Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Google öffnet lauter leere Fenster

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.07.2013, 18:50   #1
Indexation
 
Google öffnet lauter leere Fenster - Standard

Google öffnet lauter leere Fenster



Hallo zusammen ,
Seit kurzem öffnet sich bei google lauter leer Fenster wenn ich ein Suchbeggriff eingebe.
Bing läuft - Firefox auch
Geb ich ein Adresse ein klappt alles
Goolge search spinnt
Ich melde mich mit meinem Googlekonto an dann gebe ich eine Begriff ins Suchfeld ein .
dann muss das Teil regelrecht "abschiessen" sonst öffnet er 1000 leere Fenster

Siehe Anlage


Habe WIN 7
Vermute ein Virus oder Trojaner aber .....
Defender - Spybot -norton und Kaspersky ( Virus removal tool) = (alles aktualisiert) findet nix !?

Bestimmt gibt es hier eine thread -> ich finde ihn aber nicht -
Hat wer ein heissen Tip
Miniaturansicht angehängter Grafiken
-snapshot.jpg  

Alt 01.07.2013, 18:55   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Google öffnet lauter leere Fenster - Standard

Google öffnet lauter leere Fenster



Hi,

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)
__________________

__________________

Alt 01.07.2013, 19:09   #3
Indexation
 
Google öffnet lauter leere Fenster - Standard

Google öffnet lauter leere Fenster



Bin schon dabei

Bin ich blind - wo hänge ich hier die ANlage ran ?????
__________________

Alt 01.07.2013, 19:20   #4
Indexation
 
Google öffnet lauter leere Fenster - Standard

Google öffnet lauter leere Fenster



Ahhh gefunden

Alt 01.07.2013, 19:35   #5
schrauber
/// the machine
/// TB-Ausbilder
 

Google öffnet lauter leere Fenster - Standard

Google öffnet lauter leere Fenster



Hi,

Logs bitte in den Thread posten.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.07.2013, 19:51   #6
Indexation
 
Google öffnet lauter leere Fenster - Standard

Google öffnet lauter leere Fenster



ist doch im Anhang ?????
Aber gern auch so :
Erst addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-07-2013 02
Ran by admin at 2013-07-01 20:10:01
Running from C:\Users\admin\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

??? ActiveX ?? Windows Live Mesh ???? ??????? ??????? (x32 Version: 15.4.5722.2)
???? ??? Windows Live (x32 Version: 15.4.3502.0922)
???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ??????? (x32 Version: 15.4.5722.2)
???? Windows Live (x32 Version: 15.4.3502.0922)
?????? ??????? ?? Windows Live (x32 Version: 15.4.3502.0922)
??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ??????????? (x32 Version: 15.4.5722.2)
??????? Windows Live Mesh ActiveX ??? (x32 Version: 15.4.5722.2)
???????? ?????????? Windows Live (x32 Version: 15.4.3502.0922)
????????? ActiveX ?? Windows Live Mesh ????????????????????????? (???) (x32 Version: 15.4.5722.2)
?????????? Windows Live (x32 Version: 15.4.3502.0922)
??????????? ?? Windows Live (x32 Version: 15.4.3502.0922)
7-Zip 9.20 (x32)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
ABBYY FineReader 6.0 Sprint (x32 Version: 6.00.1395.4512)
Acrobat.com (x32 Version: 1.6.65)
ActiveX ???????? ?? Windows Live Mesh ?? ?????????? ?????? (x32 Version: 15.4.5722.2)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (x32 Version: 15.4.5722.2)
Adobe AIR (x32 Version: 3.6.0.5970)
Adobe Community Help (x32 Version: 3.2.1)
Adobe Community Help (x32 Version: 3.2.1.650)
Adobe Download Assistant (x32 Version: 1.2.5)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Photoshop CS6 (x32 Version: 13.0)
Adobe Premiere Elements 9 (x32 Version: 9.0)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Agatha Christie - 4:50 from Paddington (x32 Version: 2.2.0.95)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Applian FLV and Media Player 3.1.1.12 (x32 Version: 3.1.1.12)
ArcSoft TotalMedia 3.5 (x32 Version: 3.5.28.291)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.36)
ATI Catalyst Install Manager (Version: 3.0.808.0)
Audacity 2.0.2 (x32 Version: 2.0.2)
Backup Manager V3 (x32 Version: 3.0.0.90)
BearShare (x32 Version: 9.0.0.88083)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Bonjour (Version: 3.0.0.10)
Camera RAW Plug-In for EPSON Creativity Suite (x32 Version: 2.3.0.0)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center InstallProxy (x32 Version: 2011.0331.249.3126)
Catalyst Control Center Localization All (x32 Version: 2011.0331.249.3126)
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0331.249.3126)
CCC Help Chinese Standard (x32 Version: 2011.0331.0248.3126)
CCC Help Chinese Traditional (x32 Version: 2011.0331.0248.3126)
CCC Help Czech (x32 Version: 2011.0331.0248.3126)
CCC Help Danish (x32 Version: 2011.0331.0248.3126)
CCC Help Dutch (x32 Version: 2011.0331.0248.3126)
CCC Help English (x32 Version: 2011.0331.0248.3126)
CCC Help Finnish (x32 Version: 2011.0331.0248.3126)
CCC Help French (x32 Version: 2011.0331.0248.3126)
CCC Help German (x32 Version: 2011.0331.0248.3126)
CCC Help Greek (x32 Version: 2011.0331.0248.3126)
CCC Help Hungarian (x32 Version: 2011.0331.0248.3126)
CCC Help Italian (x32 Version: 2011.0331.0248.3126)
CCC Help Japanese (x32 Version: 2011.0331.0248.3126)
CCC Help Korean (x32 Version: 2011.0331.0248.3126)
CCC Help Norwegian (x32 Version: 2011.0331.0248.3126)
CCC Help Polish (x32 Version: 2011.0331.0248.3126)
CCC Help Portuguese (x32 Version: 2011.0331.0248.3126)
CCC Help Russian (x32 Version: 2011.0331.0248.3126)
CCC Help Spanish (x32 Version: 2011.0331.0248.3126)
CCC Help Swedish (x32 Version: 2011.0331.0248.3126)
CCC Help Thai (x32 Version: 2011.0331.0248.3126)
CCC Help Turkish (x32 Version: 2011.0331.0248.3126)
ccc-core-static (x32 Version: 2011.0331.249.3126)
ccc-utility64 (Version: 2011.0331.249.3126)
CDex - Open Source Digital Audio CD Extractor (x32 Version: 1.70.4.2009)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Configo (x32 Version: 2.1.7.0)
Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2)
Control ActiveX del Windows Live Mesh per a connexions remotes (x32 Version: 15.4.5722.2)
Control ActiveX Windows Live Mesh pentru conexiuni la distan?a (x32 Version: 15.4.5722.2)
Controle ActiveX do Windows Live Mesh para Conexões Remotas (x32 Version: 15.4.5722.2)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2)
Crazy Chicken Kart 2 (x32 Version: 2.2.0.95)
CyberLink MediaEspresso (x32 Version: 6.0.1027_32100)
D3DX10 (x32 Version: 15.4.2368.0902)
Desktop Icon für Amazon (Version: 1.0.1 (de))
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95)
DivX-Setup (x32 Version: 2.6.1.9)
Elements 9 Organizer (x32 Version: 9.0)
Elements STI Installer (x32 Version: 1.0)
ElsterFormular (x32 Version: 14.0.0.10960)
EPSON Attach To Email (x32 Version: 1.01.0000)
EPSON Easy Photo Print (x32 Version: 1.5.1.0)
EPSON File Manager (x32 Version: 1.3.1.0)
EPSON Scan (x32)
EPSON Scan Assistant (x32 Version: 1.10.00)
EPSON Stylus SX200 Series Printer Uninstall
EPSON Stylus SX200_SX400_TX200_TX400 Handbuch (x32)
FATE (x32 Version: 2.2.0.95)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych (x32 Version: 15.4.5722.2)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922)
Foxit Reader (x32 Version: 5.4.5.124)
Free FLV Converter V 7.5.0 (x32 Version: 7.5.0.0)
Free YouTube Download version 3.2.1.320 (x32 Version: 3.2.1.320)
Freecom Hard Drive Formatter 1.41 (x32)
Freecom Product Update 1.06 (x32)
FreePDF (Remove only) (x32)
Freeware.de Toolbar (x32 Version: 6.8.2.0)
Freez FLV to MP3 Converter (x32 Version: 1.5)
FreeZip (x32)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922)
Galeria fotografii uslugi Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Galerie foto Windows Live (x32 Version: 15.4.3502.0922)
Google Chrome (x32 Version: 27.0.1453.116)
Google Earth (x32 Version: 7.0.3.8542)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
Google Update Helper (x32 Version: 1.3.21.145)
GPL Ghostscript 8.64 (x32)
HomeMedia (x32 Version: 2.0.8520)
iCloud (Version: 2.1.1.3)
Identity Card (x32 Version: 1.00.3006)
Intel(R) Display Audio Driver (x32 Version: 6.14.00.3074)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Rapid Storage Technology (x32 Version: 10.1.2.1004)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java(TM) 6 Update 38 (x32 Version: 6.0.380)
JDownloader 0.9 (x32 Version: 0.9)
Jewel Quest Solitaire (x32 Version: 2.2.0.95)
John Deere Drive Green (x32 Version: 2.2.0.95)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kontrola Windows Live Mesh ActiveX za daljinske veze (x32 Version: 15.4.5722.2)
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (x32 Version: 15.4.5722.2)
Launch Manager (x32 Version: 5.1.4)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2000 Premium (x32 Version: 9.00.2816)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Mozilla Firefox 10.0.2 (x86 de) (x32 Version: 10.0.2)
MSI to redistribute MS VS2005 CRT libraries (x32 Version: 8.0.50727.42)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95)
Nero Backup Drivers (Version: 1.0.11100.8.0)
Nero Control Center 10 (x32 Version: 10.2.11100.1.1)
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000)
Nero Core Components 10 (x32 Version: 2.0.18100.8.8)
Nero DiscSpeed 10 (x32 Version: 6.2.10500.2.100)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.5.10000)
Nero Express 10 (x32 Version: 10.2.12000.21.100)
Nero Express 10 Help (CHM) (x32 Version: 10.5.10200)
Nero Multimedia Suite 10 Essentials (x32 Version: 10.5.10300)
Nero StartSmart 10 (x32 Version: 10.2.11600.14.100)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.5.10000)
Nero Update (x32 Version: 1.0.0018)
Norton Internet Security (x32 Version: 18.7.2.3)
Norton Online Backup (x32 Version: 2.1.17869)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Orbit Downloader (x32)
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená pripojení (x32 Version: 15.4.5722.2)
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (x32 Version: 15.4.5722.2)
Packard Bell Games (x32 Version: 1.0.2.4)
Packard Bell MyBackup (x32 Version: 3.0.0.90)
Packard Bell Power Management (x32 Version: 6.00.3006)
Packard Bell Recovery Management (x32 Version: 5.00.3002)
Packard Bell Registration (x32 Version: 1.03.3004)
Packard Bell ScreenSaver (x32 Version: 1.1.1025.2010)
Packard Bell Social Networks (x32 Version: 2.0.2211)
Packard Bell Updater (x32 Version: 1.02.3005)
PDF Settings CS6 (x32 Version: 11.0)
Penguins! (x32 Version: 2.2.0.95)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95)
Poczta uslugi Windows Live (x32 Version: 15.4.3502.0922)
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922)
Polar Bowler (x32 Version: 2.2.0.95)
Pošta Windows Live (x32 Version: 15.4.3502.0922)
Profi cash (x32)
PX Profile Update (x32 Version: 1.00.1.)
QuickTime (x32 Version: 7.73.80.64)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
REALTEK DTV USB DEVICE (x32 Version: 1.00.0000)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6329)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30123)
RedMon - Redirection Port Monitor
RewardsArcadeSuite (HKCU)
S?????? f?t???af??? t?? Windows Live (x32 Version: 15.4.3502.0922)
Secure Eraser v4.0 (x32)
Skype™ 5.10 (x32 Version: 5.10.116)
Slingo Deluxe (x32 Version: 2.2.0.95)
Softonic toolbar  on IE and Chrome (x32)
Spybot - Search & Destroy (x32 Version: 1.6.2)
StarMoney (x32 Version: 2.0)
StarMoney (x32 Version: 3.0.5.8)
StarMoney 8.0  (x32 Version: 8.0)
Synaptics Pointing Device Driver (Version: 15.1.6.0)
Torchlight (x32 Version: 2.2.0.95)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update Installer for WildTangent Games App (x32)
Urruneko konexioetarako Windows Live Mesh ActiveX kontrola (x32 Version: 15.4.5722.2)
Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi (x32 Version: 15.4.5722.2)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
Video Web Camera (x32 Version: 1.0.1523)
VideoConverter (x32)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95)
VLC media player 1.1.11 (x32 Version: 1.1.11)
Wedding Dash (x32 Version: 2.2.0.95)
Welcome Center (x32 Version: 1.02.3102)
WildTangent Games App (Packard Bell Games) (x32 Version: 4.0.3.57)
Windows Live ??? (x32 Version: 15.4.3502.0922)
Windows Live ???? (x32 Version: 15.4.3502.0922)
Windows Live Argazki Galeria (x32 Version: 15.4.3502.0922)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922)
Windows Live Fotograf Galerisi (x32 Version: 15.4.3502.0922)
Windows Live Fotótár (x32 Version: 15.4.3502.0922)
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922)
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX-vezérlo távoli kapcsolatokhoz (x32 Version: 15.4.5722.2)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922)
Windows Liven sähköposti (x32 Version: 15.4.3502.0922)
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922)
WinX Free FLV to MP4 Converter 4.1.7 (x32)
WinZip 15.0 (x32 Version: 15.0.9411)
WiseConvert 1.3 Toolbar (x32 Version: 6.9.0.16)
Zuma Deluxe (x32 Version: 2.2.0.95)

