Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Vermutlich KOBIK Virus eingefang was kann ich machen.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.08.2013, 15:47   #1
Knight1986
 
Vermutlich KOBIK Virus eingefang was kann ich machen. - Standard

Vermutlich KOBIK Virus eingefang was kann ich machen.



Am Samstag nachmittag zeigte mein Bildschirm aufeinmal eine Seite vom EJPD (Eidgenösisches Justitz und Polizei Departement) und der Koordinationsstelle zur Bekämpfung der Internetkriminalität (KOBIK) auf der stet, (kurz fasung) Der Coputer ist gesperrt man sol 150 Fr. per paysafecard überweisen.
Den Laptop kann mann auch nicht im Abgesichertem Modus Starten.

Danke schon im voraus für die Hilfe

Alt 27.08.2013, 15:52   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vermutlich KOBIK Virus eingefang was kann ich machen. - Standard

Vermutlich KOBIK Virus eingefang was kann ich machen.



Hallo,

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

__________________

__________________

Alt 27.08.2013, 17:17   #3
Knight1986
 
Vermutlich KOBIK Virus eingefang was kann ich machen. - Standard

Vermutlich KOBIK Virus eingefang was kann ich machen.



Haben den Scan gemacht. Hir das ergebnis.



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-08-2013 01
Ran by Marc (administrator) on 27-08-2013 18:09:36
Running from F:\
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [OEM02Mon.exe] - C:\Windows\OEM02Mon.exe [36864 2007-05-10] (Creative Technology Ltd.)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [DELL Webcam Manager] - C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [118784 2007-07-27] (Creative Technology Ltd.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13793824 2009-06-16] (NVIDIA Corporation)
HKLM\...\Run: [NVHotkey] - C:\Windows\system32\nvHotkey.dll [92704 2009-06-16] (NVIDIA Corporation)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [Bing Bar] - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe [243544 2010-04-27] (Microsoft Corp.)
HKLM\...\Run: [Microsoft Default Manager] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [VDownloader] - C:\Program Files\VDownloader\VDownloader.exe [879104 2012-12-20] (Vitzo)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Marc\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-11-21] (Google Inc.)
HKCU\...\Run: [msnmsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [x]
HKCU\...\Run: [SkyDrive] - C:\Users\Marc\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation)
HKCU\...\Run: [Facebook Update] - C:\Users\Marc\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-08-25] (Facebook Inc.)
HKCU\...\Run: [CLXReader] - C:\Program Files\CLX.PayPen\CLXReader.exe [4108152 2012-08-14] (CREALOGIX E-Payment AG)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\Marc\AppData\Roaming\cache.dat [84992 2013-07-09] () <==== ATTENTION 
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Marc\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Medien-Prüfung.lnk
ShortcutTarget: Picture Motion Browser Medien-Prüfung.lnk -> C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ch.msn.com/?ocid=OIE9HP
HKCU\Software\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://www.google.ch/
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.google.ch/
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={C9232DED-F154-4A92-8FD5-4E18A86D4722}
SearchScopes: HKCU - DefaultScope {AF4BC682-A543-4440-A849-186E9BBE09F9} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - BrowserMngrDefaultScope {AF4BC682-A543-4440-A849-186E9BBE09F9}
SearchScopes: HKCU - bProtectorDefaultScope {AF4BC682-A543-4440-A849-186E9BBE09F9}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=IP2TDF&PC=IP2TDF&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKCU - {A04B7F69-E27E-4A8F-8B79-D8118C8C5A31} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYCH&apn_uid=7F8AE9F3-3A1A-4D40-B3E3-2339BE1E3DDA&apn_sauid=DEE68F08-2380-4002-BEF3-93DBAE37EF25
SearchScopes: HKCU - {AF4BC682-A543-4440-A849-186E9BBE09F9} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = 
BHO: No Name - {2EECD738-5844-4a99-B4B6-146BF802613B} -  No File
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - @C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKCU -No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\3h4vomr6.default
FF user.js: detected! => C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\3h4vomr6.default\user.js
FF Homepage: https://www.google.ch/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Marc\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Marc\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Marc\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Marc\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Plugin HKCU: vitzo.com/VDownloader - C:\Program Files\VDownloader\Addons\npVDownloader.dll (Vitzo)
FF SearchPlugin: C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\3h4vomr6.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\3h4vomr6.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\3h4vomr6.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\3h4vomr6.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\3h4vomr6.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\3h4vomr6.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF Extension: No Name - C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\3h4vomr6.default\Extensions\staged
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [msntoolbar@msn.com] C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox
FF Extension: Bing Bar - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF Extension: No Name - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF HKLM\...\Firefox\Extensions: [support@vdownloader.com] C:\Program Files\VDownloader\Addons\FireFox
FF Extension: VDownloader - C:\Program Files\VDownloader\Addons\FireFox

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Marc\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Marc\AppData\Local\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Marc\AppData\Local\Google\Chrome\Application\29.0.1547.57\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U35) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
CHR Plugin: (Bing Bar) - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Desktop) - C:\Users\Marc\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll No File
CHR Plugin: (Google Update) - C:\Users\Marc\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Extension: (Chrome In-App Payments service) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR HKLM\...\Chrome\Extension: [eoccbpoodnckjdnackiffhjfkogfhnhh] - C:\Program Files\VDownloader\Addons\Chrome.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Marc\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

S2 Browser Manager; C:\ProgramData\Browser Manager\2.6.1519.190\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2847696 2013-07-26] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
S2 EkaProt6; C:\Windows\System32\DRIVERS\ekaprot6.sys [23704 2011-01-31] (Ekahau Inc.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 PayPen; C:\Windows\System32\Drivers\PayPen.sys [18560 2012-08-14] ()
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-27 16:11 - 2013-08-27 16:11 - 00000000 ____D C:\FRST
2013-08-24 15:44 - 2013-08-27 15:48 - 00000004 _____ C:\Users\Marc\AppData\Roaming\cache.ini
2013-08-24 15:20 - 2013-08-24 15:21 - 00117032 _____ (PortableApps.com) C:\Users\Marc\Downloads\Update_flash_player (12).exe
2013-08-24 15:19 - 2013-08-24 15:20 - 00117032 _____ (PortableApps.com) C:\Users\Marc\Downloads\Update_flash_player (11).exe
2013-08-24 15:16 - 2013-08-24 15:17 - 00117032 _____ (PortableApps.com) C:\Users\Marc\Downloads\Update_flash_player (10).exe
2013-08-24 15:05 - 2013-08-24 15:06 - 00117032 _____ (PortableApps.com) C:\Users\Marc\Downloads\Update_flash_player (9).exe
2013-08-24 15:05 - 2013-08-24 15:06 - 00117032 _____ (PortableApps.com) C:\Users\Marc\Downloads\Update_flash_player (8).exe
2013-08-24 15:04 - 2013-08-24 15:04 - 00117032 _____ (PortableApps.com) C:\Users\Marc\Downloads\Update_flash_player (7).exe
2013-08-24 15:02 - 2013-08-24 15:03 - 00117032 _____ (PortableApps.com) C:\Users\Marc\Downloads\Update_flash_player (6).exe
2013-08-24 15:00 - 2013-08-24 15:00 - 00118568 _____ C:\Users\Marc\Downloads\Update_flash_player (5).exe
2013-08-24 14:58 - 2013-08-24 14:58 - 00118568 _____ C:\Users\Marc\Downloads\Update_flash_player (4).exe
2013-08-24 14:58 - 2013-08-24 14:58 - 00118568 _____ C:\Users\Marc\Downloads\Update_flash_player (3).exe
2013-08-24 14:58 - 2013-08-24 14:58 - 00118568 _____ C:\Users\Marc\Downloads\Update_flash_player (2).exe
2013-08-24 14:56 - 2013-08-24 14:56 - 00118568 _____ C:\Users\Marc\Downloads\Update_flash_player (1).exe
2013-08-24 14:53 - 2013-08-24 14:53 - 00118568 _____ C:\Users\Marc\Downloads\Update_flash_player.exe
2013-08-24 14:30 - 2013-08-24 14:55 - 00000000 ____D C:\Users\Marc\Sex
2013-08-15 00:36 - 2013-07-25 04:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 00:36 - 2013-07-25 04:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 00:36 - 2013-07-25 04:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 00:36 - 2013-07-25 04:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 00:36 - 2013-07-25 04:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 00:36 - 2013-07-25 04:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-15 00:36 - 2013-07-25 04:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-15 00:36 - 2013-07-25 04:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 00:36 - 2013-07-25 04:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 00:36 - 2013-07-25 04:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 00:36 - 2013-07-25 04:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 00:36 - 2013-07-25 04:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-15 00:36 - 2013-07-25 04:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-15 00:36 - 2013-07-25 04:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 00:36 - 2013-07-25 04:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 00:36 - 2013-07-25 04:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-14 08:18 - 2013-07-17 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 08:18 - 2013-07-10 11:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 08:18 - 2013-07-09 14:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 08:18 - 2013-07-09 14:10 - 00084992 _____ C:\Users\Marc\AppData\Roaming\cache.dat
2013-08-14 08:18 - 2013-07-08 06:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-14 08:18 - 2013-07-08 06:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 08:18 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 08:18 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 08:18 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 08:18 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 08:18 - 2013-07-05 05:20 - 00914880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 08:18 - 2013-07-05 03:43 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2013-08-14 08:18 - 2013-06-15 15:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-08-14 08:18 - 2013-06-15 13:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-13 10:24 - 2013-08-13 18:56 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-07-28 02:02 - 2013-08-15 00:46 - 00000000 ____D C:\Windows\system32\MRT

==================== One Month Modified Files and Folders =======

2013-08-27 16:20 - 2006-11-02 14:52 - 02007922 _____ C:\Windows\WindowsUpdate.log
2013-08-27 16:12 - 2013-08-27 16:12 - 00006522 _____ C:\Windows\system32\PerfStringBackup.TMP
2013-08-27 16:11 - 2013-08-27 16:11 - 00000000 ____D C:\FRST
2013-08-27 16:05 - 2006-11-02 12:33 - 01559094 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-27 15:48 - 2013-08-24 15:44 - 00000004 _____ C:\Users\Marc\AppData\Roaming\cache.ini
2013-08-27 15:48 - 2012-11-10 00:53 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-27 15:48 - 2011-11-11 00:26 - 00031776 _____ C:\ProgramData\nvModes.dat
2013-08-27 15:48 - 2011-11-11 00:26 - 00031776 _____ C:\ProgramData\nvModes.001
2013-08-27 15:47 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-27 15:47 - 2006-11-02 14:47 - 00003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-27 15:47 - 2006-11-02 14:47 - 00003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-27 15:45 - 2011-11-11 00:45 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-08-27 15:45 - 2006-11-02 15:01 - 00032554 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-24 15:28 - 2012-04-05 09:34 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-24 15:21 - 2013-08-24 15:20 - 00117032 _____ (PortableApps.com) C:\Users\Marc\Downloads\Update_flash_player (12).exe
2013-08-24 15:20 - 2013-08-24 15:19 - 00117032 _____ (PortableApps.com) C:\Users\Marc\Downloads\Update_flash_player (11).exe
2013-08-24 15:20 - 2012-11-10 00:53 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-24 15:17 - 2013-08-24 15:16 - 00117032 _____ (PortableApps.com) C:\Users\Marc\Downloads\Update_flash_player (10).exe
2013-08-24 15:13 - 2011-11-21 11:31 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2978347520-1581668813-3411711660-1000UA.job
2013-08-24 15:06 - 2013-08-24 15:05 - 00117032 _____ (PortableApps.com) C:\Users\Marc\Downloads\Update_flash_player (9).exe
2013-08-24 15:06 - 2013-08-24 15:05 - 00117032 _____ (PortableApps.com) C:\Users\Marc\Downloads\Update_flash_player (8).exe
2013-08-24 15:04 - 2013-08-24 15:04 - 00117032 _____ (PortableApps.com) C:\Users\Marc\Downloads\Update_flash_player (7).exe
2013-08-24 15:03 - 2013-08-24 15:02 - 00117032 _____ (PortableApps.com) C:\Users\Marc\Downloads\Update_flash_player (6).exe
2013-08-24 15:00 - 2013-08-24 15:00 - 00118568 _____ C:\Users\Marc\Downloads\Update_flash_player (5).exe
2013-08-24 14:58 - 2013-08-24 14:58 - 00118568 _____ C:\Users\Marc\Downloads\Update_flash_player (4).exe
2013-08-24 14:58 - 2013-08-24 14:58 - 00118568 _____ C:\Users\Marc\Downloads\Update_flash_player (3).exe
2013-08-24 14:58 - 2013-08-24 14:58 - 00118568 _____ C:\Users\Marc\Downloads\Update_flash_player (2).exe
2013-08-24 14:56 - 2013-08-24 14:56 - 00118568 _____ C:\Users\Marc\Downloads\Update_flash_player (1).exe
2013-08-24 14:55 - 2013-08-24 14:30 - 00000000 ____D C:\Users\Marc\Sex
2013-08-24 14:53 - 2013-08-24 14:53 - 00118568 _____ C:\Users\Marc\Downloads\Update_flash_player.exe
2013-08-24 14:30 - 2011-11-10 19:28 - 00000000 ____D C:\Users\Marc
2013-08-24 14:12 - 2012-08-25 17:07 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2978347520-1581668813-3411711660-1000UA.job
2013-08-24 08:57 - 2012-03-21 13:56 - 00000000 ____D C:\Users\Marc\AppData\Roaming\Dropbox
2013-08-24 08:56 - 2012-08-25 16:47 - 00000000 ___RD C:\Users\Marc\SkyDrive
2013-08-24 08:56 - 2012-03-21 14:48 - 00000000 ___RD C:\Users\Marc\Dropbox
2013-08-23 20:13 - 2011-11-21 11:31 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2978347520-1581668813-3411711660-1000Core.job
2013-08-23 17:12 - 2012-08-25 17:07 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2978347520-1581668813-3411711660-1000Core.job
2013-08-21 08:20 - 2011-11-21 11:32 - 00002042 _____ C:\Users\Marc\Desktop\Google Chrome.lnk
2013-08-19 09:16 - 2012-05-03 09:52 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-18 08:14 - 2011-11-10 20:34 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-15 07:59 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-15 07:48 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-08-15 07:30 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-15 00:46 - 2013-07-28 02:02 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 00:43 - 2006-11-02 12:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-08-13 18:56 - 2013-08-13 10:24 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-08-09 17:39 - 2011-11-21 13:03 - 00000000 ____D C:\Users\Marc\AppData\Roaming\vlc
2013-08-07 17:35 - 2006-11-02 14:52 - 00042034 _____ C:\Windows\setupact.log
2013-08-03 06:59 - 2012-09-28 22:30 - 00000000 ____D C:\ProgramData\Browser Manager
2013-08-03 06:59 - 2011-11-11 00:22 - 00128518 _____ C:\Windows\PFRO.log
2013-07-28 01:21 - 2012-11-10 00:53 - 00000000 ____D C:\Program Files\Google

