Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Delta-Homes bzw. QV06 in IE, FF und Chrome

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.12.2013, 14:17   #1
Roddinho
 
Delta-Homes bzw. QV06 in IE, FF und Chrome - Standard

Delta-Homes bzw. QV06 in IE, FF und Chrome



Hallo zusammen,

meine Oma (80) hat auf ihrem Rechner sich was eingefangen.
Egal, welche Settings man einstellt, man landet zwangsläufig auf einer Startseite mit der URL im Beginn von QV06. Weiterhin landet man bei Suchen auf Delta-Search und der Begriff Delta-Home kommt oft vor.
Dies ist sowohl im IE, als auch im FF oder unter Chrome der Fall.
Ich habe mal die Ereignisse aus Fund in Antivir extrahiert, hier der Code:

Code:
ATTFilter
Exportierte Ereignisse:

22.11.2013 21:37 [System-Scanner] Malware gefunden
      Die Datei 
      'C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitG
      uard.dll'
      enthielt einen Virus oder unerwünschtes Programm 'Adware/BHO.Bprotector.1.4' 
      [adware].
      Durchgeführte Aktion(en):
      Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler 
      aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003.
      Die Datei konnte nicht gelöscht werden!
      Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
      Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
      Fehler in der ARK Library.

22.11.2013 21:37 [Echtzeit-Scanner] Malware gefunden
      In der Datei 
      'C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitG
      uard.dll'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/BHO.Bprotector.1.4' 
      [adware] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

22.11.2013 21:36 [System-Scanner] Malware gefunden
      Die Datei 'C:\ProgramData\eSafe\eGdpSvc.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Wysotot.Gen' [trojan].
      Durchgeführte Aktion(en):
      Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler 
      aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003.
      Die Datei konnte nicht gelöscht werden!
      Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
      Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
      Fehler in der ARK Library.
      Der Registrierungseintrag 
      <HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WsysSvc\ImagePath> wurde 
      erfolgreich repariert.
      Der Registrierungseintrag 
      <HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WsysSvc\ImagePath> wurde 
      erfolgreich repariert.
      Der Registrierungseintrag 
      <HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WsysSvc\ImagePath> wurde 
      erfolgreich repariert.

22.11.2013 21:36 [System-Scanner] Malware gefunden
      Die Datei 
      'c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bitg
      uard.dll'
      enthielt einen Virus oder unerwünschtes Programm 'Adware/BHO.Bprotector.1.4' 
      [adware].
      Durchgeführte Aktion(en):
      Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler 
      aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003.
      Die Datei konnte nicht gelöscht werden!
      Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
      Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
      Die Datei konnte nicht gelöscht werden!
      Der Registrierungseintrag <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows 
      NT\CurrentVersion\Windows\AppInit_Dlls> wurde erfolgreich repariert.

22.11.2013 21:34 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\ProgramData\eSafe\eGdpSvc.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Wysotot.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

22.11.2013 21:33 [Echtzeit-Scanner] Malware gefunden
      In der Datei 
      'C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitG
      uard.dll'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/BHO.Bprotector.1.4' 
      [adware] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

22.11.2013 21:33 [Echtzeit-Scanner] Malware gefunden
      In der Datei 
      'C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitG
      uard.dll'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/BHO.Bprotector.1.4' 
      [adware] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

22.11.2013 21:32 [Echtzeit-Scanner] Malware gefunden
      In der Datei 
      'C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitG
      uard.dll'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/BHO.Bprotector.1.4' 
      [adware] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

06.11.2013 21:51 [System-Scanner] Malware gefunden
      Die Datei 
      'C:\Users\Anna\AppData\Local\Temp\is1275519350\cor_ar_2013729172639_qvo6.exe'
      enthielt einen Virus oder unerwünschtes Programm 'Adware/QVO6.D' [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4d4420ad.qua' 
      verschoben!

06.11.2013 21:51 [System-Scanner] Malware gefunden
      Die Datei 
      'H:\$RECYCLE.BIN\S-1-5-21-278328990-3096719447-1476682975-1000\$RCQDEK1.exe'
      enthielt einen Virus oder unerwünschtes Programm 'Adware/InstallCo.HK' [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55820f17.qua' 
      verschoben!

06.11.2013 21:51 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Anna\AppData\Local\Temp\LyricsContainertmp.exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen' [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1f1b7a7f.qua' 
      verschoben!

06.11.2013 13:46 [System-Scanner] Malware gefunden
      Die Datei 'C:\ProgramData\eSafe\_eUpdate_13.3.2.2700.exe'
      enthielt einen Virus oder unerwünschtes Programm 'Adware/ELEX.B' [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '542caaf2.qua' 
      verschoben!

