Beepa P/L) C:\Fraps\fraps64.dat
(MAGIX AG) C:\Program Files (x86)\MAGIX\Video_easy_4_HD\VideoEasy.exe
(MAGIX AG) C:\Program Files (x86)\MAGIX\Video_easy_4_HD\mxoutprocmem\mxoutprocmem_x64.exe
(MAGIX AG) C:\Program Files (x86)\MAGIX\Video_easy_4_HD\mxoutprocmem\mxoutprocmem_x64.exe
(MAGIX AG) C:\Program Files (x86)\MAGIX\Video_easy_4_HD\Online\MagixOfa.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\javaw.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\javaw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Pay By Ads LTD) C:\Users\User\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2\dsrlte.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamSpeak Systems GmbH) C:\Users\User\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [83240 2008-03-20] (Cyberlink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2007-12-14] ()
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2770432 2010-12-29] (VIA)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Anti-phishing Domain Advisor] => C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe [232616 2012-01-17] (Visicom Media Inc. (Powered by Panda Security))
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [57393 2005-03-17] (ScanSoft, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [40960 2005-03-17] (ScanSoft, Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [835288 2014-08-13] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1109194208-129431678-948010717-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [147456 2007-01-15] (Nero AG)
HKU\S-1-5-21-1109194208-129431678-948010717-1000\...\Run: [Akamai NetSession Interface] => C:\Users\User\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1109194208-129431678-948010717-1000\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-10] (Google Inc.)
HKU\S-1-5-21-1109194208-129431678-948010717-1000\...\Run: [iLivid] => C:\Users\User\AppData\Local\iLivid\iLivid.exe [7307776 2014-02-12] (Bandoo Media Inc.)
HKU\S-1-5-21-1109194208-129431678-948010717-1000\...\Run: [Yahoo! Search] => C:\Users\User\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2\dsrlte.exe [535472 2014-07-07] (Pay By Ads LTD)
HKU\S-1-5-21-1109194208-129431678-948010717-1000\...\Run: [Pushbullet] => C:\Program Files (x86)\Pushbullet\pushbullet_app.exe [822320 2014-08-26] ()
HKU\S-1-5-21-1109194208-129431678-948010717-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-1109194208-129431678-948010717-1000\...\Run: [LiveSupport] => C:\Program Files (x86)\LiveSupport\LiveSupport.exe [1005056 2014-03-18] (PC Utilities Software Limited)
HKU\S-1-5-21-1109194208-129431678-948010717-1000\...\Run: [se] => C:\Users\User\AppData\Roaming\SkypEmoticons\SE.exe [5679008 2014-10-18] (SkypEmoticons)
HKU\S-1-5-21-1109194208-129431678-948010717-1000\...\MountPoints2: {e944a36a-b5d2-11e3-8ac4-20cf3080dfb9} - E:\Startme.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-21] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
AppInit_DLLs:  C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL => C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL File Not Found
AppInit_DLLs-x32: c:\progra~2\suptab\search~1.dll => "c:\progra~2\suptab\search~1.dll" File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger]
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk
ShortcutTarget: AVer HID Receiver.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk
ShortcutTarget: AVerQuick.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (AVerMedia TECHNOLOGIES, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Sinus 154 stick WLAN Manager.lnk
ShortcutTarget: Sinus 154 stick WLAN Manager.lnk -> C:\Program Files (x86)\DT\Sinus 154 stick\Wifiusb.exe (TECOM)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
ShortcutTarget: DesktopWeatherAlerts.lnk -> C:\Users\User\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk
ShortcutTarget: simplicheck.lnk -> C:\Program Files (x86)\simplitec\simplicheck\simplicheck.exe (simplitec)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
ShortcutTarget: Weather Alerts.lnk -> C:\Users\User\AppData\Local\WeatherAlerts\WeatherAlerts.exe (Local Weather LLC)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooVT&dpid=YahooVT_PKR&co=DE&userid=76b88cad-2817-4c58-abb7-d19671bf704e&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp7000
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.allsearches.info/?pid=20494&r=2014/10/18&hid=14135115554129621829&lg=EN&cc=DE&unqvl=64
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40DDFFBF7BEDCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=YahooVT&dpid=YahooVT_PKR&co=DE&userid=76b88cad-2817-4c58-abb7-d19671bf704e&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp7000
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1402853659&from=cor&uid=395049983_1052482_D0EAAE0F
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 - DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
SearchScopes: HKLM - DefaultScope {739E451B-FEC4-4D0A-96B8-AEA0D8DD070D} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM - {739E451B-FEC4-4D0A-96B8-AEA0D8DD070D} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=484&systemid=406&v=a12627-289&apn_uid=8499720655014573&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.allsearches.info/?l=1&q={searchTerms}&pid=20494&r=2014/10/18&hid=14135115554129621829&lg=EN&cc=DE&unqvl=64
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=484&systemid=406&v=a12627-289&apn_uid=8499720655014573&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.allsearches.info/?l=1&q={searchTerms}&pid=20494&r=2014/10/18&hid=14135115554129621829&lg=EN&cc=DE&unqvl=64
SearchScopes: HKCU - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.allsearches.info/?l=1&q={searchTerms}&pid=20494&r=2014/10/18&hid=14135115554129621829&lg=EN&cc=DE&unqvl=64
SearchScopes: HKCU - 6204A4FE2C304FAC8941FE6FA4AE4FBB URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutBtD0C0FtAtDzztD0D0F0Bzy0A0EtD0FtN0D0Tzu0SyBtDzztN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=2083576192&ir=
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooVT&dpid=YahooVT_PKR&co=DE&userid=76b88cad-2817-4c58-abb7-d19671bf704e&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp7000
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPBDF2DCA5-80AD-4412-9965-4249131FE27C&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.doko-search.com/?q={searchTerms}&babsrc=SP_ss_mib2&mntrId=D0EA20CF3080DFB9&affID=128491&tsp=5185
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1402853659&from=cor&uid=395049983_1052482_D0EAAE0F&q={searchTerms}
SearchScopes: HKCU - {7119FE4C-737F-475A-99E9-A7CC392C3D9A} URL = hxxp://rts.dsrlte.com/?q={searchTerms}&r=934
SearchScopes: HKCU - {739E451B-FEC4-4D0A-96B8-AEA0D8DD070D} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://blekko.com/?source=c6125cca&tbp=rbox&toolbarid=blekkotb_001&u=2012050663F94CCDA7B2CF62643D6B2F&q={searchTerms}
SearchScopes: HKCU - {83424226-397C-46FC-8A39-54D82A93ABC5} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=484&systemid=406&v=a12627-289&apn_uid=8499720655014573&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=484&systemid=406&v=a12627-289&apn_uid=8499720655014573&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.allsearches.info/?l=1&q={searchTerms}&pid=20494&r=2014/10/18&hid=14135115554129621829&lg=EN&cc=DE&unqvl=64
SearchScopes: HKCU - {D92E081A-3DB7-44F7-8216-FCFA4FEEADE2} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^VK^DE&apn_uid=83838051-261d-452b-b61e-fb81e3eca632&apn_sauid=98D8BF62-43DC-4668-91B0-F182020C2855
BHO: YoutubeAdBlocke -> {37579585-1f98-49b9-a372-a607457ced8c} -> C:\Program Files (x86)\YoutubeAdBlocke\q2h4Z00N1URkcR.x64.dll ()
BHO: GoSave -> {4f8f8a98-afd7-48ef-bbc6-61016c3919b1} -> C:\Program Files (x86)\GoSave\WKtVMXwg9j87sg.x64.dll ()
BHO: GoSave -> {6c055ee2-384a-48b5-a976-95e7826cb746} -> C:\Program Files (x86)\GoSave\goZEyoYpPlgJmX.x64.dll ()
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Movies Toolbar (Dist. by Bandoo Media, Inc.) -> {d1dac034-9fd9-4c13-a388-d2e10e57707f} -> C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx64.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoftTB DE Toolbar -> {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} -> C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
BHO-x32: Updater For Spam Free Search Bar -> {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} -> C:\Program Files (x86)\blekkotb\auxi\blekkoAu.dll (Visicom Media)
BHO-x32: Spam Free Search Bar -> {26c9e18c-3717-4be1-a225-04e4471f5b6e} -> C:\Program Files (x86)\blekkotb\blekkoDx.dll ()
BHO-x32: TBSB01620 Class -> {58124A0B-DC32-4180-9BFF-E0E21AE34026} -> C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Searchqu Toolbar -> {99079a25-328f-4bd4-be04-00955acaa0a7} -> C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
BHO-x32: Wajam -> {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} -> C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
BHO-x32: Movies Toolbar (Dist. by Bandoo Media, Inc.) -> {d1dac034-9fd9-4c13-a388-d2e10e57707f} -> C:\PROGRA~2\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: buenosearch Helper Object -> {F1C81E40-2485-4DB6-8C9D-04BD596B281E} -> C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\bh\buenosearch.dll (Montiera Technologies LTD)
Toolbar: HKLM - Movies Toolbar (Dist. by Bandoo Media, Inc.) - {d1dac034-9fd9-4c13-a388-d2e10e57707f} - C:\Program Files (x86)\Movies Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx64.dll ()
Toolbar: HKLM-x32 - IMinent Toolbar - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
Toolbar: HKLM-x32 - Spam Free Search Bar - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll ()
Toolbar: HKLM-x32 - DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} -  No File
Toolbar: HKLM-x32 - buenosearch Toolbar - {828DC97A-2277-4E10-92A9-4907FA0922A9} - C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\buenosearchTlbr.dll (Montiera Technologies LTD)
Toolbar: HKLM-x32 - Movies Toolbar (Dist. by Bandoo Media, Inc.) - {d1dac034-9fd9-4c13-a388-d2e10e57707f} - C:\PROGRA~2\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll No File
Toolbar: HKLM-x32 - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
Toolbar: HKU\S-1-5-21-1109194208-129431678-948010717-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-1109194208-129431678-948010717-1000 -> No Name - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} -  No File
Toolbar: HKU\S-1-5-21-1109194208-129431678-948010717-1000 -> No Name - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} -  No File
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1109194208-129431678-948010717-1000: @soe.sony.com/installer,version=1.0.3 -> C:\Users\User\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll No File
FF Plugin HKU\S-1-5-21-1109194208-129431678-948010717-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2014-06-02]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-11-08]
CHR Extension: (ClickClean) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2014-10-18]
CHR Extension: (Click free Browsing) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipfpfhnlkoddglhimhdbboidjcfjlkji [2014-10-25]
CHR Extension: (Freemake Video Converter) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2014-06-02]
CHR Extension: (GoSave) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek [2014-10-18]
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2014-07-03]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-08]
CHR Extension: (GoSave) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd [2014-10-18]
CHR Extension: (MySearchDial) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff [2014-10-18]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\User\AppData\Local\mysearchdial-speeddial.crx [2013-12-08]
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-06-02]
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\User\AppData\Local\mysearchdial-speeddial.crx [2013-12-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [806704 2014-10-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [994096 2014-10-27] (Avira Operations GmbH & Co. KG)
R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [368640 2013-06-26] (AVerMedia) [File not signed]
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [772096 2013-08-16] () [File not signed]
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-08-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-08-13] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [777944 2014-08-13] (BlueStack Systems, Inc.)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2007-01-15] (Nero AG) [File not signed]
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [266240 2007-01-15] (Nero AG) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-26] ()
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2138936 2014-03-20] (TuneUp Software)
S3 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2012-04-24] (Wajam) [File not signed] <==== ATTENTION
R2 WindowsProtectManger; C:\ProgramData\WindowsProtectManger\wprotectmanager.exe [591776 2014-06-12] (Fuyu LIMITED) <==== ATTENTION

