Alle Browser voll mit Werbung :(

joker-74 · 03.05.2014, 16:36

Hallo liebe Boardbetreiber,
seit ein paar Tagen sind auf meinem Win7-Pc alle Browser (IE, Chrome, Safari) voll mit direkter und indirekter Werbung. Damit meine ich Werbeanzeige aber auch unterstrichene Textpassagen bei denen sich Werbefenster öffnen.

Angezeigt werden bei den Werbefenstern der Hinweis (Ads bei RRsavings)

Davon hatte ich auch was auf dem PC und habe es gelöscht.
ADWcleaner habe ich auch drüberlaufen lassen, ohne Erfolg.
Ich habe sogar Chrome deinstalliert und neu aufgespielt, auch ohne Erfolg.

Was kann ich denn noch machen ?

Danke und Gruss

Tobias

Aneri · 03.05.2014, 17:29

Hallo

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

joker-74 · 03.05.2014, 17:46

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2014
Ran by Tobias (administrator) on ATLAS2009 on 03-05-2014 18:42:44
Running from C:\Users\Tobias\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files\RrFilter\RrFilterService64.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Google Inc.) C:\Users\Tobias\AppData\Local\Google\Update\GoogleUpdate.exe
(Apple Inc.) C:\Program Files (x86)\Safari\Safari.exe
(Apple Inc.) C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
(Farbar) C:\Users\Tobias\Downloads\FRST64-1.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [357800 2009-09-12] (Acronis)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [170496 2010-08-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5082488 2009-09-12] (Acronis)
HKLM-x32\...\Run: [NBKeyScan] => C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe [1647912 2008-02-21] (Nero AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [TrayServer] => C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Plus_Sonderedition\TrayServer_de.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-12-15] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-09-28] (cyberlink)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\S-1-5-21-1912748275-1438894252-2416606352-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-1912748275-1438894252-2416606352-1001\...\Run: [Google Update] => C:\Users\Tobias\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-07-17] (Google Inc.)
HKU\S-1-5-21-1912748275-1438894252-2416606352-1001\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-1912748275-1438894252-2416606352-1001\...\Run: [MyTomTomSA.exe] => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [455608 2013-05-23] (TomTom)
HKU\S-1-5-21-1912748275-1438894252-2416606352-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1912748275-1438894252-2416606352-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1912748275-1438894252-2416606352-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-1912748275-1438894252-2416606352-1001\...\MountPoints2: {23dfd0cd-bdcf-11e1-9985-806e6f6e6963} - E:\LxSetup.exe
HKU\S-1-5-21-1912748275-1438894252-2416606352-1001\...\MountPoints2: {b2848de8-cbcc-11de-a1a3-806e6f6e6963} - E:\menu.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken 2011 Zahlungserinnerung.lnk
ShortcutTarget: Quicken 2011 Zahlungserinnerung.lnk -> C:\Program Files (x86)\Lexware\Quicken\2011\billmind.exe (Haufe-Lexware GmbH & Co. KG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken 2012 Zahlungserinnerung.lnk
ShortcutTarget: Quicken 2012 Zahlungserinnerung.lnk -> C:\Windows\Installer\{2FC7CE3A-23E5-41E8-975B-AA0236D649FD}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe (Macrovision Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken 2014 Zahlungserinnerung.lnk
ShortcutTarget: Quicken 2014 Zahlungserinnerung.lnk -> C:\Windows\Installer\{E60036CF-1E46-4DFE-832F-5476574B30FF}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe (Macrovision Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40B3E4B65659CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKCU - DefaultScope {13FE1EC1-AE95-4985-BE31-11DCBBA1462D} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {13FE1EC1-AE95-4985-BE31-11DCBBA1462D} URL = https://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: HKLM-x32 {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\slxwl3uk.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Tobias\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Tobias\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Tobias\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Tobias\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Tobias\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Tobias\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Amazon-Icon - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\slxwl3uk.default\Extensions\amazon-icon@giga.de [2014-04-28]
FF Extension: No Name - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\slxwl3uk.default\Extensions\staged [2014-04-28]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 BRA_Scheduler; C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [99328 2013-05-31] ()
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] ()
R2 RrFilterService64; c:\Program Files\RrFilter\RrFilterService64.exe [171008 2014-03-06] ()
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [245760 2011-02-18] ()