==================== Restore Points  =========================

23-06-2013 11:51:43 Windows Update
28-06-2013 11:48:17 Windows Update
30-06-2013 15:04:02 Installed Sophos Virus Removal Tool.
30-06-2013 17:29:00 Removed Sophos Virus Removal Tool.

==================== Hosts content: ==========================
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are more than 1000 lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {16730B1D-FF19-4019-B458-583B0F10930C} - System32\Tasks\AdobeAAMUpdater-1.0-home-jörg => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {201A9F1F-21A7-4640-B369-912633B026B6} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: {277F5A78-E82A-4029-B7E1-F6F469598154} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2010-10-28] (CyberLink)
Task: {2B67024A-00BB-4A12-B31D-75CEAEF38327} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {597CCC43-0860-4880-8F24-B5B2B6B2D937} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {59A7CAB6-C4D9-4180-8952-DE97E258317C} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {60193A6D-E0B7-480F-8AC6-289BFE6BBD06} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2799057012-1557965162-470920329-1004 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {72D588D8-BE7B-49E6-B5D6-2B21DA28DC4C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-14] (Adobe Systems Incorporated)
Task: {74723509-D50E-40F4-A4E8-2B6F9D66BF61} - System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896} => C:\Windows\system32\msfeedssync.exe [2011-07-28] (Microsoft Corporation)
Task: {8D90092A-3603-4DF4-B0FF-3B36A7B01AA7} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: {98EAF0E2-62FF-41B5-BC9B-09C1BC06AD3C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-29] (Google Inc.)
Task: {C7D2F019-EE9B-4EC0-84FE-9ADFE36BCD69} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-21] (Microsoft Corporation)
Task: {D0FD4A03-5F63-460A-A834-6F37086B10DC} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {DE75400B-3886-447C-9DF1-EB96F1A9124D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-29] (Google Inc.)
Task: {E00BA8FA-2C19-46D6-B7D6-0E768914F1FE} - System32\Tasks\AdobeAAMUpdater-1.0-home-Manu => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {E55DB095-337A-4A84-89A3-9E4AFF305883} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2799057012-1557965162-470920329-1007 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {FE27252D-67E3-4AE5-9D07-465D2160F3B8} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2799057012-1557965162-470920329-1003 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\BearShareNAG.job => C:\Users\JRG~1\AppData\Local\Temp\BearShare_setup.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/01/2013 07:03:01 PM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16490 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1e58

Startzeit: 01ce767c802d61d3

Endzeit: 25

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Berichts-ID:

Error: (07/01/2013 06:51:20 PM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 17.0.1.4715 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 11d4

Startzeit: 01ce767b018835eb

Endzeit: 81

Anwendungspfad: D:\firefox\firefox.exe

Berichts-ID: 71ef633e-e26e-11e2-b053-b870f4817a81

Error: (07/01/2013 05:13:54 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 03:42:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2013 06:58:10 PM) (Source: Application Hang) (User: )
Description: Programm SpybotSD.exe, Version 1.6.2.46 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 538

Startzeit: 01ce75b26eb7ba35

Endzeit: 12

Anwendungspfad: D:\spybot\Spybot - Search & Destroy\SpybotSD.exe

Berichts-ID:

Error: (06/30/2013 06:54:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2013 04:07:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2013 01:46:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2013 05:18:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2013 03:27:05 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16490, Zeitstempel: 0x51955cca
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000ce6c3
ID des fehlerhaften Prozesses: 0x16a8
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3


System errors:
=============
Error: (07/01/2013 07:42:54 PM) (Source: DCOM) (User: home)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}homeadminS-1-5-21-2799057012-1557965162-470920329-1001LocalHost (unter Verwendung von LRPC)

Error: (07/01/2013 07:42:52 PM) (Source: DCOM) (User: home)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}homeadminS-1-5-21-2799057012-1557965162-470920329-1001LocalHost (unter Verwendung von LRPC)

Error: (07/01/2013 07:42:51 PM) (Source: DCOM) (User: home)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}homeadminS-1-5-21-2799057012-1557965162-470920329-1001LocalHost (unter Verwendung von LRPC)

Error: (07/01/2013 07:42:46 PM) (Source: DCOM) (User: home)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}homeadminS-1-5-21-2799057012-1557965162-470920329-1001LocalHost (unter Verwendung von LRPC)

Error: (07/01/2013 07:42:45 PM) (Source: DCOM) (User: home)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}homeadminS-1-5-21-2799057012-1557965162-470920329-1001LocalHost (unter Verwendung von LRPC)

Error: (07/01/2013 07:42:43 PM) (Source: DCOM) (User: home)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}homeadminS-1-5-21-2799057012-1557965162-470920329-1001LocalHost (unter Verwendung von LRPC)

Error: (07/01/2013 07:42:42 PM) (Source: DCOM) (User: home)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}homeadminS-1-5-21-2799057012-1557965162-470920329-1001LocalHost (unter Verwendung von LRPC)