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-27] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-08-13] (BlueStack Systems)
R1 F06DEFF2-5B9C-490D-910F-35D3A91196222; C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\setmgrc1.cfg [36216 2014-05-12] (Bandoo Media Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-02-10] (TuneUp Software)
R1 {29b136c9-938d-4d3d-8df8-d649d9b74d02}w64; C:\Windows\System32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}w64.sys [61120 2014-04-24] (StdLib)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-14 17:19 - 2014-11-14 18:27 - 211919847 _____ () C:\Users\User\Desktop\Advmap #1.WMV
2014-11-14 16:55 - 2014-11-14 16:55 - 00003488 _____ () C:\Users\User\Downloads\piep 5s.H0
2014-11-14 16:55 - 2014-11-14 16:55 - 00002534 _____ () C:\Users\User\Downloads\piep 5s.HDP
2014-11-14 16:54 - 2014-11-14 16:54 - 00447140 _____ () C:\Users\User\Downloads\piep 5s.wav
2014-11-14 16:53 - 2014-11-14 17:02 - 00002534 _____ () C:\Users\User\Downloads\piep 1s.HDP
2014-11-14 16:53 - 2014-11-14 17:02 - 00000700 _____ () C:\Users\User\Downloads\piep 1s.H0
2014-11-14 16:52 - 2014-11-14 17:02 - 00090096 _____ () C:\Users\User\Downloads\piep 1s.wav
2014-11-14 15:42 - 2014-11-14 15:43 - 00045473 _____ () C:\Users\User\Downloads\Addition.txt
2014-11-14 15:41 - 2014-11-14 19:55 - 00033966 _____ () C:\Users\User\Downloads\FRST.txt
2014-11-14 15:41 - 2014-11-14 19:55 - 00000000 ____D () C:\FRST
2014-11-14 15:40 - 2014-11-14 15:40 - 02116608 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-11-14 13:39 - 2014-11-14 13:40 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2014-11-13 21:29 - 2014-11-13 21:34 - 3788401224 _____ () C:\Users\User\Desktop\javaw 2014-11-13 21-29-05-63.avi
2014-11-13 19:16 - 2014-11-13 19:23 - 857635744 _____ () C:\Users\User\Desktop\javaw 2014-11-13 19-16-08-99.avi
2014-11-13 18:49 - 2014-11-13 18:54 - 141342792 _____ () C:\Users\User\Desktop\javaw 2014-11-13 18-49-02-72.avi
2014-11-13 18:45 - 2014-11-13 18:45 - 00017617 _____ () C:\Users\User\AppData\Local\recently-used.xbel
2014-11-13 15:42 - 2014-11-13 15:49 - 56991151 _____ () C:\Users\User\Desktop\Film Hintergrundmusik.WMV
2014-11-13 13:47 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-13 13:47 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-13 13:47 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 13:47 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 13:47 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-13 13:47 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-13 13:47 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 13:47 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-13 13:47 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-13 13:47 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 13:47 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 13:47 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-13 13:47 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 13:47 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 13:47 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-13 13:47 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-13 13:47 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-13 13:47 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 13:47 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-13 13:47 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 13:47 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-13 13:47 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-13 13:47 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-13 13:47 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-13 13:47 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-13 13:47 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 13:47 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-13 13:47 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-13 13:47 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-13 13:47 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-13 13:47 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-13 13:47 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 13:47 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-13 13:47 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-13 13:47 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 13:47 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-13 13:47 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 13:47 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 13:47 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-13 13:47 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-13 13:47 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 13:47 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-13 13:47 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-13 13:47 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-13 13:47 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 13:47 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-13 13:47 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-13 13:47 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-13 13:47 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-13 13:47 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 13:47 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 13:47 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-13 13:47 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-13 13:47 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-13 13:47 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-13 13:47 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-13 13:47 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 13:47 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 13:47 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 13:47 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 13:47 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 13:47 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-13 13:47 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-13 13:47 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-13 13:47 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-13 13:47 - 2014-09-19 10:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-13 13:47 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 13:47 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-13 13:47 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-13 13:47 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-13 13:47 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-13 13:47 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-13 13:47 - 2014-09-19 10:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-13 13:47 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-13 13:47 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-13 13:47 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-13 13:47 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-13 13:47 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-13 13:47 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-13 13:43 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 13:43 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-13 13:43 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 13:43 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-13 13:43 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 13:43 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 13:43 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 13:43 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 13:43 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-13 13:43 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 13:43 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-13 13:43 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-13 13:43 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-13 13:43 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 13:43 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 13:43 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-13 13:43 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-13 13:43 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 13:43 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 20:02 - 2014-11-11 20:02 - 00644757 _____ () C:\Users\User\Desktop\YouTuber's Battle 1.8.zip
2014-11-11 19:22 - 2014-11-11 19:22 - 00300950 _____ () C:\Users\User\Downloads\NBTExplorer-2.7.5.zip
2014-11-08 19:11 - 2014-11-08 19:11 - 503286390 _____ () C:\Users\User\Desktop\Sind Games verspielte Lebenszeit ZDF info log in mit LeFloid.mp4
2014-11-08 18:48 - 2014-11-08 19:17 - 00000000 ____D () C:\Users\User\AppData\Local\UmmyVideoDownloader
2014-11-08 18:48 - 2014-11-08 18:48 - 00001196 _____ () C:\Users\Public\Desktop\UmmyVideoDownloader.lnk
2014-11-08 18:48 - 2014-11-08 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UmmyVideoDownloader
2014-11-08 18:47 - 2014-11-08 18:47 - 00397176 _____ () C:\Users\User\Downloads\UmmyVD-Web-Loader-110.exe
2014-11-08 17:47 - 2014-11-08 17:47 - 02306048 _____ (Free Flash Plugins company) C:\Users\User\Downloads\DownloadFileSetup_9977j.exe
2014-11-06 21:38 - 2014-11-06 21:38 - 00000000 ____D () C:\0bc855e986aceae151372d20
2014-11-03 20:30 - 2014-11-03 20:37 - 02126280 _____ () C:\Users\User\Downloads\Aura full.rar
2014-11-03 18:54 - 2014-11-03 21:21 - 00080472 _____ () C:\Users\User\Desktop\erste aufnahme ton.H0
2014-11-02 18:59 - 2014-11-02 19:00 - 00111422 _____ () C:\Users\User\Downloads\PvP1vs1-1.6.1.jar
2014-11-02 18:53 - 2014-11-02 18:54 - 00054094 _____ () C:\Users\User\Downloads\MobDisguise (1).jar
2014-11-02 15:38 - 2014-11-02 15:38 - 00000000 _____ () C:\Users\User\Desktop\rules.txt
2014-11-01 21:21 - 2014-11-01 21:22 - 10802262 _____ () C:\Users\User\Downloads\Breakable 2 by CDFDMAN.zip
2014-11-01 16:01 - 2014-11-01 16:08 - 74893520 _____ () C:\Users\User\Desktop\ts3_recording_14_11_01_16_1_34.wav
2014-11-01 15:39 - 2014-11-01 15:41 - 1834674096 _____ () C:\Users\User\Desktop\javaw 2014-11-01 15-39-47-50.avi
2014-10-30 21:44 - 2014-10-30 21:45 - 1210979296 _____ () C:\Users\User\Desktop\javaw 2014-10-30 21-44-06-15.avi
2014-10-30 21:20 - 2014-10-30 21:22 - 1771086088 _____ () C:\Users\User\Desktop\javaw 2014-10-30 21-20-51-41.avi
2014-10-30 21:17 - 2014-10-30 21:19 - 1114244944 _____ () C:\Users\User\Desktop\javaw 2014-10-30 21-17-57-79.avi
2014-10-30 21:13 - 2014-10-30 21:16 - 2494649768 _____ () C:\Users\User\Desktop\javaw 2014-10-30 21-13-46-93.avi
2014-10-30 21:09 - 2014-10-30 21:12 - 2484119840 _____ () C:\Users\User\Desktop\javaw 2014-10-30 21-09-20-20.avi
2014-10-30 21:02 - 2014-10-30 21:09 - 1310799768 _____ () C:\Users\User\Desktop\javaw 2014-10-30 21-02-56-87.avi
2014-10-30 20:23 - 2014-10-30 20:34 - 388133335 _____ () C:\Users\User\Downloads\Sony-Vegas-13-By-Dexter.rar
2014-10-29 22:01 - 2014-10-29 22:01 - 06223357 _____ () C:\Users\User\Desktop\KanalBild.xcf
2014-10-29 20:50 - 2014-10-29 20:51 - 01405483 _____ () C:\Users\User\Desktop\InstaGamer Intro.WMV
2014-10-29 18:41 - 2014-10-29 18:41 - 01765489 _____ () C:\Users\User\Desktop\Steffens Intro.WMV
2014-10-29 16:36 - 2014-10-29 16:39 - 2681783728 _____ () C:\Users\User\Desktop\javaw 2014-10-29 16-36-23-67.avi
2014-10-29 16:32 - 2014-10-29 16:35 - 2738550576 _____ () C:\Users\User\Desktop\javaw 2014-10-29 16-32-21-37.avi
2014-10-29 16:26 - 2014-10-29 16:31 - 3554459016 _____ () C:\Users\User\Desktop\javaw 2014-10-29 16-26-55-64.avi
2014-10-29 16:08 - 2014-10-29 16:08 - 00000000 ____D () C:\Users\User\Desktop\AudioTemp
2014-10-28 00:04 - 2014-10-28 00:04 - 00048967 _____ () C:\Users\User\Downloads\MineCarsReloaded.zip
2014-10-27 23:47 - 2014-10-27 23:47 - 00095271 _____ () C:\Users\User\Downloads\iDisguise_v3.0.4.jar
2014-10-27 23:45 - 2014-10-27 23:45 - 00054094 _____ () C:\Users\User\Downloads\MobDisguise.jar
2014-10-27 23:01 - 2014-10-27 23:01 - 00001587 _____ () C:\Users\User\Desktop\wepif.yml
2014-10-27 20:04 - 2014-10-27 20:05 - 08684905 _____ () C:\Users\User\Downloads\BDcraft Sounds Pack.zip
2014-10-27 14:56 - 2014-10-27 14:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\MTE
2014-10-27 14:56 - 2014-10-27 14:56 - 00001116 _____ () C:\Users\UpdatusUser\Desktop\Minecraft Texturepack Editor.lnk
2014-10-27 14:56 - 2014-10-27 14:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft Texturepack Editor
2014-10-27 14:56 - 2014-10-27 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Texturepack Editor
2014-10-27 14:56 - 2014-10-27 14:56 - 00000000 ____D () C:\Program Files (x86)\Minecraft Texturepack Editor
2014-10-27 14:54 - 2014-10-27 14:55 - 02694566 _____ () C:\Users\User\Downloads\mte_setup.exe
2014-10-27 10:37 - 2014-10-27 10:37 - 13423227 _____ () C:\Users\User\Desktop\Sphax PureBDcraft  64x MC17.zip
2014-10-27 10:16 - 2014-10-27 10:16 - 00000000 ____D () C:\Users\User\AppData\Roaming\Avira
2014-10-27 10:15 - 2014-10-27 10:15 - 00002066 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-10-27 10:15 - 2014-10-27 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-27 10:14 - 2014-10-27 10:18 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-27 10:14 - 2014-10-27 10:18 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-27 10:14 - 2014-10-27 10:18 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-27 10:14 - 2014-10-27 10:14 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-27 10:14 - 2014-08-15 10:30 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-10-26 10:46 - 2014-10-26 10:48 - 36021856 _____ () C:\Users\User\Downloads\Sphax_Hexxit _64x(1.1).zip
2014-10-26 10:36 - 2014-10-26 10:36 - 00093998 _____ () C:\Users\User\Desktop\Vorstellungsvideo #1.MVY
2014-10-25 19:38 - 2014-10-25 19:38 - 00000000 ____D () C:\ProgramData\Mozilla
2014-10-25 10:19 - 2014-10-27 11:00 - 00000000 ____D () C:\ProgramData\ShopiDroP
2014-10-24 17:02 - 2014-10-24 17:02 - 09358488 _____ () C:\Users\User\Desktop\Sphax PureBDCraft  64x MC14.zip
2014-10-24 16:45 - 2014-10-24 16:46 - 08283821 _____ () C:\Users\User\Downloads\Minecraft Shader + Shaderpacks.rar
2014-10-23 21:43 - 2014-10-23 21:44 - 00398392 _____ () C:\Users\User\Downloads\ShadersMod-v2.3.19mc1.7.10-installer.jar
2014-10-19 16:45 - 2014-10-19 16:46 - 00896584 _____ (Elex do Brasil Participações Ltda) C:\Users\User\Downloads\yet_another_cleaner_avae.exe
2014-10-18 19:54 - 2014-10-18 19:54 - 00000617 _____ () C:\Users\User\Desktop\server.properties
2014-10-18 18:17 - 2014-10-18 18:17 - 01331819 _____ () C:\Users\User\Downloads\Essentials (5).zip
2014-10-18 18:15 - 2014-10-18 18:15 - 01292121 _____ () C:\Users\User\Downloads\Essentials (4).zip
2014-10-18 18:13 - 2014-10-18 18:13 - 00926429 _____ () C:\Users\User\Downloads\Essentials (3).zip
2014-10-18 18:11 - 2014-10-18 18:11 - 00926429 _____ () C:\Users\User\Downloads\Essentials (2).zip
2014-10-18 18:09 - 2014-10-18 18:09 - 00896882 _____ () C:\Users\User\Downloads\Essentials (1).zip
2014-10-18 17:57 - 2014-10-18 17:57 - 01610449 _____ () C:\Users\User\Downloads\BukkitForge-1.4.7-40.jar
2014-10-18 15:29 - 2014-11-14 18:56 - 00003216 _____ () C:\Windows\System32\Tasks\Driver Pro Schedule
2014-10-18 15:29 - 2014-10-21 20:42 - 00003238 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-10-18 15:29 - 2014-10-18 15:29 - 00000000 ____D () C:\Users\User\Documents\Optimizer Pro
2014-10-18 15:29 - 2014-10-18 15:29 - 00000000 ____D () C:\Users\User\AppData\Roaming\Optimizer Pro
2014-10-18 15:14 - 2014-11-14 18:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\Driver Pro
2014-10-18 15:14 - 2014-10-18 15:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\SkypEmoticons
2014-10-18 15:14 - 2014-10-18 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkypEmoticons
2014-10-18 15:14 - 2014-10-18 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Pro
2014-10-18 15:14 - 2014-10-18 15:14 - 00000000 ____D () C:\Program Files (x86)\Driver Pro
2014-10-18 15:13 - 2014-10-18 15:13 - 00000000 ____D () C:\ProgramData\Trusted Publisher
2014-10-18 15:13 - 2014-10-18 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-10-18 15:13 - 2014-10-18 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiveSupport
2014-10-18 15:13 - 2014-10-18 15:13 - 00000000 ____D () C:\Program Files (x86)\LiveSupport
2014-10-18 15:12 - 2014-10-27 15:58 - 00000000 ____D () C:\ProgramData\YoutubeAdBlocke
2014-10-18 15:12 - 2014-10-27 10:25 - 00000000 ____D () C:\Program Files (x86)\YoutubeAdBlocke
2014-10-18 15:11 - 2014-10-27 15:58 - 00000000 ____D () C:\ProgramData\GoSave
2014-10-18 15:11 - 2014-10-27 10:25 - 00000000 ____D () C:\Program Files (x86)\GoSave
2014-10-18 15:11 - 2014-10-18 15:15 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-10-18 09:30 - 2014-10-18 09:31 - 02346942 _____ () C:\Users\User\Desktop\TechnicLauncher.exe
2014-10-16 12:47 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 12:47 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 12:47 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 12:47 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 12:47 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 12:47 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 12:46 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 12:46 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 12:46 - 2014-07-17 03:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 12:46 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 12:46 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 12:46 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 12:46 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 12:46 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 12:46 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 12:46 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 12:46 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 12:46 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 12:46 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-14 19:56 - 2012-05-17 09:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-14 19:54 - 2013-12-08 18:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2014-11-14 19:53 - 2014-06-02 12:54 - 00000000 ____D () C:\Users\User\AppData\Local\WeatherAlerts
2014-11-14 19:53 - 2012-02-18 12:41 - 00000000 ____D () C:\Users\User\AppData\Roaming\.minecraft
2014-11-14 19:50 - 2013-12-08 18:53 - 00000000 ____D () C:\Users\User\AppData\Roaming\TS3Client
2014-11-14 19:49 - 2010-12-29 15:25 - 02370084 _____ () C:\Windows\setupact.log
2014-11-14 19:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2014-11-14 19:13 - 2009-07-14 18:58 - 03544842 _____ () C:\Windows\system32\perfh007.dat
2014-11-14 19:13 - 2009-07-14 18:58 - 01043138 _____ () C:\Windows\system32\perfc007.dat
2014-11-14 19:13 - 2009-07-14 06:13 - 00005202 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-14 18:07 - 2014-01-06 22:18 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-11-14 18:07 - 2010-12-29 12:16 - 01322508 _____ () C:\Windows\WindowsUpdate.log
2014-11-14 13:41 - 2014-09-01 12:48 - 00000000 ____D () C:\Users\User\AppData\Roaming\pushbullet
2014-11-14 13:41 - 2012-05-03 13:55 - 00000000 ____D () C:\Users\User\AppData\Local\Akamai
2014-11-14 13:29 - 2009-07-14 05:45 - 00014800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-14 13:29 - 2009-07-14 05:45 - 00014800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-14 13:23 - 2013-10-03 10:46 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-11-14 13:23 - 2010-12-29 13:43 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-14 13:23 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-14 13:23 - 2009-07-14 05:45 - 00499648 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 22:04 - 2010-12-29 15:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 21:51 - 2013-08-18 12:26 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 21:47 - 2010-12-29 12:44 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-13 21:40 - 2013-12-31 13:27 - 00000000 ____D () C:\Users\User\.gimp-2.8
2014-11-13 18:45 - 2013-12-31 13:30 - 00000000 ____D () C:\Users\User\AppData\Local\gtk-2.0
2014-11-12 16:32 - 2012-05-17 09:29 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 16:32 - 2012-05-17 09:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 16:32 - 2012-05-17 09:29 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-11 21:37 - 2013-12-23 13:32 - 00000000 ____D () C:\Users\User\AppData\Roaming\FileZilla
2014-11-08 21:47 - 2013-12-26 16:56 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-31 17:31 - 2013-12-14 09:37 - 00000000 ___RD () C:\Users\User\Desktop\Alles
2014-10-28 18:11 - 2013-12-08 18:41 - 00000000 ____D () C:\Users\User\AppData\Local\TeamSpeak 3 Client
2014-10-27 11:00 - 2014-07-02 18:43 - 00000000 ____D () C:\ProgramData\41ea2aba92e1b5eb
2014-10-27 11:00 - 2014-03-13 08:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-27 11:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-10-27 10:57 - 2014-01-04 11:24 - 00000000 ____D () C:\Users\User\AppData\Roaming\.technic
2014-10-27 10:30 - 2010-12-29 15:24 - 02028192 _____ () C:\Windows\PFRO.log
2014-10-27 10:21 - 2014-07-09 15:39 - 00000000 ____D () C:\Program Files (x86)\Cinema 4D R12
2014-10-27 10:20 - 2013-12-18 17:03 - 00000000 ____D () C:\Users\User\AppData\Roaming\uTorrent
2014-10-27 10:19 - 2014-06-02 13:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014
2014-10-27 10:14 - 2012-10-07 12:37 - 00000000 ____D () C:\ProgramData\Avira
2014-10-27 10:07 - 2013-12-19 14:07 - 00000190 _____ () C:\Users\User\AppData\Roaming\WB.CFG
2014-10-27 10:02 - 2014-01-17 20:08 - 00000000 ____D () C:\Program Files\Paint.NET
2014-10-26 11:27 - 2014-01-17 20:08 - 00000000 ____D () C:\Users\User\AppData\Local\Paint.NET
2014-10-22 11:59 - 2010-12-29 13:18 - 00000000 ____D () C:\Users\User\AppData\Roaming\Ahead
2014-10-19 20:39 - 2014-10-10 13:04 - 00000000 ____D () C:\Users\User\.tupi
2014-10-19 18:15 - 2014-10-10 16:04 - 00017408 ___SH () C:\Users\User\Thumbs.db
2014-10-18 18:06 - 2014-04-29 13:00 - 00000000 ____D () C:\Users\User\Downloads\Alles
2014-10-18 15:11 - 2011-08-24 18:50 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-18 15:11 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-18 15:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-10-17 15:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