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [61736 2014-02-28] (NetFilterSDK.com)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [1455648 2009-11-08] (Acronis)
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31384 2012-11-01] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-03 18:39 - 2014-05-03 18:40 - 02062336 _____ (Farbar) C:\Users\Tobias\Downloads\FRST64-1.exe
2014-05-03 18:12 - 2014-05-03 18:14 - 00000000 ____D () C:\Users\Tobias\Documents\Foto sortieren
2014-05-03 14:51 - 2014-05-03 18:34 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-03 14:50 - 2014-05-03 14:50 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-03 14:50 - 2014-05-03 14:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-03 14:50 - 2014-05-03 14:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-03 14:50 - 2014-05-03 14:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-03 14:50 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-03 14:50 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-03 14:50 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-03 14:49 - 2014-05-03 14:49 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Tobias\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-03 14:03 - 2014-05-03 14:04 - 01310621 _____ () C:\Users\Tobias\Downloads\adwcleaner (2).exe
2014-05-03 14:00 - 2014-05-03 14:03 - 00039314 _____ () C:\Users\Tobias\Downloads\Addition.txt
2014-05-03 13:59 - 2014-05-03 18:42 - 00017190 _____ () C:\Users\Tobias\Downloads\FRST.txt
2014-05-03 13:58 - 2014-05-03 18:42 - 00000000 ____D () C:\FRST
2014-05-03 13:58 - 2014-05-03 13:58 - 02062336 _____ (Farbar) C:\Users\Tobias\Downloads\FRST64.exe
2014-05-03 13:26 - 2014-04-29 18:00 - 23133184 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-03 13:26 - 2014-04-29 17:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-03 13:26 - 2014-04-29 16:47 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-03 13:26 - 2014-04-29 16:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-03 12:33 - 2014-05-03 17:30 - 00000000 ____D () C:\Program Files\RrFilter
2014-05-03 12:32 - 2014-05-03 15:52 - 00000000 ____D () C:\Program Files\rrsavings
2014-05-03 12:32 - 2014-05-03 13:34 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-05-03 12:32 - 2014-05-03 12:32 - 00000000 ____D () C:\Program Files (x86)\Rr Savings
2014-05-03 12:30 - 2014-05-03 15:08 - 00000000 ____D () C:\Program Files\002
2014-05-02 16:54 - 2014-05-02 16:54 - 02781696 _____ () C:\Users\Tobias\Downloads\LCC2.6.1De.xls
2014-05-01 13:40 - 2014-05-01 13:40 - 00001374 _____ () C:\Users\Tobias\Desktop\CopyTrans Control Center.lnk
2014-05-01 13:40 - 2014-05-01 13:40 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Suite
2014-05-01 13:39 - 2014-05-01 13:52 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\WindSolutions
2014-05-01 13:39 - 2014-05-01 13:41 - 00000000 ____D () C:\ProgramData\WindSolutions
2014-05-01 13:37 - 2014-05-01 13:38 - 04279392 _____ (WindSolutions) C:\Users\Tobias\Downloads\Install_CopyTrans_Suite.exe
2014-04-28 18:23 - 2014-04-28 18:23 - 01310283 _____ () C:\Users\Tobias\Downloads\adwcleaner (1).exe
2014-04-28 18:22 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-04-28 18:21 - 2014-05-03 15:56 - 00000000 ____D () C:\AdwCleaner
2014-04-28 18:21 - 2014-04-28 18:21 - 01310283 _____ () C:\Users\Tobias\Downloads\adwcleaner.exe
2014-04-28 18:09 - 2014-04-28 18:17 - 00014336 ___SH () C:\Users\Tobias\Thumbs.db
2014-04-28 17:51 - 2014-04-28 17:51 - 00000000 ____D () C:\ProgramData\IePluginService
2014-04-28 17:50 - 2014-04-28 17:50 - 00000000 ____D () C:\ProgramData\WPM
2014-04-28 17:48 - 2014-04-28 17:48 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Security System 2
2014-04-28 17:47 - 2014-04-28 17:47 - 00000000 ____D () C:\Users\Tobias\ChromeExtensions
2014-04-28 17:47 - 2014-04-28 17:47 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Tempdcecf01954c4ecc2d3c6c003f8404ab0
2014-04-28 17:20 - 2014-04-28 17:20 - 00087704 _____ () C:\Windows\cadkasdeinst01.exe
2014-04-28 17:20 - 2014-04-28 17:20 - 00000992 _____ () C:\Users\UpdatusUser\Desktop\PDF Passwort Knacker 2.0.lnk
2014-04-28 17:20 - 2014-04-28 17:20 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\CAD-KAS
2014-04-28 17:20 - 2014-04-28 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Passwort Knacker 2.0
2014-04-28 17:19 - 2014-04-28 17:19 - 00000188 _____ () C:\Users\Tobias\Desktop\Amazon.de.url
2014-04-28 17:19 - 2014-04-28 17:19 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Tempf860118e96ab33ceb0dcbaf83538eff8
2014-04-28 17:16 - 2014-04-28 17:16 - 00381759 _____ () C:\Users\Tobias\Downloads\guapdf33.zip
2014-04-28 17:16 - 2014-04-28 17:16 - 00000000 ____D () C:\Users\Tobias\Downloads\guapdf33
2014-04-28 17:14 - 2014-04-28 17:14 - 00748073 _____ () C:\Users\Tobias\Downloads\pdfcrack-0.11.zip
2014-04-28 17:14 - 2014-04-28 17:14 - 00000000 ____D () C:\Users\Tobias\Downloads\pdfcrack-0.11
2014-04-28 11:17 - 2014-04-28 11:17 - 00291608 _____ () C:\Windows\Minidump\042814-23228-01.dmp
2014-04-28 11:07 - 2014-04-28 17:05 - 00000000 ____D () C:\zuercher
2014-04-28 11:05 - 2014-04-28 11:05 - 04968079 _____ (Tim Kosse) C:\Users\Tobias\Downloads\FileZilla_3.8.0_win32-setup.exe
2014-04-27 14:37 - 2014-04-27 14:37 - 00011232 _____ () C:\Users\Tobias\Downloads\27-4-2014_14-38-44.xls
2014-04-27 14:03 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-27 14:03 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-27 14:03 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-27 14:03 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-27 14:01 - 2014-04-27 14:03 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-10 08:15 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 08:15 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-10 08:15 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-10 08:15 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-10 08:15 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-10 08:15 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-10 08:15 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-10 08:15 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-10 08:14 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-10 08:14 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-10 08:14 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