Error: (07/01/2013 07:42:41 PM) (Source: DCOM) (User: home)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}homeadminS-1-5-21-2799057012-1557965162-470920329-1001LocalHost (unter Verwendung von LRPC)

Error: (07/01/2013 07:42:36 PM) (Source: DCOM) (User: home)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}homeadminS-1-5-21-2799057012-1557965162-470920329-1001LocalHost (unter Verwendung von LRPC)

Error: (07/01/2013 07:42:35 PM) (Source: DCOM) (User: home)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}homeadminS-1-5-21-2799057012-1557965162-470920329-1001LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (07/01/2013 07:03:01 PM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.164901e5801ce767c802d61d325C:\Program Files (x86)\Internet Explorer\iexplore.exe

Error: (07/01/2013 06:51:20 PM) (Source: Application Hang)(User: )
Description: firefox.exe17.0.1.471511d401ce767b018835eb81D:\firefox\firefox.exe71ef633e-e26e-11e2-b053-b870f4817a81

Error: (07/01/2013 05:13:54 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 03:42:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2013 06:58:10 PM) (Source: Application Hang)(User: )
Description: SpybotSD.exe1.6.2.4653801ce75b26eb7ba3512D:\spybot\Spybot - Search & Destroy\SpybotSD.exe

Error: (06/30/2013 06:54:09 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2013 04:07:35 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2013 01:46:28 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2013 05:18:35 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2013 03:27:05 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.1649051955ccantdll.dll6.1.7601.177254ec49b8fc0000374000ce6c316a801ce74cc03105549C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\ntdll.dll96b8a9c0-e0bf-11e2-a306-b870f4817a81


==================== Memory info =========================== 

Percentage of memory in use: 66%
Total physical RAM: 3947.86 MB
Available physical RAM: 1316.89 MB
Total Pagefile: 7893.9 MB
Available Pagefile: 5091.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Packard Bell) (Fixed) (Total:103.86 GB) (Free:13.53 GB) NTFS (Disk=0 Partition=3)
Drive d: (Software) (Fixed) (Total:97.66 GB) (Free:79.71 GB) NTFS (Disk=0 Partition=4)
Drive e: (Data) (Fixed) (Total:244.14 GB) (Free:54.25 GB) NTFS
Drive g: (TOSHIBA) (Removable) (Total:7.21 GB) (Free:3.63 GB) FAT32 (Disk=1 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 5EBAD0F3)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=104 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=342 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 6B1B7998)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)

==================== End Of Log ============================
         
Dann die FRST

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2013 02
Ran by admin (administrator) on 01-07-2013 20:07:19
Running from C:\Users\admin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Adobe Systems Incorporated) c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe
() C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
(Ask.com) C:\ProgramData\Ask\APN-Stub\FXTV5\Local\ApnStub.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Philips) D:\prestigo\2.1.7.0\Configo.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(ArcSoft, Inc.) D:\TV\TMMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) D:\I tunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Orbitdownloader.com) C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
(Orbitdownloader.com) C:\Program Files (x86)\Orbitdownloader\orbitnet.exe
() D:\Downloads\setup_11.0.0.1245.x01_2013_07_01_18_13.exe
() C:\Users\admin\AppData\Local\Temp\RarSFX2\7666287.exe
(Kaspersky Lab) C:\Users\admin\AppData\Local\Temp\3067917\7666287.exe
(Mozilla Corporation) D:\firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe
(Mozilla Corporation) D:\firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11785832 2011-03-10] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Power Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [1796200 2011-02-22] (Acer Incorporated)
HKLM-x32\...\RunOnce: [ApnStub] "C:\ProgramData\Ask\APN-Stub\FXTV5\Local\ApnStub.exe" /debug /hpr toolbar=FXTV5 dtid= /tbr /sa toolbar=FXTV5 dtid= [356520 2013-05-08] (Ask.com)
HKLM-x32\...\Runonce: [GrpConv] grpconv -o [x]
HKCU\...\Run: [EPSON Stylus SX200 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEFE.EXE /FU "C:\Users\admin\AppData\Local\Temp\E_SE1A8.tmp" /EF "HKCU" [x] <===== ATTENTION
HKCU\...\Run: [AdobeBridge]  [x]
HKCR\...0c966feabec1\InprocServer32: [Default-shell32] %SystemRoot%\system32\shell32.dll ATTENTION! ====> ZeroAccess?
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] %SystemRoot%\system32\shell32.dll ATTENTION! ====> ZeroAccess?
MountPoints2: {8cc8f981-b8ba-11e0-a0ec-806e6f6e6963} - F:\Autorun.exe
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-13] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe" -h -k [295744 2011-03-09] (NTI Corporation)
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-03-31] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] "C:\Program Files (x86)\FreePDF_XP\fpassist.exe" [371200 2011-02-23] (shbox.de)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [IR_SERVER] D:\tv\IR_SERVER.exe [x]
HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] "D:\I tunes\iTunesHelper.exe" [x]
HKU\jörg\...\Run: [EPSON Stylus SX200 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEFE.EXE /FU "C:\Windows\TEMP\E_S5BF5.tmp" /EF "HKCU" [x] <===== ATTENTION
HKU\jörg\...\Run: [Copernic Desktop Search - Home] "D:\search\Copernic Desktop Search - Home\DesktopSearchService.exe" /tray [x]
HKU\jörg\...\Run: [Norton Download Manager{NBRT41-B34-Retail-4abb-B07C-C084B04B4F12}] C:\Users\Public\Downloads\Norton\{NBRT41-B34-Retail-4abb-B07C-C084B04B4F12}\NBRT-Retail-Downloader.exe /m [x]
HKU\jörg\...\Winlogon: [Shell] cmd.exe [345088 2010-11-21] (Microsoft Corporation) <==== ATTENTION 
HKU\jörg\...\Command Processor:  <===== ATTENTION!
AppInit_DLLs:      [0 ] ()
AppInit_DLLs-x32:      [0 ] ()
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_07623136.lnk
ShortcutTarget: _uninst_07623136.lnk -> C:\Users\admin\AppData\Local\Temp\_uninst_07623136.bat (No File)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_62611638.lnk
ShortcutTarget: _uninst_62611638.lnk -> C:\Users\admin\AppData\Local\Temp\_uninst_62611638.bat ()
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_99245666.lnk
ShortcutTarget: _uninst_99245666.lnk -> C:\Users\admin\AppData\Local\Temp\_uninst_99245666.bat (No File)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Philips Configo.lnk
ShortcutTarget: Philips Configo.lnk -> D:\prestigo\2.1.7.0\Configo.exe (Philips)
Startup: C:\ProgramData\Start Menu\Programs\Startup\TMMonitor.lnk
ShortcutTarget: TMMonitor.lnk -> D:\TV\TMMonitor.exe (ArcSoft, Inc.)
Startup: C:\Users\jörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zahlungserinnerung.lnk
ShortcutTarget: Zahlungserinnerung.lnk -> D:\Profi cash\wzed.exe ()
Startup: C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> D:\open office\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/#output=search&sclient=psy-ab&q=test&oq=test&gs_l=hp.12..0l4.9000.9329.0.11166.4.4.0.0.0.0.88.276.4.4.0...0.0...1c.1.18.psy-ab.H4SAn_fWiPk&pbx=1&bav=on.2,or.r_qf.&bvm=bv.48572450,d.Yms&fp=ca1c41bc59b1d6d5&biw=1230&bih=534
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
URLSearchHook: (No Name) - {213c8ed6-1d78-4d8f-8729-25006aa86a76} -  No File
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=8712433843584564&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=8712433843584564&q={searchTerms}
HKCU SearchScopes: DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=8712433843584564&q={searchTerms}
SearchScopes: HKCU - {0388404D-6072-4CEB-B521-8F090FEAEE57} URL = hxxp://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=DE&install_date=20120108&user_guid=AA59C97E440F40A1920182F9F55FF4FB&machine_id=49bd5e136d2b2f631ebe4891a8a6fb02&browser=IE&os=win&os_version=6.1-x64-SP1&iesrc={referrer:source}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=8712433843584564&q={searchTerms}
SearchScopes: HKCU - {B49ED955-277E-438A-9199-D02FF81A91EA} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
BHO-x32: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: WiseConvert 1.3 Toolbar - {213c8ed6-1d78-4d8f-8729-25006aa86a76} - C:\Program Files (x86)\WiseConvert_1.3\prxtbWis0.dll (Conduit Ltd.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Freeware.de Toolbar - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: RewardsArcadeSuite - {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files (x86)\RewardsArcadeSuite\RewardsArcadeSuite.dll (215 Apps)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Freeware.de Toolbar - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com)
Toolbar: HKLM-x32 - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
Toolbar: HKLM-x32 - WiseConvert 1.3 Toolbar - {213c8ed6-1d78-4d8f-8729-25006aa86a76} - C:\Program Files (x86)\WiseConvert_1.3\prxtbWis0.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
Toolbar: HKCU - No Name - {7E111A5C-3D11-4F56-9463-5310C3C69025} -  No File
Toolbar: HKCU - No Name - {213C8ED6-1D78-4D8F-8729-25006AA86A76} -  No File
Handler: ipp - No CLSID Value - 
Handler: msdaipp - No CLSID Value - 
Handler-x32: ipp - No CLSID Value - 
Handler-x32: msdaipp - No CLSID Value - 
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4b8kq9k8.default
FF user.js: detected! => C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4b8kq9k8.default\user.js
FF SearchEngine: Search Results
FF Homepage: hxxp://www.bing.com/?cc=de
FF Keyword.URL: hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=bcde545000000000000018f46ad5266c&tlver=1.5.29.1&instlRef=sst&babTrack&q=
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\I tunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Babylon - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4b8kq9k8.default\Extensions\ffxtlbr@babylon.com
FF Extension: SpecialSavings - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4b8kq9k8.default\Extensions\specialsavings@superfish.com
FF Extension: No Name - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4b8kq9k8.default\Extensions\{35379F86-8CCB-4724-AE33-4278DE266C70}
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2
FF HKLM-x32\...\Firefox\Extensions: [crossriderapp1950@crossrider.com] C:\Users\admin\AppData\Local\RewardsArcadeSuite\1950\Firefox
FF Extension: No Name - C:\Users\admin\AppData\Local\RewardsArcadeSuite\1950\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKCU\...\Firefox\Extensions: [specialsavings@superfish.com] C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles/4b8kq9k8.default\extensions\specialsavings@superfish.com
FF Extension: SpecialSavings - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles/4b8kq9k8.default\extensions\specialsavings@superfish.com