Files to move or delete:
====================
C:\Users\User\jdk-7u2-windows-x64.exe


Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\SkypeSetup.exe
C:\Users\User\AppData\Local\Temp\UmmyVideoDownloader.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-08 19:52

==================== End Of Log ============================
--- --- ---

--- --- ---


Hier Addition

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-11-2014 02
Ran by User at 2014-11-14 15:42:46
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

18 WoS Extreme Trucker 1.01 (HKLM-x32\...\18 WoS Extreme Trucker) (Version: 1.01 - )
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Age of Empires III - The WarChiefs (HKLM-x32\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The WarChiefs (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM-x32\...\InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-1109194208-129431678-948010717-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Anti-phishing Domain Advisor (HKLM-x32\...\Anti-phishing Domain Advisor) (Version: 1.0.0.0 - Visicom Media Inc. (Powered by Panda Security))
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassin's Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version:  - Ubisoft)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVer MediaCenter 3D (HKLM-x32\...\InstallShield_{D2912CB2-F95A-406C-AA88-2BB5DCB6D275}) (Version: 1.7.9 - AVerMedia Technologies, Inc.)
AVer MediaCenter 3D (x32 Version: 1.7.9 - AVerMedia Technologies, Inc.) Hidden
AVerMedia H727 PCIe Hybrid DVBT HDMI Capture Device 1.54.64.42 (HKLM-x32\...\AVerMedia H727 PCIe Hybrid DVBT HDMI Capture Device) (Version: 1.54.64.42 - AVerMedia TECHNOLOGIES, Inc.)
Blender (HKLM\...\Blender) (Version: 2.69 - Blender Foundation)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.1.4057 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{981B38A6-E4D0-4D94-98C2-75AC645755F5}) (Version: 0.9.1.4057 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
buenosearch toolbar  (HKLM-x32\...\buenosearch) (Version: 1.8.28.7 - Montiera technologies LTD) <==== ATTENTION
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version:  - )
Call of Juarez Gunslinger (HKLM-x32\...\Steam App 204450) (Version:  - Techland)
Corel Website Creator X6 (HKLM-x32\...\{4956539A-0159-4FB4-A090-69784B4DE19B}) (Version: 12.5 Trial - Corel)
Corel Website Creator X6 Trial (x32 Version: 12.50.0100.5199 - NetObjects) Hidden
Crysis WARHEAD(R) (HKU\S-1-5-21-1109194208-129431678-948010717-1000\...\Crysis WARHEAD(R)) (Version:  - Electronic Arts)
Crysis WARHEAD(R) (x32 Version: 1.0 - Crytek) Hidden
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.1531 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DesktopWeatherAlerts (HKU\S-1-5-21-1109194208-129431678-948010717-1000\...\DesktopWeatherAlerts) (Version: 1.0.29.0 - Local Weather LLC) <==== ATTENTION
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
Driver Pro v3.2.0.2 (HKLM-x32\...\Driver Pro_is1) (Version: 3.2.0.2 - PC Utilities Software Limited) <==== ATTENTION
DVDVideoSoftTB DE Toolbar (HKLM-x32\...\DVDVideoSoftTB_DE Toolbar) (Version: 6.9.0.16 - DVDVideoSoftTB DE)
Euro Truck Simulator 1.1 (HKLM-x32\...\Euro Truck Simulator) (Version: 1.1 - )
Far Cry 3 Blood Dragon (HKLM-x32\...\{A071F478-73E0-4143-AE55-4DD6BABD74F5}) (Version: 1.02 - Ubisoft)
File Opener Packages (HKU\S-1-5-21-1109194208-129431678-948010717-1000\...\File Opener Packages) (Version:  - ) <==== ATTENTION
FileOpener (HKLM-x32\...\Tweaks FileOpener) (Version: 1.1.1 - Tweaks)
FileViewPro (HKLM\...\FileViewPro_is1) (Version: 4.0 - Solvusoft Corporation)
FileZilla Client 3.7.4.1 (HKU\S-1-5-21-1109194208-129431678-948010717-1000\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
FormatFactory 3.2.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.2.1.0 - Free Time)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Free YouTube to MP3 Converter version 3.11.35.1031 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.35.1031 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
GameMaker-Studio 1.3 (HKU\S-1-5-21-1109194208-129431678-948010717-1000\...\GameMaker-Studio13) (Version:  - YoYo Games Ltd.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
German Truck Simulator 1.00 (HKLM-x32\...\German Truck Simulator) (Version: 1.00 - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Grand Theft Auto: San Andreas (HKLM-x32\...\Steam App 12120) (Version:  - Rockstar Games)
iLivid (HKU\S-1-5-21-1109194208-129431678-948010717-1000\...\iLivid) (Version: 5.0.0.4408 - Bandoo Media Inc) <==== ATTENTION
IMinent Toolbar (HKLM-x32\...\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}) (Version: 3.26.0 - IMinent) <==== ATTENTION
iTunes (HKLM\...\{A04DCB25-7040-4935-A30D-8E0A893ABF2D}) (Version: 11.1.2.32 - Apple Inc.)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java(TM) SE Development Kit 7 Update 2 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170020}) (Version: 1.7.0.20 - Oracle)
JavaFX 2.0.2 (64-bit) (HKLM\...\{1111706F-666A-4037-7777-202648764D10}) (Version: 2.0.2 - Oracle Corporation)
JavaFX 2.0.2 SDK (64-bit) (HKLM\...\{2222706F-666A-4037-7777-202648764D10}) (Version: 2.0.2 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Landwirtschafts Simulator 2011 (HKLM-x32\...\FarmingSimulator2011DE_is1) (Version: 1.0 - GIANTS Software)
Landwirtschafts Simulator 2013 (HKLM-x32\...\FarmingSimulator2013DE_is1) (Version: 1.0 - GIANTS Software)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LiveSupport (HKLM-x32\...\LiveSupport_is1) (Version: 1.2.8.0 - PC Utilities Software Limited) <==== ATTENTION
MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Goya burnR (MSI) (HKLM-x32\...\MX.{A1566920-701E-4DEC-B15F-CD3679E0D2E0}) (Version: 4.3.2.0 - MAGIX Software GmbH)
MAGIX Goya burnR (MSI) (Version: 4.3.2.0 - MAGIX Software GmbH) Hidden
MAGIX Music Maker 2015 (HKLM-x32\...\MX.{78E174AA-8527-48DF-97B5-E9038B4163DF}) (Version: 21.0.0.28 - MAGIX Software GmbH)
MAGIX Music Maker 2015 (Version: 21.0.0.28 - MAGIX Software GmbH) Hidden
MAGIX Music Maker 2015 Trial Soundpools (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Screenshare (HKLM-x32\...\MAGIX_{F353F2D5-D609-47F4-BD62-ADD45379AAD5}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Screenshare (Version: 4.3.6.1987 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{845AB0C6-F995-472D-A992-FCF6577432BE}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Video easy 4 HD (HKLM-x32\...\MAGIX_{80A17762-B56C-49E4-9CAE-7872F8E681AF}) (Version: 4.0.0.30 - MAGIX AG)
MAGIX Video easy 4 HD (Version: 4.0.0.30 - MAGIX AG) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Games for Windows - LIVE  (HKLM-x32\...\{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}) (Version: 2.0.675.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{FD052FB9-FE90-4438-B355-15EDC89D8FB1}) (Version: 2.0.673.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1109194208-129431678-948010717-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Minecraft (HKLM-x32\...\Minecraft) (Version: ${VERSION} - )
Minecraft Texturepack Editor (HKLM-x32\...\Minecraft Texturepack Editor) (Version:  - )
Movie Studio Platinum 12.0 (HKLM-x32\...\{250AF19E-0A81-11E3-86A7-F04DA23A5C58}) (Version: 12.0.1183 - Sony)
Movies Toolbar for Internet Explorer (Dist. by Bandoo Media, Inc.) (HKLM-x32\...\ilividmoviestoolbar181IE) (Version: 1.8.1.0 - IAC Search and Media) <==== ATTENTION
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Mysearchdial (HKLM-x32\...\mysearchdial) (Version:  - Mysearchdial) <==== ATTENTION
NBTExplorer (HKLM-x32\...\{06107EDA-5B85-4CEC-AB1E-8350DEC15231}) (Version: 2.7.4.0 - Justin Aquadro)
Nero 7 Premium (HKLM-x32\...\{42F7C377-2A1F-44FB-A17F-053C29E81031}) (Version: 7.02.4716 - Nero AG)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.2.3 - )
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.7 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.1.9.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.9.0 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Open Freely (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1) (Version: 1.0 - Download Freely, LLC)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PaperPort (HKLM-x32\...\{A17EABB6-D0C6-44E5-820C-72DC7F495064}) (Version: 9.02.0823 - ScanSoft, Inc.)
PC Connectivity Solution (HKLM-x32\...\{AC599724-5755-48C1-ABE7-ABB857652930}) (Version: 8.15.0.0 - Nokia)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Price Metér (remove only) (HKU\S-1-5-21-1109194208-129431678-948010717-1000\...\Price Metér) (Version: 1.1.4.6 - Price Meter) <==== ATTENTION
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Pushbullet version 101 (HKLM-x32\...\{7578F204-49E7-4830-B051-14C23F408BFE}_is1) (Version: 101 - Pushbullet Inc)
Republic Heroes (HKLM-x32\...\{5612C844-55BC-4B77-82C2-A2E28962418E}) (Version: 1.00.0000 - LucasArts)
SAMSUNG Mobile Composite Device Software (HKLM\...\SAMSUNG Mobile Composite Device) (Version:  - )
Samsung Mobile Modem Device Software (HKLM\...\Samsung Mobile Modem Device) (Version:  - )
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
SAMSUNG USB Mobile Device Software (HKLM\...\SAMSUNG USB Mobile Device) (Version:  - )
SamsungConnectivityCableDriver (HKLM-x32\...\{7E84FAC8-C518-40F9-9807-7455301D6D25}) (Version: 6.83.6.2.1 - Samsung)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.13.3.38 - Client Connect LTD) <==== ATTENTION
simplitec simplicheck (HKLM-x32\...\{B73AFF76-53AD-464D-93D5-5A4E6CAAB893}) (Version: 1.2.3.0 - simplitec GmbH)
Sinus 154 stick (x32 Version: 04.12.07.2004 - Deutsche Telekom ) Hidden
SkypEmoticons (HKLM-x32\...\SkypEmoticons_is1) (Version:  - ) <==== ATTENTION
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Spam Free Search Bar (HKLM-x32\...\blekkotb) (Version: 1.0.0.12 - Visicom Media Inc.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version:  - )
TeamSpeak 3 Client (HKU\S-1-5-21-1109194208-129431678-948010717-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Fall - Mutant City (HKLM-x32\...\{6B03413A-27CD-417C-88CE-0D7D9198781E}) (Version: 1.0 -  )
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.275 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.73 - TuneUp Software) Hidden
Tupi version 0.2-4 (HKLM-x32\...\Tupi_is1) (Version: 0.2-4 - )
Ulead GIF Animator 5 Test (HKLM-x32\...\{8AF3E926-ED59-11D4-A44B-0000E86D2305}) (Version:  - )
UmmyVideoDownloader 1.2.0.6 (HKLM-x32\...\{E028DBDA-EEE7-48A0-ADF7-D250589A02C5}_is1) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 4.0 - Ubisoft)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.24 - NCH Software)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wajam (HKLM-x32\...\Wajam) (Version: 1.41 - Wajam) <==== ATTENTION
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Searchqu Toolbar (HKLM-x32\...\Searchqu Toolbar) (Version: 4.1.0.3114 - Bandoo Media Inc) <==== ATTENTION
WindowsProtectManger20.0.0.401 (HKLM-x32\...\WindowsProtectManger) (Version: 20.0.0.401 - Fuyu LIMITED) <==== ATTENTION
Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0) (HKLM\...\BC15EA930074932BB2C4B4493C9FD4EA95087D1A) (Version: 10/12/2007 6.85.4.0 - Nokia)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Yahoo! Search (HKU\S-1-5-21-1109194208-129431678-948010717-1000\...\Yahoo! Search) (Version:  - Pay-By-Ads) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1109194208-129431678-948010717-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1109194208-129431678-948010717-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1109194208-129431678-948010717-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1109194208-129431678-948010717-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-1109194208-129431678-948010717-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1109194208-129431678-948010717-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