==================== One Month Modified Files and Folders =======

2014-05-03 18:42 - 2014-05-03 13:59 - 00017190 _____ () C:\Users\Tobias\Downloads\FRST.txt
2014-05-03 18:42 - 2014-05-03 13:58 - 00000000 ____D () C:\FRST
2014-05-03 18:40 - 2014-05-03 18:39 - 02062336 _____ (Farbar) C:\Users\Tobias\Downloads\FRST64-1.exe
2014-05-03 18:39 - 2013-12-21 11:43 - 00000000 ____D () C:\Users\Tobias\AppData\Local\2EF3FC84-516F-4456-97FF-540BCBA957D0.aplzod
2014-05-03 18:39 - 2009-11-07 20:41 - 01516333 _____ () C:\Windows\WindowsUpdate.log
2014-05-03 18:34 - 2014-05-03 14:51 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-03 18:14 - 2014-05-03 18:12 - 00000000 ____D () C:\Users\Tobias\Documents\Foto sortieren
2014-05-03 17:57 - 2011-03-05 23:38 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-03 17:57 - 2010-07-17 12:46 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1912748275-1438894252-2416606352-1001UA.job
2014-05-03 17:49 - 2012-04-20 16:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-03 17:30 - 2014-05-03 12:33 - 00000000 ____D () C:\Program Files\RrFilter
2014-05-03 17:18 - 2009-12-25 20:30 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Apple Computer
2014-05-03 17:13 - 2009-07-14 06:45 - 00014624 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-03 17:13 - 2009-07-14 06:45 - 00014624 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-03 17:06 - 2011-03-05 23:38 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-03 17:05 - 2012-12-23 19:15 - 00000000 ____D () C:\ProgramData\VMware
2014-05-03 17:05 - 2009-11-08 17:32 - 00022266 _____ () C:\Windows\PFRO.log
2014-05-03 17:05 - 2009-11-08 17:27 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-03 17:05 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-03 17:05 - 2009-07-14 06:51 - 00113050 _____ () C:\Windows\setupact.log
2014-05-03 16:57 - 2010-07-17 12:46 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1912748275-1438894252-2416606352-1001Core.job
2014-05-03 15:56 - 2014-04-28 18:21 - 00000000 ____D () C:\AdwCleaner
2014-05-03 15:53 - 2011-03-05 23:38 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-03 15:52 - 2014-05-03 12:32 - 00000000 ____D () C:\Program Files\rrsavings
2014-05-03 15:08 - 2014-05-03 12:30 - 00000000 ____D () C:\Program Files\002
2014-05-03 14:50 - 2014-05-03 14:50 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-03 14:50 - 2014-05-03 14:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-03 14:50 - 2014-05-03 14:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-03 14:50 - 2014-05-03 14:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-03 14:49 - 2014-05-03 14:49 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Tobias\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-03 14:04 - 2014-05-03 14:03 - 01310621 _____ () C:\Users\Tobias\Downloads\adwcleaner (2).exe
2014-05-03 14:03 - 2014-05-03 14:00 - 00039314 _____ () C:\Users\Tobias\Downloads\Addition.txt
2014-05-03 13:58 - 2014-05-03 13:58 - 02062336 _____ (Farbar) C:\Users\Tobias\Downloads\FRST64.exe
2014-05-03 13:34 - 2014-05-03 12:32 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-05-03 13:34 - 2013-06-05 20:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-03 13:34 - 2009-11-07 20:53 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{57765880-971A-4BB6-91ED-F4F0F9DEA26D}
2014-05-03 12:32 - 2014-05-03 12:32 - 00000000 ____D () C:\Program Files (x86)\Rr Savings
2014-05-03 12:32 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-03 12:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-05-02 16:54 - 2014-05-02 16:54 - 02781696 _____ () C:\Users\Tobias\Downloads\LCC2.6.1De.xls
2014-05-01 17:02 - 2009-07-14 19:58 - 00658766 _____ () C:\Windows\system32\perfh007.dat
2014-05-01 17:02 - 2009-07-14 19:58 - 00131924 _____ () C:\Windows\system32\perfc007.dat
2014-05-01 17:02 - 2009-07-14 07:13 - 01507084 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-01 15:57 - 2012-12-23 19:17 - 00000000 ____D () C:\Users\Tobias\AppData\Local\VMware
2014-05-01 15:37 - 2012-12-23 19:17 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\VMware
2014-05-01 13:52 - 2014-05-01 13:39 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\WindSolutions
2014-05-01 13:41 - 2014-05-01 13:39 - 00000000 ____D () C:\ProgramData\WindSolutions
2014-05-01 13:40 - 2014-05-01 13:40 - 00001374 _____ () C:\Users\Tobias\Desktop\CopyTrans Control Center.lnk
2014-05-01 13:40 - 2014-05-01 13:40 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Suite
2014-05-01 13:38 - 2014-05-01 13:37 - 04279392 _____ (WindSolutions) C:\Users\Tobias\Downloads\Install_CopyTrans_Suite.exe
2014-04-30 18:49 - 2012-04-20 16:36 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-30 18:49 - 2012-04-20 16:36 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-30 18:49 - 2011-06-18 15:26 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-29 19:01 - 2013-05-13 23:30 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Mozilla