Chrome: 
=======
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Babylon Toolbar) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0
CHR Extension: (RewardsArcade Suite) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.18.35_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [873064 2011-02-22] (Acer Incorporated)
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R2 Live Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [244624 2011-01-31] (Acer Incorporated)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe [257344 2011-03-09] (NTI Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [244904 2010-10-28] ()
R2 StarMoney 8.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)

==================== Drivers (Whitelisted) ====================

R0 07623136; C:\Windows\System32\DRIVERS\07623136.sys [460888 2013-05-13] (Kaspersky Lab ZAO)
R0 62611638; C:\Windows\System32\DRIVERS\62611638.sys [460888 2013-07-01] (Kaspersky Lab ZAO)
R0 99245666; C:\Windows\System32\DRIVERS\99245666.sys [460888 2013-06-22] (Kaspersky Lab ZAO)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20130620.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20130620.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-12-12] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-12-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-06-04] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20130628.001\IDSvia64.sys [513184 2013-06-01] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20130628.001\IDSvia64.sys [513184 2013-06-01] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130630.003\ENG64.SYS [126040 2013-06-04] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130630.003\ENG64.SYS [126040 2013-06-04] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130630.003\EX64.SYS [2098776 2013-06-04] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130630.003\EX64.SYS [2098776 2013-06-04] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-07-28] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43640 2011-03-31] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-01 20:07 - 2013-07-01 20:07 - 00000000 ____D C:\FRST
2013-07-01 20:06 - 2013-07-01 20:05 - 01933776 ____A (Farbar) C:\Users\admin\Desktop\FRST64.exe
2013-07-01 20:04 - 2013-07-01 20:05 - 01933776 ____A (Farbar) C:\Users\admin\Downloads\FRST64.exe
2013-07-01 19:15 - 2013-07-01 19:15 - 00000000 ____D C:\Users\admin\AppData\Local\Macromedia
2013-07-01 19:01 - 2013-07-01 19:01 - 00000000 ____D C:\Users\JD\AppData\Local\{3D9F68A6-A700-4BD6-B3D7-E00B98D0E883}
2013-07-01 18:49 - 2013-07-01 18:49 - 00008764 ____A C:\Users\Manu\Desktop\favoriten.htm
2013-07-01 18:48 - 2013-07-01 18:48 - 00000000 ____A C:\Users\Manu\Desktop\lesezeichen.html
2013-07-01 18:47 - 2013-07-01 18:47 - 00008764 ____A C:\Users\Manu\Desktop\bookmark.htm
2013-07-01 18:06 - 2013-07-01 18:13 - 00460888 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\62611638.sys
2013-07-01 15:44 - 2013-07-01 15:44 - 00000000 ____D C:\Users\Manu\AppData\Local\{BE2D3B67-3432-4D70-9484-89DE2876AE15}
2013-06-30 19:31 - 2013-06-22 16:02 - 00460888 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\99245666.sys
2013-06-30 19:13 - 2013-06-30 19:14 - 00000000 ____D C:\Users\JD\Desktop\Tai Chi
2013-06-30 18:46 - 2013-06-30 18:46 - 00001453 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-30 18:45 - 2013-06-30 18:45 - 00000000 ____D C:\Program Files\iTunes
2013-06-30 18:45 - 2013-06-30 18:45 - 00000000 ____D C:\Program Files\iPod
2013-06-30 16:48 - 2013-06-30 16:57 - 00000000 ____D C:\Users\JD\AppData\Roaming\vlc
2013-06-30 16:40 - 2013-06-30 16:47 - 00000000 ____D C:\Users\JD\AppData\Local\{4B6F1783-475F-4BBA-B2E4-A2E1066B7B92}
2013-06-30 16:40 - 2013-06-30 16:40 - 00000000 ____D C:\Users\JD\AppData\Local\{305B313F-8EAF-47FE-9E73-6FBB8F7B581B}
2013-06-30 14:06 - 2013-06-30 14:06 - 00000000 ____D C:\Users\Manu\AppData\Local\{B6C34DF3-9A63-4832-9B58-84F2D7A73B36}
2013-06-30 13:51 - 2013-06-30 13:51 - 00000000 ____D C:\Users\JD\AppData\Roaming\Mozilla
2013-06-30 13:51 - 2013-06-30 13:51 - 00000000 ____D C:\Users\JD\AppData\Local\Mozilla
2013-06-29 16:27 - 2013-06-29 16:28 - 00000000 ____D C:\Users\JD\MediaEspresso
2013-06-29 16:27 - 2013-06-29 16:27 - 00000000 ____D C:\Users\JD\AppData\Roaming\CyberLink
2013-06-29 16:05 - 2013-06-30 18:47 - 00000000 ____D C:\Users\JD\AppData\Roaming\Applian FLV and Media Player
2013-06-29 16:03 - 2013-06-29 16:03 - 00156028 ____A C:\Users\JD\Desktop\libmp3lame-win-3.97.zip
2013-06-29 16:02 - 2013-06-29 17:16 - 00000000 ____D C:\Users\JD\AppData\Roaming\Orbit
2013-06-29 16:02 - 2013-06-29 16:02 - 00000000 ____D C:\Users\JD\AppData\Roaming\ProgSense
2013-06-29 15:58 - 2013-06-30 19:09 - 00000000 ____D C:\Users\JD\AppData\Roaming\Audacity
2013-06-29 15:57 - 2013-06-30 18:40 - 00019086 ____A C:\Users\JD\Desktop\mp3- Tai Chi Chuan ( Taiji) Traditioneller Yang Stil - 108er Langform 2. Teil.aup
2013-06-29 15:57 - 2013-06-29 15:57 - 00000000 ____D C:\Users\JD\Desktop\mp3- Tai Chi Chuan ( Taiji) Traditioneller Yang Stil - 108er Langform 2. Teil_data
2013-06-29 15:57 - 2013-06-04 20:36 - 00001609 ____A C:\Users\JD\Desktop\Zugangsdaten.doc - Verknüpfung.lnk
2013-06-29 15:57 - 2013-03-24 21:33 - 35210877 ____A C:\Users\JD\Desktop\0004.mp4
2013-06-29 15:57 - 2013-03-24 17:51 - 71403622 ____A C:\Users\JD\Desktop\0001.mp4
2013-06-29 15:57 - 2013-03-10 13:26 - 00001333 ____A C:\Users\JD\Desktop\IMG_3288.JPG - Verknüpfung.lnk
2013-06-29 15:57 - 2013-03-03 23:43 - 00001494 ____A C:\Users\JD\Desktop\Photoshop.lnk
2013-06-29 15:57 - 2012-09-05 20:27 - 00001109 ____A C:\Users\JD\Desktop\audacity..lnk
2013-06-29 15:57 - 2012-07-29 19:19 - 00001154 ____A C:\Users\JD\Desktop\FreeVideoPerformer.lnk
2013-06-29 15:57 - 2012-03-22 22:05 - 00000855 ____A C:\Users\JD\Desktop\TotalMedia.lnk
2013-06-29 15:57 - 2012-01-04 17:46 - 00001010 ____A C:\Users\JD\Desktop\Teamviewer.lnk
2013-06-29 15:57 - 2011-11-08 20:32 - 00000541 ____A C:\Users\JD\Desktop\Profi cash.lnk
2013-06-29 15:57 - 2011-07-30 22:45 - 00000967 ____A C:\Users\JD\Desktop\WORD.lnk
2013-06-29 15:57 - 2011-07-30 22:41 - 00000975 ____A C:\Users\JD\Desktop\EXCEL -.lnk
2013-06-29 15:57 - 2011-07-30 21:08 - 00000355 ____A C:\Users\JD\Desktop\home.lnk
2013-06-29 15:57 - 2011-04-19 13:21 - 00001272 ____A C:\Users\JD\Desktop\Snipping Tool.lnk
2013-06-29 15:57 - 2010-10-26 13:22 - 05661184 ____A (Digiarty Software, Inc.) C:\Users\JD\Desktop\WinX_Free_FLV_to_MP4_Converter.exe
2013-06-29 14:14 - 2013-06-29 14:14 - 00000000 ____D C:\Users\Manu\AppData\Local\{8D5FB07C-1332-4180-811D-0B0937414065}
2013-06-28 13:45 - 2013-06-28 13:45 - 00000000 ____D C:\Users\Manu\AppData\Local\{CF15F97D-FD2A-4921-9620-F46E5FAE8FE9}
2013-06-27 15:46 - 2013-06-27 15:46 - 00000000 ____D C:\Users\Manu\AppData\Local\{8D30D727-0318-40CE-BBBF-2EE5696849ED}
2013-06-26 19:16 - 2013-06-26 19:16 - 00013304 ____A C:\Users\JD\Desktop\SnippingTool - Verknüpfung.lnk
2013-06-26 19:11 - 2013-06-26 19:12 - 00000000 ____D C:\Users\JD\AppData\Local\{C5EB48C1-30C5-4AEF-9AD7-D4E702E19C4D}
2013-06-26 16:22 - 2013-06-26 16:22 - 00000000 ____D C:\Users\Manu\AppData\Local\{12172258-93F8-4732-B7DB-EA3ABDD86310}
2013-06-25 19:12 - 2013-06-25 19:12 - 00000000 ____D C:\Users\Manu\AppData\Local\{81026923-5E18-4EA7-B18D-3CD51D7B2524}
2013-06-24 15:49 - 2013-06-24 15:49 - 00000000 ____D C:\Users\Manu\AppData\Local\{BFEDC1D9-3EBA-4CCE-8A01-0AC2B1BE3311}
2013-06-23 20:40 - 2013-06-23 20:40 - 00000000 ____D C:\Users\Manu\AppData\Local\{E3FEFA46-4EE9-4B5F-82AC-51C42AEFCFA8}
2013-06-23 19:32 - 2013-06-23 19:32 - 00000000 ____D C:\Users\JD\AppData\Local\Apple
2013-06-23 18:24 - 2013-06-23 18:24 - 00000000 ____D C:\Users\JD\AppData\Roaming\EPSON
2013-06-23 18:23 - 2013-06-23 18:23 - 00000000 ____A C:\Users\JD\Sti_Trace.log
2013-06-23 14:39 - 2013-06-23 14:39 - 00001502 ____A C:\Users\JD\Desktop\Windows Live Mail.lnk
2013-06-23 13:47 - 2013-06-29 15:27 - 00000000 ____D C:\Users\JD\AppData\Local\CrashDumps
2013-06-23 13:24 - 2013-06-23 13:30 - 00000000 ____D C:\Users\JD\AppData\Roaming\Google
2013-06-23 13:24 - 2013-06-23 13:30 - 00000000 ____D C:\Users\JD\AppData\Local\Google
2013-06-23 13:21 - 2013-06-23 22:37 - 00000000 ____D C:\Users\JD\AppData\Roaming\Windows Live Writer
2013-06-23 13:21 - 2013-06-23 20:22 - 00000000 ____D C:\Users\JD\AppData\Local\Windows Live Writer
2013-06-23 13:21 - 2013-06-23 13:21 - 00000000 ____D C:\Users\JD\AppData\Local\{7D8C5629-8D8E-40C7-8407-BAAA224646DF}
2013-06-23 13:20 - 2013-06-23 13:20 - 00000000 ____D C:\Users\JD\AppData\Local\ArcSoft
2013-06-23 13:19 - 2013-06-30 16:40 - 00000000 ____D C:\Users\JD\AppData\Local\Windows Live
2013-06-23 13:19 - 2013-06-30 16:21 - 00000000 ____D C:\users\JD
2013-06-23 13:19 - 2013-06-28 18:25 - 00000000 ____D C:\Users\JD\AppData\Local\Apple Computer