06-11-2014 20:37:41 Windows Update
06-11-2014 21:00:53 Windows Update
07-11-2014 21:42:32 Windows Update
08-11-2014 21:35:05 Windows Update
09-11-2014 18:00:19 Windows-Sicherung
09-11-2014 21:04:01 Windows Update
10-11-2014 20:47:12 Windows Update
11-11-2014 20:45:32 Windows Update
12-11-2014 20:55:16 Windows Update
13-11-2014 20:44:10 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0CA76880-1C3E-4C7A-A20A-8B642CC60BCD} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {36EF9DCC-1B40-4E62-8EFF-0B185E78F54C} - System32\Tasks\Yahoo! Search => C:\Users\User\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2\dsrlte.exe [2014-07-07] (Pay By Ads LTD) <==== ATTENTION
Task: {410020C3-2CB7-4F16-A5E0-52B8D16BFE9B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {41A7FE85-163D-46D0-AFCA-41E80E38EA26} - System32\Tasks\EPUpdater => C:\Users\User\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-12-12] () <==== ATTENTION
Task: {489F002C-86EF-4D9C-8B81-7AAF38394492} - System32\Tasks\pricemeterdownloader => C:\Users\User\AppData\Local\PriceMeter\pricemeterd.exe [2014-06-15] (PriceMeter) <==== ATTENTION
Task: {90EDBAF3-294A-4FE0-A174-CEC84E458B4B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {A2F37D54-BF9E-4BBB-A337-8A939D5FBFC8} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {AECC9D50-B1BC-4686-8377-A1635A5E8923} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-03-20] (TuneUp Software)
Task: {D9042DAB-E7DB-4326-9176-514095E63EA3} - System32\Tasks\ScanSoft Background Update => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14] (Scansoft, Inc.)
Task: {E55C1D28-BF05-470D-8CE9-228E45725AED} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {FA04E32A-31F4-4024-8191-C8ADDA2D45E8} - System32\Tasks\Driver Pro Schedule => C:\Program Files (x86)\Driver Pro\DPTray.exe [2014-10-11] (PC Utilities Software Limited) <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-03-17 18:36 - 2014-05-12 12:11 - 00664576 _____ () c:\program files (x86)\movies toolbar\datamngr\x64\apcrtldr.dll
2014-01-02 14:37 - 2013-08-16 15:15 - 00772096 _____ () C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
2013-12-24 21:01 - 2013-12-26 10:59 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-03-20 13:44 - 2014-03-20 13:44 - 00675640 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2012-11-18 12:18 - 2013-01-18 16:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-01-02 14:37 - 2013-08-16 15:10 - 00163840 _____ () C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
2014-02-25 18:00 - 2014-02-25 18:00 - 00550952 _____ () C:\Users\User\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe
2010-12-29 13:27 - 2010-12-29 13:27 - 00071680 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2010-12-29 13:27 - 2010-12-29 13:27 - 00379392 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2010-12-29 13:28 - 2010-12-29 13:27 - 00098816 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2010-12-29 13:27 - 2010-12-29 13:27 - 47601664 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2014-10-04 02:01 - 2014-10-04 02:01 - 00822320 _____ () C:\Users\User\AppData\Roaming\pushbullet\pushbullet_104\pushbullet_app.exe
2013-12-09 13:36 - 2013-12-09 13:36 - 00055720 _____ () C:\Program Files\Java\jre7\bin\prism-d3d.dll
2013-12-09 13:36 - 2013-12-09 13:36 - 00197544 _____ () C:\Program Files\Java\jre7\bin\glass.dll
2013-12-09 13:36 - 2013-12-09 13:36 - 00590760 _____ () C:\Program Files\Java\jre7\bin\libxml2.dll
2013-12-09 13:36 - 2013-12-09 13:36 - 00202664 _____ () C:\Program Files\Java\jre7\bin\libxslt.dll
2013-12-09 13:36 - 2013-12-09 13:36 - 14863784 _____ () C:\Program Files\Java\jre7\bin\jfxwebkit.dll
2013-12-09 13:36 - 2013-12-09 13:36 - 00319912 _____ () C:\Program Files\Java\jre7\bin\javafx-font.dll
2014-11-14 14:07 - 2014-11-14 14:07 - 00310272 _____ () C:\Users\User\AppData\Roaming\.minecraft\versions\1.8\1.8-natives-2692893206240\lwjgl64.dll
2014-11-14 14:07 - 2014-11-14 14:07 - 00653832 _____ () C:\Users\User\AppData\Roaming\.minecraft\versions\1.8\1.8-natives-2692893206240\avutil-ttv-51.dll
2014-11-14 14:07 - 2014-11-14 14:07 - 00361103 _____ () C:\Users\User\AppData\Roaming\.minecraft\versions\1.8\1.8-natives-2692893206240\swresample-ttv-0.dll
2014-11-14 14:07 - 2014-11-14 14:07 - 00688161 _____ () C:\Users\User\AppData\Roaming\.minecraft\versions\1.8\1.8-natives-2692893206240\libmp3lame-ttv.dll
2014-11-14 14:07 - 2014-11-14 14:07 - 01384960 _____ () C:\Users\User\AppData\Roaming\.minecraft\versions\1.8\1.8-natives-2692893206240\twitchsdk.dll
2014-11-14 14:07 - 2014-11-14 14:07 - 00382464 _____ () C:\Users\User\AppData\Roaming\.minecraft\versions\1.8\1.8-natives-2692893206240\OpenAL64.dll
2014-03-17 18:36 - 2014-05-12 12:11 - 00489984 _____ () c:\program files (x86)\movies toolbar\datamngr\apcrtldr.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2003-04-09 11:23 - 2003-04-09 11:23 - 00028672 _____ () C:\Program Files (x86)\DT\Sinus 154 stick\WmiIndic.dll
2005-07-15 11:23 - 2005-07-15 11:23 - 00028672 _____ () C:\Program Files (x86)\DT\Sinus 154 stick\MHDLL.dll
2014-10-04 02:01 - 2014-10-04 02:01 - 00019456 _____ () C:\Users\User\AppData\Roaming\pushbullet\pushbullet_104\greenlet.pyd
2014-10-04 02:01 - 2014-10-04 02:01 - 00050176 _____ () C:\Users\User\AppData\Roaming\pushbullet\pushbullet_104\gevent._semaphore.pyd
2014-10-04 02:01 - 2014-10-04 02:01 - 00087552 _____ () C:\Users\User\AppData\Roaming\pushbullet\pushbullet_104\_ctypes.pyd
2014-10-04 02:01 - 2014-10-04 02:01 - 00099328 _____ () C:\Users\User\AppData\Roaming\pushbullet\pushbullet_104\win32api.pyd
2014-10-04 02:01 - 2014-10-04 02:01 - 00110592 _____ () C:\Users\User\AppData\Roaming\pushbullet\pushbullet_104\pywintypes27.dll
2014-10-04 02:01 - 2014-10-04 02:01 - 00044544 _____ () C:\Users\User\AppData\Roaming\pushbullet\pushbullet_104\_socket.pyd
2014-10-04 02:01 - 2014-10-04 02:01 - 00899584 _____ () C:\Users\User\AppData\Roaming\pushbullet\pushbullet_104\_ssl.pyd
2014-10-04 02:01 - 2014-10-04 02:01 - 00010240 _____ () C:\Users\User\AppData\Roaming\pushbullet\pushbullet_104\select.pyd
2014-10-04 02:01 - 2014-10-04 02:01 - 00358400 _____ () C:\Users\User\AppData\Roaming\pushbullet\pushbullet_104\_hashlib.pyd
2014-10-04 02:01 - 2014-10-04 02:01 - 00047616 _____ () C:\Users\User\AppData\Roaming\pushbullet\pushbullet_104\_sqlite3.pyd
2014-10-04 02:01 - 2014-10-04 02:01 - 00426496 _____ () C:\Users\User\AppData\Roaming\pushbullet\pushbullet_104\sqlite3.dll
2014-10-04 02:01 - 2014-10-04 02:01 - 00603136 _____ () C:\Users\User\AppData\Roaming\pushbullet\pushbullet_104\pysqlite2._sqlite.pyd
2014-10-04 02:01 - 2014-10-04 02:01 - 01176576 _____ () C:\Users\User\AppData\Roaming\pushbullet\pushbullet_104\wx._core_.pyd
2014-10-04 02:01 - 2014-10-04 02:01 - 00806400 _____ () C:\Users\User\AppData\Roaming\pushbullet\pushbullet_104\wx._gdi_.pyd
2014-10-04 02:01 - 2014-10-04 02:01 - 00815616 _____ () C:\Users\User\AppData\Roaming\pushbullet\pushbullet_104\wx._windows_.pyd
2014-10-04 02:01 - 2014-10-04 02:01 - 01067520 _____ () C:\Users\User\AppData\Roaming\pushbullet\pushbullet_104\wx._controls_.pyd
2014-10-04 02:01 - 2014-10-04 02:01 - 00733184 _____ () C:\Users\User\AppData\Roaming\pushbullet\pushbullet_104\wx._misc_.pyd
2014-10-04 02:01 - 2014-10-04 02:01 - 00208384 _____ () C:\Users\User\AppData\Roaming\pushbullet\pushbullet_104\gevent.core.pyd
2014-10-04 02:01 - 2014-10-04 02:01 - 00686080 _____ () C:\Users\User\AppData\Roaming\pushbullet\pushbullet_104\unicodedata.pyd
2014-10-04 02:01 - 2014-10-04 02:01 - 00167936 _____ () C:\Users\User\AppData\Roaming\pushbullet\pushbullet_104\win32gui.pyd
2014-03-17 18:36 - 2014-05-12 12:10 - 00020480 _____ () c:\program files (x86)\movies toolbar\datamngr\mgrldr.dll
2014-02-11 20:29 - 2014-02-11 20:29 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-10-16 17:39 - 2014-10-10 03:03 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libglesv2.dll
2014-10-16 17:39 - 2014-10-10 03:03 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libegl.dll
2014-10-16 17:39 - 2014-10-10 03:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll
2014-10-16 17:39 - 2014-10-10 03:03 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll
2014-10-16 17:39 - 2014-10-10 03:04 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1109194208-129431678-948010717-500 - Administrator - Disabled)
Gast (S-1-5-21-1109194208-129431678-948010717-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1109194208-129431678-948010717-1002 - Limited - Enabled)
UpdatusUser (S-1-5-21-1109194208-129431678-948010717-1003 - Limited - Enabled) => C:\Users\UpdatusUser
User (S-1-5-21-1109194208-129431678-948010717-1000 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Virtual Audio Cable 4
Description: Virtual Audio Cable 4
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/14/2014 01:24:22 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Runtime.Remoting, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil".  The error returned was Error: The specified assembly is not installed.
.

Error: (11/14/2014 01:24:22 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Runtime.Remoting, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil".  The error returned was Error: The specified assembly is not installed.
.

Error: (11/14/2014 01:24:06 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (11/13/2014 10:05:53 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 4 Client Profile - Update "KB2901110v2" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\KB2901110v2_20141113_220505760-Microsoft .NET Framework 4 Client Profile-MSP0.txt enthalten.

Error: (11/13/2014 10:05:44 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 4 Client Profile -- Fehler 25003. Error occurred while initializing fusion.

Error: (11/13/2014 10:05:28 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "MSDTC Bridge 4.0.0.0" (MSDTC Bridge 4.0.0.0). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (11/13/2014 10:05:28 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (11/13/2014 10:05:28 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (11/13/2014 10:05:28 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "MSDTC Bridge 4.0.0.0" (MSDTC Bridge 4.0.0.0). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (11/13/2014 10:05:28 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.


System errors:
=============
Error: (11/14/2014 01:26:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (11/14/2014 01:26:07 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (11/14/2014 01:24:58 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (11/14/2014 01:24:47 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (11/14/2014 01:24:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064

Error: (11/13/2014 10:05:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 für x64-basierte Systeme (KB2901110)

Error: (11/13/2014 10:05:02 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 für x64-basierte Systeme (KB2742595)

Error: (11/13/2014 10:03:57 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 4 unter Windows Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 x64 (KB2972215)

Error: (11/13/2014 10:02:29 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 4 unter Windows Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 x64 (KB2979575)

Error: (11/13/2014 10:01:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 für x64-basierte Systeme (KB2737019)


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-04-15 16:28:50.121
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-04-15 16:28:49.935
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-04-15 16:12:34.068
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-04-15 16:12:33.871
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 945 Processor
Percentage of memory in use: 76%
Total physical RAM: 4095.23 MB
Available physical RAM: 961.03 MB
Total Pagefile: 8188.63 MB
Available Pagefile: 3418.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:59.63 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 60F170E7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 15.11.2014 20:02
Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    buenosearch toolbar

    DesktopWeatherAlerts

    Driver Pro v3.2.0.2

    File Opener Packages

    iLivid

    IMinent Toolbar

    LiveSupport

    Movies Toolbar for Internet Explorer (Dist. by Bandoo Media, Inc.) (HKLM-x32\...\ilividmoviestoolbar181IE) (Version: 1.8.1.0 - IAC Search and Media) <==== ATTENTION

    Mysearchdial

    Price Metér

    Search Protect

    SkypEmoticons

    Wajam

    Windows Searchqu Toolbar

    WindowsProtectManger20.0.0.401 (HKLM-x32\...\WindowsProtectManger) (Version: 20.0.0.401 - Fuyu LIMITED) <==== ATTENTION

    Yahoo! Search


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 






Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Instantender 16.11.2014 21:05
Antwort
 