Files to move or delete:
====================
C:\ProgramData\nvModes.dat
C:\Users\Marc\AppData\Roaming\cache.dat
C:\Users\Marc\AppData\Roaming\cache.ini
C:\Users\Marc\AppData\Local\Temp\24367246.exe
C:\Users\Marc\AppData\Local\Temp\382cr0tr.dll
C:\Users\Marc\AppData\Local\Temp\ApnStub.exe
C:\Users\Marc\AppData\Local\Temp\AskSLib.dll
C:\Users\Marc\AppData\Local\Temp\dbmi8-k5.dll
C:\Users\Marc\AppData\Local\Temp\fo8gxn9q.dll
C:\Users\Marc\AppData\Local\Temp\i7b6unww.dll
C:\Users\Marc\AppData\Local\Temp\ICReinstall_DownloadManagerSetup(1).exe
C:\Users\Marc\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Marc\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Marc\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Marc\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Marc\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Marc\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Marc\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Marc\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Marc\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Marc\AppData\Local\Temp\setup_fsu_cid.exe
C:\Users\Marc\AppData\Local\Temp\softonic_ggl_1.6.7.4.exe
C:\Users\Marc\AppData\Local\Temp\tiagdges.dll
C:\Users\Marc\AppData\Local\Temp\tmp569A.tmp.exe
C:\Users\Marc\AppData\Local\Temp\UnityWebPlayer4275381299534217750.exe
C:\Users\Marc\AppData\Local\Temp\vlc-2.0.6-win32.exe
C:\Users\Marc\AppData\Local\Temp\wmpfirefoxplugin.exe
C:\Users\Marc\AppData\Local\Temp\wr72rwkx.dll
C:\Users\Marc\AppData\Local\Temp\zputznl5.dll
C:\Users\Marc\AppData\Local\Temp\_is1080.exe
C:\Users\Marc\AppData\Local\Temp\_is3407.exe
C:\Users\Marc\AppData\Local\Temp\_is754B.exe
C:\Users\Marc\AppData\Local\Temp\{F59E31AF-7BC3-49F6-B40F-7D5C4E6126E3}\{2F819DAF-429B-4179-AEDC-AE71B7B9D889}\Common.dll
C:\Users\Marc\AppData\Local\Temp\{F59E31AF-7BC3-49F6-B40F-7D5C4E6126E3}\{2F819DAF-429B-4179-AEDC-AE71B7B9D889}\CTCabEx.DLL
C:\Users\Marc\AppData\Local\Temp\{F59E31AF-7BC3-49F6-B40F-7D5C4E6126E3}\{2F819DAF-429B-4179-AEDC-AE71B7B9D889}\RegEdit.dll
C:\Users\Marc\AppData\Local\Temp\{F59E31AF-7BC3-49F6-B40F-7D5C4E6126E3}\{2F819DAF-429B-4179-AEDC-AE71B7B9D889}\_ISUSER.DLL
C:\Users\Marc\AppData\Local\Temp\{F59E31AF-7BC3-49F6-B40F-7D5C4E6126E3}\{2F819DAF-429B-4179-AEDC-AE71B7B9D889}\_setup.dll
C:\Users\Marc\AppData\Local\Temp\{C0BDDD0C-1001-474C-816B-20D82A785801}\{59F6A514-9813-47A3-948C-8A155460CC2A}\DIFxAPI.dll
C:\Users\Marc\AppData\Local\Temp\{C0BDDD0C-1001-474C-816B-20D82A785801}\{59F6A514-9813-47A3-948C-8A155460CC2A}\DIFxCmd.exe
C:\Users\Marc\AppData\Local\Temp\{C0BDDD0C-1001-474C-816B-20D82A785801}\{59F6A514-9813-47A3-948C-8A155460CC2A}\RixDICON.dll
C:\Users\Marc\AppData\Local\Temp\{C0BDDD0C-1001-474C-816B-20D82A785801}\{59F6A514-9813-47A3-948C-8A155460CC2A}\snymsico.dll
C:\Users\Marc\AppData\Local\Temp\{C0BDDD0C-1001-474C-816B-20D82A785801}\{59F6A514-9813-47A3-948C-8A155460CC2A}\x64\DIFxAPI.dll
C:\Users\Marc\AppData\Local\Temp\{C0BDDD0C-1001-474C-816B-20D82A785801}\{59F6A514-9813-47A3-948C-8A155460CC2A}\x64\DIFxCmd.exe
C:\Users\Marc\AppData\Local\Temp\{C0BDDD0C-1001-474C-816B-20D82A785801}\{59F6A514-9813-47A3-948C-8A155460CC2A}\x64\RixDICON.dll
C:\Users\Marc\AppData\Local\Temp\{C0BDDD0C-1001-474C-816B-20D82A785801}\{59F6A514-9813-47A3-948C-8A155460CC2A}\x64\snymsico.dll
C:\Users\Marc\AppData\Local\Temp\{68D303D4-B5F6-4D4B-ACEA-1B555B84B9D5}\ISSetup.dll
C:\Users\Marc\AppData\Local\Temp\{68D303D4-B5F6-4D4B-ACEA-1B555B84B9D5}\_Setup.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\GoogleCrashHandler.exe
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\GoogleCrashHandler64.exe
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\GoogleUpdate.exe
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\GoogleUpdateBroker.exe
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\GoogleUpdateOnDemand.exe
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\GoogleUpdateSetup.exe
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdate.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_am.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_ar.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_bg.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_bn.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_ca.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_cs.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_da.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_de.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_el.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_en-GB.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_en.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_es-419.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_es.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_et.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_fa.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_fi.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_fil.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_fr.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_gu.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_hi.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_hr.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_hu.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_id.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_is.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_it.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_iw.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_ja.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_kn.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_ko.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_lt.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_lv.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_ml.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_mr.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_ms.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_nl.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_no.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_pl.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_pt-BR.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_pt-PT.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_ro.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_ru.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_sk.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_sl.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_sr.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_sv.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_sw.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_ta.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_te.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_th.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_tr.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_uk.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_ur.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_vi.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_zh-CN.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_zh-TW.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\npGoogleUpdate3.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\psmachine.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\psuser.dll
C:\Users\Marc\AppData\Local\Temp\{587DD263-DD9F-4D70-A9E6-A53BABAAFC30}\ISSetup.dll
C:\Users\Marc\AppData\Local\Temp\{587DD263-DD9F-4D70-A9E6-A53BABAAFC30}\_Setup.dll
C:\Users\Marc\AppData\Local\Temp\{4535D53D-5CC7-4B67-B0E6-E97DBCB90F87}\adobeshockwavextrabundle.exe
C:\Users\Marc\AppData\Local\Temp\{000226CF-996C-400A-B252-E1E0F8534BBB}\ISSetup.dll
C:\Users\Marc\AppData\Local\Temp\{000226CF-996C-400A-B252-E1E0F8534BBB}\_Setup.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\kernel32.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\mfc90.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\mfc90u.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\mfcm90.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\mfcm90u.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\psapi.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\python26.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\pythoncom26.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\PyWinTypes26.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\shell32.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\wxbase293u_net_vc.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\wxbase293u_vc.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\wxmsw293u_adv_vc.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\wxmsw293u_core_vc.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\wxmsw293u_html_vc.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\wxmsw293u_webview_vc.dll
C:\Users\Marc\AppData\Local\Temp\Temp1_DigiFoto402_upd.zip\digifoto.exe
C:\Users\Marc\AppData\Local\Temp\SweetIMReinstall\SweetImSetup.exe
C:\Users\Marc\AppData\Local\Temp\Softonic\Softonic\1.6.7.4\Softonic4ffx.exe
C:\Users\Marc\AppData\Local\Temp\Softonic\Softonic\1.6.7.4\Softonic4ie.exe
C:\Users\Marc\AppData\Local\Temp\scoped_dir_7836_21362\CRX_INSTALL\npVDownloader.dll
C:\Users\Marc\AppData\Local\Temp\scoped_dir_5440_1778\CRX_INSTALL\npVDownloader.dll
C:\Users\Marc\AppData\Local\Temp\scoped_dir_5204_21116\CRX_INSTALL\npVDownloader.dll
C:\Users\Marc\AppData\Local\Temp\scoped_dir_3100_21284\CRX_INSTALL\npVDownloader.dll
C:\Users\Marc\AppData\Local\Temp\nsx1611.tmp\DropboxNSISTools.dll
C:\Users\Marc\AppData\Local\Temp\nswC70.tmp\DropboxNSISTools.dll
C:\Users\Marc\AppData\Local\Temp\nsuE2C1.tmp\chrmPref.dll
C:\Users\Marc\AppData\Local\Temp\nsuE2C1.tmp\IEFunctions.dll
C:\Users\Marc\AppData\Local\Temp\nsuE2C1.tmp\mt.dll
C:\Users\Marc\AppData\Local\Temp\nsuE2C1.tmp\nsisos.dll
C:\Users\Marc\AppData\Local\Temp\nsuE2C1.tmp\Processes.dll
C:\Users\Marc\AppData\Local\Temp\nsuE2C1.tmp\System.dll
C:\Users\Marc\AppData\Local\Temp\nsuE2C1.tmp\Time.dll
C:\Users\Marc\AppData\Local\Temp\nsuE2C1.tmp\UserInfo.dll
C:\Users\Marc\AppData\Local\Temp\nsr5D6D.tmp\DropboxNSISTools.dll
C:\Users\Marc\AppData\Local\Temp\nsnB57B.tmp\DropboxNSISTools.dll
C:\Users\Marc\AppData\Local\Temp\nsc14BA.tmp\DropboxNSISTools.dll
C:\Users\Marc\AppData\Local\Temp\nsc14BA.tmp\UAC.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\dotNetFx40LP_Full_x86de.exe
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\Setup.exe
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupEngine.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUi.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUtility.exe
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\sqmapi.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3082\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3076\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2070\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2052\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1055\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1053\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1049\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1046\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1045\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1044\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1043\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1042\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1041\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1040\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1038\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1037\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1036\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1035\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1033\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1032\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1031\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1030\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1029\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1028\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1025\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\is357113909\DeltaTB.exe
C:\Users\Marc\AppData\Local\Temp\is357113909\DownloadManagerV2.exe
C:\Users\Marc\AppData\Local\Temp\is357113909\QtraxInstaller.exe
C:\Users\Marc\AppData\Local\Temp\is357113909\uninstaller.exe
C:\Users\Marc\AppData\Local\Temp\is180804277\14333978_Setup.EXE
C:\Users\Marc\AppData\Local\Temp\is180804277\4738337_Setup.EXE
C:\Users\Marc\AppData\Local\Temp\is180804277\53072112_Setup.EXE
C:\Users\Marc\AppData\Local\Temp\is180804277\DeltaTB.exe
C:\Users\Marc\AppData\Local\Temp\is180804277\dp.exe
C:\Users\Marc\AppData\Local\Temp\is180804277\PricePeepInstaller.exe
C:\Users\Marc\AppData\Local\Temp\is180804277\QtraxInstaller.exe
C:\Users\Marc\AppData\Local\Temp\is180804277\yontoo-c2.exe
C:\Users\Marc\AppData\Local\Temp\is180804277\yontoo-c4.exe
C:\Users\Marc\AppData\Local\Temp\IDC2.tmp\FP_AX_CAB_INSTALLER64.exe
C:\Users\Marc\AppData\Local\Temp\Adobe\Shockwave 11\gcapi_dll.dll
C:\Users\Marc\AppData\Local\Temp\Adobe\Shockwave 11\gi.dll
C:\Users\Marc\AppData\Local\Temp\Adobe\Shockwave 11\gtapi.dll
C:\Users\Marc\AppData\Local\Temp\Adobe\Shockwave 11\SymCCIS.dll
C:\Users\Marc\AppData\Local\Temp\A958.dir\InstallFlashPlayer.exe
C:\Users\Marc\AppData\Local\Temp\967429CBEA314E3EBC91036B24089247\IP2TDFJewel\7.1.361\JewelExtension.dll
C:\Users\Marc\AppData\Local\Temp\967429CBEA314E3EBC91036B24089247\IP2TDFButton1\7.1.361\JewelExtension.dll
C:\Users\Marc\AppData\Local\Temp\87597F2A-BAB0-7891-ACBB-5A9DCF132762\Setup.exe
C:\Users\Marc\AppData\Local\Temp\87597F2A-BAB0-7891-ACBB-5A9DCF132762\sqlite3.dll
C:\Users\Marc\AppData\Local\Temp\87597F2A-BAB0-7891-ACBB-5A9DCF132762\Latest\BrowserManagerSetup.exe
C:\Users\Marc\AppData\Local\Temp\87597F2A-BAB0-7891-ACBB-5A9DCF132762\Latest\IECookieLow.dll
C:\Users\Marc\AppData\Local\Temp\87597F2A-BAB0-7891-ACBB-5A9DCF132762\Latest\MyBabylonTB.exe
C:\Users\Marc\AppData\Local\Temp\87597F2A-BAB0-7891-ACBB-5A9DCF132762\Latest\Setup.exe
C:\Users\Marc\AppData\Local\Temp\87597F2A-BAB0-7891-ACBB-5A9DCF132762\Latest\sqlite3.dll
C:\Users\Marc\AppData\Local\Temp\55039882.Uninstall\uninstaller.exe
C:\Users\Marc\AppData\Local\Temp\55000118.Uninstall\uninstaller.exe
C:\Users\Marc\AppData\Local\Temp\486177.Uninstall\uninstaller.exe
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\GoogleEarth.exe
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemyext.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\earthps.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\geplugin.exe
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\ge_expat.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\googleearth_free.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\icudt.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGAttrs.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGCore.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGExportCommon.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGGfx.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGMath.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGOpt.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGSg.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGUtils.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\msvcp100.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\msvcr100.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\npgeplugin.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\plugin_ax.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\QtCore4.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\QtGui4.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\QtNetwork4.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\QtWebKit4.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\imageformats\qgif4.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\imageformats\qjpeg4.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\optimizations\IGOptExtension.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\D3DCompiler_43.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\d3dx9_43.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGAttrs.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGGfx.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGSg.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\libEGL.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\libGLESv2.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogl\IGAttrs.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogl\IGGfx.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogl\IGSg.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-27 16:25

==================== End Of Log ============================
         
--- --- ---

--- --- ---
__________________

Alt 27.08.2013, 19:44   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vermutlich KOBIK Virus eingefang was kann ich machen. - Standard

Vermutlich KOBIK Virus eingefang was kann ich machen.