2014-04-29 18:00 - 2014-05-03 13:26 - 23133184 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 17:24 - 2014-05-03 13:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 16:47 - 2014-05-03 13:26 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 16:14 - 2014-05-03 13:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-28 18:24 - 2009-11-07 20:47 - 00000997 _____ () C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-28 18:23 - 2014-04-28 18:23 - 01310283 _____ () C:\Users\Tobias\Downloads\adwcleaner (1).exe
2014-04-28 18:21 - 2014-04-28 18:21 - 01310283 _____ () C:\Users\Tobias\Downloads\adwcleaner.exe
2014-04-28 18:17 - 2014-04-28 18:09 - 00014336 ___SH () C:\Users\Tobias\Thumbs.db
2014-04-28 18:09 - 2009-11-07 20:45 - 00000000 ____D () C:\Users\Tobias
2014-04-28 17:51 - 2014-04-28 17:51 - 00000000 ____D () C:\ProgramData\IePluginService
2014-04-28 17:50 - 2014-04-28 17:50 - 00000000 ____D () C:\ProgramData\WPM
2014-04-28 17:48 - 2014-04-28 17:48 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Security System 2
2014-04-28 17:47 - 2014-04-28 17:47 - 00000000 ____D () C:\Users\Tobias\ChromeExtensions
2014-04-28 17:47 - 2014-04-28 17:47 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Tempdcecf01954c4ecc2d3c6c003f8404ab0
2014-04-28 17:20 - 2014-04-28 17:20 - 00087704 _____ () C:\Windows\cadkasdeinst01.exe
2014-04-28 17:20 - 2014-04-28 17:20 - 00000992 _____ () C:\Users\UpdatusUser\Desktop\PDF Passwort Knacker 2.0.lnk
2014-04-28 17:20 - 2014-04-28 17:20 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\CAD-KAS
2014-04-28 17:20 - 2014-04-28 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Passwort Knacker 2.0
2014-04-28 17:19 - 2014-04-28 17:19 - 00000188 _____ () C:\Users\Tobias\Desktop\Amazon.de.url
2014-04-28 17:19 - 2014-04-28 17:19 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Tempf860118e96ab33ceb0dcbaf83538eff8
2014-04-28 17:16 - 2014-04-28 17:16 - 00381759 _____ () C:\Users\Tobias\Downloads\guapdf33.zip
2014-04-28 17:16 - 2014-04-28 17:16 - 00000000 ____D () C:\Users\Tobias\Downloads\guapdf33
2014-04-28 17:14 - 2014-04-28 17:14 - 00748073 _____ () C:\Users\Tobias\Downloads\pdfcrack-0.11.zip
2014-04-28 17:14 - 2014-04-28 17:14 - 00000000 ____D () C:\Users\Tobias\Downloads\pdfcrack-0.11
2014-04-28 17:11 - 2014-02-16 16:16 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\FileZilla
2014-04-28 17:05 - 2014-04-28 11:07 - 00000000 ____D () C:\zuercher
2014-04-28 11:17 - 2014-04-28 11:17 - 00291608 _____ () C:\Windows\Minidump\042814-23228-01.dmp
2014-04-28 11:17 - 2013-02-16 17:09 - 409504673 _____ () C:\Windows\MEMORY.DMP
2014-04-28 11:17 - 2013-02-16 17:09 - 00000000 ____D () C:\Windows\Minidump
2014-04-28 11:06 - 2014-02-16 16:16 - 00002004 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2014-04-28 11:06 - 2014-02-16 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-04-28 11:06 - 2014-02-16 16:16 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-04-28 11:05 - 2014-04-28 11:05 - 04968079 _____ (Tim Kosse) C:\Users\Tobias\Downloads\FileZilla_3.8.0_win32-setup.exe
2014-04-27 14:37 - 2014-04-27 14:37 - 00011232 _____ () C:\Users\Tobias\Downloads\27-4-2014_14-38-44.xls
2014-04-27 14:04 - 2013-10-15 09:01 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-27 14:03 - 2014-04-27 14:01 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-27 14:03 - 2010-08-08 17:45 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-14 20:13 - 2014-04-27 14:03 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-04-27 14:03 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-04-27 14:03 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-04-27 14:03 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-10 16:32 - 2009-11-08 17:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 16:31 - 2013-08-16 19:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 16:29 - 2009-11-08 17:20 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-10 16:11 - 2010-10-17 12:24 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Skype
2014-04-05 12:49 - 2013-08-11 11:16 - 00000116 _____ () C:\Users\Tobias\Desktop\Domains zum Verkauf.txt
2014-04-03 22:31 - 2011-01-29 12:19 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-04-03 22:31 - 2009-11-08 11:24 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-04-03 22:30 - 2011-01-29 12:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-04-03 22:30 - 2011-01-29 12:18 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-03 21:53 - 2011-03-05 23:38 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-03 21:52 - 2011-03-05 23:38 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-03 09:51 - 2014-05-03 14:50 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-05-03 14:50 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-05-03 14:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\Tobias\AppData\Local\Temp\amazonicon_v4.exe