Code:
ComboFix 14-11-15.01 - User 16.11.2014  20:43:06.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4095.1928 [GMT 1:00]
ausgeführt von:: c:\users\User\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\GoSave
c:\program files (x86)\GoSave\goZEyoYpPlgJmX.dat
c:\program files (x86)\GoSave\goZEyoYpPlgJmX.tlb
c:\program files (x86)\GoSave\goZEyoYpPlgJmX.x64.dll
c:\program files (x86)\GoSave\WKtVMXwg9j87sg.dat
c:\program files (x86)\GoSave\WKtVMXwg9j87sg.tlb
c:\program files (x86)\GoSave\WKtVMXwg9j87sg.x64.dll
c:\program files (x86)\Registry Helper
c:\program files (x86)\Registry Helper\Advisor Letters\00_Advisor Letters Index.htm
c:\program files (x86)\Registry Helper\Advisor Letters\images\computerupdater_box.jpg
c:\program files (x86)\Registry Helper\Advisor Letters\images\delete_invalid_entries_grey.jpg
c:\program files (x86)\Registry Helper\Advisor Letters\images\delete_junk_files_grey.jpg
c:\program files (x86)\Registry Helper\Advisor Letters\images\diskcleaner_box.jpg
c:\program files (x86)\Registry Helper\Advisor Letters\images\get_activation_key.gif
c:\program files (x86)\Registry Helper\Advisor Letters\images\get_discount.gif
c:\program files (x86)\Registry Helper\Advisor Letters\images\header.gif
c:\program files (x86)\Registry Helper\Advisor Letters\images\index_16.gif
c:\program files (x86)\Registry Helper\Advisor Letters\images\internet_speed_optimizer.jpg
c:\program files (x86)\Registry Helper\Advisor Letters\images\iPad_Video_Lessons.jpg
c:\program files (x86)\Registry Helper\Advisor Letters\images\livedrive.gif
c:\program files (x86)\Registry Helper\Advisor Letters\images\print_16.gif
c:\program files (x86)\Registry Helper\Advisor Letters\images\signature.jpg
c:\program files (x86)\Registry Helper\Advisor Letters\images\startup_manager.jpg
c:\program files (x86)\Registry Helper\Advisor Letters\images\update_computer_grey.jpg
c:\program files (x86)\Registry Helper\Advisor Letters\Letter1.htm
c:\program files (x86)\Registry Helper\Advisor Letters\Letter10.htm
c:\program files (x86)\Registry Helper\Advisor Letters\Letter11.htm
c:\program files (x86)\Registry Helper\Advisor Letters\Letter12.htm
c:\program files (x86)\Registry Helper\Advisor Letters\Letter13.htm
c:\program files (x86)\Registry Helper\Advisor Letters\Letter14.htm
c:\program files (x86)\Registry Helper\Advisor Letters\Letter15.htm
c:\program files (x86)\Registry Helper\Advisor Letters\Letter16.htm
c:\program files (x86)\Registry Helper\Advisor Letters\Letter17.htm
c:\program files (x86)\Registry Helper\Advisor Letters\Letter18.htm
c:\program files (x86)\Registry Helper\Advisor Letters\Letter19.htm
c:\program files (x86)\Registry Helper\Advisor Letters\Letter2.htm
c:\program files (x86)\Registry Helper\Advisor Letters\Letter20.htm
c:\program files (x86)\Registry Helper\Advisor Letters\Letter21.htm
c:\program files (x86)\Registry Helper\Advisor Letters\Letter22.htm
c:\program files (x86)\Registry Helper\Advisor Letters\Letter3.htm
c:\program files (x86)\Registry Helper\Advisor Letters\Letter4.htm
c:\program files (x86)\Registry Helper\Advisor Letters\Letter5.htm
c:\program files (x86)\Registry Helper\Advisor Letters\Letter6.htm
c:\program files (x86)\Registry Helper\Advisor Letters\Letter7.htm
c:\program files (x86)\Registry Helper\Advisor Letters\Letter8.htm
c:\program files (x86)\Registry Helper\Advisor Letters\Letter9.htm
c:\program files (x86)\Registry Helper\background.gif
c:\program files (x86)\Registry Helper\ErrorFound.wav
c:\program files (x86)\Registry Helper\Help\About.htm
c:\program files (x86)\Registry Helper\Help\Activate Now.htm
c:\program files (x86)\Registry Helper\Help\Help.htm
c:\program files (x86)\Registry Helper\Help\Help_header.htm
c:\program files (x86)\Registry Helper\Help\Help_index.htm
c:\program files (x86)\Registry Helper\Help\How To Order.htm
c:\program files (x86)\Registry Helper\Help\Ignore List.htm
c:\program files (x86)\Registry Helper\Help\images\about.jpg
c:\program files (x86)\Registry Helper\Help\images\activate.jpg
c:\program files (x86)\Registry Helper\Help\images\activate_now.jpg
c:\program files (x86)\Registry Helper\Help\images\activation_incorrect.jpg
c:\program files (x86)\Registry Helper\Help\images\activation_successful.jpg
c:\program files (x86)\Registry Helper\Help\images\background.gif
c:\program files (x86)\Registry Helper\Help\images\ignore_list.jpg
c:\program files (x86)\Registry Helper\Help\images\index_16.gif
c:\program files (x86)\Registry Helper\Help\images\internet_speed_optimizer.jpg
c:\program files (x86)\Registry Helper\Help\images\invalid_entries_detected.jpg
c:\program files (x86)\Registry Helper\Help\images\logo.gif
c:\program files (x86)\Registry Helper\Help\images\program_settings.jpg
c:\program files (x86)\Registry Helper\Help\images\restore.jpg
c:\program files (x86)\Registry Helper\Help\images\scan_now.jpg
c:\program files (x86)\Registry Helper\Help\images\scan_options.jpg
c:\program files (x86)\Registry Helper\Help\images\scanning.jpg
c:\program files (x86)\Registry Helper\Help\images\scheduler.jpg
c:\program files (x86)\Registry Helper\Help\images\splash_screen.jpg
c:\program files (x86)\Registry Helper\Help\images\startup_manager.jpg
c:\program files (x86)\Registry Helper\Help\images\updates.jpg
c:\program files (x86)\Registry Helper\Help\Internet Optimizer.htm
c:\program files (x86)\Registry Helper\Help\Invalid Entries Detected.htm
c:\program files (x86)\Registry Helper\Help\License Agreement.htm
c:\program files (x86)\Registry Helper\Help\Overview.htm
c:\program files (x86)\Registry Helper\Help\Program Settings.htm
c:\program files (x86)\Registry Helper\Help\Restore.htm
c:\program files (x86)\Registry Helper\Help\Retrieve Lost Activation Key.htm
c:\program files (x86)\Registry Helper\Help\Scan Now.htm
c:\program files (x86)\Registry Helper\Help\Scan Options.htm
c:\program files (x86)\Registry Helper\Help\Scanning.htm
c:\program files (x86)\Registry Helper\Help\Scheduler.htm
c:\program files (x86)\Registry Helper\Help\Splash Screen.htm
c:\program files (x86)\Registry Helper\Help\Startup Manager.htm
c:\program files (x86)\Registry Helper\Help\System Requirements.htm
c:\program files (x86)\Registry Helper\Help\Technical Support.htm
c:\program files (x86)\Registry Helper\Help\Uninstall.htm
c:\program files (x86)\Registry Helper\Help\Updates.htm
c:\program files (x86)\Registry Helper\logo.gif
c:\program files (x86)\Registry Helper\Registry Helper.url
c:\program files (x86)\YoutubeAdBlocke
c:\program files (x86)\YoutubeAdBlocke\q2h4Z00N1URkcR.dat
c:\program files (x86)\YoutubeAdBlocke\q2h4Z00N1URkcR.tlb
c:\program files (x86)\YoutubeAdBlocke\q2h4Z00N1URkcR.x64.dll
c:\programdata\GoSave
c:\programdata\GoSave\sacBAYfIbxWJByO.dat
c:\programdata\GoSave\Vnuc5FjSAD09JTu.dat
c:\programdata\Trusted Publisher\SW-Booster
c:\programdata\Trusted Publisher\SW-Booster\792098896.ini
c:\programdata\YoutubeAdBlocke
c:\programdata\YoutubeAdBlocke\5yocFLkv3DK9OUl.dat
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\background.html
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\content.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\lsdb.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\manifest.json
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\UVVhRAuXv.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\background.html
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\content.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\manifest.json
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\U1.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\aXDM1ETcw.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\background.html
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\content.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\manifest.json
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode\2.0\background.html
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode\2.0\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\UVVhRAuXv.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\U1.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\aXDM1ETcw.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode\2.0\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode\2.0\bo6fHk.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode\2.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\UVVhRAuXv.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\U1.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\aXDM1ETcw.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode\2.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode\2.0\bo6fHk.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode\2.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\UVVhRAuXv.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\U1.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\aXDM1ETcw.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode\2.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode\2.0\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\UVVhRAuXv.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\U1.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\aXDM1ETcw.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode\2.0\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode\2.0\manifest.json
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\background.html
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\content.js
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\lsdb.js
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\manifest.json
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\UVVhRAuXv.js
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\background.html
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\content.js
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\lsdb.js
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\manifest.json
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\U1.js
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\aXDM1ETcw.js
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\background.html
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\content.js
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\lsdb.js
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\manifest.json
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode\2.0\background.html
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode\2.0\manifest.json
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\background.html
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\content.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\lsdb.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\manifest.json
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\UVVhRAuXv.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\background.html
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\content.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\lsdb.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\manifest.json
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\U1.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\aXDM1ETcw.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\background.html
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\content.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\lsdb.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\manifest.json
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode\2.0\background.html
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode\2.0\bo6fHk.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode\2.0\content.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode\2.0\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\background.html
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\content.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\UVVhRAuXv.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\background.html
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\content.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\U1.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\aXDM1ETcw.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\background.html
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\content.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode\2.0\background.html
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode\2.0\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\background.html
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\content.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\UVVhRAuXv.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\background.html
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\content.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\U1.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\aXDM1ETcw.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\background.html
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\content.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode\2.0\background.html
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode\2.0\manifest.json
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\background.html
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\content.js
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\lsdb.js
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\manifest.json
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\UVVhRAuXv.js
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\background.html
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\content.js
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\lsdb.js
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\manifest.json
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\U1.js
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\aXDM1ETcw.js
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\background.html
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\content.js
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\lsdb.js
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\manifest.json
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode\2.0\background.html
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode\2.0\bo6fHk.js
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\background.html
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\content.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\UVVhRAuXv.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\U1.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\aXDM1ETcw.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\UVVhRAuXv.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\U1.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\aXDM1ETcw.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\UVVhRAuXv.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\U1.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\aXDM1ETcw.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\UVVhRAuXv.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\U1.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\aXDM1ETcw.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode\2.0\bo6fHk.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\background.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\content.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\UVVhRAuXv.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\U1.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\aXDM1ETcw.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\pagfandmhhnlioklanioggplmkkbnode\2.0\manifest.json
c:\users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod
c:\users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\background.html
c:\users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\content.js
c:\users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\lsdb.js
c:\users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\manifest.json
c:\users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\UVVhRAuXv.js
c:\users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek
c:\users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\background.html
c:\users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\content.js
c:\users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\lsdb.js
c:\users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\manifest.json
c:\users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\U1.js
c:\users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd
c:\users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\aXDM1ETcw.js
c:\users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\background.html
c:\users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\content.js
c:\users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\lsdb.js
c:\users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\manifest.json
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\background.html
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\content.js
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\lsdb.js
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\manifest.json
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\UVVhRAuXv.js
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\background.html
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\content.js
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\lsdb.js
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\manifest.json
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\U1.js
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\aXDM1ETcw.js
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\background.html
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\content.js
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\lsdb.js
c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\manifest.json
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\background.html
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\content.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\lsdb.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\manifest.json
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\UVVhRAuXv.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\background.html
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\content.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\lsdb.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\manifest.json
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\U1.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\aXDM1ETcw.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\background.html
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\content.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\lsdb.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\manifest.json
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\background.html
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\content.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\lsdb.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\manifest.json
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\UVVhRAuXv.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\background.html
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\content.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\lsdb.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\manifest.json
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\U1.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\aXDM1ETcw.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\background.html
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\content.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\lsdb.js
c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\manifest.json
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\background.html
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\content.js
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\lsdb.js
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\manifest.json
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\UVVhRAuXv.js
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\background.html
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\content.js
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\lsdb.js
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\manifest.json
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\U1.js
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\aXDM1ETcw.js
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\background.html
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\content.js
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\lsdb.js
c:\users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\manifest.json
c:\users\User\1031.MST
c:\users\User\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod
c:\users\User\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\background.html
c:\users\User\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\content.js
c:\users\User\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\lsdb.js
c:\users\User\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\manifest.json
c:\users\User\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\UVVhRAuXv.js
c:\users\User\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek
c:\users\User\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\background.html
c:\users\User\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\content.js
c:\users\User\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\lsdb.js
c:\users\User\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\manifest.json
c:\users\User\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\U1.js
c:\users\User\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd
c:\users\User\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\aXDM1ETcw.js
c:\users\User\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\background.html
c:\users\User\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\content.js
c:\users\User\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\lsdb.js
c:\users\User\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\manifest.json
c:\users\User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod
c:\users\User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\background.html
c:\users\User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\content.js
c:\users\User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\lsdb.js
c:\users\User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\manifest.json
c:\users\User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\UVVhRAuXv.js
c:\users\User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek
c:\users\User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\background.html
c:\users\User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\content.js
c:\users\User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\lsdb.js
c:\users\User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\manifest.json
c:\users\User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\U1.js
c:\users\User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd
c:\users\User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\aXDM1ETcw.js
c:\users\User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\background.html
c:\users\User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\content.js
c:\users\User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\lsdb.js
c:\users\User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\manifest.json
c:\users\User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod
c:\users\User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\background.html
c:\users\User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\content.js
c:\users\User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\lsdb.js
c:\users\User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\manifest.json
c:\users\User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\UVVhRAuXv.js
c:\users\User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek
c:\users\User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\background.html
c:\users\User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\content.js
c:\users\User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\lsdb.js
c:\users\User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\manifest.json
c:\users\User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\U1.js
c:\users\User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd
c:\users\User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\aXDM1ETcw.js
c:\users\User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\background.html
c:\users\User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\content.js
c:\users\User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\lsdb.js
c:\users\User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\manifest.json
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\background.html
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\content.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\lsdb.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\manifest.json
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\UVVhRAuXv.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipfpfhnlkoddglhimhdbboidjcfjlkji
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipfpfhnlkoddglhimhdbboidjcfjlkji\206\background.html
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipfpfhnlkoddglhimhdbboidjcfjlkji\206\manifest.json
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\background.html
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\content.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\lsdb.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\manifest.json
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\U1.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\aXDM1ETcw.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\background.html
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\content.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\lsdb.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\manifest.json
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ghgabhipcejejjmhhchfonmamedcbeod_0.localstorage-journal
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ipfpfhnlkoddglhimhdbboidjcfjlkji_0.localstorage-journal
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ipfpfhnlkoddglhimhdbboidjcfjlkji_0.localstorage
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mpelfhojcdnnpchldeplecohaegmebke_0.localstorage-journal
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oajemagdiabdegcdoooehpjggcajoclh_0.localstorage-journal
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pagfandmhhnlioklanioggplmkkbnode_0.localstorage-journal
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pagfandmhhnlioklanioggplmkkbnode_0.localstorage
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\autoupdate.php
c:\users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\result.html
c:\users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\result.xml
c:\users\User\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod
c:\users\User\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\background.html
c:\users\User\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\content.js
c:\users\User\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\lsdb.js
c:\users\User\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\manifest.json
c:\users\User\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\184\UVVhRAuXv.js
c:\users\User\AppData\Local\Torch\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek
c:\users\User\AppData\Local\Torch\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\background.html
c:\users\User\AppData\Local\Torch\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\content.js
c:\users\User\AppData\Local\Torch\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\lsdb.js
c:\users\User\AppData\Local\Torch\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\manifest.json
c:\users\User\AppData\Local\Torch\User Data\Default\Extensions\jpbiipbjeeeklmehnjfipfknlodbhgek\2.0\U1.js
c:\users\User\AppData\Local\Torch\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd
c:\users\User\AppData\Local\Torch\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\aXDM1ETcw.js
c:\users\User\AppData\Local\Torch\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\background.html
c:\users\User\AppData\Local\Torch\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\content.js
c:\users\User\AppData\Local\Torch\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\lsdb.js
c:\users\User\AppData\Local\Torch\User Data\Default\Extensions\oeplnhhkmepccmfmkcmcmhknnbfpkhmd\2.0\manifest.json
c:\windows\SysWow64\pthreadVC.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-10-16 bis 2014-11-16  ))))))))))))))))))))))))))))))
.
.
2014-11-16 19:54 . 2014-11-16 19:54        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2014-11-16 19:54 . 2014-11-16 19:54        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-11-16 18:52 . 2014-11-16 18:52        --------        d-----w-        c:\program files (x86)\VS Revo Group
2014-11-16 12:22 . 2014-11-16 12:22        --------        d-----w-        C:\a810506dc5063da7c1
2014-11-14 20:55 . 2014-11-14 20:55        --------        d-sh--w-        c:\users\User\AppData\Local\EmieBrowserModeList
2014-11-14 14:41 . 2014-11-14 18:57        --------        d-----w-        C:\FRST
2014-11-13 12:43 . 2014-08-21 06:43        1882624        ----a-w-        c:\windows\system32\msxml3.dll
2014-11-08 17:48 . 2014-11-08 18:17        --------        d-----w-        c:\users\User\AppData\Local\UmmyVideoDownloader
2014-11-06 20:38 . 2014-11-06 20:38        --------        d-----w-        C:\0bc855e986aceae151372d20
2014-10-27 13:56 . 2014-10-27 13:57        --------        d-----w-        c:\users\User\AppData\Roaming\MTE
2014-10-27 13:56 . 2014-10-27 13:56        --------        d-----w-        c:\program files (x86)\Minecraft Texturepack Editor
2014-10-27 09:16 . 2014-10-27 09:16        --------        d-----w-        c:\users\User\AppData\Roaming\Avira
2014-10-27 09:14 . 2014-10-27 09:18        43064        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2014-10-27 09:14 . 2014-10-27 09:18        131608        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2014-10-27 09:14 . 2014-10-27 09:18        119272        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2014-10-27 09:14 . 2014-08-15 09:30        28600        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2014-10-27 09:14 . 2014-10-27 09:14        --------        d-----w-        c:\program files (x86)\Avira
2014-10-27 09:12 . 2014-10-14 19:59        11627712        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{9C321AE1-3A14-43C4-A38E-3A698027082F}\mpengine.dll
2014-10-25 09:19 . 2014-10-27 10:00        --------        d-----w-        c:\programdata\ShopiDroP
2014-10-18 14:29 . 2014-10-18 14:29        --------        d-----w-        c:\users\User\AppData\Roaming\Optimizer Pro
2014-10-18 14:14 . 2014-11-16 19:29        --------        d-----w-        c:\users\User\AppData\Roaming\SkypEmoticons
2014-10-18 14:13 . 2014-11-16 19:53        --------        d-----w-        c:\programdata\Trusted Publisher
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-13 20:47 . 2010-12-29 11:44        103374192        ----a-w-        c:\windows\system32\MRT.exe
2014-11-12 15:32 . 2012-05-17 08:29        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-12 15:32 . 2012-05-17 08:29        701104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-02 13:53 . 2010-12-29 11:39        278152        ------w-        c:\windows\system32\MpSigStub.exe
2014-09-09 13:31 . 2014-09-09 13:31        178800        ----a-w-        c:\windows\SysWow64\CmdLineExt_x64.dll
2014-09-09 13:12 . 2014-09-09 13:12        662        ----a-w-        c:\windows\SysWow64\ealregsnapshot1.reg
2014-09-04 05:23 . 2014-10-16 11:46        424448        ----a-w-        c:\windows\system32\rastls.dll
2014-09-04 05:04 . 2014-10-16 11:46        372736        ----a-w-        c:\windows\SysWow64\rastls.dll
2014-08-29 18:56 . 2012-07-17 13:37        23256        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 02:07 . 2014-08-29 18:53        404480        ----a-w-        c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-29 18:53        311808        ----a-w-        c:\windows\SysWow64\gdi32.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
2011-05-09 09:49        176936        ----a-w-        c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6}]
2012-01-17 19:30        262312        ----a-w-        c:\program files (x86)\blekkotb\auxi\blekkoAu.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]
2012-01-17 19:30        86696        ----a-w-        c:\program files (x86)\blekkotb\blekkoDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
2010-07-02 08:54        2607872        ----a-w-        c:\program files (x86)\IMinent Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\program files (x86)\IMinent Toolbar\tbcore3.dll" [2010-07-02 2607872]
"{26c9e18c-3717-4be1-a225-04e4471f5b6e}"= "c:\program files (x86)\blekkotb\blekkoDx.dll" [2012-01-17 86696]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]
.
[HKEY_CLASSES_ROOT\clsid\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-05-10 14:05        223432        ----a-w-        c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-05-10 14:05        223432        ----a-w-        c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-05-10 14:05        223432        ----a-w-        c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"Akamai NetSession Interface"="c:\users\User\AppData\Local\Akamai\netsession_win.exe" [2014-10-29 4673432]
"GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-10-10 854344]
"Pushbullet"="c:\program files (x86)\Pushbullet\pushbullet_app.exe" [2014-08-26 822320]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-08-27 22041192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-12-29 2770432]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-01-17 232616]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2014-08-13 835288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-10-27 703736]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2014-1-2 163840]
AVerQuick.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2014-1-2 675840]
Sinus 154 stick WLAN Manager.lnk - c:\program files (x86)\DT\Sinus 154 stick\Wifiusb.exe [2005-10-24 1024000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S1 {29b136c9-938d-4d3d-8df8-d649d9b74d02}w64;{29b136c9-938d-4d3d-8df8-d649d9b74d02}w64;c:\windows\system32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}w64.sys;c:\windows\SYSNATIVE\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}w64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 F06DEFF2-5B9C-490D-910F-35D3A91196222;F06DEFF2-5B9C-490D-910F-35D3A91196222;c:\program files (x86)\Movies Toolbar\Datamngr\x64\setmgrc1.cfg;c:\program files (x86)\Movies Toolbar\Datamngr\x64\setmgrc1.cfg [x]
S2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 AVerRemote;AVerRemote;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [x]
S2 AVerScheduleService;AVerScheduleService;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
S3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-16 16:35        1089352        ----a-w-        c:\program files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-11-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 15:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-05-10 14:05        262344        ----a-w-        c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-05-10 14:05        262344        ----a-w-        c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-05-10 14:05        262344        ----a-w-        c:\users\User\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://websearch.allsearches.info/?pid=20494&r=2014/10/18&hid=14135115554129621829&lg=EN&cc=DE&unqvl=64
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=YahooVT&dpid=YahooVT_PKR&co=DE&userid=76b88cad-2817-4c58-abb7-d19671bf704e&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp7000
IE: Free YouTube to MP3 Converter - c:\users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{3004627E-F8E9-4E8B-909D-316753CBA923} - (no file)
Toolbar-{d1dac034-9fd9-4c13-a388-d2e10e57707f} - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{37579585-1f98-49b9-a372-a607457ced8c} - c:\program files (x86)\YoutubeAdBlocke\q2h4Z00N1URkcR.x64.dll
BHO-{4f8f8a98-afd7-48ef-bbc6-61016c3919b1} - c:\program files (x86)\GoSave\WKtVMXwg9j87sg.x64.dll
BHO-{6c055ee2-384a-48b5-a976-95e7826cb746} - c:\program files (x86)\GoSave\goZEyoYpPlgJmX.x64.dll
BHO-{d1dac034-9fd9-4c13-a388-d2e10e57707f} - c:\progra~2\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx64.dll
Toolbar-10 - (no file)
WebBrowser-{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\F06DEFF2-5B9C-490D-910F-35D3A91196222]
"ImagePath"="\??\c:\program files (x86)\Movies Toolbar\Datamngr\x64\setmgrc1.cfg"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1109194208-129431678-948010717-1000\Software\SecuROM\License information*]
"datasecu"=hex:60,c1,aa,19,ae,f9,bd,8a,17,64,1c,70,45,84,6d,f4,9c,9f,34,dc,19,
  31,10,66,bd,da,6a,81,5d,10,3a,e6,7a,59,06,e5,83,10,45,7b,39,eb,c7,f2,d2,b5,\
"rkeysecu"=hex:8e,98,26,ed,f3,c0,eb,21,0a,a1,14,86,84,7b,ef,f9
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-11-16  20:57:30
ComboFix-quarantined-files.txt  2014-11-16 19:57
.
Vor Suchlauf: 69 Verzeichnis(se), 123.563.118.592 Bytes frei
Nach Suchlauf: 76 Verzeichnis(se), 143.195.684.864 Bytes frei
.
- - End Of File - - 65F3871712444465B2CE5EAECD571F28
A36C5E4F47E84449FF07ED3517B43A31
Leider ist der Virus immernoch da :( Ich habe alles so befolgt wie du es geschrieben hast. Erstmal danke ich hoffe dieser Code hilft weiter.