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\Marc\AppData\Roaming\cache.dat [84992 2013-07-09] () <==== ATTENTION
C:\Users\Marc\AppData\Roaming\cache.dat
C:\Users\Marc\AppData\Roaming\cache.ini
C:\Users\Marc\AppData\Local\Temp\24367246.exe
C:\Users\Marc\AppData\Local\Temp\382cr0tr.dll
C:\Users\Marc\AppData\Local\Temp\ApnStub.exe
C:\Users\Marc\AppData\Local\Temp\AskSLib.dll
C:\Users\Marc\AppData\Local\Temp\dbmi8-k5.dll
C:\Users\Marc\AppData\Local\Temp\fo8gxn9q.dll
C:\Users\Marc\AppData\Local\Temp\i7b6unww.dll
C:\Users\Marc\AppData\Local\Temp\setup_fsu_cid.exe
C:\Users\Marc\AppData\Local\Temp\softonic_ggl_1.6.7.4.exe
C:\Users\Marc\AppData\Local\Temp\tiagdges.dll
C:\Users\Marc\AppData\Local\Temp\tmp569A.tmp.exe
C:\Users\Marc\AppData\Local\Temp\wr72rwkx.dll
C:\Users\Marc\AppData\Local\Temp\zputznl5.dll
         
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 28.08.2013, 00:47   #5
Knight1986
 
Vermutlich KOBIK Virus eingefang was kann ich machen. - Standard

Vermutlich KOBIK Virus eingefang was kann ich machen.



Das nächste ergebnis.

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-08-2013 01
Ran by Marc at 2013-08-28 01:43:15 Run:1
Running from F:\
Boot Mode: Safe Mode (minimal)

==============================================

Content of fixlist:
*****************
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\Marc\AppData\Roaming\cache.dat [84992 2013-07-09] () <==== ATTENTION
C:\Users\Marc\AppData\Roaming\cache.dat
C:\Users\Marc\AppData\Roaming\cache.ini
C:\Users\Marc\AppData\Local\Temp\24367246.exe
C:\Users\Marc\AppData\Local\Temp\382cr0tr.dll
C:\Users\Marc\AppData\Local\Temp\ApnStub.exe
C:\Users\Marc\AppData\Local\Temp\AskSLib.dll
C:\Users\Marc\AppData\Local\Temp\dbmi8-k5.dll
C:\Users\Marc\AppData\Local\Temp\fo8gxn9q.dll
C:\Users\Marc\AppData\Local\Temp\i7b6unww.dll
C:\Users\Marc\AppData\Local\Temp\setup_fsu_cid.exe
C:\Users\Marc\AppData\Local\Temp\softonic_ggl_1.6.7.4.exe
C:\Users\Marc\AppData\Local\Temp\tiagdges.dll
C:\Users\Marc\AppData\Local\Temp\tmp569A.tmp.exe
C:\Users\Marc\AppData\Local\Temp\wr72rwkx.dll
C:\Users\Marc\AppData\Local\Temp\zputznl5.dll
         
*****************

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Marc\AppData\Roaming\cache.dat => Moved successfully.
C:\Users\Marc\AppData\Roaming\cache.ini => Moved successfully.
C:\Users\Marc\AppData\Local\Temp\24367246.exe => Moved successfully.
C:\Users\Marc\AppData\Local\Temp\382cr0tr.dll => Moved successfully.
C:\Users\Marc\AppData\Local\Temp\ApnStub.exe => Moved successfully.
C:\Users\Marc\AppData\Local\Temp\AskSLib.dll => Moved successfully.
C:\Users\Marc\AppData\Local\Temp\dbmi8-k5.dll => Moved successfully.
C:\Users\Marc\AppData\Local\Temp\fo8gxn9q.dll => Moved successfully.
C:\Users\Marc\AppData\Local\Temp\i7b6unww.dll => Moved successfully.
C:\Users\Marc\AppData\Local\Temp\setup_fsu_cid.exe => Moved successfully.
C:\Users\Marc\AppData\Local\Temp\softonic_ggl_1.6.7.4.exe => Moved successfully.
C:\Users\Marc\AppData\Local\Temp\tiagdges.dll => Moved successfully.
C:\Users\Marc\AppData\Local\Temp\tmp569A.tmp.exe => Moved successfully.
C:\Users\Marc\AppData\Local\Temp\wr72rwkx.dll => Moved successfully.
C:\Users\Marc\AppData\Local\Temp\zputznl5.dll => Moved successfully.

==== End of Fixlog ====
         


Alt 28.08.2013, 08:20   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vermutlich KOBIK Virus eingefang was kann ich machen. - Standard

Vermutlich KOBIK Virus eingefang was kann ich machen.



Startet Windows wieder normal?
__________________
--> Vermutlich KOBIK Virus eingefang was kann ich machen.

Alt 28.08.2013, 08:50   #7
Knight1986
 
Vermutlich KOBIK Virus eingefang was kann ich machen. - Standard

Vermutlich KOBIK Virus eingefang was kann ich machen.



Der Laptop start wider einwand Frei. Muss ich noch spezieles Antiviren program über den Rechner laufen lasen?

Alt 28.08.2013, 10:19   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vermutlich KOBIK Virus eingefang was kann ich machen. - Standard

Vermutlich KOBIK Virus eingefang was kann ich machen.



Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 28.08.2013, 20:04   #9
Knight1986
 
Vermutlich KOBIK Virus eingefang was kann ich machen. - Standard

Vermutlich KOBIK Virus eingefang was kann ich machen.



Habe den Scan gemach aber nur den FRST.txt bekommen, wie bekomme ich den Addition.txt?

Hier einal den FRST.txt


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-08-2013
Ran by Marc (administrator) on 28-08-2013 20:52:46
Running from C:\Users\Marc\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
() C:\ProgramData\Browser Manager\2.6.1519.190\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\ProgramData\Browser Manager\2.6.1519.190\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
(Creative Technology Ltd.) C:\Windows\OEM02Mon.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Creative Technology Ltd.) C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corp.) C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Users\Marc\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(CREALOGIX E-Payment AG) C:\Program Files\CLX.PayPen\CLXReader.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Dropbox, Inc.) C:\Users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Facebook) C:\Users\Marc\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
(Sony Corporation) C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\system32\schtasks.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [OEM02Mon.exe] - C:\Windows\OEM02Mon.exe [36864 2007-05-10] (Creative Technology Ltd.)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [DELL Webcam Manager] - C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [118784 2007-07-27] (Creative Technology Ltd.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13793824 2009-06-16] (NVIDIA Corporation)
HKLM\...\Run: [NVHotkey] - C:\Windows\system32\nvHotkey.dll [92704 2009-06-16] (NVIDIA Corporation)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [Bing Bar] - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe [243544 2010-04-27] (Microsoft Corp.)
HKLM\...\Run: [Microsoft Default Manager] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [VDownloader] - C:\Program Files\VDownloader\VDownloader.exe [879104 2012-12-20] (Vitzo)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Marc\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-11-21] (Google Inc.)
HKCU\...\Run: [msnmsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [x]
HKCU\...\Run: [SkyDrive] - C:\Users\Marc\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation)
HKCU\...\Run: [Facebook Update] - C:\Users\Marc\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-08-25] (Facebook Inc.)
HKCU\...\Run: [CLXReader] - C:\Program Files\CLX.PayPen\CLXReader.exe [4108152 2012-08-14] (CREALOGIX E-Payment AG)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\Marc\AppData\Roaming\cache.dat <==== ATTENTION 
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Marc\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Medien-Prüfung.lnk
ShortcutTarget: Picture Motion Browser Medien-Prüfung.lnk -> C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ch.msn.com/?ocid=OIE9HP
HKCU\Software\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://www.google.ch/
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.google.ch/
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={C9232DED-F154-4A92-8FD5-4E18A86D4722}
SearchScopes: HKCU - DefaultScope {AF4BC682-A543-4440-A849-186E9BBE09F9} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - BrowserMngrDefaultScope {AF4BC682-A543-4440-A849-186E9BBE09F9}
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=IP2TDF&PC=IP2TDF&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKCU - {A04B7F69-E27E-4A8F-8B79-D8118C8C5A31} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYCH&apn_uid=7F8AE9F3-3A1A-4D40-B3E3-2339BE1E3DDA&apn_sauid=DEE68F08-2380-4002-BEF3-93DBAE37EF25
SearchScopes: HKCU - {AF4BC682-A543-4440-A849-186E9BBE09F9} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = 
BHO: No Name - {2EECD738-5844-4a99-B4B6-146BF802613B} -  No File
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - @C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM - No Name - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} -  No File
Toolbar: HKCU -No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\3h4vomr6.default
FF user.js: detected! => C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\3h4vomr6.default\user.js
FF Homepage: https://www.google.ch/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Marc\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Marc\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Marc\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Marc\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Plugin HKCU: vitzo.com/VDownloader - C:\Program Files\VDownloader\Addons\npVDownloader.dll (Vitzo)
FF SearchPlugin: C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\3h4vomr6.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\3h4vomr6.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\3h4vomr6.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\3h4vomr6.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\3h4vomr6.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\3h4vomr6.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\3h4vomr6.default\Extensions\staged
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [msntoolbar@msn.com] C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox
FF Extension: Bing Bar - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF Extension: No Name - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF HKLM\...\Firefox\Extensions: [support@vdownloader.com] C:\Program Files\VDownloader\Addons\FireFox
FF Extension: VDownloader - C:\Program Files\VDownloader\Addons\FireFox

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Marc\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Marc\AppData\Local\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Marc\AppData\Local\Google\Chrome\Application\29.0.1547.57\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U35) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
CHR Plugin: (Bing Bar) - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Desktop) - C:\Users\Marc\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll No File
CHR Plugin: (Google Update) - C:\Users\Marc\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Extension: (Chrome In-App Payments service) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR HKLM\...\Chrome\Extension: [eoccbpoodnckjdnackiffhjfkogfhnhh] - C:\Program Files\VDownloader\Addons\Chrome.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Marc\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 Browser Manager; C:\ProgramData\Browser Manager\2.6.1519.190\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2847696 2013-07-26] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R2 EkaProt6; C:\Windows\System32\DRIVERS\ekaprot6.sys [23704 2011-01-31] (Ekahau Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 PayPen; C:\Windows\System32\Drivers\PayPen.sys [18560 2012-08-14] ()
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-27 16:11 - 2013-08-27 16:11 - 00000000 ____D C:\FRST
2013-08-24 15:20 - 2013-08-24 15:21 - 00117032 _____ (PortableApps.com) C:\Users\Marc\Downloads\Update_flash_player (12).exe
2013-08-24 15:19 - 2013-08-24 15:20 - 00117032 _____ (PortableApps.com) C:\Users\Marc\Downloads\Update_flash_player (11).exe
2013-08-24 15:16 - 2013-08-24 15:17 - 00117032 _____ (PortableApps.com) C:\Users\Marc\Downloads\Update_flash_player (10).exe
2013-08-24 15:05 - 2013-08-24 15:06 - 00117032 _____ (PortableApps.com) C:\Users\Marc\Downloads\Update_flash_player (9).exe
2013-08-24 15:05 - 2013-08-24 15:06 - 00117032 _____ (PortableApps.com) C:\Users\Marc\Downloads\Update_flash_player (8).exe
2013-08-24 15:04 - 2013-08-24 15:04 - 00117032 _____ (PortableApps.com) C:\Users\Marc\Downloads\Update_flash_player (7).exe
2013-08-24 15:02 - 2013-08-24 15:03 - 00117032 _____ (PortableApps.com) C:\Users\Marc\Downloads\Update_flash_player (6).exe
2013-08-24 15:00 - 2013-08-24 15:00 - 00118568 _____ C:\Users\Marc\Downloads\Update_flash_player (5).exe
2013-08-24 14:58 - 2013-08-24 14:58 - 00118568 _____ C:\Users\Marc\Downloads\Update_flash_player (4).exe
2013-08-24 14:58 - 2013-08-24 14:58 - 00118568 _____ C:\Users\Marc\Downloads\Update_flash_player (3).exe
2013-08-24 14:58 - 2013-08-24 14:58 - 00118568 _____ C:\Users\Marc\Downloads\Update_flash_player (2).exe
2013-08-24 14:56 - 2013-08-24 14:56 - 00118568 _____ C:\Users\Marc\Downloads\Update_flash_player (1).exe
2013-08-24 14:53 - 2013-08-24 14:53 - 00118568 _____ C:\Users\Marc\Downloads\Update_flash_player.exe
2013-08-24 14:30 - 2013-08-24 14:55 - 00000000 ____D C:\Users\Marc\Sex
2013-08-15 00:36 - 2013-07-25 04:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 00:36 - 2013-07-25 04:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 00:36 - 2013-07-25 04:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 00:36 - 2013-07-25 04:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 00:36 - 2013-07-25 04:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 00:36 - 2013-07-25 04:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-15 00:36 - 2013-07-25 04:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-15 00:36 - 2013-07-25 04:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 00:36 - 2013-07-25 04:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 00:36 - 2013-07-25 04:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 00:36 - 2013-07-25 04:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 00:36 - 2013-07-25 04:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-15 00:36 - 2013-07-25 04:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-15 00:36 - 2013-07-25 04:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 00:36 - 2013-07-25 04:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 00:36 - 2013-07-25 04:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-14 08:18 - 2013-07-17 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 08:18 - 2013-07-10 11:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 08:18 - 2013-07-09 14:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 08:18 - 2013-07-08 06:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-14 08:18 - 2013-07-08 06:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 08:18 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 08:18 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 08:18 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 08:18 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 08:18 - 2013-07-05 05:20 - 00914880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 08:18 - 2013-07-05 03:43 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2013-08-14 08:18 - 2013-06-15 15:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-08-14 08:18 - 2013-06-15 13:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-13 10:24 - 2013-08-13 18:56 - 00000000 ____D C:\Program Files\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