2013-06-23 13:19 - 2013-06-23 19:32 - 00000000 ____D C:\Users\JD\AppData\Roaming\Apple Computer
2013-06-23 13:19 - 2013-06-23 18:30 - 00000000 ____D C:\Users\JD\AppData\Roaming\Adobe
2013-06-23 13:19 - 2013-06-23 18:30 - 00000000 ____D C:\Users\JD\AppData\Local\Adobe
2013-06-23 13:19 - 2013-06-23 13:26 - 00002267 ____A C:\Users\JD\Desktop\Google Chrome.lnk
2013-06-23 13:19 - 2013-06-23 13:20 - 00000000 ____D C:\Users\JD\AppData\Roaming\ArcSoft
2013-06-23 13:19 - 2013-06-23 13:19 - 00073384 ____A C:\Users\JD\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\Vorlagen
2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\Startmenü
2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\Netzwerkumgebung
2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\Lokale Einstellungen
2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\Eigene Dateien
2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\Druckumgebung
2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\Documents\Eigene Musik
2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\Documents\Eigene Bilder
2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\AppData\Local\Verlauf
2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\AppData\Local\Anwendungsdaten
2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\Anwendungsdaten
2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 ____D C:\Users\JD\AppData\Local\VirtualStore
2013-06-23 13:19 - 2011-04-19 14:30 - 00000000 ____D C:\Users\JD\AppData\Local\Cyberlink
2013-06-23 13:19 - 2011-04-19 14:25 - 00000000 ____D C:\Users\JD\AppData\Roaming\Macromedia
2013-06-23 13:19 - 2011-04-19 13:33 - 00000000 ____D C:\Users\JD\AppData\Roaming\Intel Corporation
2013-06-23 13:19 - 2011-04-19 13:31 - 00000000 ____D C:\Users\JD\AppData\Roaming\InstallShield
2013-06-23 13:19 - 2010-11-21 04:50 - 00000020 ___SH C:\Users\JD\ntuser.ini
2013-06-22 15:56 - 2013-06-22 15:56 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-22 15:56 - 2013-06-22 15:56 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-21 17:06 - 2013-06-21 17:06 - 00000000 ____D C:\Users\Manu\AppData\Local\{58054010-D9C4-493A-BA5C-ECC6AB248295}
2013-06-20 14:55 - 2013-06-20 14:56 - 00000000 ____D C:\Users\Manu\AppData\Local\{20F75D8B-C59D-4957-B684-2730AE880216}
2013-06-19 14:43 - 2013-06-19 14:43 - 00000000 ____D C:\Users\Manu\AppData\Local\{EB4454CD-9472-471D-82BD-C8AC2DC6FADA}
2013-06-18 23:02 - 2013-06-18 23:02 - 09755584 ____A (SurfRight B.V.) C:\Users\admin\Downloads\hitmanpro_x64.exe
2013-06-18 22:34 - 2013-06-18 22:34 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-06-18 22:32 - 2013-05-13 16:56 - 00460888 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\07623136.sys
2013-06-18 22:02 - 2013-06-18 22:02 - 01084698 ____A C:\ProgramData\2433f433
2013-06-18 22:02 - 2013-06-18 22:02 - 01084684 ____A C:\Users\jörg\AppData\Roaming\2433f433
2013-06-18 22:02 - 2013-06-18 22:02 - 01084669 ____A C:\Users\jörg\AppData\Local\2433f433
2013-06-18 19:07 - 2013-06-18 19:07 - 00000000 ____D C:\Users\jörg\AppData\Local\{A2442D88-5E58-49A3-A333-204F436735D8}
2013-06-16 17:32 - 2013-06-16 17:32 - 00000000 ____D C:\Users\jörg\AppData\Local\{267C70E8-5B72-45D7-9CDF-DECD5E6E3A5C}
2013-06-14 15:25 - 2013-06-14 15:25 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-14 14:56 - 2013-06-14 14:56 - 00000000 ____D C:\Users\Manu\AppData\Local\{99EE7253-67B4-4F61-A8BC-9177B9312D33}
2013-06-13 16:44 - 2013-05-17 05:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 16:44 - 2013-05-17 05:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-13 16:44 - 2013-05-17 04:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-13 16:44 - 2013-05-17 04:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 16:44 - 2013-05-17 04:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-13 16:44 - 2013-05-17 04:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 16:44 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 16:44 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-13 16:44 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-13 16:44 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-13 16:44 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-13 16:44 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 16:44 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-13 16:43 - 2013-05-17 06:05 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 16:43 - 2013-05-17 05:27 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 16:43 - 2013-05-17 05:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 16:43 - 2013-05-17 05:02 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 16:43 - 2013-05-17 05:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-13 16:43 - 2013-05-17 04:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 16:43 - 2013-05-17 04:56 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-13 16:43 - 2013-05-17 04:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 16:43 - 2013-05-17 04:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 16:43 - 2013-05-17 04:53 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-13 16:43 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-13 16:43 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-13 16:43 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 16:43 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-13 16:43 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-13 16:43 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 16:43 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 16:43 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 16:43 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-13 16:16 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-13 16:16 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-13 16:16 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-13 16:16 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-13 16:16 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-13 16:16 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-13 16:16 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-13 16:16 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-13 16:16 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-13 16:16 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-13 16:14 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-13 16:14 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-13 16:14 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-13 16:14 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-13 16:14 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-13 16:06 - 2013-06-13 16:06 - 00000000 ____D C:\Users\Manu\AppData\Local\{44E2793B-6AD0-41D5-B25A-69DFDE532F57}
2013-06-11 14:53 - 2013-06-11 14:53 - 00000000 ____D C:\Users\Manu\AppData\Local\{A0821F0E-E78A-4601-B328-5A5F35668781}
2013-06-10 20:44 - 2013-06-10 20:44 - 00000000 ____D C:\Users\jörg\AppData\Local\{7563DCB8-3CAB-493E-A1E5-3BFAA1192631}
2013-06-09 19:30 - 2013-06-09 19:30 - 00000000 ____D C:\Users\Manu\AppData\Local\{FEC6F72C-007B-4073-A665-3FDE103D2FAE}
2013-06-08 09:48 - 2013-06-08 09:48 - 00000000 ____D C:\Users\Manu\AppData\Local\{C463F1D9-FD8A-47BF-8DC5-44B3DFA22AB7}
2013-06-07 16:04 - 2013-06-07 16:04 - 00000000 ____D C:\Users\Manu\AppData\Local\{377F3E1B-52C1-418A-A5B0-397F38965AE9}
2013-06-06 18:43 - 2013-06-06 18:43 - 00000000 ____D C:\Users\jörg\AppData\Local\{65138475-27C5-448E-BCB3-4A88B43B1F56}
2013-06-06 16:14 - 2013-06-06 16:14 - 00000000 ____D C:\Users\Manu\AppData\Local\{C5CCD79F-D5C9-408F-A647-387609FE459E}
2013-06-05 16:38 - 2013-06-05 16:38 - 00000000 ____D C:\Users\Manu\AppData\Local\{2630AFAC-26F1-4E03-86ED-E810169F8E2B}
2013-06-04 20:41 - 2013-06-04 20:41 - 00000000 ____D C:\Users\jörg\AppData\Local\{C3C906FE-0FE4-43D6-96B6-5937D326E06F}
2013-06-04 20:36 - 2013-06-04 20:36 - 00001609 ____A C:\Users\jörg\Desktop\Zugangsdaten.doc - Verknüpfung.lnk
2013-06-04 19:40 - 2013-06-04 19:40 - 00000000 ____D C:\Users\jörg\AppData\Local\{3C44CF72-A437-41AE-AFC5-C9EC1DF8556D}
2013-06-04 17:13 - 2013-06-04 17:13 - 00000000 ____D C:\Users\Manu\AppData\Local\{BD654D46-DA3D-439F-9F7C-6EE6485BDE83}
2013-06-03 14:15 - 2013-06-03 14:15 - 00000000 ____D C:\Users\Manu\AppData\Local\{80A46B06-9E39-4984-802A-96CBCF0E00E4}
2013-06-02 21:45 - 2013-06-02 21:45 - 00000000 ____D C:\Users\jörg\AppData\Local\{9C36CA55-8318-41D5-860F-7056DC52E4B6}
2013-06-02 19:16 - 2013-06-02 21:29 - 00019764 ____A C:\Users\jörg\Desktop\mp3- Tai Chi Chuan ( Taiji) Traditioneller Yang Stil - 108er Langform 2. Teil.aup
2013-06-02 19:16 - 2013-06-02 19:16 - 00000000 ____D C:\Users\jörg\Desktop\mp3- Tai Chi Chuan ( Taiji) Traditioneller Yang Stil - 108er Langform 2. Teil_data
2013-06-02 11:17 - 2013-06-02 11:17 - 00000000 ____D C:\Users\Manu\AppData\Local\{9DDD6CF3-BA43-42BE-B0C0-593440A39EC4}