schrauber 17.11.2014 13:31
Wir haben ja auch erst angefangen. Alle Programme die oben gelistet waren deinstalliert?


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Instantender 17.11.2014 14:31
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 17.11.2014 13:44:14, SYSTEM, USER-PC, Protection, Malware Protection, Starting,
Protection, 17.11.2014 13:44:14, SYSTEM, USER-PC, Protection, Malware Protection, Started,
Protection, 17.11.2014 13:44:14, SYSTEM, USER-PC, Protection, Malicious Website Protection, Starting,
Protection, 17.11.2014 13:44:16, SYSTEM, USER-PC, Protection, Malicious Website Protection, Started,
Update, 17.11.2014 13:44:21, SYSTEM, USER-PC, Manual, Rootkit Database, 2014.9.18.1, 2014.11.12.1,
Update, 17.11.2014 13:44:36, SYSTEM, USER-PC, Manual, Malware Database, 2014.9.19.5, 2014.11.17.3,
Protection, 17.11.2014 13:44:36, SYSTEM, USER-PC, Protection, Refresh, Starting,
Protection, 17.11.2014 13:44:36, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopping,
Protection, 17.11.2014 13:44:36, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopped,
Protection, 17.11.2014 13:44:41, SYSTEM, USER-PC, Protection, Refresh, Success,
Protection, 17.11.2014 13:44:41, SYSTEM, USER-PC, Protection, Malicious Website Protection, Starting,
Protection, 17.11.2014 13:44:41, SYSTEM, USER-PC, Protection, Malicious Website Protection, Started,

(end)
Code:
# AdwCleaner v4.101 - Bericht erstellt am 17/11/2014 um 14:09:12
# Aktualisiert 09/11/2014 von Xplode
# Database : 2014-11-16.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : User - USER-PC
# Gestartet von : C:\Users\User\Downloads\AdwCleaner_4.101.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : F06DEFF2-5B9C-490D-910F-35D3A91196222

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Anti-phishing Domain Advisor
Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\ProgramData\Registry Helper
Ordner Gelöscht : C:\ProgramData\simplitec
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\Trusted Publisher
Ordner Gelöscht : C:\ProgramData\wincert
Ordner Gelöscht : C:\ProgramData\ShopiDroP
Ordner Gelöscht : C:\ProgramData\41ea2aba92e1b5eb
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileOpener
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec
Ordner Gelöscht : C:\Program Files (x86)\AnyProtectEx
Ordner Gelöscht : C:\Program Files (x86)\blekkotb
Ordner Gelöscht : C:\Program Files (x86)\ChatZum Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\Movies Toolbar
Ordner Gelöscht : C:\Program Files (x86)\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\simplitec
Ordner Gelöscht : C:\Program Files (x86)\Tweaks
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Windows\SysWOW64\SearchProtect
Ordner Gelöscht : C:\Users\User\AppData\Local\apn
Ordner Gelöscht : C:\Users\User\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\User\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\User\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\User\AppData\Local\iLivid
Ordner Gelöscht : C:\Users\User\AppData\Local\torch
Ordner Gelöscht : C:\Users\User\AppData\LocalLow\blekkotb
Ordner Gelöscht : C:\Users\User\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\User\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\User\AppData\Roaming\1H1Q
Ordner Gelöscht : C:\Users\User\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\User\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\Users\User\AppData\Roaming\Optimizer Pro
Ordner Gelöscht : C:\Users\User\AppData\Roaming\simplitec
Ordner Gelöscht : C:\Users\User\AppData\Roaming\SkypEmoticons
Ordner Gelöscht : C:\Users\User\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\User\Documents\Optimizer Pro
Ordner Gelöscht : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Ordner Gelöscht : C:\Users\User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aaipilfmheplbcghignccoiiebekkdhe
Ordner Gelöscht : C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\aaipilfmheplbcghignccoiiebekkdhe
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\User\Favorites\Startfenster.lnk
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\User\AppData\Roaming\aps.scan.quick.results
Datei Gelöscht : C:\Users\User\AppData\Roaming\aps.scan.results
Datei Gelöscht : C:\Users\User\AppData\Roaming\aps.uninstall.scan.results
Datei Gelöscht : C:\Users\User\AppData\Roaming\LiveSupport.exe_log.txt
Datei Gelöscht : C:\Users\User\AppData\Roaming\regsvr32.exe_log.txt
Datei Gelöscht : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk
Datei Gelöscht : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Startfenster.lnk
Datei Gelöscht : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Startfenster.lnk
Datei Gelöscht : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk

***** [ Tasks ] *****

Task Gelöscht : Optimizer Pro Schedule
Task Gelöscht : Yahoo! Search

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iLivid.torrent
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]
Schlüssel Gelöscht : HKCU\Software\Classes\keepmysearch
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{20A0BE68-8FD9-4539-8712-CE3D1C1FDFC6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82E74373-58AB-47EB-B0F0-A1D82BB8EB5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20A0BE68-8FD9-4539-8712-CE3D1C1FDFC6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{20A0BE68-8FD9-4539-8712-CE3D1C1FDFC6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{20A0BE68-8FD9-4539-8712-CE3D1C1FDFC6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1DAC034-9FD9-4C13-A388-D2E10E57707F}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{26C9E18C-3717-4BE1-A225-04E4471F5B6E}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D1DAC034-9FD9-4C13-A388-D2E10E57707F}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\6204A4FE2C304FAC8941FE6FA4AE4FBB
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7119FE4C-737F-475A-99E9-A7CC392C3D9A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{739E451B-FEC4-4D0A-96B8-AEA0D8DD070D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{83424226-397C-46FC-8A39-54D82A93ABC5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D92E081A-3DB7-44F7-8216-FCFA4FEEADE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{739E451B-FEC4-4D0A-96B8-AEA0D8DD070D}
Schlüssel Gelöscht : HKCU\Software\APNDTX
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Driver Pro
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\RegisteredApplicationsEx
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\Vittalia
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\blekkotb
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\InstallCore
Schlüssel Gelöscht : HKLM\SOFTWARE\PriceMeterLiveUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\simplitec
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\blekkotb
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tweaks FileOpener
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\499E8534DA7E759419D2048CB780D3D5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5DCE3C04E576AD15F972B67D0725120C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\930D9472A978D7A4EB16BF4DECB173B7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AEB93799E8B47D14CA356E4343D632A4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\482AA67AD25E6E74E9F48BD5FBE8533C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Google Chrome v38.0.2125.104