2013-08-28 20:53 - 2006-11-02 14:52 - 02052637 _____ C:\Windows\WindowsUpdate.log
2013-08-28 20:50 - 2013-08-28 20:50 - 01072975 _____ (Farbar) C:\Users\Marc\Downloads\FRST.exe
2013-08-28 20:48 - 2006-11-02 12:33 - 01587172 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-28 20:46 - 2012-08-25 16:47 - 00000000 ___RD C:\Users\Marc\SkyDrive
2013-08-28 20:46 - 2012-03-21 14:48 - 00000000 ___RD C:\Users\Marc\Dropbox
2013-08-28 20:46 - 2012-03-21 13:56 - 00000000 ____D C:\Users\Marc\AppData\Roaming\Dropbox
2013-08-28 20:46 - 2006-11-02 14:52 - 00042830 _____ C:\Windows\setupact.log
2013-08-28 20:43 - 2012-11-10 00:53 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-28 20:43 - 2011-11-11 00:26 - 00031776 _____ C:\ProgramData\nvModes.dat
2013-08-28 20:43 - 2011-11-11 00:26 - 00031776 _____ C:\ProgramData\nvModes.001
2013-08-28 20:42 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-28 20:42 - 2006-11-02 14:47 - 00003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-28 20:42 - 2006-11-02 14:47 - 00003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-28 09:48 - 2011-11-11 00:45 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-08-28 09:48 - 2006-11-02 15:01 - 00032554 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-27 16:11 - 2013-08-27 16:11 - 00000000 ____D C:\FRST
2013-08-24 15:28 - 2012-04-05 09:34 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-24 15:21 - 2013-08-24 15:20 - 00117032 _____ (PortableApps.com) C:\Users\Marc\Downloads\Update_flash_player (12).exe
2013-08-24 15:20 - 2013-08-24 15:19 - 00117032 _____ (PortableApps.com) C:\Users\Marc\Downloads\Update_flash_player (11).exe
2013-08-24 15:20 - 2012-11-10 00:53 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-24 15:17 - 2013-08-24 15:16 - 00117032 _____ (PortableApps.com) C:\Users\Marc\Downloads\Update_flash_player (10).exe
2013-08-24 15:13 - 2011-11-21 11:31 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2978347520-1581668813-3411711660-1000UA.job
2013-08-24 15:06 - 2013-08-24 15:05 - 00117032 _____ (PortableApps.com) C:\Users\Marc\Downloads\Update_flash_player (9).exe
2013-08-24 15:06 - 2013-08-24 15:05 - 00117032 _____ (PortableApps.com) C:\Users\Marc\Downloads\Update_flash_player (8).exe
2013-08-24 15:04 - 2013-08-24 15:04 - 00117032 _____ (PortableApps.com) C:\Users\Marc\Downloads\Update_flash_player (7).exe
2013-08-24 15:03 - 2013-08-24 15:02 - 00117032 _____ (PortableApps.com) C:\Users\Marc\Downloads\Update_flash_player (6).exe
2013-08-24 15:00 - 2013-08-24 15:00 - 00118568 _____ C:\Users\Marc\Downloads\Update_flash_player (5).exe
2013-08-24 14:58 - 2013-08-24 14:58 - 00118568 _____ C:\Users\Marc\Downloads\Update_flash_player (4).exe
2013-08-24 14:58 - 2013-08-24 14:58 - 00118568 _____ C:\Users\Marc\Downloads\Update_flash_player (3).exe
2013-08-24 14:58 - 2013-08-24 14:58 - 00118568 _____ C:\Users\Marc\Downloads\Update_flash_player (2).exe
2013-08-24 14:56 - 2013-08-24 14:56 - 00118568 _____ C:\Users\Marc\Downloads\Update_flash_player (1).exe
2013-08-24 14:55 - 2013-08-24 14:30 - 00000000 ____D C:\Users\Marc\Sex
2013-08-24 14:53 - 2013-08-24 14:53 - 00118568 _____ C:\Users\Marc\Downloads\Update_flash_player.exe
2013-08-24 14:30 - 2011-11-10 19:28 - 00000000 ____D C:\Users\Marc
2013-08-24 14:12 - 2012-08-25 17:07 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2978347520-1581668813-3411711660-1000UA.job
2013-08-23 20:13 - 2011-11-21 11:31 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2978347520-1581668813-3411711660-1000Core.job
2013-08-23 17:12 - 2012-08-25 17:07 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2978347520-1581668813-3411711660-1000Core.job
2013-08-21 08:20 - 2011-11-21 11:32 - 00002042 _____ C:\Users\Marc\Desktop\Google Chrome.lnk
2013-08-19 09:16 - 2012-05-03 09:52 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-18 08:14 - 2011-11-10 20:34 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-15 07:59 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-15 07:48 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-08-15 07:30 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-15 00:46 - 2013-07-28 02:02 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 00:43 - 2006-11-02 12:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-08-13 18:56 - 2013-08-13 10:24 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-08-09 17:39 - 2011-11-21 13:03 - 00000000 ____D C:\Users\Marc\AppData\Roaming\vlc
2013-08-03 06:59 - 2012-09-28 22:30 - 00000000 ____D C:\ProgramData\Browser Manager
2013-08-03 06:59 - 2011-11-11 00:22 - 00128518 _____ C:\Windows\PFRO.log

Files to move or delete:
====================
C:\ProgramData\nvModes.dat
C:\Users\Marc\AppData\Local\Temp\ICReinstall_DownloadManagerSetup(1).exe
C:\Users\Marc\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Marc\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Marc\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Marc\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Marc\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Marc\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Marc\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Marc\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Marc\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Marc\AppData\Local\Temp\UnityWebPlayer4275381299534217750.exe
C:\Users\Marc\AppData\Local\Temp\vlc-2.0.6-win32.exe
C:\Users\Marc\AppData\Local\Temp\wmpfirefoxplugin.exe
C:\Users\Marc\AppData\Local\Temp\_is1080.exe
C:\Users\Marc\AppData\Local\Temp\_is3407.exe
C:\Users\Marc\AppData\Local\Temp\_is754B.exe
C:\Users\Marc\AppData\Local\Temp\{F59E31AF-7BC3-49F6-B40F-7D5C4E6126E3}\{2F819DAF-429B-4179-AEDC-AE71B7B9D889}\Common.dll
C:\Users\Marc\AppData\Local\Temp\{F59E31AF-7BC3-49F6-B40F-7D5C4E6126E3}\{2F819DAF-429B-4179-AEDC-AE71B7B9D889}\CTCabEx.DLL
C:\Users\Marc\AppData\Local\Temp\{F59E31AF-7BC3-49F6-B40F-7D5C4E6126E3}\{2F819DAF-429B-4179-AEDC-AE71B7B9D889}\RegEdit.dll
C:\Users\Marc\AppData\Local\Temp\{F59E31AF-7BC3-49F6-B40F-7D5C4E6126E3}\{2F819DAF-429B-4179-AEDC-AE71B7B9D889}\_ISUSER.DLL
C:\Users\Marc\AppData\Local\Temp\{F59E31AF-7BC3-49F6-B40F-7D5C4E6126E3}\{2F819DAF-429B-4179-AEDC-AE71B7B9D889}\_setup.dll
C:\Users\Marc\AppData\Local\Temp\{C0BDDD0C-1001-474C-816B-20D82A785801}\{59F6A514-9813-47A3-948C-8A155460CC2A}\DIFxAPI.dll
C:\Users\Marc\AppData\Local\Temp\{C0BDDD0C-1001-474C-816B-20D82A785801}\{59F6A514-9813-47A3-948C-8A155460CC2A}\DIFxCmd.exe
C:\Users\Marc\AppData\Local\Temp\{C0BDDD0C-1001-474C-816B-20D82A785801}\{59F6A514-9813-47A3-948C-8A155460CC2A}\RixDICON.dll
C:\Users\Marc\AppData\Local\Temp\{C0BDDD0C-1001-474C-816B-20D82A785801}\{59F6A514-9813-47A3-948C-8A155460CC2A}\snymsico.dll
C:\Users\Marc\AppData\Local\Temp\{C0BDDD0C-1001-474C-816B-20D82A785801}\{59F6A514-9813-47A3-948C-8A155460CC2A}\x64\DIFxAPI.dll
C:\Users\Marc\AppData\Local\Temp\{C0BDDD0C-1001-474C-816B-20D82A785801}\{59F6A514-9813-47A3-948C-8A155460CC2A}\x64\DIFxCmd.exe
C:\Users\Marc\AppData\Local\Temp\{C0BDDD0C-1001-474C-816B-20D82A785801}\{59F6A514-9813-47A3-948C-8A155460CC2A}\x64\RixDICON.dll
C:\Users\Marc\AppData\Local\Temp\{C0BDDD0C-1001-474C-816B-20D82A785801}\{59F6A514-9813-47A3-948C-8A155460CC2A}\x64\snymsico.dll
C:\Users\Marc\AppData\Local\Temp\{68D303D4-B5F6-4D4B-ACEA-1B555B84B9D5}\ISSetup.dll
C:\Users\Marc\AppData\Local\Temp\{68D303D4-B5F6-4D4B-ACEA-1B555B84B9D5}\_Setup.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\GoogleCrashHandler.exe
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\GoogleCrashHandler64.exe
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\GoogleUpdate.exe
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\GoogleUpdateBroker.exe
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\GoogleUpdateOnDemand.exe
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\GoogleUpdateSetup.exe
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdate.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_am.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_ar.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_bg.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_bn.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_ca.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_cs.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_da.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_de.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_el.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_en-GB.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_en.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_es-419.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_es.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_et.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_fa.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_fi.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_fil.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_fr.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_gu.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_hi.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_hr.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_hu.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_id.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_is.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_it.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_iw.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_ja.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_kn.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_ko.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_lt.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_lv.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_ml.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_mr.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_ms.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_nl.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_no.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_pl.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_pt-BR.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_pt-PT.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_ro.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_ru.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_sk.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_sl.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_sr.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_sv.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_sw.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_ta.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_te.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_th.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_tr.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_uk.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_ur.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_vi.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_zh-CN.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_zh-TW.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\npGoogleUpdate3.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\psmachine.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\psuser.dll
C:\Users\Marc\AppData\Local\Temp\{587DD263-DD9F-4D70-A9E6-A53BABAAFC30}\ISSetup.dll
C:\Users\Marc\AppData\Local\Temp\{587DD263-DD9F-4D70-A9E6-A53BABAAFC30}\_Setup.dll
C:\Users\Marc\AppData\Local\Temp\{4535D53D-5CC7-4B67-B0E6-E97DBCB90F87}\adobeshockwavextrabundle.exe
C:\Users\Marc\AppData\Local\Temp\{000226CF-996C-400A-B252-E1E0F8534BBB}\ISSetup.dll
C:\Users\Marc\AppData\Local\Temp\{000226CF-996C-400A-B252-E1E0F8534BBB}\_Setup.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\kernel32.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\mfc90.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\mfc90u.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\mfcm90.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\mfcm90u.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\psapi.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\python26.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\pythoncom26.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\PyWinTypes26.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\shell32.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\wxbase293u_net_vc.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\wxbase293u_vc.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\wxmsw293u_adv_vc.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\wxmsw293u_core_vc.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\wxmsw293u_html_vc.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\wxmsw293u_webview_vc.dll
C:\Users\Marc\AppData\Local\Temp\Temp1_DigiFoto402_upd.zip\digifoto.exe
C:\Users\Marc\AppData\Local\Temp\SweetIMReinstall\SweetImSetup.exe
C:\Users\Marc\AppData\Local\Temp\Softonic\Softonic\1.6.7.4\Softonic4ffx.exe
C:\Users\Marc\AppData\Local\Temp\Softonic\Softonic\1.6.7.4\Softonic4ie.exe
C:\Users\Marc\AppData\Local\Temp\scoped_dir_7836_21362\CRX_INSTALL\npVDownloader.dll
C:\Users\Marc\AppData\Local\Temp\scoped_dir_5440_1778\CRX_INSTALL\npVDownloader.dll
C:\Users\Marc\AppData\Local\Temp\scoped_dir_5204_21116\CRX_INSTALL\npVDownloader.dll
C:\Users\Marc\AppData\Local\Temp\scoped_dir_3100_21284\CRX_INSTALL\npVDownloader.dll
C:\Users\Marc\AppData\Local\Temp\nsx1611.tmp\DropboxNSISTools.dll
C:\Users\Marc\AppData\Local\Temp\nswC70.tmp\DropboxNSISTools.dll
C:\Users\Marc\AppData\Local\Temp\nsuE2C1.tmp\chrmPref.dll
C:\Users\Marc\AppData\Local\Temp\nsuE2C1.tmp\IEFunctions.dll
C:\Users\Marc\AppData\Local\Temp\nsuE2C1.tmp\mt.dll
C:\Users\Marc\AppData\Local\Temp\nsuE2C1.tmp\nsisos.dll
C:\Users\Marc\AppData\Local\Temp\nsuE2C1.tmp\Processes.dll
C:\Users\Marc\AppData\Local\Temp\nsuE2C1.tmp\System.dll
C:\Users\Marc\AppData\Local\Temp\nsuE2C1.tmp\Time.dll
C:\Users\Marc\AppData\Local\Temp\nsuE2C1.tmp\UserInfo.dll
C:\Users\Marc\AppData\Local\Temp\nsr5D6D.tmp\DropboxNSISTools.dll
C:\Users\Marc\AppData\Local\Temp\nsnB57B.tmp\DropboxNSISTools.dll
C:\Users\Marc\AppData\Local\Temp\nsc14BA.tmp\DropboxNSISTools.dll
C:\Users\Marc\AppData\Local\Temp\nsc14BA.tmp\UAC.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\dotNetFx40LP_Full_x86de.exe
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\Setup.exe
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupEngine.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUi.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUtility.exe
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\sqmapi.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3082\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3076\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2070\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2052\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1055\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1053\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1049\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1046\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1045\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1044\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1043\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1042\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1041\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1040\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1038\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1037\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1036\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1035\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1033\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1032\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1031\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1030\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1029\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1028\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1025\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\is357113909\DeltaTB.exe
C:\Users\Marc\AppData\Local\Temp\is357113909\DownloadManagerV2.exe
C:\Users\Marc\AppData\Local\Temp\is357113909\QtraxInstaller.exe
C:\Users\Marc\AppData\Local\Temp\is357113909\uninstaller.exe
C:\Users\Marc\AppData\Local\Temp\is180804277\14333978_Setup.EXE
C:\Users\Marc\AppData\Local\Temp\is180804277\4738337_Setup.EXE
C:\Users\Marc\AppData\Local\Temp\is180804277\53072112_Setup.EXE
C:\Users\Marc\AppData\Local\Temp\is180804277\DeltaTB.exe
C:\Users\Marc\AppData\Local\Temp\is180804277\dp.exe
C:\Users\Marc\AppData\Local\Temp\is180804277\PricePeepInstaller.exe
C:\Users\Marc\AppData\Local\Temp\is180804277\QtraxInstaller.exe
C:\Users\Marc\AppData\Local\Temp\is180804277\yontoo-c2.exe
C:\Users\Marc\AppData\Local\Temp\is180804277\yontoo-c4.exe
C:\Users\Marc\AppData\Local\Temp\IDC2.tmp\FP_AX_CAB_INSTALLER64.exe
C:\Users\Marc\AppData\Local\Temp\Adobe\Shockwave 11\gcapi_dll.dll
C:\Users\Marc\AppData\Local\Temp\Adobe\Shockwave 11\gi.dll
C:\Users\Marc\AppData\Local\Temp\Adobe\Shockwave 11\gtapi.dll
C:\Users\Marc\AppData\Local\Temp\Adobe\Shockwave 11\SymCCIS.dll
C:\Users\Marc\AppData\Local\Temp\A958.dir\InstallFlashPlayer.exe
C:\Users\Marc\AppData\Local\Temp\967429CBEA314E3EBC91036B24089247\IP2TDFJewel\7.1.361\JewelExtension.dll
C:\Users\Marc\AppData\Local\Temp\967429CBEA314E3EBC91036B24089247\IP2TDFButton1\7.1.361\JewelExtension.dll
C:\Users\Marc\AppData\Local\Temp\87597F2A-BAB0-7891-ACBB-5A9DCF132762\Setup.exe
C:\Users\Marc\AppData\Local\Temp\87597F2A-BAB0-7891-ACBB-5A9DCF132762\sqlite3.dll
C:\Users\Marc\AppData\Local\Temp\87597F2A-BAB0-7891-ACBB-5A9DCF132762\Latest\BrowserManagerSetup.exe
C:\Users\Marc\AppData\Local\Temp\87597F2A-BAB0-7891-ACBB-5A9DCF132762\Latest\IECookieLow.dll
C:\Users\Marc\AppData\Local\Temp\87597F2A-BAB0-7891-ACBB-5A9DCF132762\Latest\MyBabylonTB.exe
C:\Users\Marc\AppData\Local\Temp\87597F2A-BAB0-7891-ACBB-5A9DCF132762\Latest\Setup.exe
C:\Users\Marc\AppData\Local\Temp\87597F2A-BAB0-7891-ACBB-5A9DCF132762\Latest\sqlite3.dll
C:\Users\Marc\AppData\Local\Temp\55039882.Uninstall\uninstaller.exe
C:\Users\Marc\AppData\Local\Temp\55000118.Uninstall\uninstaller.exe
C:\Users\Marc\AppData\Local\Temp\486177.Uninstall\uninstaller.exe
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\GoogleEarth.exe
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemyext.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\earthps.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\geplugin.exe
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\ge_expat.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\googleearth_free.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\icudt.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGAttrs.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGCore.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGExportCommon.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGGfx.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGMath.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGOpt.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGSg.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGUtils.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\msvcp100.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\msvcr100.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\npgeplugin.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\plugin_ax.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\QtCore4.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\QtGui4.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\QtNetwork4.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\QtWebKit4.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\imageformats\qgif4.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\imageformats\qjpeg4.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\optimizations\IGOptExtension.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\D3DCompiler_43.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\d3dx9_43.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGAttrs.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGGfx.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGSg.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\libEGL.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\libGLESv2.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogl\IGAttrs.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogl\IGGfx.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogl\IGSg.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-28 20:48