06.11.2013 13:45 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\ProgramData\eSafe\_eUpdate_13.3.2.2700.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/ELEX.B' [adware] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

06.11.2013 13:44 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\ProgramData\eSafe\_eUpdate_13.3.2.2700.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/ELEX.B' [adware] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

04.11.2013 11:55 [System-Scanner] Malware gefunden
      Die Datei 
      'C:\Users\Anna\AppData\Roaming\eUpdate\9CB47A4CEB6347d5B1F0AADCEA1FC48C\delta-ho
      mes.exe'
      enthielt einen Virus oder unerwünschtes Programm 'Adware/Elex.B.1' [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '507ed301.qua' 
      verschoben!

04.11.2013 10:28 [Echtzeit-Scanner] Malware gefunden
      In der Datei 
      'C:\Users\Anna\AppData\Roaming\eUpdate\9CB47A4CEB6347d5B1F0AADCEA1FC48C\delta-ho
      mes.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Elex.B.1' [adware] gefunden.
      Ausgeführte Aktion: Zugriff verweigern
         
Sollten noch weitere Scans benötigt werden würde ich mich über eine rasche Antwort freuen, da diese Scans ja sicher von ihrem Rechner aus gemacht werden müssen und ich nur heute hier bin.

Das "reparieren" kann ich dann gerne später per Teamviewer machen, die Analyse würde ich gerne vor Ort begleiten.

Danke für eure Hilfe im Voraus.

P.S.: Hier ein Bild der aktuell laufenden Prozesse:



Interessant ist vor allem der Plus-HD Prozess, der scheinbar ein Addon in Chrome ist, den meine Oma aber niemals installiert hat UND den ich schon deinstalliert habe.

Alt 01.12.2013, 14:35   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Delta-Homes bzw. QV06 in IE, FF und Chrome - Standard

Delta-Homes bzw. QV06 in IE, FF und Chrome



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 01.12.2013, 14:57   #3
Roddinho
 