C:\Users\Tobias\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Tobias\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Tobias\AppData\Local\Temp\foxy_security.exe
C:\Users\Tobias\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Tobias\AppData\Local\Temp\gmx_profifax.exe
C:\Users\Tobias\AppData\Local\Temp\InstallAX.exe
C:\Users\Tobias\AppData\Local\Temp\jna1095421795736581034.dll
C:\Users\Tobias\AppData\Local\Temp\jna1123578309078188702.dll
C:\Users\Tobias\AppData\Local\Temp\jna1177004305931060557.dll
C:\Users\Tobias\AppData\Local\Temp\jna1194016804594777520.dll
C:\Users\Tobias\AppData\Local\Temp\jna1209570402970600278.dll
C:\Users\Tobias\AppData\Local\Temp\jna1316850354341660575.dll
C:\Users\Tobias\AppData\Local\Temp\jna1320327137265524510.dll
C:\Users\Tobias\AppData\Local\Temp\jna1417874950152804185.dll
C:\Users\Tobias\AppData\Local\Temp\jna1427687269147188018.dll
C:\Users\Tobias\AppData\Local\Temp\jna1612049123059380528.dll
C:\Users\Tobias\AppData\Local\Temp\jna1931379354932422041.dll
C:\Users\Tobias\AppData\Local\Temp\jna2040549889524574718.dll
C:\Users\Tobias\AppData\Local\Temp\jna2145940928860273112.dll
C:\Users\Tobias\AppData\Local\Temp\jna2149138522789985723.dll
C:\Users\Tobias\AppData\Local\Temp\jna2562307938816106956.dll
C:\Users\Tobias\AppData\Local\Temp\jna2645241955458071381.dll
C:\Users\Tobias\AppData\Local\Temp\jna2647982979636430442.dll
C:\Users\Tobias\AppData\Local\Temp\jna3029404812256991792.dll
C:\Users\Tobias\AppData\Local\Temp\jna3131221519317604284.dll
C:\Users\Tobias\AppData\Local\Temp\jna3398235810869817740.dll
C:\Users\Tobias\AppData\Local\Temp\jna3796618853969797425.dll
C:\Users\Tobias\AppData\Local\Temp\jna439067991644773962.dll
C:\Users\Tobias\AppData\Local\Temp\jna4468685365190217755.dll
C:\Users\Tobias\AppData\Local\Temp\jna4492847005880769216.dll
C:\Users\Tobias\AppData\Local\Temp\jna4566372595202464940.dll
C:\Users\Tobias\AppData\Local\Temp\jna4646069399920983673.dll
C:\Users\Tobias\AppData\Local\Temp\jna4675374199073848542.dll
C:\Users\Tobias\AppData\Local\Temp\jna4701518030035338562.dll
C:\Users\Tobias\AppData\Local\Temp\jna5281292705039461184.dll
C:\Users\Tobias\AppData\Local\Temp\jna5287735317982675519.dll
C:\Users\Tobias\AppData\Local\Temp\jna5310953448346048806.dll
C:\Users\Tobias\AppData\Local\Temp\jna5606693493808529867.dll
C:\Users\Tobias\AppData\Local\Temp\jna5990992448786159631.dll
C:\Users\Tobias\AppData\Local\Temp\jna6301869354555116298.dll
C:\Users\Tobias\AppData\Local\Temp\jna6528488123304330998.dll
C:\Users\Tobias\AppData\Local\Temp\jna6676285085710582051.dll
C:\Users\Tobias\AppData\Local\Temp\jna6806204372326170234.dll
C:\Users\Tobias\AppData\Local\Temp\jna6975941712846902349.dll
C:\Users\Tobias\AppData\Local\Temp\jna7262009280037669927.dll
C:\Users\Tobias\AppData\Local\Temp\jna7306675535069412212.dll
C:\Users\Tobias\AppData\Local\Temp\jna7306793754233918768.dll
C:\Users\Tobias\AppData\Local\Temp\jna7365426597139487482.dll
C:\Users\Tobias\AppData\Local\Temp\jna7372389287409653003.dll
C:\Users\Tobias\AppData\Local\Temp\jna8069476219860835686.dll
C:\Users\Tobias\AppData\Local\Temp\jna8199127360731399530.dll
C:\Users\Tobias\AppData\Local\Temp\jna8402625619444471009.dll
C:\Users\Tobias\AppData\Local\Temp\jna9029404399794527354.dll
C:\Users\Tobias\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Tobias\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Tobias\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Tobias\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Tobias\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Tobias\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Tobias\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Tobias\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\Tobias\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Tobias\AppData\Local\Temp\jre-6u34-windows-i586-iftw.exe
C:\Users\Tobias\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Tobias\AppData\Local\Temp\jre-6u38-windows-i586-iftw.exe
C:\Users\Tobias\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Tobias\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Tobias\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Tobias\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Tobias\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Tobias\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Tobias\AppData\Local\Temp\ose00000.exe
C:\Users\Tobias\AppData\Local\Temp\pdfknacker!.exe
C:\Users\Tobias\AppData\Local\Temp\Quarantine.exe
C:\Users\Tobias\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Tobias\AppData\Local\Temp\sdapskill.exe
C:\Users\Tobias\AppData\Local\Temp\sdaspwn.exe
C:\Users\Tobias\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Tobias\AppData\Local\Temp\wmpfirefoxplugin.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-01 13:07