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 28.08.2013, 23:02   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vermutlich KOBIK Virus eingefang was kann ich machen. - Standard

Vermutlich KOBIK Virus eingefang was kann ich machen.



Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 29.08.2013, 08:18   #11
Knight1986
 
Vermutlich KOBIK Virus eingefang was kann ich machen. - Standard

Vermutlich KOBIK Virus eingefang was kann ich machen.



Einmal die Text Datei vom adwCleaner. Die anderen zwei schrite volgen in den nächsten Posts.

Code:
ATTFilter
# AdwCleaner v3.001 - Report created 29/08/2013 at 08:49:06
# Updated 24/08/2013 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Marc - MARC-PC
# Running from : C:\Users\Marc\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : Browser Manager

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
[!] Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\Users\Marc\Qtrax
Folder Deleted : C:\Users\Marc\AppData\Local\Temp\Softonic
Folder Deleted : C:\Users\Marc\AppData\LocalLow\Softonic
Folder Deleted : C:\Users\Marc\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Marc\AppData\Roaming\DSite
Folder Deleted : C:\Users\Marc\AppData\Roaming\file scout
File Deleted : C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\3h4vomr6.default\searchplugins\11-suche.xml
File Deleted : C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\3h4vomr6.default\searchplugins\Babylon.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\3h4vomr6.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\3h4vomr6.default\bprotector_prefs.js
File Deleted : C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\3h4vomr6.default\user.js
File Deleted : C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Windows\System32\Tasks\Browser Manager
File Deleted : C:\Windows\Tasks\DSite.job
File Deleted : C:\Windows\System32\Tasks\DSite
File Deleted : C:\Windows\System32\Tasks\QtraxPlayer

***** [ Shortcuts ] *****


***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Manager
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1CF98CC-06C3-4079-A113-FC631B1FA231}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C1CF98CC-06C3-4079-A113-FC631B1FA231}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5260254C-A7AD-4ECC-80E5-144414C678E8}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5260254C-A7AD-4ECC-80E5-144414C678E8}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\QtraxPlayer
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBE69E64-6A1A-4696-A617-4CEFDC92E4B0}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CBE69E64-6A1A-4696-A617-4CEFDC92E4B0}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Web-Suche
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKCU\Software\5d558f8bbd3ce813
Key Deleted : HKLM\SOFTWARE\5d558f8bbd3ce813
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\BrowserMngr
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BrowserMngr
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\browse~1\261519~1.190\{16cdf~1\browse~1.dll

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16502

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v23.0.1 (de)

[ File : C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\3h4vomr6.default\prefs.js ]

Line Deleted : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=114351&tt=270912_11_3912_3&babsrc=HP_ss&mntrId=6cab904b000000000000001f3ae4a366");
Line Deleted : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Line Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Line Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=114351&tt=270912_11_3912_3");
Line Deleted : user_pref("extensions.BabylonToolbar.babext", "babExt");
Line Deleted : user_pref("extensions.BabylonToolbar.babtrack", "babTrack");
Line Deleted : user_pref("extensions.BabylonToolbar.bbDpng", "28");
Line Deleted : user_pref("extensions.BabylonToolbar.cntry", "CH");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltlng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltsrch", "false");
Line Deleted : user_pref("extensions.BabylonToolbar.dpk", "");
Line Deleted : user_pref("extensions.BabylonToolbar.dpkLst", "1169821598,3855095921,302281469,2400444324,3654782829,1334533236,3874294282,3866767559,3224935090,3754950497,1766448872,2740670312,1029927063,1148409960,[...]
Line Deleted : user_pref("extensions.BabylonToolbar.envrmnt", "production");
Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.firstrun", false);
Line Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "D20A103A568AA9B0148FAE48AC3F2233");
Line Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Line Deleted : user_pref("extensions.BabylonToolbar.hrdid", "6cab904b000000000000001f3ae4a366");
Line Deleted : user_pref("extensions.BabylonToolbar.id", "6cab904b000000000000001f3ae4a366");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15611");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar.instlday", "15611");
Line Deleted : user_pref("extensions.BabylonToolbar.instlref", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar.isdcmntcmplt", "false");
Line Deleted : user_pref("extensions.BabylonToolbar.keywordurl", "");
Line Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.0.722:30:07");
Line Deleted : user_pref("extensions.BabylonToolbar.lastdp", 28);
Line Deleted : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");
Line Deleted : user_pref("extensions.BabylonToolbar.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar.newtab", "false");
Line Deleted : user_pref("extensions.BabylonToolbar.newtaburl", "");
Line Deleted : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"29\",\"lastVrsn\":\"29\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0}");
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrid", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.savedVrsnTs", "1");
Line Deleted : user_pref("extensions.BabylonToolbar.sg", "azb");
Line Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Line Deleted : user_pref("extensions.BabylonToolbar.smplgrp", "azb");
Line Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar.srcext", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar.srch", "");
Line Deleted : user_pref("extensions.BabylonToolbar.srchprvdr", "");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=6cab904b000000000000001f3ae4a366&q=");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrid", "base");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrsrchurl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=6cab904b000000000000001f3ae4a366&q=");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.0.722:30:07");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsnts", "1.8.0.722:30:07");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=114351&tt=270912_11_3912_3");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.722:30:07");
Line Deleted : user_pref("extensions.Softonic.admin", false);
Line Deleted : user_pref("extensions.Softonic.aflt", "SD");
Line Deleted : user_pref("extensions.Softonic.autoRvrt", "false");
Line Deleted : user_pref("extensions.Softonic.cntry", "CH");
Line Deleted : user_pref("extensions.Softonic.cv", "cv5");
Line Deleted : user_pref("extensions.Softonic.dfltLng", "de");
Line Deleted : user_pref("extensions.Softonic.dfltSrch", true);
Line Deleted : user_pref("extensions.Softonic.dfltlng", "de");
Line Deleted : user_pref("extensions.Softonic.dfltsrch", true);
Line Deleted : user_pref("extensions.Softonic.dspNew", "Search the web (Softonic)");
Line Deleted : user_pref("extensions.Softonic.dspOld", "SweetIM Search");
Line Deleted : user_pref("extensions.Softonic.envrmnt", "production");
Line Deleted : user_pref("extensions.Softonic.excTlbr", false);
Line Deleted : user_pref("extensions.Softonic.hdrMd5", "A2ED3DC11EA351953AD943010909B7E8");
Line Deleted : user_pref("extensions.Softonic.hmpg", true);
Line Deleted : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=13&cc=");
Line Deleted : user_pref("extensions.Softonic.hpNew", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=13&cc=");
Line Deleted : user_pref("extensions.Softonic.hpOld", "www.google.ch");
Line Deleted : user_pref("extensions.Softonic.hrdid", "6cab904b000000000000001f3ae4a366");
Line Deleted : user_pref("extensions.Softonic.id", "6cab904b000000000000001f3ae4a366");
Line Deleted : user_pref("extensions.Softonic.instlDay", "15577");
Line Deleted : user_pref("extensions.Softonic.instlRef", "MON00015");
Line Deleted : user_pref("extensions.Softonic.instlday", "15577");
Line Deleted : user_pref("extensions.Softonic.instlref", "MON00015");
Line Deleted : user_pref("extensions.Softonic.isdcmntcmplt", "false");
Line Deleted : user_pref("extensions.Softonic.keyWordUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=2&cc=&q=");
Line Deleted : user_pref("extensions.Softonic.keywordurl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=2&cc=&q=");
Line Deleted : user_pref("extensions.Softonic.lastVrsnTs", "1.6.7.412:25:39");
Line Deleted : user_pref("extensions.Softonic.mntrvrsn", "1.3.0");
Line Deleted : user_pref("extensions.Softonic.newTab", true);
Line Deleted : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=15&cc=");
Line Deleted : user_pref("extensions.Softonic.newtab", true);
Line Deleted : user_pref("extensions.Softonic.newtaburl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=15&cc=");
Line Deleted : user_pref("extensions.Softonic.prdct", "Softonic");
Line Deleted : user_pref("extensions.Softonic.propectorlck", 86030656);
Line Deleted : user_pref("extensions.Softonic.prtnrId", "softonic");
Line Deleted : user_pref("extensions.Softonic.prtnrid", "softonic");
Line Deleted : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search settings, Click No to restore original settings");
Line Deleted : user_pref("extensions.Softonic.savedVrsnTs", "1");
Line Deleted : user_pref("extensions.Softonic.sg", "cz");
Line Deleted : user_pref("extensions.Softonic.similarsitesstorage-pid2", "f22a8301350f8ffc");
Line Deleted : user_pref("extensions.Softonic.smplGrp", "none");
Line Deleted : user_pref("extensions.Softonic.smplgrp", "none");
Line Deleted : user_pref("extensions.Softonic.srch", "");
Line Deleted : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
Line Deleted : user_pref("extensions.Softonic.srchprvdr", "Search the web (Softonic)");
Line Deleted : user_pref("extensions.Softonic.tlbrId", "base");
Line Deleted : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1&cc=&q=");
Line Deleted : user_pref("extensions.Softonic.tlbrid", "base");
Line Deleted : user_pref("extensions.Softonic.tlbrsrchurl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1&cc=&q=");
Line Deleted : user_pref("extensions.Softonic.vrsn", "1.6.7.4");
Line Deleted : user_pref("extensions.Softonic.vrsnTs", "1.6.7.412:25:39");
Line Deleted : user_pref("extensions.Softonic.vrsni", "1.6.7.4");
Line Deleted : user_pref("extensions.Softonic.vrsnts", "1.6.7.412:25:39");
Line Deleted : user_pref("extensions.Softonic_i.dnsErr", true);
Line Deleted : user_pref("extensions.Softonic_i.hmpg", true);
Line Deleted : user_pref("extensions.Softonic_i.newTab", true);
Line Deleted : user_pref("extensions.Softonic_i.smplGrp", "none");
Line Deleted : user_pref("extensions.Softonic_i.vrsnTs", "1.6.7.412:25:39");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://search.babylon.com/?affID=114351&tt=270912_11_3912_3&babsrc=HP_ss&mntrId=6cab904b000000000000001f3ae4a366");

-\\ Google Chrome v

[ File : C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [17152 octets] - [29/08/2013 08:46:20]
AdwCleaner[S0].txt - [17492 octets] - [29/08/2013 08:49:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17553 octets] ##########
         
Schrit zwei ist auch ausgeführt.
Hir das ergebnins.