==================== One Month Modified Files and Folders =======

2013-07-01 20:07 - 2013-07-01 20:07 - 00000000 ____D C:\FRST
2013-07-01 20:07 - 2011-08-05 18:47 - 00000000 ____D C:\Users\admin\AppData\Roaming\Apple Computer
2013-07-01 20:05 - 2013-07-01 20:06 - 01933776 ____A (Farbar) C:\Users\admin\Desktop\FRST64.exe
2013-07-01 20:05 - 2013-07-01 20:04 - 01933776 ____A (Farbar) C:\Users\admin\Downloads\FRST64.exe
2013-07-01 20:04 - 2011-07-28 13:36 - 00659690 ____A C:\Windows\System32\perfh007.dat
2013-07-01 20:04 - 2011-07-28 13:36 - 00132970 ____A C:\Windows\System32\perfc007.dat
2013-07-01 20:04 - 2009-07-14 07:13 - 01513970 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-01 20:01 - 2009-07-14 06:51 - 00152200 ____A C:\Windows\setupact.log
2013-07-01 19:25 - 2012-07-18 18:09 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-01 19:15 - 2013-07-01 19:15 - 00000000 ____D C:\Users\admin\AppData\Local\Macromedia
2013-07-01 19:15 - 2011-07-29 21:19 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-01 19:01 - 2013-07-01 19:01 - 00000000 ____D C:\Users\JD\AppData\Local\{3D9F68A6-A700-4BD6-B3D7-E00B98D0E883}
2013-07-01 18:59 - 2011-07-29 21:19 - 00001104 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-01 18:58 - 2012-04-11 10:47 - 00000000 ____D C:\Users\Manu\AppData\Roaming\Orbit
2013-07-01 18:49 - 2013-07-01 18:49 - 00008764 ____A C:\Users\Manu\Desktop\favoriten.htm
2013-07-01 18:48 - 2013-07-01 18:48 - 00000000 ____A C:\Users\Manu\Desktop\lesezeichen.html
2013-07-01 18:47 - 2013-07-01 18:47 - 00008764 ____A C:\Users\Manu\Desktop\bookmark.htm
2013-07-01 18:13 - 2013-07-01 18:06 - 00460888 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\62611638.sys
2013-07-01 18:02 - 2012-01-01 15:53 - 00000000 ____D C:\Users\admin\AppData\Roaming\Orbit
2013-07-01 17:58 - 2011-07-28 03:43 - 01742806 ____A C:\Windows\WindowsUpdate.log
2013-07-01 17:21 - 2011-07-28 22:54 - 00000000 ____D C:\users\Manu
2013-07-01 17:20 - 2009-07-14 06:45 - 00016752 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-01 17:20 - 2009-07-14 06:45 - 00016752 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-01 17:13 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-01 15:51 - 2011-07-28 22:54 - 00000000 ____D C:\Users\Manu\AppData\Local\Adobe
2013-07-01 15:44 - 2013-07-01 15:44 - 00000000 ____D C:\Users\Manu\AppData\Local\{BE2D3B67-3432-4D70-9484-89DE2876AE15}
2013-06-30 19:14 - 2013-06-30 19:13 - 00000000 ____D C:\Users\JD\Desktop\Tai Chi
2013-06-30 19:09 - 2013-06-29 15:58 - 00000000 ____D C:\Users\JD\AppData\Roaming\Audacity
2013-06-30 18:52 - 2010-11-21 05:47 - 00131768 ____A C:\Windows\PFRO.log
2013-06-30 18:47 - 2013-06-29 16:05 - 00000000 ____D C:\Users\JD\AppData\Roaming\Applian FLV and Media Player
2013-06-30 18:46 - 2013-06-30 18:46 - 00001453 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-30 18:45 - 2013-06-30 18:45 - 00000000 ____D C:\Program Files\iTunes
2013-06-30 18:45 - 2013-06-30 18:45 - 00000000 ____D C:\Program Files\iPod
2013-06-30 18:45 - 2013-01-01 15:06 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-30 18:40 - 2013-06-29 15:57 - 00019086 ____A C:\Users\JD\Desktop\mp3- Tai Chi Chuan ( Taiji) Traditioneller Yang Stil - 108er Langform 2. Teil.aup
2013-06-30 17:33 - 2012-02-25 18:49 - 00003192 ____A C:\Windows\wininit.ini
2013-06-30 16:57 - 2013-06-30 16:48 - 00000000 ____D C:\Users\JD\AppData\Roaming\vlc
2013-06-30 16:47 - 2013-06-30 16:40 - 00000000 ____D C:\Users\JD\AppData\Local\{4B6F1783-475F-4BBA-B2E4-A2E1066B7B92}
2013-06-30 16:40 - 2013-06-30 16:40 - 00000000 ____D C:\Users\JD\AppData\Local\{305B313F-8EAF-47FE-9E73-6FBB8F7B581B}
2013-06-30 16:40 - 2013-06-23 13:19 - 00000000 ____D C:\Users\JD\AppData\Local\Windows Live
2013-06-30 16:21 - 2013-06-23 13:19 - 00000000 ____D C:\users\JD
2013-06-30 14:06 - 2013-06-30 14:06 - 00000000 ____D C:\Users\Manu\AppData\Local\{B6C34DF3-9A63-4832-9B58-84F2D7A73B36}
2013-06-30 13:51 - 2013-06-30 13:51 - 00000000 ____D C:\Users\JD\AppData\Roaming\Mozilla
2013-06-30 13:51 - 2013-06-30 13:51 - 00000000 ____D C:\Users\JD\AppData\Local\Mozilla
2013-06-29 17:16 - 2013-06-29 16:02 - 00000000 ____D C:\Users\JD\AppData\Roaming\Orbit
2013-06-29 16:28 - 2013-06-29 16:27 - 00000000 ____D C:\Users\JD\MediaEspresso
2013-06-29 16:27 - 2013-06-29 16:27 - 00000000 ____D C:\Users\JD\AppData\Roaming\CyberLink
2013-06-29 16:03 - 2013-06-29 16:03 - 00156028 ____A C:\Users\JD\Desktop\libmp3lame-win-3.97.zip
2013-06-29 16:02 - 2013-06-29 16:02 - 00000000 ____D C:\Users\JD\AppData\Roaming\ProgSense
2013-06-29 15:57 - 2013-06-29 15:57 - 00000000 ____D C:\Users\JD\Desktop\mp3- Tai Chi Chuan ( Taiji) Traditioneller Yang Stil - 108er Langform 2. Teil_data
2013-06-29 15:27 - 2013-06-23 13:47 - 00000000 ____D C:\Users\JD\AppData\Local\CrashDumps
2013-06-29 14:39 - 2011-07-29 21:41 - 00000000 ____D C:\Users\Manu\AppData\Local\FreePDF_XP
2013-06-29 14:14 - 2013-06-29 14:14 - 00000000 ____D C:\Users\Manu\AppData\Local\{8D5FB07C-1332-4180-811D-0B0937414065}
2013-06-28 18:25 - 2013-06-23 13:19 - 00000000 ____D C:\Users\JD\AppData\Local\Apple Computer
2013-06-28 13:45 - 2013-06-28 13:45 - 00000000 ____D C:\Users\Manu\AppData\Local\{CF15F97D-FD2A-4921-9620-F46E5FAE8FE9}
2013-06-28 13:42 - 2009-07-14 07:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-27 15:46 - 2013-06-27 15:46 - 00000000 ____D C:\Users\Manu\AppData\Local\{8D30D727-0318-40CE-BBBF-2EE5696849ED}
2013-06-26 19:16 - 2013-06-26 19:16 - 00013304 ____A C:\Users\JD\Desktop\SnippingTool - Verknüpfung.lnk
2013-06-26 19:12 - 2013-06-26 19:11 - 00000000 ____D C:\Users\JD\AppData\Local\{C5EB48C1-30C5-4AEF-9AD7-D4E702E19C4D}
2013-06-26 16:22 - 2013-06-26 16:22 - 00000000 ____D C:\Users\Manu\AppData\Local\{12172258-93F8-4732-B7DB-EA3ABDD86310}
2013-06-25 19:12 - 2013-06-25 19:12 - 00000000 ____D C:\Users\Manu\AppData\Local\{81026923-5E18-4EA7-B18D-3CD51D7B2524}
2013-06-25 15:12 - 2013-02-10 18:05 - 00000000 ____D C:\Program Files (x86)\StarMoney 8.0
2013-06-24 15:49 - 2013-06-24 15:49 - 00000000 ____D C:\Users\Manu\AppData\Local\{BFEDC1D9-3EBA-4CCE-8A01-0AC2B1BE3311}
2013-06-23 22:37 - 2013-06-23 13:21 - 00000000 ____D C:\Users\JD\AppData\Roaming\Windows Live Writer
2013-06-23 20:40 - 2013-06-23 20:40 - 00000000 ____D C:\Users\Manu\AppData\Local\{E3FEFA46-4EE9-4B5F-82AC-51C42AEFCFA8}
2013-06-23 20:22 - 2013-06-23 13:21 - 00000000 ____D C:\Users\JD\AppData\Local\Windows Live Writer
2013-06-23 19:32 - 2013-06-23 19:32 - 00000000 ____D C:\Users\JD\AppData\Local\Apple
2013-06-23 19:32 - 2013-06-23 13:19 - 00000000 ____D C:\Users\JD\AppData\Roaming\Apple Computer
2013-06-23 18:30 - 2013-06-23 13:19 - 00000000 ____D C:\Users\JD\AppData\Roaming\Adobe
2013-06-23 18:30 - 2013-06-23 13:19 - 00000000 ____D C:\Users\JD\AppData\Local\Adobe
2013-06-23 18:24 - 2013-06-23 18:24 - 00000000 ____D C:\Users\JD\AppData\Roaming\EPSON
2013-06-23 18:23 - 2013-06-23 18:23 - 00000000 ____A C:\Users\JD\Sti_Trace.log
2013-06-23 18:13 - 2011-07-29 20:16 - 00000403 ____A C:\Windows\ODBC.INI
2013-06-23 14:39 - 2013-06-23 14:39 - 00001502 ____A C:\Users\JD\Desktop\Windows Live Mail.lnk
2013-06-23 13:30 - 2013-06-23 13:24 - 00000000 ____D C:\Users\JD\AppData\Roaming\Google
2013-06-23 13:30 - 2013-06-23 13:24 - 00000000 ____D C:\Users\JD\AppData\Local\Google