[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://rts.dsrlte.com/?q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://blekko.com/?source=c6125cca&tbp=rbox&toolbarid=blekkotb_001&u=2012050663F94CCDA7B2CF62643D6B2F&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=83838051-261d-452b-b61e-fb81e3eca632&apn_ptnrs=%5EAGS&apn_sauid=98D8BF62-43DC-4668-91B0-F182020C2855&apn_dtid=%5EYYYYYY%5EVK%5EDE&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=83838051-261d-452b-b61e-fb81e3eca632&apn_ptnrs=%5EAGS&apn_sauid=98D8BF62-43DC-4668-91B0-F182020C2855&apn_dtid=%5EYYYYYY%5EVK%5EDE&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutBtD0C0FtAtDzztD0D0F0Bzy0A0EtD0FtN0D0Tzu0SyBtDzztN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=2083576192&ir=
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPBDF2DCA5-80AD-4412-9965-4249131FE27C&q={searchTerms}&SSPV=
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPBDF2DCA5-80AD-4412-9965-4249131FE27C&q={searchTerms}&SSPV=
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&appid=0&systemid=410&sr=0&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=484&systemid=406&v=a12627-289&apn_uid=8499720655014573&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=MADFFA6C2-F9D8-4CF7-8F6A-E1B7F426B6A7&SearchSource=58&CUI=&UM=5&UP=SP37AAD171-4DB8-468E-BC67-7CAC1B9CBA02&q={searchTerms}&SSPV=
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=MADFFA6C2-F9D8-4CF7-8F6A-E1B7F426B6A7&SearchSource=58&CUI=&UM=5&UP=SP37AAD171-4DB8-468E-BC67-7CAC1B9CBA02&q={searchTerms}&SSPV=
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.sweet-page.com/web/?type=dspp&ts=1405427916&from=cor&uid=395049983_1052482_D0EAAE0F&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=484&systemid=406&v=a12627-289&apn_uid=8499720655014573&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.sweet-page.com/web/?type=dspp&ts=1405427916&from=cor&uid=395049983_1052482_D0EAAE0F&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.sm.de/?q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.allsearches.info/?l=1&q={searchTerms}&pid=20494&r=2014/10/18&hid=14135115554129621829&lg=EN&cc=DE&unqvl=64
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : jbolfgndggfhhpbnkgnpjkfhinclbigj
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : nikpibnbobmbdbheedjfogjlikpgpnhp
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : pflphaooapbgpeakohlggbpidpppgdff
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Homepage] : hxxp://websearch.allsearches.info/?pid=20494&r=2014/10/18&hid=14135115554129621829&lg=EN&cc=DE&unqvl=64
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Startup_URLs] : hxxp://websearch.allsearches.info/?pid=20494&r=2014/10/18&hid=14135115554129621829&lg=EN&cc=DE&unqvl=64

-\\ Comodo Dragon v

[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://rts.dsrlte.com/?q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://blekko.com/?source=c6125cca&tbp=rbox&toolbarid=blekkotb_001&u=2012050663F94CCDA7B2CF62643D6B2F&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=83838051-261d-452b-b61e-fb81e3eca632&apn_ptnrs=%5EAGS&apn_sauid=98D8BF62-43DC-4668-91B0-F182020C2855&apn_dtid=%5EYYYYYY%5EVK%5EDE&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=83838051-261d-452b-b61e-fb81e3eca632&apn_ptnrs=%5EAGS&apn_sauid=98D8BF62-43DC-4668-91B0-F182020C2855&apn_dtid=%5EYYYYYY%5EVK%5EDE&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutBtD0C0FtAtDzztD0D0F0Bzy0A0EtD0FtN0D0Tzu0SyBtDzztN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=2083576192&ir=
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPBDF2DCA5-80AD-4412-9965-4249131FE27C&q={searchTerms}&SSPV=
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPBDF2DCA5-80AD-4412-9965-4249131FE27C&q={searchTerms}&SSPV=
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&appid=0&systemid=410&sr=0&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=484&systemid=406&v=a12627-289&apn_uid=8499720655014573&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=MADFFA6C2-F9D8-4CF7-8F6A-E1B7F426B6A7&SearchSource=58&CUI=&UM=5&UP=SP37AAD171-4DB8-468E-BC67-7CAC1B9CBA02&q={searchTerms}&SSPV=
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=MADFFA6C2-F9D8-4CF7-8F6A-E1B7F426B6A7&SearchSource=58&CUI=&UM=5&UP=SP37AAD171-4DB8-468E-BC67-7CAC1B9CBA02&q={searchTerms}&SSPV=
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.sweet-page.com/web/?type=dspp&ts=1405427916&from=cor&uid=395049983_1052482_D0EAAE0F&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=484&systemid=406&v=a12627-289&apn_uid=8499720655014573&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.sweet-page.com/web/?type=dspp&ts=1405427916&from=cor&uid=395049983_1052482_D0EAAE0F&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.sm.de/?q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.allsearches.info/?l=1&q={searchTerms}&pid=20494&r=2014/10/18&hid=14135115554129621829&lg=EN&cc=DE&unqvl=64

-\\ Opera v0.0.0.0

[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://rts.dsrlte.com/?q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://blekko.com/?source=c6125cca&tbp=rbox&toolbarid=blekkotb_001&u=2012050663F94CCDA7B2CF62643D6B2F&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=83838051-261d-452b-b61e-fb81e3eca632&apn_ptnrs=%5EAGS&apn_sauid=98D8BF62-43DC-4668-91B0-F182020C2855&apn_dtid=%5EYYYYYY%5EVK%5EDE&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=83838051-261d-452b-b61e-fb81e3eca632&apn_ptnrs=%5EAGS&apn_sauid=98D8BF62-43DC-4668-91B0-F182020C2855&apn_dtid=%5EYYYYYY%5EVK%5EDE&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutBtD0C0FtAtDzztD0D0F0Bzy0A0EtD0FtN0D0Tzu0SyBtDzztN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=2083576192&ir=
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPBDF2DCA5-80AD-4412-9965-4249131FE27C&q={searchTerms}&SSPV=
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPBDF2DCA5-80AD-4412-9965-4249131FE27C&q={searchTerms}&SSPV=
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&appid=0&systemid=410&sr=0&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=484&systemid=406&v=a12627-289&apn_uid=8499720655014573&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=MADFFA6C2-F9D8-4CF7-8F6A-E1B7F426B6A7&SearchSource=58&CUI=&UM=5&UP=SP37AAD171-4DB8-468E-BC67-7CAC1B9CBA02&q={searchTerms}&SSPV=
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=MADFFA6C2-F9D8-4CF7-8F6A-E1B7F426B6A7&SearchSource=58&CUI=&UM=5&UP=SP37AAD171-4DB8-468E-BC67-7CAC1B9CBA02&q={searchTerms}&SSPV=
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.sweet-page.com/web/?type=dspp&ts=1405427916&from=cor&uid=395049983_1052482_D0EAAE0F&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=484&systemid=406&v=a12627-289&apn_uid=8499720655014573&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.sweet-page.com/web/?type=dspp&ts=1405427916&from=cor&uid=395049983_1052482_D0EAAE0F&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.sm.de/?q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.allsearches.info/?l=1&q={searchTerms}&pid=20494&r=2014/10/18&hid=14135115554129621829&lg=EN&cc=DE&unqvl=64

*************************

AdwCleaner[R0].txt - [25237 octets] - [17/11/2014 14:07:18]
AdwCleaner[S0].txt - [31022 octets] - [17/11/2014 14:09:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [31083 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Home Premium x64
Ran by User on 17.11.2014 at 14:19:08,47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Users\User\favorites\links\startfenster.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.11.2014 at 14:22:37,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Und hier nochmal der frische FRST log.