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.5 (08.28.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Marc on 29.08.2013 at  8:59:57.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A04B7F69-E27E-4A8F-8B79-D8118C8C5A31}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}



~~~ Files

Successfully deleted: [File] "C:\Users\Marc\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Marc\start menu\programs\browser manager"
Successfully deleted: [Folder] "C:\Users\Marc\music\qtrax media library"
Successfully deleted: [Empty Folder] C:\Users\Marc\appdata\local\{138BF293-D15F-4E1A-9E0C-B7513AF3BDA7}
Successfully deleted: [Empty Folder] C:\Users\Marc\appdata\local\{21552D49-C23D-473F-B045-AFE7E19EF831}
Successfully deleted: [Empty Folder] C:\Users\Marc\appdata\local\{49897CD3-EA3D-4F73-8337-FE2CBF8E91CE}
Successfully deleted: [Empty Folder] C:\Users\Marc\appdata\local\{7BC9DAEE-F7B9-468E-BC02-0884E7366AF5}
Successfully deleted: [Empty Folder] C:\Users\Marc\appdata\local\{911105BD-59F0-461A-A554-E2BFCAFC8634}
Successfully deleted: [Empty Folder] C:\Users\Marc\appdata\local\{A6971C59-D30F-4781-8F52-3D098DD6F86F}
Successfully deleted: [Empty Folder] C:\Users\Marc\appdata\local\{B212C70F-5AA9-4795-A0A6-3B4BE2FDDB2F}
Successfully deleted: [Empty Folder] C:\Users\Marc\appdata\local\{BD8CCE91-C469-4D68-838A-ADE4EDC4901C}
Successfully deleted: [Empty Folder] C:\Users\Marc\appdata\local\{D9DC8E74-A997-4799-995B-4DB2A77A21DC}
Successfully deleted: [Empty Folder] C:\Users\Marc\appdata\local\{EA7A606F-7DA3-410C-958D-28EB0B497E96}
Successfully deleted: [Empty Folder] C:\Users\Marc\appdata\local\{ECC6288E-C543-428A-B648-9469752D59D6}
Successfully deleted: [Empty Folder] C:\Users\Marc\appdata\local\{F3D6FE75-F8B8-4F56-890B-259643A31635}
Successfully deleted: [Empty Folder] C:\Users\Marc\appdata\local\{F3F49F4C-08FB-46A7-ACD7-BF6268A1E89C}



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [Folder] C:\Users\Marc\AppData\Roaming\mozilla\firefox\profiles\3h4vomr6.default\extensions\staged
Emptied folder: C:\Users\Marc\AppData\Roaming\mozilla\firefox\profiles\3h4vomr6.default\minidumps [268 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.08.2013 at  9:02:05.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Der Scan mit FRST ist abgeschlosen

Hir das ergebnis.



FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-08-2013
Ran by Marc (administrator) on 29-08-2013 09:06:25
Running from C:\Users\Marc\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Creative Technology Ltd.) C:\Windows\OEM02Mon.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Creative Technology Ltd.) C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corp.) C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Users\Marc\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(CREALOGIX E-Payment AG) C:\Program Files\CLX.PayPen\CLXReader.exe
(Dropbox, Inc.) C:\Users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Facebook) C:\Users\Marc\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
(Sony Corporation) C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Windows\system32\schtasks.exe
(Microsoft Corporation) C:\Windows\system32\sdclt.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [OEM02Mon.exe] - C:\Windows\OEM02Mon.exe [36864 2007-05-10] (Creative Technology Ltd.)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [DELL Webcam Manager] - C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [118784 2007-07-27] (Creative Technology Ltd.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13793824 2009-06-16] (NVIDIA Corporation)
HKLM\...\Run: [NVHotkey] - C:\Windows\system32\nvHotkey.dll [92704 2009-06-16] (NVIDIA Corporation)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [Bing Bar] - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe [243544 2010-04-27] (Microsoft Corp.)
HKLM\...\Run: [Microsoft Default Manager] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [VDownloader] - C:\Program Files\VDownloader\VDownloader.exe [879104 2012-12-20] (Vitzo)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Marc\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-11-21] (Google Inc.)
HKCU\...\Run: [msnmsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [x]
HKCU\...\Run: [SkyDrive] - C:\Users\Marc\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation)
HKCU\...\Run: [Facebook Update] - C:\Users\Marc\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-08-25] (Facebook Inc.)
HKCU\...\Run: [CLXReader] - C:\Program Files\CLX.PayPen\CLXReader.exe [4108152 2012-08-14] (CREALOGIX E-Payment AG)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\Marc\AppData\Roaming\cache.dat <==== ATTENTION 
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Marc\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Medien-Prüfung.lnk
ShortcutTarget: Picture Motion Browser Medien-Prüfung.lnk -> C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ch.msn.com/?ocid=OIE9HP
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=IP2TDF&PC=IP2TDF&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKCU - {AF4BC682-A543-4440-A849-186E9BBE09F9} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - @C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\3h4vomr6.default
FF Homepage: https://www.google.ch/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Marc\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Marc\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Marc\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Marc\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Plugin HKCU: vitzo.com/VDownloader - C:\Program Files\VDownloader\Addons\npVDownloader.dll (Vitzo)
FF SearchPlugin: C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\3h4vomr6.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\3h4vomr6.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\3h4vomr6.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\3h4vomr6.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [msntoolbar@msn.com] C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox
FF Extension: Bing Bar - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF Extension: No Name - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF HKLM\...\Firefox\Extensions: [support@vdownloader.com] C:\Program Files\VDownloader\Addons\FireFox
FF Extension: VDownloader - C:\Program Files\VDownloader\Addons\FireFox

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Marc\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Marc\AppData\Local\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Marc\AppData\Local\Google\Chrome\Application\29.0.1547.57\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U35) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
CHR Plugin: (Bing Bar) - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Desktop) - C:\Users\Marc\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll No File
CHR Plugin: (Google Update) - C:\Users\Marc\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Extension: (Chrome In-App Payments service) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR HKLM\...\Chrome\Extension: [eoccbpoodnckjdnackiffhjfkogfhnhh] - C:\Program Files\VDownloader\Addons\Chrome.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Marc\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R2 EkaProt6; C:\Windows\System32\DRIVERS\ekaprot6.sys [23704 2011-01-31] (Ekahau Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 PayPen; C:\Windows\System32\Drivers\PayPen.sys [18560 2012-08-14] ()
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-29 09:05 - 2013-08-29 09:05 - 01072975 _____ (Farbar) C:\Users\Marc\Downloads\FRST(1).exe.part
2013-08-29 09:05 - 2013-08-29 09:05 - 00000000 _____ C:\Users\Marc\Downloads\FRST(1).exe
2013-08-29 09:02 - 2013-08-29 09:02 - 00003522 _____ C:\Users\Marc\Desktop\JRT.txt
2013-08-29 08:59 - 2013-08-29 08:59 - 00000511 _____ C:\Users\Marc\Desktop\JRT.exe - Verknüpfung.lnk
2013-08-29 08:59 - 2013-08-29 08:59 - 00000000 ____D C:\Windows\ERUNT
2013-08-29 08:57 - 2013-08-29 08:57 - 01023533 _____ (Thisisu) C:\Users\Marc\Downloads\JRT.exe
2013-08-29 08:46 - 2013-08-29 08:49 - 00000000 ____D C:\AdwCleaner
2013-08-29 08:45 - 2013-08-29 08:45 - 00000552 _____ C:\Users\Marc\Desktop\adwcleaner.exe - Verknüpfung.lnk
2013-08-29 08:43 - 2013-08-29 08:44 - 00994642 _____ C:\Users\Marc\Downloads\adwcleaner(1).exe
2013-08-29 08:40 - 2013-08-29 08:41 - 00994642 _____ C:\Users\Marc\Downloads\adwcleaner.exe
2013-08-28 20:53 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-28 20:50 - 2013-08-28 20:50 - 01072975 _____ (Farbar) C:\Users\Marc\Downloads\FRST.exe
2013-08-27 16:11 - 2013-08-27 16:11 - 00000000 ____D C:\FRST
2013-08-24 14:30 - 2013-08-24 14:55 - 00000000 ____D C:\Users\Marc\Sex
2013-08-15 00:36 - 2013-07-25 04:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 00:36 - 2013-07-25 04:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 00:36 - 2013-07-25 04:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 00:36 - 2013-07-25 04:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 00:36 - 2013-07-25 04:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 00:36 - 2013-07-25 04:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-15 00:36 - 2013-07-25 04:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-15 00:36 - 2013-07-25 04:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 00:36 - 2013-07-25 04:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 00:36 - 2013-07-25 04:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 00:36 - 2013-07-25 04:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 00:36 - 2013-07-25 04:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-15 00:36 - 2013-07-25 04:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-15 00:36 - 2013-07-25 04:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 00:36 - 2013-07-25 04:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 00:36 - 2013-07-25 04:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-14 08:18 - 2013-07-17 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 08:18 - 2013-07-10 11:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 08:18 - 2013-07-09 14:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 08:18 - 2013-07-08 06:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-14 08:18 - 2013-07-08 06:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 08:18 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 08:18 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 08:18 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 08:18 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 08:18 - 2013-07-05 05:20 - 00914880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 08:18 - 2013-07-05 03:43 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2013-08-14 08:18 - 2013-06-15 15:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-08-14 08:18 - 2013-06-15 13:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-13 10:24 - 2013-08-13 18:56 - 00000000 ____D C:\Program Files\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

2013-08-29 09:06 - 2013-08-29 09:06 - 00000518 _____ C:\Users\Marc\Desktop\FRST.exe - Verknüpfung.lnk
2013-08-29 09:05 - 2013-08-29 09:05 - 01072975 _____ (Farbar) C:\Users\Marc\Downloads\FRST(1).exe.part
2013-08-29 09:05 - 2013-08-29 09:05 - 00000000 _____ C:\Users\Marc\Downloads\FRST(1).exe
2013-08-29 09:02 - 2013-08-29 09:02 - 00003522 _____ C:\Users\Marc\Desktop\JRT.txt
2013-08-29 08:59 - 2013-08-29 08:59 - 00000511 _____ C:\Users\Marc\Desktop\JRT.exe - Verknüpfung.lnk
2013-08-29 08:59 - 2013-08-29 08:59 - 00000000 ____D C:\Windows\ERUNT
2013-08-29 08:57 - 2013-08-29 08:57 - 01023533 _____ (Thisisu) C:\Users\Marc\Downloads\JRT.exe
2013-08-29 08:57 - 2006-11-02 14:52 - 02074179 _____ C:\Windows\WindowsUpdate.log
2013-08-29 08:57 - 2006-11-02 12:33 - 01587172 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-29 08:53 - 2012-08-25 16:47 - 00000000 ___RD C:\Users\Marc\SkyDrive
2013-08-29 08:53 - 2012-03-21 14:48 - 00000000 ___RD C:\Users\Marc\Dropbox
2013-08-29 08:53 - 2012-03-21 13:56 - 00000000 ____D C:\Users\Marc\AppData\Roaming\Dropbox
2013-08-29 08:51 - 2012-11-10 00:53 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-29 08:51 - 2011-11-11 00:26 - 00031776 _____ C:\ProgramData\nvModes.dat
2013-08-29 08:51 - 2011-11-11 00:26 - 00031776 _____ C:\ProgramData\nvModes.001
2013-08-29 08:51 - 2006-11-02 14:47 - 00003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-29 08:51 - 2006-11-02 14:47 - 00003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-29 08:50 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-29 08:49 - 2013-08-29 08:46 - 00000000 ____D C:\AdwCleaner
2013-08-29 08:49 - 2011-11-11 00:45 - 00004268 _____ C:\Windows\bthservsdp.dat
2013-08-29 08:49 - 2011-11-10 19:28 - 00000000 ____D C:\Users\Marc
2013-08-29 08:49 - 2006-11-02 15:01 - 00032554 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-29 08:45 - 2013-08-29 08:45 - 00000552 _____ C:\Users\Marc\Desktop\adwcleaner.exe - Verknüpfung.lnk
2013-08-29 08:44 - 2013-08-29 08:43 - 00994642 _____ C:\Users\Marc\Downloads\adwcleaner(1).exe
2013-08-29 08:41 - 2013-08-29 08:40 - 00994642 _____ C:\Users\Marc\Downloads\adwcleaner.exe
2013-08-28 21:28 - 2012-04-05 09:34 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-28 21:20 - 2012-11-10 00:53 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-28 21:13 - 2011-11-21 11:31 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2978347520-1581668813-3411711660-1000UA.job
2013-08-28 20:50 - 2013-08-28 20:50 - 01072975 _____ (Farbar) C:\Users\Marc\Downloads\FRST.exe
2013-08-28 20:46 - 2006-11-02 14:52 - 00042830 _____ C:\Windows\setupact.log
2013-08-27 16:11 - 2013-08-27 16:11 - 00000000 ____D C:\FRST
2013-08-24 14:55 - 2013-08-24 14:30 - 00000000 ____D C:\Users\Marc\Sex
2013-08-24 14:12 - 2012-08-25 17:07 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2978347520-1581668813-3411711660-1000UA.job
2013-08-23 20:13 - 2011-11-21 11:31 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2978347520-1581668813-3411711660-1000Core.job
2013-08-23 17:12 - 2012-08-25 17:07 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2978347520-1581668813-3411711660-1000Core.job
2013-08-21 08:20 - 2011-11-21 11:32 - 00002042 _____ C:\Users\Marc\Desktop\Google Chrome.lnk
2013-08-19 09:16 - 2012-05-03 09:52 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-18 08:14 - 2011-11-10 20:34 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-15 07:59 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-15 07:48 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-08-15 07:30 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-15 00:46 - 2013-07-28 02:02 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 00:43 - 2006-11-02 12:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-08-13 18:56 - 2013-08-13 10:24 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-08-09 17:39 - 2011-11-21 13:03 - 00000000 ____D C:\Users\Marc\AppData\Roaming\vlc
2013-08-03 06:59 - 2011-11-11 00:22 - 00128518 _____ C:\Windows\PFRO.log