2013-06-23 13:26 - 2013-06-23 13:19 - 00002267 ____A C:\Users\JD\Desktop\Google Chrome.lnk
2013-06-23 13:21 - 2013-06-23 13:21 - 00000000 ____D C:\Users\JD\AppData\Local\{7D8C5629-8D8E-40C7-8407-BAAA224646DF}
2013-06-23 13:20 - 2013-06-23 13:20 - 00000000 ____D C:\Users\JD\AppData\Local\ArcSoft
2013-06-23 13:20 - 2013-06-23 13:19 - 00000000 ____D C:\Users\JD\AppData\Roaming\ArcSoft
2013-06-23 13:19 - 2013-06-23 13:19 - 00073384 ____A C:\Users\JD\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\Vorlagen
2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\Startmenü
2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\Netzwerkumgebung
2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\Lokale Einstellungen
2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\Eigene Dateien
2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\Druckumgebung
2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\Documents\Eigene Musik
2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\Documents\Eigene Bilder
2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\AppData\Local\Verlauf
2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\AppData\Local\Anwendungsdaten
2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 __SHD C:\Users\JD\Anwendungsdaten
2013-06-23 13:19 - 2013-06-23 13:19 - 00000000 ____D C:\Users\JD\AppData\Local\VirtualStore
2013-06-22 19:11 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-22 16:02 - 2013-06-30 19:31 - 00460888 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\99245666.sys
2013-06-22 15:56 - 2013-06-22 15:56 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-22 15:56 - 2013-06-22 15:56 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-22 15:56 - 2013-03-05 20:57 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-22 15:56 - 2013-03-05 20:57 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-22 15:56 - 2012-09-23 12:31 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-06-22 15:56 - 2011-08-21 12:11 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-22 15:56 - 2011-08-21 12:11 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-22 15:40 - 2013-05-08 15:25 - 00000000 ____D C:\Program Files (x86)\Iminent
2013-06-22 15:28 - 2013-05-08 15:26 - 00000898 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-06-21 17:06 - 2013-06-21 17:06 - 00000000 ____D C:\Users\Manu\AppData\Local\{58054010-D9C4-493A-BA5C-ECC6AB248295}
2013-06-20 14:56 - 2013-06-20 14:55 - 00000000 ____D C:\Users\Manu\AppData\Local\{20F75D8B-C59D-4957-B684-2730AE880216}
2013-06-19 14:43 - 2013-06-19 14:43 - 00000000 ____D C:\Users\Manu\AppData\Local\{EB4454CD-9472-471D-82BD-C8AC2DC6FADA}
2013-06-18 23:02 - 2013-06-18 23:02 - 09755584 ____A (SurfRight B.V.) C:\Users\admin\Downloads\hitmanpro_x64.exe
2013-06-18 22:34 - 2013-06-18 22:34 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-06-18 22:02 - 2013-06-18 22:02 - 01084698 ____A C:\ProgramData\2433f433
2013-06-18 22:02 - 2013-06-18 22:02 - 01084684 ____A C:\Users\jörg\AppData\Roaming\2433f433
2013-06-18 22:02 - 2013-06-18 22:02 - 01084669 ____A C:\Users\jörg\AppData\Local\2433f433
2013-06-18 19:14 - 2011-07-30 21:00 - 00000000 ____D C:\Users\jörg\AppData\Local\Adobe
2013-06-18 19:07 - 2013-06-18 19:07 - 00000000 ____D C:\Users\jörg\AppData\Local\{A2442D88-5E58-49A3-A333-204F436735D8}
2013-06-16 17:32 - 2013-06-16 17:32 - 00000000 ____D C:\Users\jörg\AppData\Local\{267C70E8-5B72-45D7-9CDF-DECD5E6E3A5C}
2013-06-14 15:25 - 2013-06-14 15:25 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-14 15:25 - 2012-04-23 14:17 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-14 15:25 - 2011-08-17 18:20 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-14 14:56 - 2013-06-14 14:56 - 00000000 ____D C:\Users\Manu\AppData\Local\{99EE7253-67B4-4F61-A8BC-9177B9312D33}
2013-06-13 16:09 - 2011-07-28 22:40 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-13 16:06 - 2013-06-13 16:06 - 00000000 ____D C:\Users\Manu\AppData\Local\{44E2793B-6AD0-41D5-B25A-69DFDE532F57}
2013-06-11 14:53 - 2013-06-11 14:53 - 00000000 ____D C:\Users\Manu\AppData\Local\{A0821F0E-E78A-4601-B328-5A5F35668781}
2013-06-10 20:44 - 2013-06-10 20:44 - 00000000 ____D C:\Users\jörg\AppData\Local\{7563DCB8-3CAB-493E-A1E5-3BFAA1192631}
2013-06-09 19:30 - 2013-06-09 19:30 - 00000000 ____D C:\Users\Manu\AppData\Local\{FEC6F72C-007B-4073-A665-3FDE103D2FAE}
2013-06-08 09:48 - 2013-06-08 09:48 - 00000000 ____D C:\Users\Manu\AppData\Local\{C463F1D9-FD8A-47BF-8DC5-44B3DFA22AB7}
2013-06-07 16:04 - 2013-06-07 16:04 - 00000000 ____D C:\Users\Manu\AppData\Local\{377F3E1B-52C1-418A-A5B0-397F38965AE9}
2013-06-06 18:43 - 2013-06-06 18:43 - 00000000 ____D C:\Users\jörg\AppData\Local\{65138475-27C5-448E-BCB3-4A88B43B1F56}
2013-06-06 16:14 - 2013-06-06 16:14 - 00000000 ____D C:\Users\Manu\AppData\Local\{C5CCD79F-D5C9-408F-A647-387609FE459E}
2013-06-05 16:38 - 2013-06-05 16:38 - 00000000 ____D C:\Users\Manu\AppData\Local\{2630AFAC-26F1-4E03-86ED-E810169F8E2B}
2013-06-04 20:41 - 2013-06-04 20:41 - 00000000 ____D C:\Users\jörg\AppData\Local\{C3C906FE-0FE4-43D6-96B6-5937D326E06F}
2013-06-04 20:36 - 2013-06-29 15:57 - 00001609 ____A C:\Users\JD\Desktop\Zugangsdaten.doc - Verknüpfung.lnk
2013-06-04 20:36 - 2013-06-04 20:36 - 00001609 ____A C:\Users\jörg\Desktop\Zugangsdaten.doc - Verknüpfung.lnk
2013-06-04 20:32 - 2011-07-30 21:00 - 00000000 ____D C:\users\jörg
2013-06-04 20:30 - 2012-09-05 18:23 - 00000000 ____D C:\Users\jörg\AppData\Roaming\Audacity
2013-06-04 20:30 - 2012-01-14 17:51 - 00000000 ____D C:\Users\jörg\AppData\Roaming\vlc
2013-06-04 20:30 - 2011-08-27 15:16 - 00000000 ____D C:\Program Files (x86)\gs
2013-06-04 20:30 - 2011-07-29 21:03 - 00000000 ____D C:\Program Files (x86)\FreePDF_XP
2013-06-04 20:30 - 2011-07-28 22:25 - 00000000 ____D C:\users\admin
2013-06-04 20:30 - 2011-04-19 14:26 - 00000000 ____D C:\ProgramData\Norton
2013-06-04 20:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-06-04 20:28 - 2013-05-08 15:25 - 00000000 ____D C:\ProgramData\Ask
2013-06-04 20:28 - 2012-01-01 15:53 - 00000000 ____D C:\Users\jörg\AppData\Roaming\Orbit
2013-06-04 20:14 - 2011-08-28 10:51 - 00000000 ____D C:\Users\admin\AppData\Local\FreePDF_XP
2013-06-04 20:12 - 2011-07-29 21:03 - 00000000 ____D C:\ProgramData\FreePDF
2013-06-04 19:40 - 2013-06-04 19:40 - 00000000 ____D C:\Users\jörg\AppData\Local\{3C44CF72-A437-41AE-AFC5-C9EC1DF8556D}
2013-06-04 17:13 - 2013-06-04 17:13 - 00000000 ____D C:\Users\Manu\AppData\Local\{BD654D46-DA3D-439F-9F7C-6EE6485BDE83}
2013-06-03 14:15 - 2013-06-03 14:15 - 00000000 ____D C:\Users\Manu\AppData\Local\{80A46B06-9E39-4984-802A-96CBCF0E00E4}
2013-06-02 21:45 - 2013-06-02 21:45 - 00000000 ____D C:\Users\jörg\AppData\Local\{9C36CA55-8318-41D5-860F-7056DC52E4B6}
2013-06-02 21:29 - 2013-06-02 19:16 - 00019764 ____A C:\Users\jörg\Desktop\mp3- Tai Chi Chuan ( Taiji) Traditioneller Yang Stil - 108er Langform 2. Teil.aup
2013-06-02 19:16 - 2013-06-02 19:16 - 00000000 ____D C:\Users\jörg\Desktop\mp3- Tai Chi Chuan ( Taiji) Traditioneller Yang Stil - 108er Langform 2. Teil_data
2013-06-02 11:17 - 2013-06-02 11:17 - 00000000 ____D C:\Users\Manu\AppData\Local\{9DDD6CF3-BA43-42BE-B0C0-593440A39EC4}