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2014
Ran by Tobias at 2014-05-03 18:43:20
Running from C:\Users\Tobias\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Acronis*True*Image*Home (HKLM-x32\...\{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}) (Version: 13.0.5055 - Acronis)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BRAdmin Professional 3 (HKLM-x32\...\{75C885D4-C758-4896-A3B4-90DA34B44C31}) (Version: 3.51.0007 - Brother)
Bullzip PDF Printer 7.0.0.928 (HKLM\...\Bullzip PDF Printer_is1) (Version:  - Bullzip)
CS 2.12 (HKLM-x32\...\{F343BE74-1486-4AE6-8FD2-8D548B88331B}) (Version: 2.12 - capaq GmbH)
DDBAC (HKLM-x32\...\{E3B6D3FB-A593-41BA-9AB1-FFE46F608565}) (Version: 5.3.21 - DataDesign)
EAR (HKCU\...\EAR) (Version:  - Stiftung Elektro-Altgeraete Register)
FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG)
Free Audio CD Burner version 1.4 (HKLM-x32\...\Free Audio CD Burner_is1) (Version:  - DVDVideoSoft Limited.)
Free YouTube to MP3 Converter version 3.8 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version:  - DVDVideoSoft Limited.)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
GMX ProfiFax (HKLM-x32\...\GMX ProfiFax) (Version: 2.00.236 - 1&1 Mail & Media GmbH)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{8E29C1CE-346A-3F59-AE22-8C5B7F230498}) (Version: 5.3.1.18536 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
GPL Ghostscript Lite 8.64 (HKLM-x32\...\GPL Ghostscript Lite_is1) (Version:  - )
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.27 - Irfan Skiljan)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 13 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416013FF}) (Version: 6.0.130 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Lexware Abschreibungsrechner (HKLM-x32\...\{25F5FB5A-5BFF-4E13-ADCD-A450DF51018C}) (Version: 10.00.04.0001 - Haufe-Lexware GmbH & Co.KG)
Lexware Elster (HKLM-x32\...\{729E4446-B410-4735-BDDD-39B37EAF9D54}) (Version: 10.10.00.0110 - Haufe-Lexware GmbH & Co.KG)
Lexware Info Service (HKLM-x32\...\{8AE7E507-BC49-4DF0-A236-26878691AB53}) (Version: 2.90.00.0009 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (HKLM-x32\...\{A64DF516-9CDC-4299-BD34-2B2C80CD453B}) (Version: 19.00.00.0059 - Haufe-Lexware GmbH & Co.KG)
LG Burning Tool (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.6009 - CyberLink Corp.)
LG Burning Tool (x32 Version: 6.2.6009 - CyberLink Corp.) Hidden
LG CyberLink BD Advisor (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version: 2.0.4606 - CyberLink Corp.)
LG CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
LG CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
LG CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2820 - CyberLink Corp.)
LG CyberLink Media Suite (x32 Version: 8.0.2820 - CyberLink Corp.) Hidden
LG CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1622_37397b - CyberLink Corp.)
LG CyberLink MediaEspresso (x32 Version: 6.5.1622_37397b - CyberLink Corp.) Hidden
LG CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3402 - CyberLink Corp.)
LG CyberLink MediaShow (x32 Version: 4.1.3402 - CyberLink Corp.) Hidden
LG CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3424.52 - CyberLink Corp.)
LG CyberLink PowerDVD (x32 Version: 10.0.3424.52 - CyberLink Corp.) Hidden
LG CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2820a - CyberLink Corp.)
LG CyberLink PowerProducer (x32 Version: 5.0.2.2820a - CyberLink Corp.) Hidden
LG Tool Kit (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 9.01.1124.01 - )
MAGIX Screenshare (HKLM-x32\...\MAGIX_{06A60F3C-B270-42FE-B49E-244657482573}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Screenshare (x32 Version: 4.3.6.1987 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{AB4633CC-E18D-44E0-BFAE-A08704564FDF}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (x32 Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Video deluxe MX Plus Sonderedition (HKLM-x32\...\MAGIX_{876C2B35-5C72-4E21-8BAA-67BAE24E35E2}) (Version: 11.0.5.0 - MAGIX AG)
MAGIX Video deluxe MX Plus Sonderedition (x32 Version: 11.0.5.0 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95120000-0122-0407-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyTomTom 3.2.0.1116 (HKLM-x32\...\MyTomTom) (Version: 3.2.0.1116 - TomTom)
Nero BackItUp 2 Essentials (HKLM-x32\...\{DF9F9A90-CEFD-4808-815F-E16932271031}) (Version: 7.03.1040 - Nero AG)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Nur Entfernen der CopyTrans Suite möglich (HKCU\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Quicken 2011 - ServicePack 4 (HKLM-x32\...\{9DC1A9BA-070A-455F-8AC3-62587524ADFB}) (Version: 18.04.00.0123 - Haufe-Lexware GmbH & Co KG)
Quicken 2011 (x32 Version: 18.00.00.0084 - Lexware GmbH & Co. KG) Hidden
Quicken DELUXE 2014 (HKLM-x32\...\{E60036CF-1E46-4DFE-832F-5476574B30FF}) (Version: 21.37.00.0185 - Haufe-Lexware GmbH & Co.KG)
Quicken HOME & BUSINESS 2011 (HKLM-x32\...\InstallShield_{E259DE5F-4980-4882-85D0-312F82721ED5}) (Version: 18.00.00.0084 - Lexware GmbH & Co. KG)
Quicken HOME & BUSINESS 2012 (HKLM-x32\...\{2FC7CE3A-23E5-41E8-975B-AA0236D649FD}) (Version: 19.36.00.0165 - Haufe-Lexware GmbH & Co.KG)
Quicken Import Export Server 2012 (HKLM-x32\...\{7FC74607-ED6E-49C3-87FA-56B50A2EE158}) (Version: 19.30.00.0134 - Haufe-Lexware GmbH & Co.KG)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RrSavings (x32 Version: 1.0.0.0 - RrSavings) Hidden <==== ATTENTION
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Securita Scout (HKLM-x32\...\Securita Scout) (Version:  - )
Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005 - Haufe-Lexware) Hidden
simplitec simplicheck (HKLM-x32\...\{B73AFF76-53AD-464D-93D5-5A4E6CAAB893}) (Version: 1.2.3.0 - simplitec GmbH)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version:  - )
tools-windows (x32 Version: 9.2.2.894247 - VMware, Inc.) Hidden
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version:  - Microsoft)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 5.0.1 - VMware, Inc)
VMware Player (Version: 5.0.1 - VMware, Inc.) Hidden
VoiceOver Kit (HKLM-x32\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
Wertpapieranalyse 2011 (HKLM-x32\...\{F625701A-E55C-47B4-8FC0-52B4FFE306BB}) (Version: 1.00.0003 - Haufe-Lexware GmbH & Co. KG)
Wertpapieranalyse 2012 (HKLM-x32\...\{223766BE-E834-47AF-B002-0BAC11A37812}) (Version: 1.00.0006 - Haufe-Lexware GmbH & Co. KG)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 14.0.8098.930 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)