2013-08-02 06:09 - 2013-08-28 20:53 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

Files to move or delete:
====================
C:\ProgramData\nvModes.dat
C:\Users\Marc\AppData\Local\Temp\ICReinstall_DownloadManagerSetup(1).exe
C:\Users\Marc\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Marc\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Marc\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Marc\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Marc\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Marc\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Marc\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Marc\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Marc\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Marc\AppData\Local\Temp\Quarantine.exe
C:\Users\Marc\AppData\Local\Temp\UnityWebPlayer4275381299534217750.exe
C:\Users\Marc\AppData\Local\Temp\vlc-2.0.6-win32.exe
C:\Users\Marc\AppData\Local\Temp\wmpfirefoxplugin.exe
C:\Users\Marc\AppData\Local\Temp\_is1080.exe
C:\Users\Marc\AppData\Local\Temp\_is3407.exe
C:\Users\Marc\AppData\Local\Temp\_is754B.exe
C:\Users\Marc\AppData\Local\Temp\{F59E31AF-7BC3-49F6-B40F-7D5C4E6126E3}\{2F819DAF-429B-4179-AEDC-AE71B7B9D889}\Common.dll
C:\Users\Marc\AppData\Local\Temp\{F59E31AF-7BC3-49F6-B40F-7D5C4E6126E3}\{2F819DAF-429B-4179-AEDC-AE71B7B9D889}\CTCabEx.DLL
C:\Users\Marc\AppData\Local\Temp\{F59E31AF-7BC3-49F6-B40F-7D5C4E6126E3}\{2F819DAF-429B-4179-AEDC-AE71B7B9D889}\RegEdit.dll
C:\Users\Marc\AppData\Local\Temp\{F59E31AF-7BC3-49F6-B40F-7D5C4E6126E3}\{2F819DAF-429B-4179-AEDC-AE71B7B9D889}\_ISUSER.DLL
C:\Users\Marc\AppData\Local\Temp\{F59E31AF-7BC3-49F6-B40F-7D5C4E6126E3}\{2F819DAF-429B-4179-AEDC-AE71B7B9D889}\_setup.dll
C:\Users\Marc\AppData\Local\Temp\{C0BDDD0C-1001-474C-816B-20D82A785801}\{59F6A514-9813-47A3-948C-8A155460CC2A}\DIFxAPI.dll
C:\Users\Marc\AppData\Local\Temp\{C0BDDD0C-1001-474C-816B-20D82A785801}\{59F6A514-9813-47A3-948C-8A155460CC2A}\DIFxCmd.exe
C:\Users\Marc\AppData\Local\Temp\{C0BDDD0C-1001-474C-816B-20D82A785801}\{59F6A514-9813-47A3-948C-8A155460CC2A}\RixDICON.dll
C:\Users\Marc\AppData\Local\Temp\{C0BDDD0C-1001-474C-816B-20D82A785801}\{59F6A514-9813-47A3-948C-8A155460CC2A}\snymsico.dll
C:\Users\Marc\AppData\Local\Temp\{C0BDDD0C-1001-474C-816B-20D82A785801}\{59F6A514-9813-47A3-948C-8A155460CC2A}\x64\DIFxAPI.dll
C:\Users\Marc\AppData\Local\Temp\{C0BDDD0C-1001-474C-816B-20D82A785801}\{59F6A514-9813-47A3-948C-8A155460CC2A}\x64\DIFxCmd.exe
C:\Users\Marc\AppData\Local\Temp\{C0BDDD0C-1001-474C-816B-20D82A785801}\{59F6A514-9813-47A3-948C-8A155460CC2A}\x64\RixDICON.dll
C:\Users\Marc\AppData\Local\Temp\{C0BDDD0C-1001-474C-816B-20D82A785801}\{59F6A514-9813-47A3-948C-8A155460CC2A}\x64\snymsico.dll
C:\Users\Marc\AppData\Local\Temp\{68D303D4-B5F6-4D4B-ACEA-1B555B84B9D5}\ISSetup.dll
C:\Users\Marc\AppData\Local\Temp\{68D303D4-B5F6-4D4B-ACEA-1B555B84B9D5}\_Setup.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\GoogleCrashHandler.exe
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\GoogleCrashHandler64.exe
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\GoogleUpdate.exe
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\GoogleUpdateBroker.exe
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\GoogleUpdateOnDemand.exe
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\GoogleUpdateSetup.exe
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdate.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_am.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_ar.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_bg.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_bn.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_ca.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_cs.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_da.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_de.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_el.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_en-GB.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_en.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_es-419.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_es.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_et.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_fa.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_fi.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_fil.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_fr.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_gu.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_hi.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_hr.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_hu.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_id.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_is.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_it.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_iw.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_ja.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_kn.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_ko.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_lt.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_lv.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_ml.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_mr.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_ms.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_nl.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_no.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_pl.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_pt-BR.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_pt-PT.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_ro.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_ru.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_sk.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_sl.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_sr.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_sv.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_sw.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_ta.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_te.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_th.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_tr.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_uk.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_ur.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_vi.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_zh-CN.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\goopdateres_zh-TW.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\npGoogleUpdate3.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\psmachine.dll
C:\Users\Marc\AppData\Local\Temp\{67DD9315-E2C9-4993-8E2A-50C5058817D9}\psuser.dll
C:\Users\Marc\AppData\Local\Temp\{587DD263-DD9F-4D70-A9E6-A53BABAAFC30}\ISSetup.dll
C:\Users\Marc\AppData\Local\Temp\{587DD263-DD9F-4D70-A9E6-A53BABAAFC30}\_Setup.dll
C:\Users\Marc\AppData\Local\Temp\{4535D53D-5CC7-4B67-B0E6-E97DBCB90F87}\adobeshockwavextrabundle.exe
C:\Users\Marc\AppData\Local\Temp\{000226CF-996C-400A-B252-E1E0F8534BBB}\ISSetup.dll
C:\Users\Marc\AppData\Local\Temp\{000226CF-996C-400A-B252-E1E0F8534BBB}\_Setup.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\kernel32.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\mfc90.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\mfc90u.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\mfcm90.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\mfcm90u.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\psapi.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\python26.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\pythoncom26.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\PyWinTypes26.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\shell32.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\wxbase293u_net_vc.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\wxbase293u_vc.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\wxmsw293u_adv_vc.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\wxmsw293u_core_vc.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\wxmsw293u_html_vc.dll
C:\Users\Marc\AppData\Local\Temp\_MEI48242\wxmsw293u_webview_vc.dll
C:\Users\Marc\AppData\Local\Temp\Temp1_DigiFoto402_upd.zip\digifoto.exe
C:\Users\Marc\AppData\Local\Temp\SweetIMReinstall\SweetImSetup.exe
C:\Users\Marc\AppData\Local\Temp\scoped_dir_7836_21362\CRX_INSTALL\npVDownloader.dll
C:\Users\Marc\AppData\Local\Temp\scoped_dir_5440_1778\CRX_INSTALL\npVDownloader.dll
C:\Users\Marc\AppData\Local\Temp\scoped_dir_5204_21116\CRX_INSTALL\npVDownloader.dll
C:\Users\Marc\AppData\Local\Temp\scoped_dir_3100_21284\CRX_INSTALL\npVDownloader.dll
C:\Users\Marc\AppData\Local\Temp\nsx1611.tmp\DropboxNSISTools.dll
C:\Users\Marc\AppData\Local\Temp\nswC70.tmp\DropboxNSISTools.dll
C:\Users\Marc\AppData\Local\Temp\nsuE2C1.tmp\chrmPref.dll
C:\Users\Marc\AppData\Local\Temp\nsuE2C1.tmp\IEFunctions.dll
C:\Users\Marc\AppData\Local\Temp\nsuE2C1.tmp\mt.dll
C:\Users\Marc\AppData\Local\Temp\nsuE2C1.tmp\nsisos.dll
C:\Users\Marc\AppData\Local\Temp\nsuE2C1.tmp\Processes.dll
C:\Users\Marc\AppData\Local\Temp\nsuE2C1.tmp\System.dll
C:\Users\Marc\AppData\Local\Temp\nsuE2C1.tmp\Time.dll
C:\Users\Marc\AppData\Local\Temp\nsuE2C1.tmp\UserInfo.dll
C:\Users\Marc\AppData\Local\Temp\nsr5D6D.tmp\DropboxNSISTools.dll
C:\Users\Marc\AppData\Local\Temp\nsnB57B.tmp\DropboxNSISTools.dll
C:\Users\Marc\AppData\Local\Temp\nsc14BA.tmp\DropboxNSISTools.dll
C:\Users\Marc\AppData\Local\Temp\nsc14BA.tmp\UAC.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\dotNetFx40LP_Full_x86de.exe
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\Setup.exe
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupEngine.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUi.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUtility.exe
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\sqmapi.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3082\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3076\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2070\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2052\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1055\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1053\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1049\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1046\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1045\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1044\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1043\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1042\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1041\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1040\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1038\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1037\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1036\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1035\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1033\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1032\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1031\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1030\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1029\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1028\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1025\SetupResources.dll
C:\Users\Marc\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
C:\Users\Marc\AppData\Local\Temp\is357113909\DeltaTB.exe
C:\Users\Marc\AppData\Local\Temp\is357113909\DownloadManagerV2.exe
C:\Users\Marc\AppData\Local\Temp\is357113909\QtraxInstaller.exe
C:\Users\Marc\AppData\Local\Temp\is357113909\uninstaller.exe
C:\Users\Marc\AppData\Local\Temp\is180804277\14333978_Setup.EXE
C:\Users\Marc\AppData\Local\Temp\is180804277\4738337_Setup.EXE
C:\Users\Marc\AppData\Local\Temp\is180804277\53072112_Setup.EXE
C:\Users\Marc\AppData\Local\Temp\is180804277\DeltaTB.exe
C:\Users\Marc\AppData\Local\Temp\is180804277\dp.exe
C:\Users\Marc\AppData\Local\Temp\is180804277\PricePeepInstaller.exe
C:\Users\Marc\AppData\Local\Temp\is180804277\QtraxInstaller.exe
C:\Users\Marc\AppData\Local\Temp\is180804277\yontoo-c2.exe
C:\Users\Marc\AppData\Local\Temp\is180804277\yontoo-c4.exe
C:\Users\Marc\AppData\Local\Temp\IDC2.tmp\FP_AX_CAB_INSTALLER64.exe
C:\Users\Marc\AppData\Local\Temp\Adobe\Shockwave 11\gcapi_dll.dll
C:\Users\Marc\AppData\Local\Temp\Adobe\Shockwave 11\gi.dll
C:\Users\Marc\AppData\Local\Temp\Adobe\Shockwave 11\gtapi.dll
C:\Users\Marc\AppData\Local\Temp\Adobe\Shockwave 11\SymCCIS.dll
C:\Users\Marc\AppData\Local\Temp\A958.dir\InstallFlashPlayer.exe
C:\Users\Marc\AppData\Local\Temp\967429CBEA314E3EBC91036B24089247\IP2TDFJewel\7.1.361\JewelExtension.dll
C:\Users\Marc\AppData\Local\Temp\967429CBEA314E3EBC91036B24089247\IP2TDFButton1\7.1.361\JewelExtension.dll
C:\Users\Marc\AppData\Local\Temp\87597F2A-BAB0-7891-ACBB-5A9DCF132762\Setup.exe
C:\Users\Marc\AppData\Local\Temp\87597F2A-BAB0-7891-ACBB-5A9DCF132762\sqlite3.dll
C:\Users\Marc\AppData\Local\Temp\87597F2A-BAB0-7891-ACBB-5A9DCF132762\Latest\BrowserManagerSetup.exe
C:\Users\Marc\AppData\Local\Temp\87597F2A-BAB0-7891-ACBB-5A9DCF132762\Latest\IECookieLow.dll
C:\Users\Marc\AppData\Local\Temp\87597F2A-BAB0-7891-ACBB-5A9DCF132762\Latest\MyBabylonTB.exe
C:\Users\Marc\AppData\Local\Temp\87597F2A-BAB0-7891-ACBB-5A9DCF132762\Latest\Setup.exe
C:\Users\Marc\AppData\Local\Temp\87597F2A-BAB0-7891-ACBB-5A9DCF132762\Latest\sqlite3.dll
C:\Users\Marc\AppData\Local\Temp\55039882.Uninstall\uninstaller.exe
C:\Users\Marc\AppData\Local\Temp\55000118.Uninstall\uninstaller.exe
C:\Users\Marc\AppData\Local\Temp\486177.Uninstall\uninstaller.exe
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\GoogleEarth.exe
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemyext.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\earthps.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\geplugin.exe
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\ge_expat.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\googleearth_free.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\icudt.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGAttrs.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGCore.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGExportCommon.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGGfx.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGMath.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGOpt.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGSg.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGUtils.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\msvcp100.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\msvcr100.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\npgeplugin.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\plugin_ax.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\QtCore4.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\QtGui4.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\QtNetwork4.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\QtWebKit4.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\imageformats\qgif4.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\imageformats\qjpeg4.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\optimizations\IGOptExtension.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\D3DCompiler_43.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\d3dx9_43.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGAttrs.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGGfx.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGSg.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\libEGL.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\libGLESv2.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogl\IGAttrs.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogl\IGGfx.dll