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-11-2014 03
Ran by User (administrator) on USER-PC on 17-11-2014 14:28:40
Running from C:\Users\User\Downloads
Loaded Profile: User (Available profiles: User & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Cyberlink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(TECOM) C:\Program Files (x86)\DT\Sinus 154 stick\Wifiusb.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(ScanSoft, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
() C:\Users\User\AppData\Roaming\pushbullet\pushbullet_104\pushbullet_app.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [83240 2008-03-20] (Cyberlink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2007-12-14] ()
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2770432 2010-12-29] (VIA)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [57393 2005-03-17] (ScanSoft, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [40960 2005-03-17] (ScanSoft, Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [835288 2014-08-13] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1109194208-129431678-948010717-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [147456 2007-01-15] (Nero AG)
HKU\S-1-5-21-1109194208-129431678-948010717-1000\...\Run: [Akamai NetSession Interface] => C:\Users\User\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1109194208-129431678-948010717-1000\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-10] (Google Inc.)
HKU\S-1-5-21-1109194208-129431678-948010717-1000\...\Run: [Pushbullet] => C:\Program Files (x86)\Pushbullet\pushbullet_app.exe [822320 2014-08-26] ()
HKU\S-1-5-21-1109194208-129431678-948010717-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk
ShortcutTarget: AVer HID Receiver.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk
ShortcutTarget: AVerQuick.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (AVerMedia TECHNOLOGIES, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Sinus 154 stick WLAN Manager.lnk
ShortcutTarget: Sinus 154 stick WLAN Manager.lnk -> C:\Program Files (x86)\DT\Sinus 154 stick\Wifiusb.exe (TECOM)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1109194208-129431678-948010717-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1109194208-129431678-948010717-1000\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-1109194208-129431678-948010717-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40DDFFBF7BEDCB01
HKU\S-1-5-21-1109194208-129431678-948010717-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {739E451B-FEC4-4D0A-96B8-AEA0D8DD070D} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: YoutubeAdBlocke -> {37579585-1f98-49b9-a372-a607457ced8c} -> C:\Program Files (x86)\YoutubeAdBlocke\q2h4Z00N1URkcR.x64.dll No File
BHO: GoSave -> {4f8f8a98-afd7-48ef-bbc6-61016c3919b1} -> C:\Program Files (x86)\GoSave\WKtVMXwg9j87sg.x64.dll No File
BHO: GoSave -> {6c055ee2-384a-48b5-a976-95e7826cb746} -> C:\Program Files (x86)\GoSave\goZEyoYpPlgJmX.x64.dll No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1109194208-129431678-948010717-1000: @soe.sony.com/installer,version=1.0.3 -> C:\Users\User\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll No File
FF Plugin HKU\S-1-5-21-1109194208-129431678-948010717-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-11-08]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [806704 2014-10-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [994096 2014-10-27] (Avira Operations GmbH & Co. KG)
R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [368640 2013-06-26] (AVerMedia) [File not signed]
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [772096 2013-08-16] () [File not signed]
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-08-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-08-13] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [777944 2014-08-13] (BlueStack Systems, Inc.)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2007-01-15] (Nero AG) [File not signed]
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [266240 2007-01-15] (Nero AG) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-26] ()
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2138936 2014-03-20] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-27] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-08-13] (BlueStack Systems)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-02-10] (TuneUp Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-17 14:28 - 2014-11-17 14:28 - 00000000 ____D () C:\Users\User\Downloads\FRST-OlderVersion
2014-11-17 14:22 - 2014-11-17 14:22 - 00000775 _____ () C:\Users\User\Desktop\JRT.txt
2014-11-17 14:19 - 2014-11-17 14:19 - 00000000 ____D () C:\Windows\ERUNT
2014-11-17 14:15 - 2014-11-17 14:15 - 00031320 _____ () C:\Users\User\Desktop\AdwCleaner[S0].txt
2014-11-17 14:13 - 2014-11-17 14:13 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2014-11-17 14:07 - 2014-11-17 14:09 - 00000000 ____D () C:\AdwCleaner
2014-11-17 14:05 - 2014-11-17 14:05 - 00001235 _____ () C:\Users\User\Desktop\MAM.txt
2014-11-17 13:44 - 2014-11-17 14:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-17 13:44 - 2014-11-17 13:44 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-17 13:44 - 2014-11-17 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-17 13:44 - 2014-11-17 13:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-17 13:44 - 2014-11-17 13:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-17 13:44 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-17 13:44 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-17 13:44 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-17 13:42 - 2014-11-17 13:42 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-17 13:42 - 2014-11-17 13:42 - 02140160 _____ () C:\Users\User\Downloads\AdwCleaner_4.101.exe
2014-11-17 13:42 - 2014-11-17 13:42 - 01707532 _____ (Thisisu) C:\Users\User\Downloads\JRT.exe
2014-11-16 20:57 - 2014-11-16 20:57 - 00094144 _____ () C:\ComboFix.txt
2014-11-16 20:40 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-16 20:40 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-16 20:40 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-16 20:40 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-16 20:40 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-16 20:40 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-16 20:40 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-16 20:40 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-16 20:37 - 2014-11-16 20:57 - 00000000 ____D () C:\Qoobox
2014-11-16 20:37 - 2014-11-16 20:55 - 00000000 ____D () C:\Windows\erdnt
2014-11-16 20:35 - 2014-11-16 20:35 - 05598504 ____R (Swearware) C:\Users\User\Downloads\ComboFix.exe
2014-11-16 19:52 - 2014-11-16 19:52 - 00001264 _____ () C:\Users\User\Desktop\Revo Uninstaller.lnk
2014-11-16 19:52 - 2014-11-16 19:52 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-11-16 19:51 - 2014-11-16 19:51 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\User\Downloads\revosetup95.exe
2014-11-16 13:22 - 2014-11-16 13:22 - 00000000 ____D () C:\a810506dc5063da7c1
2014-11-15 18:05 - 2014-11-15 18:06 - 49699400 _____ () C:\Users\User\Downloads\Birds - by Onnowhere.zip
2014-11-15 14:03 - 2014-11-15 14:05 - 62747952 _____ (MediaFire) C:\Users\User\Downloads\MediaFireDesktop-1.4.2.10635-windows-PRODUCTION.exe
2014-11-15 14:00 - 2014-11-15 14:00 - 07664829 _____ () C:\Users\User\Desktop\Youtuber's Battle 15.11.2014.zip
2014-11-14 21:55 - 2014-11-14 21:55 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieBrowserModeList
2014-11-14 17:19 - 2014-11-14 18:27 - 211919847 _____ () C:\Users\User\Desktop\Advmap #1.WMV
2014-11-14 16:55 - 2014-11-14 19:58 - 00003488 _____ () C:\Users\User\Downloads\piep 5s.H0
2014-11-14 16:55 - 2014-11-14 19:58 - 00002534 _____ () C:\Users\User\Downloads\piep 5s.HDP
2014-11-14 16:54 - 2014-11-14 19:58 - 00447140 _____ () C:\Users\User\Downloads\piep 5s.wav
2014-11-14 16:53 - 2014-11-14 17:02 - 00002534 _____ () C:\Users\User\Downloads\piep 1s.HDP
2014-11-14 16:53 - 2014-11-14 17:02 - 00000700 _____ () C:\Users\User\Downloads\piep 1s.H0
2014-11-14 16:52 - 2014-11-14 17:02 - 00090096 _____ () C:\Users\User\Downloads\piep 1s.wav
2014-11-14 15:42 - 2014-11-14 15:43 - 00045473 _____ () C:\Users\User\Downloads\Addition.txt
2014-11-14 15:41 - 2014-11-17 14:28 - 00019083 _____ () C:\Users\User\Downloads\FRST.txt
2014-11-14 15:41 - 2014-11-17 14:28 - 00000000 ____D () C:\FRST
2014-11-14 15:40 - 2014-11-17 14:28 - 02117120 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-11-13 18:45 - 2014-11-13 18:45 - 00017617 _____ () C:\Users\User\AppData\Local\recently-used.xbel
2014-11-13 13:47 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-13 13:47 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-13 13:47 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 13:47 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 13:47 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-13 13:47 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-13 13:47 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 13:47 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-13 13:47 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-13 13:47 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 13:47 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 13:47 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-13 13:47 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 13:47 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 13:47 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-13 13:47 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-13 13:47 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-13 13:47 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 13:47 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-13 13:47 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 13:47 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-13 13:47 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-13 13:47 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-13 13:47 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-13 13:47 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-13 13:47 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 13:47 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-13 13:47 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-13 13:47 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-13 13:47 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-13 13:47 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-13 13:47 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 13:47 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-13 13:47 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-13 13:47 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 13:47 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-13 13:47 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 13:47 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 13:47 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-13 13:47 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-13 13:47 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 13:47 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-13 13:47 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-13 13:47 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-13 13:47 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 13:47 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-13 13:47 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-13 13:47 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-13 13:47 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-13 13:47 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 13:47 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 13:47 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-13 13:47 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-13 13:47 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-13 13:47 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-13 13:47 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-13 13:47 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 13:47 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 13:47 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 13:47 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 13:47 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 13:47 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-13 13:47 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-13 13:47 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-13 13:47 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-13 13:47 - 2014-09-19 10:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-13 13:47 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 13:47 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-13 13:47 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-13 13:47 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-13 13:47 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-13 13:47 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-13 13:47 - 2014-09-19 10:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-13 13:47 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-13 13:47 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-13 13:47 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-13 13:47 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-13 13:47 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-13 13:47 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-13 13:43 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 13:43 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-13 13:43 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 13:43 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-13 13:43 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 13:43 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 13:43 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 13:43 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 13:43 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-13 13:43 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 13:43 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-13 13:43 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-13 13:43 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-13 13:43 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 13:43 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 13:43 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-13 13:43 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-13 13:43 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 13:43 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 20:02 - 2014-11-11 20:02 - 00644757 _____ () C:\Users\User\Desktop\YouTuber's Battle 1.8.zip
2014-11-11 19:22 - 2014-11-11 19:22 - 00300950 _____ () C:\Users\User\Downloads\NBTExplorer-2.7.5.zip
2014-11-08 18:48 - 2014-11-08 19:17 - 00000000 ____D () C:\Users\User\AppData\Local\UmmyVideoDownloader
2014-11-08 18:48 - 2014-11-08 18:48 - 00001196 _____ () C:\Users\Public\Desktop\UmmyVideoDownloader.lnk
2014-11-08 18:48 - 2014-11-08 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UmmyVideoDownloader
2014-11-08 18:47 - 2014-11-08 18:47 - 00397176 _____ () C:\Users\User\Downloads\UmmyVD-Web-Loader-110.exe
2014-11-06 21:38 - 2014-11-06 21:38 - 00000000 ____D () C:\0bc855e986aceae151372d20
2014-11-03 20:30 - 2014-11-03 20:37 - 02126280 _____ () C:\Users\User\Downloads\Aura full.rar
2014-11-02 18:59 - 2014-11-02 19:00 - 00111422 _____ () C:\Users\User\Downloads\PvP1vs1-1.6.1.jar
2014-11-02 18:53 - 2014-11-02 18:54 - 00054094 _____ () C:\Users\User\Downloads\MobDisguise (1).jar
2014-11-02 15:38 - 2014-11-02 15:38 - 00000000 _____ () C:\Users\User\Desktop\rules.txt
2014-11-01 21:21 - 2014-11-01 21:22 - 10802262 _____ () C:\Users\User\Downloads\Breakable 2 by CDFDMAN.zip
2014-11-01 15:39 - 2014-11-01 15:41 - 1834674096 _____ () C:\Users\User\Desktop\javaw 2014-11-01 15-39-47-50.avi
2014-10-30 21:17 - 2014-10-30 21:19 - 1114244944 _____ () C:\Users\User\Desktop\javaw 2014-10-30 21-17-57-79.avi
2014-10-30 20:23 - 2014-10-30 20:34 - 388133335 _____ () C:\Users\User\Downloads\Sony-Vegas-13-By-Dexter.rar
2014-10-29 22:01 - 2014-10-29 22:01 - 06223357 _____ () C:\Users\User\Desktop\KanalBild.xcf
2014-10-29 20:50 - 2014-10-29 20:51 - 01405483 _____ () C:\Users\User\Desktop\InstaGamer Intro.WMV
2014-10-29 18:41 - 2014-10-29 18:41 - 01765489 _____ () C:\Users\User\Desktop\Steffens Intro.WMV
2014-10-29 16:32 - 2014-10-29 16:35 - 2738550576 _____ () C:\Users\User\Desktop\javaw 2014-10-29 16-32-21-37.avi
2014-10-28 00:04 - 2014-10-28 00:04 - 00048967 _____ () C:\Users\User\Downloads\MineCarsReloaded.zip
2014-10-27 23:47 - 2014-10-27 23:47 - 00095271 _____ () C:\Users\User\Downloads\iDisguise_v3.0.4.jar
2014-10-27 23:45 - 2014-10-27 23:45 - 00054094 _____ () C:\Users\User\Downloads\MobDisguise.jar
2014-10-27 23:01 - 2014-10-27 23:01 - 00001587 _____ () C:\Users\User\Desktop\wepif.yml
2014-10-27 20:04 - 2014-10-27 20:05 - 08684905 _____ () C:\Users\User\Downloads\BDcraft Sounds Pack.zip
2014-10-27 14:56 - 2014-10-27 14:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\MTE
2014-10-27 14:56 - 2014-10-27 14:56 - 00001116 _____ () C:\Users\UpdatusUser\Desktop\Minecraft Texturepack Editor.lnk
2014-10-27 14:56 - 2014-10-27 14:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft Texturepack Editor
2014-10-27 14:56 - 2014-10-27 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Texturepack Editor
2014-10-27 14:56 - 2014-10-27 14:56 - 00000000 ____D () C:\Program Files (x86)\Minecraft Texturepack Editor
2014-10-27 14:54 - 2014-10-27 14:55 - 02694566 _____ () C:\Users\User\Downloads\mte_setup.exe
2014-10-27 10:37 - 2014-10-27 10:37 - 13423227 _____ () C:\Users\User\Desktop\Sphax PureBDcraft  64x MC17.zip
2014-10-27 10:16 - 2014-10-27 10:16 - 00000000 ____D () C:\Users\User\AppData\Roaming\Avira
2014-10-27 10:15 - 2014-10-27 10:15 - 00002066 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-10-27 10:15 - 2014-10-27 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-27 10:14 - 2014-10-27 10:18 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-27 10:14 - 2014-10-27 10:18 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-27 10:14 - 2014-10-27 10:18 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-27 10:14 - 2014-10-27 10:14 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-27 10:14 - 2014-08-15 10:30 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-10-26 10:46 - 2014-10-26 10:48 - 36021856 _____ () C:\Users\User\Downloads\Sphax_Hexxit _64x(1.1).zip
2014-10-26 10:36 - 2014-10-26 10:36 - 00093998 _____ () C:\Users\User\Desktop\Vorstellungsvideo #1.MVY
2014-10-25 19:38 - 2014-10-25 19:38 - 00000000 ____D () C:\ProgramData\Mozilla
2014-10-24 17:02 - 2014-10-24 17:02 - 09358488 _____ () C:\Users\User\Desktop\Sphax PureBDCraft  64x MC14.zip
2014-10-24 16:45 - 2014-10-24 16:46 - 08283821 _____ () C:\Users\User\Downloads\Minecraft Shader + Shaderpacks.rar
2014-10-23 21:43 - 2014-10-23 21:44 - 00398392 _____ () C:\Users\User\Downloads\ShadersMod-v2.3.19mc1.7.10-installer.jar
2014-10-19 16:45 - 2014-10-19 16:46 - 00896584 _____ (Elex do Brasil Participações Ltda) C:\Users\User\Downloads\yet_another_cleaner_avae.exe
2014-10-18 18:17 - 2014-10-18 18:17 - 01331819 _____ () C:\Users\User\Downloads\Essentials (5).zip
2014-10-18 18:15 - 2014-10-18 18:15 - 01292121 _____ () C:\Users\User\Downloads\Essentials (4).zip
2014-10-18 18:13 - 2014-10-18 18:13 - 00926429 _____ () C:\Users\User\Downloads\Essentials (3).zip
2014-10-18 18:11 - 2014-10-18 18:11 - 00926429 _____ () C:\Users\User\Downloads\Essentials (2).zip
2014-10-18 18:09 - 2014-10-18 18:09 - 00896882 _____ () C:\Users\User\Downloads\Essentials (1).zip
2014-10-18 17:57 - 2014-10-18 17:57 - 01610449 _____ () C:\Users\User\Downloads\BukkitForge-1.4.7-40.jar
2014-10-18 15:11 - 2014-10-18 15:15 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-10-18 09:30 - 2014-10-18 09:31 - 02346942 _____ () C:\Users\User\Desktop\TechnicLauncher.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-17 14:25 - 2010-12-29 15:25 - 02383972 _____ () C:\Windows\setupact.log
2014-11-17 14:20 - 2009-07-14 05:45 - 00014800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-17 14:20 - 2009-07-14 05:45 - 00014800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-17 14:15 - 2014-09-01 12:48 - 00000000 ____D () C:\Users\User\AppData\Roaming\pushbullet
2014-11-17 14:15 - 2013-12-08 18:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2014-11-17 14:11 - 2013-12-23 19:51 - 00000000 ____D () C:\Windows\PreviewSoft
2014-11-17 14:11 - 2013-10-03 10:46 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-11-17 14:11 - 2010-12-29 15:24 - 02363850 _____ () C:\Windows\PFRO.log
2014-11-17 14:11 - 2010-12-29 13:43 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-17 14:11 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-17 14:10 - 2010-12-29 12:16 - 01886901 _____ () C:\Windows\WindowsUpdate.log
2014-11-17 13:57 - 2012-02-18 12:41 - 00000000 ____D () C:\Users\User\AppData\Roaming\.minecraft
2014-11-17 13:56 - 2012-05-17 09:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-17 13:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2014-11-16 21:56 - 2009-07-14 18:58 - 03559720 _____ () C:\Windows\system32\perfh007.dat
2014-11-16 21:56 - 2009-07-14 18:58 - 01047992 _____ () C:\Windows\system32\perfc007.dat
2014-11-16 21:56 - 2009-07-14 06:13 - 00005202 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-16 20:57 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-11-16 20:54 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-15 17:04 - 2013-12-23 13:32 - 00000000 ____D () C:\Users\User\AppData\Roaming\FileZilla
2014-11-14 23:08 - 2013-12-08 18:53 - 00000000 ____D () C:\Users\User\AppData\Roaming\TS3Client
2014-11-14 18:07 - 2014-01-06 22:18 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-11-14 13:41 - 2012-05-03 13:55 - 00000000 ____D () C:\Users\User\AppData\Local\Akamai
2014-11-14 13:23 - 2009-07-14 05:45 - 00499648 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 22:04 - 2010-12-29 15:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 21:51 - 2013-08-18 12:26 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 21:47 - 2010-12-29 12:44 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-13 21:40 - 2013-12-31 13:27 - 00000000 ____D () C:\Users\User\.gimp-2.8
2014-11-13 18:45 - 2013-12-31 13:30 - 00000000 ____D () C:\Users\User\AppData\Local\gtk-2.0
2014-11-12 16:32 - 2012-05-17 09:29 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 16:32 - 2012-05-17 09:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 16:32 - 2012-05-17 09:29 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-08 21:47 - 2013-12-26 16:56 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-31 17:31 - 2013-12-14 09:37 - 00000000 ___RD () C:\Users\User\Desktop\Alles
2014-10-28 18:11 - 2013-12-08 18:41 - 00000000 ____D () C:\Users\User\AppData\Local\TeamSpeak 3 Client
2014-10-27 11:00 - 2014-03-13 08:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-27 11:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-10-27 10:57 - 2014-01-04 11:24 - 00000000 ____D () C:\Users\User\AppData\Roaming\.technic
2014-10-27 10:21 - 2014-07-09 15:39 - 00000000 ____D () C:\Program Files (x86)\Cinema 4D R12
2014-10-27 10:20 - 2013-12-18 17:03 - 00000000 ____D () C:\Users\User\AppData\Roaming\uTorrent
2014-10-27 10:19 - 2014-06-02 13:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014
2014-10-27 10:14 - 2012-10-07 12:37 - 00000000 ____D () C:\ProgramData\Avira
2014-10-27 10:07 - 2013-12-19 14:07 - 00000190 _____ () C:\Users\User\AppData\Roaming\WB.CFG
2014-10-27 10:02 - 2014-01-17 20:08 - 00000000 ____D () C:\Program Files\Paint.NET
2014-10-26 11:27 - 2014-01-17 20:08 - 00000000 ____D () C:\Users\User\AppData\Local\Paint.NET
2014-10-22 11:59 - 2010-12-29 13:18 - 00000000 ____D () C:\Users\User\AppData\Roaming\Ahead
2014-10-19 20:39 - 2014-10-10 13:04 - 00000000 ____D () C:\Users\User\.tupi
2014-10-19 18:15 - 2014-10-10 16:04 - 00017408 ___SH () C:\Users\User\Thumbs.db
2014-10-18 18:06 - 2014-04-29 13:00 - 00000000 ____D () C:\Users\User\Downloads\Alles
2014-10-18 15:11 - 2011-08-24 18:50 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-18 15:11 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-18 15:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy

Files to move or delete:
====================
C:\Users\User\jdk-7u2-windows-x64.exe


Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-08 19:52

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 18.11.2014 09:06

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:03 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19