==================== Restore Points  =========================

08-04-2014 17:11:16 Windows Update
10-04-2014 14:27:44 Windows Update
27-04-2014 11:57:59 Installed Java 7 Update 55
27-04-2014 12:10:47 Windows Update
01-05-2014 10:47:23 Windows Update
03-05-2014 11:25:42 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {02C0C376-3D29-4278-8E0B-A7699E4A7755} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1912748275-1438894252-2416606352-1001Core => C:\Users\Tobias\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-17] (Google Inc.)
Task: {911E9CFF-B8FE-4935-AD2F-DD8ED4907D0D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-24] (Google Inc.)
Task: {AFBB6633-B9D3-47E9-9D9B-A3AB32BAC193} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1912748275-1438894252-2416606352-1001UA => C:\Users\Tobias\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-17] (Google Inc.)
Task: {F2A04BFF-8A7C-4C7B-A218-2B64C362D6A2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-24] (Google Inc.)
Task: {F6A403B9-98DF-41CA-8885-BD40079E726C} - System32\Tasks\{4A95ADFC-558E-4AEA-8568-4B85F8CA66AD} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {F923C6B7-0039-424E-A195-F58F8584FAD1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FE319B44-4040-4335-9DFD-1DC6521C4234} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-30] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1912748275-1438894252-2416606352-1001Core.job => C:\Users\Tobias\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1912748275-1438894252-2416606352-1001UA.job => C:\Users\Tobias\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-11-18 13:48 - 2013-01-18 17:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-02-16 17:07 - 2013-05-31 16:02 - 00099328 _____ () C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
2012-06-24 10:07 - 2009-07-02 16:02 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-03-06 15:52 - 2014-03-06 15:52 - 00171008 _____ () c:\Program Files\RrFilter\RrFilterService64.exe
2014-03-04 13:25 - 2014-03-04 13:25 - 00110080 _____ () c:\Program Files\RrFilter\nfapi.dll
2014-03-04 13:25 - 2014-03-04 13:25 - 00317952 _____ () c:\Program Files\RrFilter\ProtocolFilters.dll
2011-02-18 08:18 - 2011-02-18 08:18 - 00245760 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-01 03:34 - 2012-11-01 03:34 - 01260184 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2009-12-15 13:46 - 2009-12-15 13:46 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-12-15 13:49 - 2009-12-15 13:49 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2012-03-22 11:40 - 2012-03-22 11:40 - 00087912 _____ () C:\Program Files (x86)\Safari\Apple Application Support\zlib1.dll
2012-03-22 11:40 - 2012-03-22 11:40 - 01242472 _____ () C:\Program Files (x86)\Safari\Apple Application Support\libxml2.dll
2014-03-28 11:35 - 2014-03-28 11:35 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: LGODDFU => "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/03/2014 01:38:43 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.16521, Zeitstempel: 0x53114399
Name des fehlerhaften Moduls: nvwgf2um.dll, Version: 9.18.13.1106, Zeitstempel: 0x50f9458d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001a2519
ID des fehlerhaften Prozesses: 0xe80
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (05/03/2014 00:33:01 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: MsiExec.exe, Version: 5.0.7601.17514, Zeitstempel: 0x4ce792c4
Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.18222, Zeitstempel: 0x51f1d731
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x0008660a
ID des fehlerhaften Prozesses: 0x1a74
Startzeit der fehlerhaften Anwendung: 0xMsiExec.exe0
Pfad der fehlerhaften Anwendung: MsiExec.exe1
Pfad des fehlerhaften Moduls: MsiExec.exe2
Berichtskennung: MsiExec.exe3

Error: (05/03/2014 00:23:51 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats von <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E.crt>. Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.
.

Error: (05/02/2014 05:08:31 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats von <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E.crt>. Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.
.

Error: (04/28/2014 06:22:37 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: adwcleaner.exe, Version: 3.2.0.5, Zeitstempel: 0x4f25baec
Name des fehlerhaften Moduls: adwcleaner.exe, Version: 3.2.0.5, Zeitstempel: 0x4f25baec
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000111c9
ID des fehlerhaften Prozesses: 0x120c
Startzeit der fehlerhaften Anwendung: 0xadwcleaner.exe0
Pfad der fehlerhaften Anwendung: adwcleaner.exe1
Pfad des fehlerhaften Moduls: adwcleaner.exe2
Berichtskennung: adwcleaner.exe3

Error: (04/10/2014 04:25:23 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 12.0.6680.5000, Zeitstempel: 0x51c3d112
Name des fehlerhaften Moduls: olmapi32.dll, Version: 12.0.6672.5000, Zeitstempel: 0x50e61339
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0005d2b8
ID des fehlerhaften Prozesses: 0x1158
Startzeit der fehlerhaften Anwendung: 0xOUTLOOK.EXE0
Pfad der fehlerhaften Anwendung: OUTLOOK.EXE1
Pfad des fehlerhaften Moduls: OUTLOOK.EXE2
Berichtskennung: OUTLOOK.EXE3

Error: (04/03/2014 10:15:15 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000002240
ID des fehlerhaften Prozesses: 0x5c4
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3

Error: (03/26/2014 07:50:09 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 12.0.6680.5000, Zeitstempel: 0x51c3d112
Name des fehlerhaften Moduls: pstprx32.dll, Version: 12.0.6658.5000, Zeitstempel: 0x4f32182a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000bb7f
ID des fehlerhaften Prozesses: 0x127c
Startzeit der fehlerhaften Anwendung: 0xOUTLOOK.EXE0
Pfad der fehlerhaften Anwendung: OUTLOOK.EXE1
Pfad des fehlerhaften Moduls: OUTLOOK.EXE2
Berichtskennung: OUTLOOK.EXE3