C:\Users\Marc\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogl\IGSg.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-29 08:57

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-08-2013
Ran by Marc at 2013-08-29 09:09:10
Running from C:\Users\Marc\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638)
Advanced Audio FX Engine
Advanced Video FX Engine
Apple Application Support (Version: 2.1.5)
Apple Software Update (Version: 2.1.3.127)
Bing Bar (Version: 5.0.1449.0)
Bing Bar Platform (Version: 5.0.1449.0)
Broadcom 440x 10/100 Integrated Controller (Version: 10.04.01)
CLX.PayPen - CLX.PayPen Wireless (Version: 2.0.6.1)
Conexant HDA D330 MDC V.92 Modem
D3DX10 (Version: 15.4.2368.0902)
Dell Resource CD (Version: 1.00.0000)
Dell Webcam Center
Dell Webcam Manager
DesignPro 5 (Version: 5.5.708)
Dropbox (HKCU Version: 2.0.22)
Ekahau HeatMapper (Version: 1.1.3.38636)
Facebook Messenger 2.1.4814.0 (Version: 2.1.4814.0)
GoldWave v5.54
Google Chrome (HKCU Version: 29.0.1547.57)
Google Drive (Version: 1.11.4865.2530)
Google Earth Plug-in (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.21.153)
HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät (Version: 22.0.334.0)
HP Officejet Pro 8500 A910 Hilfe (Version: 140.0.2.2)
HP Update (Version: 5.002.005.003)
I.R.I.S. OCR (Version: 12.3.4)
Intel Matrix Storage Manager
Intel(R) PROSet/Wireless Software (Version: 11.01.0000)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java(TM) 6 Update 37 (Version: 6.0.370)
Junk Mail filter update (Version: 15.4.3502.0922)
Kies Air Discovery Service
Laptop Integrated Webcam Driver (1.04.01.1011)  
Live! Cam Avatar (Version: 1.0)
Live! Cam Avatar Creator (Version: 4.6.0817.1)
mCore (Version: 9.24.0000)
mDriver (Version: 9.24.0000)
Mesh Runtime (Version: 15.4.5722.2)
mHelp (Version: 9.24.0000)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Default Manager (Version: 2.1.55.0)
Microsoft Search Enhancement Pack (Version: 3.0.126.0)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
mMHouse (Version: 9.24.0000)
Mozilla Firefox 23.0.1 (x86 de) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
Mozilla Thunderbird 17.0.8 (x86 de) (Version: 17.0.8)
mPfMgr (Version: 9.24.0000)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
mWMI (Version: 9.24.0000)
NAVIGON Fresh 3.4.1 (Version: 3.4.1)
NVIDIA Drivers (Version: 1.3)
OpenOffice.org 3.3 (Version: 3.3.9567)
Picture Package Music Transfer (Version: 1.1.00.11270)
Pinnacle VideoSpin (Version: 2.0.0.669)
QuickTime (Version: 7.71.80.42)
RICOH R5U8xx Media Driver ver.3.62.02 (Version: 3.62.02)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE (Version: 10.1)
Roxio Creator DE (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Segoe UI (Version: 15.4.2271.0615)
Sony Picture Utility (Version: 3.0.01.12110)
Steuern11 (Version: 1.0.1.1375)
Studie zur Verbesserung von HP Officejet Pro 8500 A910 Produkten (Version: 22.0.334.0)
swMSM (Version: 12.0.0.1)
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
VDownloader 3.9.1360
Virtual DJ Home Edition - Atomix Productions
Visitenkarten in 2 Minuten
VLC media player 2.0.6 (Version: 2.0.6)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (Version: 15.4.5722.2)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows-Treiberpaket - C Technologies AB (PayPen) Input Pen  (09/28/2007 2.0.0.0) (Version: 09/28/2007 2.0.0.0)
 

==================== Restore Points  =========================

14-08-2013 21:09:09 Geplanter Prüfpunkt
14-08-2013 22:34:37 Windows Update
16-08-2013 08:50:38 Geplanter Prüfpunkt
16-08-2013 22:00:06 Geplanter Prüfpunkt
17-08-2013 22:00:13 Geplanter Prüfpunkt
18-08-2013 06:18:19 Windows Update
19-08-2013 09:24:46 Geplanter Prüfpunkt
19-08-2013 22:00:07 Geplanter Prüfpunkt
20-08-2013 22:00:07 Geplanter Prüfpunkt
22-08-2013 08:49:09 Geplanter Prüfpunkt
22-08-2013 22:00:16 Geplanter Prüfpunkt
23-08-2013 06:47:09 Windows Update
23-08-2013 22:00:12 Geplanter Prüfpunkt
28-08-2013 18:53:43 Windows Update
29-08-2013 06:40:47 Windows Update

==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0026D573-C410-4E67-9C96-331017EB280B} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-19] (Microsoft Corporation)
Task: {0DCB4353-D1C0-4130-A499-8EAF3082B61B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-10] (Google Inc.)
Task: {104CE4F7-0DEF-498E-B498-55D7E6E8C8F0} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1E517B96-22E5-4B71-B857-63E494A63115} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2978347520-1581668813-3411711660-1000Core => C:\Users\Marc\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-21] (Google Inc.)
Task: {26E75976-C3D4-4F34-B01D-A5A11CEA4555} - System32\Tasks\Microsoft\Windows\WindowsBackup\CheckFull => C:\Windows\System32\sdclt.exe [2010-12-14] (Microsoft Corporation)
Task: {2FDBDC47-7148-49DB-9D32-32E6A003C996} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 => C:\Windows\System32\ndfapi.dll [2008-01-19] (Microsoft Corporation)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {42B3BF69-EF59-4D2F-925E-2C2F033544AB} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Marc => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {4C80C0F9-ADE4-4C49-8C0A-EB3E34AE6258} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\System32\sdclt.exe [2010-12-14] (Microsoft Corporation)
Task: {50717079-3473-45F7-9292-289BCF234A70} - System32\Tasks\HPCustParticipation HP Officejet Pro 8500 A910 => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {5C4CB010-62D0-4AFE-8B6C-D67F587BFB92} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {6563C3D7-E5BB-4BC4-9AD2-484149597386} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {79C81796-050A-4065-9802-2C0706BEE4AB} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {897CA36B-C3C6-46F7-982B-7AEAD55125ED} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2008-01-19] (Microsoft Corporation)
Task: {959CFFFE-1E37-4393-9594-CB2B757FE008} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2978347520-1581668813-3411711660-1000Core => C:\Users\Marc\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-25] (Facebook Inc.)
Task: {A0DAF509-5829-401F-B5B3-005B229515DB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2978347520-1581668813-3411711660-1000UA => C:\Users\Marc\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-21] (Google Inc.)
Task: {A1868F64-ED08-49A9-9F86-F62ED855AFFD} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\System32\srrstr.dll [2008-01-19] (Microsoft Corporation)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-19] (Microsoft Corporation)
Task: {C8FB0A6F-9D68-4F5A-83C3-50CD234B44DB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated)
Task: {CAF8472F-E325-4292-AA2C-12082DFB3F12} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2978347520-1581668813-3411711660-1000UA => C:\Users\Marc\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-25] (Facebook Inc.)
Task: {DFE66225-BDC1-45BD-BA12-D76B273FA58E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-10] (Google Inc.)
Task: {E0D130A6-8F0D-45F3-9DAC-490C37472237} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\system32\schtasks.exe [2008-01-19] (Microsoft Corporation)
Task: {E3B0BF9C-3D26-4E40-8D49-ACC94D13F177} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\system32\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2011-11-10] ()
Task: {F1E2360B-E2A7-4B07-8A0B-8F350A50BF31} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\system32\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated)
Task: {F8D6E476-24FE-4649-A4D7-985706B29128} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 => C:\Windows\System32\ndfapi.dll [2008-01-19] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2978347520-1581668813-3411711660-1000Core.job => C:\Users\Marc\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2978347520-1581668813-3411711660-1000UA.job => C:\Users\Marc\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2978347520-1581668813-3411711660-1000Core.job => C:\Users\Marc\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2978347520-1581668813-3411711660-1000UA.job => C:\Users\Marc\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==========


==================== Faulty Device Manager Devices =============

Name: Microsoft-ISATAP-Adapter #11
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-08-27 18:10:37.303
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-27 18:10:37.163
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-27 18:10:37.022
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-27 18:10:36.851
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-27 16:13:14.590
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-27 16:13:14.434
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-27 16:13:13.982
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-27 16:13:13.779
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-07 17:36:33.622
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Browser Manager\2.6.1519.190\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-07 17:36:33.433
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Browser Manager\2.6.1519.190\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 42%
Total physical RAM: 3069.31 MB
Available physical RAM: 1778.84 MB
Total Pagefile: 6339.64 MB
Available Pagefile: 5078.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1942.36 MB

==================== Drives ================================

Drive c: (Daten) (Fixed) (Total:232.88 GB) (Free:50.55 GB) NTFS
Drive d: (System) (Fixed) (Total:232.88 GB) (Free:157.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: FC89BA5F)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 05C5E182)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 29.08.2013, 11:00   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vermutlich KOBIK Virus eingefang was kann ich machen. - Standard

Vermutlich KOBIK Virus eingefang was kann ich machen.



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\Marc\AppData\Roaming\cache.dat <==== ATTENTION
C:\Users\Marc\AppData\Roaming\cache.dat
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Anschließend bitte TFC ausführen:

TFC - Temp File Cleaner

Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
  • Öffne die TFC.exe.
    Vista und Win 7 User mit Rechtsklick "als Administrator starten".
  • Schließe alle anderen Programme.
  • Drücke auf den Button Start.
  • Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 29.08.2013, 15:15   #13
Knight1986
 
Vermutlich KOBIK Virus eingefang was kann ich machen. - Standard

Vermutlich KOBIK Virus eingefang was kann ich machen.



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-08-2013
Ran by Marc at 2013-08-29 16:14:33 Run:2
Running from C:\Users\Marc\FRST
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\Marc\AppData\Roaming\cache.dat <==== ATTENTION
C:\Users\Marc\AppData\Roaming\cache.dat
*****************

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
"C:\Users\Marc\AppData\Roaming\cache.dat" => File/Directory not found.

==== End of Fixlog ====
         

Alt 29.08.2013, 16:25   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vermutlich KOBIK Virus eingefang was kann ich machen. - Standard

Vermutlich KOBIK Virus eingefang was kann ich machen.



TFC ausgeführt?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 29.08.2013, 16:34   #15
Knight1986
 
Vermutlich KOBIK Virus eingefang was kann ich machen. - Standard

Vermutlich KOBIK Virus eingefang was kann ich machen.



TFC wurde gemacht. Entschuldigung das ich das nicht ge postet habe.

Antwort

Themen zu Vermutlich KOBIK Virus eingefang was kann ich machen.
aufeinmal, bekämpfung, bildschirm, gesperrt, hilfe, inter, interne, laptop, modus, paysafecard, polizei, samstag, seite, starte, starten., vermutlich, virus



Ähnliche Themen: Vermutlich KOBIK Virus eingefang was kann ich machen.


  1. Vermutlich "verseuchten" Laptop wieder fit machen
    Log-Analyse und Auswertung - 28.04.2014 (3)
  2. Fedpol Trojaner Kobik CH-Edition
    Log-Analyse und Auswertung - 15.11.2013 (25)
  3. FEDPOL-Trojaner KOBIK (Schweizer Variante)
    Plagegeister aller Art und deren Bekämpfung - 23.10.2013 (9)
  4. KOBIK-Trojaner eingefangen.. FRST-Logfile bereits vorhanden
    Plagegeister aller Art und deren Bekämpfung - 03.10.2013 (12)
  5. Java virus was kann es alles machen
    Plagegeister aller Art und deren Bekämpfung - 13.11.2011 (0)
  6. BKA Trojaner/Virus eingefangen, kann außer abgesichertem Modus nix mehr machen
    Plagegeister aller Art und deren Bekämpfung - 08.11.2011 (15)
  7. Virus ? kann auf meinem computer nichts mehr machen ...
    Plagegeister aller Art und deren Bekämpfung - 06.08.2010 (2)
  8. Virus malware oder weis nicht was! kann nichts machen Sau frisst sich evtl. in Ram
    Plagegeister aller Art und deren Bekämpfung - 27.10.2009 (1)
  9. Was kann ich machen?
    Log-Analyse und Auswertung - 19.01.2009 (2)
  10. tr crypt.xpack.gen eingefang:o(
    Plagegeister aller Art und deren Bekämpfung - 16.12.2008 (1)
  11. msn virus/trojaner eingefang
    Log-Analyse und Auswertung - 04.11.2008 (0)
  12. msn virus/trojaner eingefang
    Mülltonne - 04.11.2008 (0)
  13. Virus was kann ich machen die Festplatte löschen?
    Antiviren-, Firewall- und andere Schutzprogramme - 03.02.2008 (4)
  14. Vermutlich Trojaner auf dem Rechner! Kann einer Helfen?
    Log-Analyse und Auswertung - 25.01.2008 (1)
  15. Infizierter Rechner! (Vermutlich tr spy.vbstat.b.1) Wer kann mir helfen?!?
    Mülltonne - 25.05.2007 (0)
  16. Was ist das bzw. was kann man machen?
    Plagegeister aller Art und deren Bekämpfung - 05.09.2006 (5)
  17. kann man da was machen???
    Log-Analyse und Auswertung - 13.06.2005 (2)

Zum Thema Vermutlich KOBIK Virus eingefang was kann ich machen. - Am Samstag nachmittag zeigte mein Bildschirm aufeinmal eine Seite vom EJPD (Eidgenösisches Justitz und Polizei Departement) und der Koordinationsstelle zur Bekämpfung der Internetkriminalität (KOBIK) auf der stet, (kurz fasung) Der - Vermutlich KOBIK Virus eingefang was kann ich machen....
Archiv
Du betrachtest: Vermutlich KOBIK Virus eingefang was kann ich machen. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.