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-22 18:59

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Wann ist comofix fertig ??? Wo ist das logfile ???

Alt 02.07.2013, 07:10   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Google öffnet lauter leere Fenster - Standard

Google öffnet lauter leere Fenster



Liest Du auch die Anleitungen?

Da steht wo das Logfile zu finden ist, unter C:\Combofix.txt
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.07.2013, 18:25   #8
Indexation
 
Google öffnet lauter leere Fenster - Standard

Google öffnet lauter leere Fenster



Gibt kein Textfile unter C -
es hat aber ein Datei ComboFix angelegt mit dem Computersymbol
wenn ich die öffne sehe ich nochmal alle Laufwerke ????
Soll ich combofix nochmal starten -habe das Gefühl es ist nicht richtig gelaufen da es bei dem löschen hängengeblieben ist - oder ist das normal ??

Alt 02.07.2013, 18:49   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Google öffnet lauter leere Fenster - Standard

Google öffnet lauter leere Fenster



wie besprochen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.07.2013, 21:28   #10
Indexation
 
Google öffnet lauter leere Fenster - Standard

Google öffnet lauter leere Fenster



Hier nun das LogFile :-)

Fehler ist aber noch nicht weg -habe allerdings noch keinen Neustart geacht ....
Mach ich nachher noch

Alt 03.07.2013, 08:07   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Google öffnet lauter leere Fenster - Standard

Google öffnet lauter leere Fenster



Logs bitte immer in den Thread posten.

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST Log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.07.2013, 18:48   #12
Indexation
 
Google öffnet lauter leere Fenster - Standard

Google öffnet lauter leere Fenster



Huiiiiiii der Fehler is nach Neustart wech

Heissen Dank an "Schrauber"

Ich werde dich wärmstens weiterempfehlen -
Was war das denn nun ? Kannst du das an den Logfiles erkennen ?

...und vor allem -> warum hat Norton versagt (Virensignaturen sind aktuell .....
auch Spybot + Defender haben das Ding nicht geknackt ....

Habe gehört das Kaspersky eh besser ist - stimmt das ?
.... obwohl - Kaspersky hat das Ding auch nicht wegbekommen


Nochmals vielen Dank

Alt 03.07.2013, 18:52   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Google öffnet lauter leere Fenster - Standard

Google öffnet lauter leere Fenster



Adware und so Kram. den Rest bitte auch noch machen, wir sind noch nit fertig
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.07.2013, 19:00   #14
Indexation
 
Google öffnet lauter leere Fenster - Standard

Google öffnet lauter leere Fenster



Habe es schon geshen - ich lege los ;

Geändert von Indexation (03.07.2013 um 19:07 Uhr)

Alt 03.07.2013, 19:26   #15
Indexation
 
Google öffnet lauter leere Fenster - Standard

Google öffnet lauter leere Fenster



Logfile von Adw-Cleaner

Antwort

Themen zu Google öffnet lauter leere Fenster
adresse, aktualisiert, fenster, firefox, google, hallo zusammen, kaspersky, kurzem, lauter, leer, leere, leere fenster, melde, search, spinn, spinnt, spybot, suchfeld, thread, troja, trojaner, virus, win, zusammen, öffnet



Ähnliche Themen: Google öffnet lauter leere Fenster


  1. Google Chrome öffnet laufend neue Fenster
    Plagegeister aller Art und deren Bekämpfung - 25.07.2015 (3)
  2. Google Chrome öffnet neuerdings Fenster mit Werbung
    Log-Analyse und Auswertung - 02.07.2015 (21)
  3. Windows 8.1 Chrome öffnet sporadisch leere Fenster
    Log-Analyse und Auswertung - 22.02.2015 (13)
  4. Google Chrome öffnet Pop-Up Fenster (Werbung) ohne das ich im Browser etwas mache
    Plagegeister aller Art und deren Bekämpfung - 18.02.2015 (15)
  5. Windows 7: Lauter Links und neue Fenster in Chrome
    Log-Analyse und Auswertung - 06.11.2014 (11)
  6. Windows 7: Lauter Links und neue Fenster in Chrome und Firefox
    Log-Analyse und Auswertung - 28.09.2014 (5)
  7. Browser öffnet ständig leere Fenster
    Plagegeister aller Art und deren Bekämpfung - 28.06.2014 (21)
  8. Google Chrome öffnet ungewollt Werbung in einem neuen Fenster
    Log-Analyse und Auswertung - 12.06.2014 (11)
  9. Windows 7: Google Chrome öffnet von alleine Fenster mit Werbung
    Log-Analyse und Auswertung - 06.06.2014 (12)
  10. Windows 7 - Internet Explorer bzw. Firefox öffnet selbständig viele leere Fenster
    Log-Analyse und Auswertung - 14.12.2013 (9)
  11. Windows 7: Google Chrome öffnet von alleine Fenster mit Werbung
    Log-Analyse und Auswertung - 28.10.2013 (9)
  12. Google öffnet Fenster
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (27)
  13. Browser öffnet leere Google-Fenster/Tabs von selbst
    Plagegeister aller Art und deren Bekämpfung - 12.12.2011 (2)
  14. Firefox öffnet Regelmäßig Tabs und Fenster, scheinbar über Google-Suchfenster
    Log-Analyse und Auswertung - 01.07.2011 (11)
  15. Firefox / Google öffnet ständig neue Fenster mit Werbung!
    Plagegeister aller Art und deren Bekämpfung - 19.12.2008 (0)
  16. Firefox öffnet selbstständig LEERE fenster !!
    Plagegeister aller Art und deren Bekämpfung - 15.05.2006 (20)
  17. Bei der Google suche, öffnet sich ein kleines search Fenster
    Plagegeister aller Art und deren Bekämpfung - 20.11.2005 (15)

Zum Thema Google öffnet lauter leere Fenster - Hallo zusammen , Seit kurzem öffnet sich bei google lauter leer Fenster wenn ich ein Suchbeggriff eingebe. Bing läuft - Firefox auch Geb ich ein Adresse ein klappt alles Goolge - Google öffnet lauter leere Fenster...
Archiv
Du betrachtest: Google öffnet lauter leere Fenster auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.