Error: (03/23/2014 01:48:12 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 12.0.6680.5000, Zeitstempel: 0x51c3d112
Name des fehlerhaften Moduls: OGL.DLL_unloaded, Version: 0.0.0.0, Zeitstempel: 0x526e9cd2
Ausnahmecode: 0xc0000005
Fehleroffset: 0x5f8fc90e
ID des fehlerhaften Prozesses: 0x1460
Startzeit der fehlerhaften Anwendung: 0xOUTLOOK.EXE0
Pfad der fehlerhaften Anwendung: OUTLOOK.EXE1
Pfad des fehlerhaften Moduls: OUTLOOK.EXE2
Berichtskennung: OUTLOOK.EXE3

Error: (03/22/2014 06:58:50 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7a144
Name des fehlerhaften Moduls: msieftp.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c806
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000018b90
ID des fehlerhaften Prozesses: 0xc7c
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3


System errors:
=============
Error: (05/03/2014 05:22:06 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (05/03/2014 05:22:06 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (05/03/2014 05:07:58 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (05/03/2014 05:07:58 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (05/03/2014 05:07:21 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/03/2014 05:05:24 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT)
Description: Die Energieverwaltungsfeatures für Leistung des Prozessors "1" in der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie sich beim Hersteller des Computers nach aktualisierter Firmware.

Error: (05/03/2014 05:05:24 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT-AUTORITÄT)
Description: Die Energieverwaltungsfeatures für Leistung des Prozessors "0" in der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie sich beim Hersteller des Computers nach aktualisierter Firmware.

Error: (05/03/2014 04:00:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (05/03/2014 04:00:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (05/03/2014 03:59:08 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (04/10/2014 04:25:22 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 29595 seconds with 3120 seconds of active time.  This session ended with a crash.

Error: (03/26/2014 07:50:09 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4020 seconds with 420 seconds of active time.  This session ended with a crash.

Error: (03/23/2014 01:48:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 42 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/16/2014 02:38:18 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8663 seconds with 1320 seconds of active time.  This session ended with a crash.

Error: (02/11/2014 09:23:07 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 522 seconds with 480 seconds of active time.  This session ended with a crash.

Error: (02/04/2014 11:06:45 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 427 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (01/01/2014 11:11:16 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4129 seconds with 360 seconds of active time.  This session ended with a crash.

Error: (12/26/2013 05:45:44 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1709 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (10/08/2013 07:37:29 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 795 seconds with 360 seconds of active time.  This session ended with a crash.

Error: (08/30/2013 03:21:40 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6581 seconds with 900 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 45%
Total physical RAM: 3071.41 MB
Available physical RAM: 1676.38 MB
Total Pagefile: 6141.01 MB
Available Pagefile: 4160.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:277.99 GB) (Free:45.48 GB) NTFS
Drive e: (Quicken2014) (CDROM) (Total:0.32 GB) (Free:0 GB) CDFS
Drive f: (MEDION) (Removable) (Total:0.06 GB) (Free:0.06 GB) FAT32
Drive h: (VERBATIM) (Fixed) (Total:298.02 GB) (Free:243.67 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: F00C985B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=278 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20 GB) - (Type=05)

========================================================
Disk: 1 (Size: 62 MB) (Disk ID: BDFCA12A)
Partition 1: (Active) - (Size=61 MB) - (Type=0B)

========================================================
Disk: 2 (Size: 298 GB) (Disk ID: 38D6E96C)
Partition 1: (Not Active) - (Size=298 GB) - (Type=0C)

==================== End Of Log ============================

Aneri · 03.05.2014, 18:32

Hi

Schritt 1:

poste bitte die alten Logfiles von MBAM und ADWCLEANER die auf deinem System erstellt wurden.

Schritt 2:
Lade dir

TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.

Öffne die TFC.exe.
Vista und Win 7 User mit Rechtsklick "als Administrator starten".
Schließe alle anderen Programme.
Drücke auf den Button Start.
Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.

alternativ wenn es hier probleme gibt bitte CCLeaner die temp files löschen lassen.
Hier keine der Funktionen der Registry bereinigung nutzen.

Schritt 3:

Deinstalliere folgende Programme:

Code:

ATTFilter

Java(TM) 6 Update 13
RrSavings

falls es hier Probleme gibt nutze bitte folgendes Programm für die Deinstallation:

Software mit Revo Uninstaller deinstallieren

Downloade Dir bitte den Revo Uninstaller

Doppelklicke auf die revosetup.exe.
Installiere das Tool in den vorgegebenen Pfad.
Doppelklicke auf das Revo Uninstall Icon.
Suche Dir nun folgende Software aus der Code-Box.
Klicke darauf und bestätige mit Ja.
Belasse die Einstellung der Deinstallationsroutine auf Moderat und klicke auf weiter.
Das Tool wird nun nach allen Einträgen auf dem Rechner suchen. Klick auf weiter
Klicke auf den Markiere alle Button und klicke auf löschen und bestätige mit Ja.

Bebilderte Anleitung

Starte den Rechner neu auf.

Schritt 4:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 5:

teile mir mit, ob das Werbeproblem behoben ist, erstelle ein neues FRST Logfile und poste es hier.

joker-74 · 04.05.2014, 21:01

ich glaub, es ist weg.

Super vielen lieben Dank

Aneri · 05.05.2014, 07:51

glauben ?

Bekomm ich noch die Logfiles?

Aneri · 13.05.2014, 09:21

Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen

05.05.2014, 07:51	#6
Aneri /// Malwareteam	Alle Browser voll mit Werbung :( glauben ? Bekomm ich noch die Logfiles? __________________ --> Alle Browser voll mit Werbung :(

Alle Browser voll mit Werbung :(

Plagegeister aller Art und deren Bekämpfung: Alle Browser voll mit Werbung :(