Delta-Homes bzw. QV06 in IE, FF und Chrome - Standard

Delta-Homes bzw. QV06 in IE, FF und Chrome



FRST:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2013
Ran by Anna (administrator) on ANNA-HP on 01-12-2013 15:53:33
Running from C:\Users\Anna\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
() C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
() C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
() C:\Program Files (x86)\Haufe\iDesk\iDeskService\ideskservice.exe
(Eastman Kodak Company) C:\Program Files (x86)\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\AiO\StatusMonitor\EKPrinterSDK.exe
(Haufe Mediengruppe) C:\Program Files (x86)\Haufe\iDesk\iDeskService\ideskpython.exe
(COMPANYVERS_NAME) C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39barsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TomTom) H:\Programme\Tom-Tom\Home\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
() C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\AppIntegrator64.exe
(FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\Monitor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TomTom) C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [170496 2012-03-28] (Sun Microsystems, Inc.)
HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM\...\Run: [MapsGalaxy Home Page Guard 64 bit] - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\AppIntegrator64.exe [548936 2013-06-15] ()
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-11-27] (Hewlett-Packard)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-21] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [FileHippo.com] - C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKCU\...\Run: [OM_Monitor] - C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\Monitor.exe [57344 2006-05-16] (OLYMPUS IMAGING CORP.)
HKCU\...\Run: [MyTomTomSA.exe] - C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [458680 2013-08-01] (TomTom)
HKCU\...\Run: [TomTomHOME.exe] - [x]
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LexwareInfoService] - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [OM_Monitor] - C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\FirstStart.exe [40960 2006-05-16] (OLYMPUS IMAGING CORP.)
HKLM-x32\...\Run: [MapsGalaxy Search Scope Monitor] - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrchMn.exe [44784 2013-06-15] (MindSpark)
HKLM-x32\...\Run: [MapsGalaxy_39 Browser Plugin Loader] - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe [30096 2013-06-15] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [EKStatusMonitor] - C:\Program Files (x86)\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-05-17] (EasyBits Software AS)
AppInit_DLLs: C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll [1958880 2013-11-18] ()
Startup: C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=HitachiXHDS723020BLA642_MN1240F32ZMU2D2ZMU2DX&ts=1377368514
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=HitachiXHDS723020BLA642_MN1240F32ZMU2D2ZMU2DX&ts=1377368514
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=B6CA38607789FDCD&affID=121284&tsp=4981
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=HitachiXHDS723020BLA642_MN1240F32ZMU2D2ZMU2DX&ts=1377368514
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=HitachiXHDS723020BLA642_MN1240F32ZMU2D2ZMU2DX&ts=1377368514
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=HitachiXHDS723020BLA642_MN1240F32ZMU2D2ZMU2DX&ts=1377368514
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=HitachiXHDS723020BLA642_MN1240F32ZMU2D2ZMU2DX&ts=1377368514
URLSearchHook: HKCU - (No Name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll (MindSpark)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHDS723020BLA642_MN1240F32ZMU2D2ZMU2DX&ts=1376762487
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHDS723020BLA642_MN1240F32ZMU2D2ZMU2DX&ts=1376762487
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHDS723020BLA642_MN1240F32ZMU2D2ZMU2DX&ts=1376762487
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBzzzy0F0D0C0DyCtBtC0CtN0D0Tzu0CyDzyyDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu&cr=1696389174&ir=
SearchScopes: HKLM - {99647E08-DB20-4472-B9D7-40CAA95BB787} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHDS723020BLA642_MN1240F32ZMU2D2ZMU2DX&ts=1376762487
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHDS723020BLA642_MN1240F32ZMU2D2ZMU2DX&ts=1376762487
SearchScopes: HKLM-x32 - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBzzzy0F0D0C0DyCtBtC0CtN0D0Tzu0CyDzyyDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu&cr=1696389174&ir=
SearchScopes: HKLM-x32 - {99647E08-DB20-4472-B9D7-40CAA95BB787} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^UX^xdm080^YY^de&si=CPyx7tbX5rcCFQeS3godXzsAVA&ptb=9014491E-1888-4829-981D-2EA46184459D&ind=2013061715&n=77fce253&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=HitachiXHDS723020BLA642_MN1240F32ZMU2D2ZMU2DX&ts=1377368515
SearchScopes: HKCU - bProtectorDefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBzzzy0F0D0C0DyCtBtC0CtN0D0Tzu0CyDzyyDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu&cr=1696389174&ir=
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B6CA38607789FDCD&affID=121284&tsp=4981
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=HitachiXHDS723020BLA642_MN1240F32ZMU2D2ZMU2DX&ts=1377368515
SearchScopes: HKCU - {99647E08-DB20-4472-B9D7-40CAA95BB787} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^UX^xdm080^YY^de&si=CPyx7tbX5rcCFQeS3godXzsAVA&ptb=9014491E-1888-4829-981D-2EA46184459D&ind=2013061715&n=77fce253&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {C7C190D3-0796-4A46-8D5E-E0B321F13240} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=CD37BE71-27C0-4609-ABDA-3F5970843453&apn_sauid=661D1AEE-834B-4800-946D-283B4CE9AF3A
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll No File
BHO-x32: Plus-HD-1.6 - {11111111-1111-1111-1111-110311201102} - C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho.dll (Plus HD)
BHO-x32: Toolbar BHO - {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll (MindSpark)
BHO-x32: Search Assistant BHO - {71c1d63a-c944-428a-a5bd-ba513190e5d2} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll (MindSpark)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: metacrawler  Helper Object - {D4EF7D75-52C9-4BCE-B6DC-0976EFAB4B0B} - C:\Program Files (x86)\metaCrawler\1.8.19.0\bh\metacrawler.dll (Info Space)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - MapsGalaxy - {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll (MindSpark)
Toolbar: HKLM-x32 - metacrawler  Toolbar - {7EACAC38-B7F6-4514-9DC1-3428A7964ABD} - C:\Program Files (x86)\metaCrawler\1.8.19.0\metacrawlerTlbr.dll (Info Space)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {364EA597-E728-4CE4-BB4A-ED846EF47970} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: haufereader - No CLSID Value - 
Handler-x32: haufereader - No CLSID Value - 
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2012-01-03] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default
FF user.js: detected! => C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\user.js
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Homepage: hxxp://home.mywebsearch.com/index.jhtml?ptb=9014491E-1888-4829-981D-2EA46184459D&n=77fce190&p2=^UX^xdm080^YY^de&si=CPyx7tbX5rcCFQeS3godXzsAVA
FF Keyword.URL: hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=9014491E-1888-4829-981D-2EA46184459D&n=77fce190&ind=2013061520&p2=^UX^xdm080^YY^de&si=CPyx7tbX5rcCFQeS3godXzsAVA&searchfor=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin - C:\Program Files (x86)\Java\jre6\bin\dtplugin\npDeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @MapsGalaxy_39.com/Plugin - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\NP39Stub.dll (MindSpark)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\my-web-search.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\webde-suche.xml
FF Extension: MapsGalaxy - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\Extensions\39ffxtbr@MapsGalaxy_39.com
FF Extension: Plus-HD-1.6 - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\Extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com
FF Extension: Wajam - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\Extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}
FF Extension: testpilot - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: toolbar - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\Extensions\toolbar@gmx.net.xpi
FF HKLM-x32\...\Firefox\Extensions: [39ffxtbr@MapsGalaxy_39.com] - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin
FF Extension: MapsGalaxy - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi

Chrome: 
=======
CHR HomePage: hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=HitachiXHDS723020BLA642_MN1240F32ZMU2D2ZMU2DX&ts=1377368514
CHR RestoreOnStartup: "hxxp://www.google.de/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U10) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RocketLife Secure Plug-In Layer) - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_175.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Plus-HD-1.6) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.23.23_0
CHR Extension: (Google Wallet) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx

==================== Services (Whitelisted) =================

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [948296 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 BitGuard; C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [3780064 2013-11-18] ()
R2 HRService; C:\Program Files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe [71056 2012-11-21] ()
R2 Kodak AiO Network Discovery Service; C:\Program Files (x86)\AiO\Center\EKAiOHostService.exe [395640 2013-03-15] (Eastman Kodak Company)
R2 Kodak AiO Status Monitor Service; C:\Program Files (x86)\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-01-15] (Eastman Kodak Company)
R2 MapsGalaxy_39Service; C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39barsvc.exe [42504 2013-06-15] (COMPANYVERS_NAME)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-14] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
R2 TomTomHOMEService; H:\Programme\Tom-Tom\Home\TomTom HOME 2\TomTomHOMEService.exe [93072 2013-07-02] (TomTom)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
S2 ezSharedSvc; 
S3 Uniblue.PowersuiteSvc; "C:\Program Files (x86)\Uniblue\PowerSuite\powersuite_service.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [106904 2013-11-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
S1 cdrbsdrv; C:\Windows\SysWow64\Drivers\cdrbsdrv.sys [32256 2005-05-11] (B.H.A Corporation)
R3 CRFILTER; C:\Windows\System32\DRIVERS\CRFILTER.sys [7168 2012-07-14] (Generic)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-14] (Microsoft Corporation)
R3 pmkbdfltr; C:\Windows\System32\DRIVERS\pmkbdfltr.sys [18832 2012-08-01] (PenMount)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-01 15:53 - 2013-12-01 15:54 - 00030212 _____ C:\Users\Anna\Downloads\FRST.txt
2013-12-01 15:53 - 2013-12-01 15:53 - 01959184 _____ (Farbar) C:\Users\Anna\Downloads\FRST64.exe
2013-12-01 15:53 - 2013-12-01 15:53 - 00000000 ____D C:\FRST
2013-12-01 15:11 - 2013-12-01 15:11 - 00000956 _____ C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk
2013-12-01 15:08 - 2013-12-01 15:08 - 00000000 ____D C:\Program Files (x86)\iMesh Applications
2013-12-01 14:50 - 2013-12-01 14:50 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-12-01 14:48 - 2013-12-01 14:49 - 30694824 _____ (Oracle Corporation) C:\Users\Anna\Downloads\jre-7u45-windows-x64.exe
2013-11-22 21:31 - 2013-11-22 21:31 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-11-15 19:44 - 2013-11-15 19:44 - 00169272 _____ (Firseria·s·l·) C:\Users\Anna\Downloads\Setup (6).exe
2013-11-15 19:44 - 2013-11-15 19:44 - 00169272 _____ (Firseria·s·l·) C:\Users\Anna\Downloads\Setup (5).exe
2013-11-14 21:45 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 21:45 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 21:45 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-14 21:45 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 21:45 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 21:45 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 21:45 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 21:45 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 21:45 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-14 21:45 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-14 21:45 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 21:45 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-14 21:45 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 21:45 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-14 21:45 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 21:45 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 21:45 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-14 21:45 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 21:44 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 21:44 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 21:44 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 18:53 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 18:53 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 18:53 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 18:53 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 18:53 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 18:53 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 18:53 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 18:53 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-14 18:53 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-14 18:52 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 18:52 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 18:52 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 18:52 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-14 18:52 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 18:52 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 18:52 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 18:52 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 18:52 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 18:52 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 18:52 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 18:52 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 18:52 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 18:52 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 18:52 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 18:52 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-14 18:52 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-14 18:52 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-14 18:52 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-14 18:52 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 18:52 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-06 23:18 - 2013-11-06 23:18 - 00165176 _____ (Firseria·s·l ) C:\Users\Anna\Downloads\Setup (4).exe
2013-11-06 09:04 - 2013-11-06 09:04 - 00169272 _____ (Firseria·s·l·) C:\Users\Anna\Downloads\Setup (3).exe
2013-11-06 08:58 - 2013-11-06 08:58 - 18093752 _____ (Adobe Systems Inc.) C:\Users\Anna\Downloads\air3-9_win.exe
2013-11-04 09:53 - 2013-11-04 09:53 - 00000000 ____D C:\ProgramData\APN
2013-11-04 09:36 - 2013-12-01 14:50 - 00000000 ____D C:\ProgramData\Oracle
2013-11-04 09:35 - 2013-11-04 09:35 - 00004886 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-04 09:35 - 2012-08-28 19:10 - 00157680 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2013-11-04 09:35 - 2012-08-28 19:10 - 00149488 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2013-11-04 09:35 - 2012-08-28 19:09 - 00149488 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2013-11-04 09:30 - 2013-11-04 09:30 - 00915368 _____ (Oracle Corporation) C:\Users\Anna\Downloads\chromeinstall-7u45.exe
2013-11-04 09:29 - 2013-11-04 09:29 - 00319384 _____ C:\Users\Anna\Downloads\Setup (2).exe
2013-11-04 09:29 - 2013-11-04 09:29 - 00319384 _____ C:\Users\Anna\Downloads\Setup (1).exe
2013-11-03 18:43 - 2013-11-29 18:24 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForAnna.job
2013-11-03 18:43 - 2013-11-27 18:43 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAnna

==================== One Month Modified Files and Folders =======

2013-12-01 15:54 - 2013-12-01 15:53 - 00030212 _____ C:\Users\Anna\Downloads\FRST.txt
2013-12-01 15:53 - 2013-12-01 15:53 - 01959184 _____ (Farbar) C:\Users\Anna\Downloads\FRST64.exe
2013-12-01 15:53 - 2013-12-01 15:53 - 00000000 ____D C:\FRST
2013-12-01 15:51 - 2013-07-19 19:09 - 00001196 _____ C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job
2013-12-01 15:51 - 2013-07-19 19:09 - 00001192 _____ C:\Windows\Tasks\Plus-HD-1.6-updater.job
2013-12-01 15:51 - 2013-07-19 19:09 - 00001096 _____ C:\Windows\Tasks\Plus-HD-1.6-enabler.job
2013-12-01 15:51 - 2013-07-19 19:08 - 00001904 _____ C:\Windows\Tasks\Plus-HD-1.6-chromeinstaller.job
2013-12-01 15:51 - 2013-07-19 19:08 - 00001828 _____ C:\Windows\Tasks\Plus-HD-1.6-firefoxinstaller.job
2013-12-01 15:51 - 2012-04-03 18:32 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-01 15:51 - 2012-02-29 20:35 - 00000000 ____D C:\ProgramData\Kodak
2013-12-01 15:51 - 2012-01-03 05:24 - 00000000 ____D C:\ProgramData\PDFC
2013-12-01 15:51 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-01 15:51 - 2009-07-14 05:51 - 00068874 _____ C:\Windows\setupact.log
2013-12-01 15:50 - 2010-11-21 04:47 - 00947192 _____ C:\Windows\PFRO.log
2013-12-01 15:23 - 2012-02-28 19:23 - 01987377 _____ C:\Windows\WindowsUpdate.log
2013-12-01 15:11 - 2013-12-01 15:11 - 00000956 _____ C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk
2013-12-01 15:08 - 2013-12-01 15:08 - 00000000 ____D C:\Program Files (x86)\iMesh Applications
2013-12-01 15:03 - 2013-03-06 19:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-01 14:57 - 2013-08-17 18:56 - 00000288 _____ C:\Windows\Tasks\MetaCrawler.job
2013-12-01 14:54 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-01 14:54 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-01 14:51 - 2012-01-03 04:53 - 00771210 _____ C:\Windows\system32\perfh007.dat
2013-12-01 14:51 - 2012-01-03 04:53 - 00173944 _____ C:\Windows\system32\perfc007.dat
2013-12-01 14:51 - 2009-07-14 06:13 - 01799742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-01 14:50 - 2013-12-01 14:50 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-12-01 14:50 - 2013-11-04 09:36 - 00000000 ____D C:\ProgramData\Oracle
2013-12-01 14:50 - 2012-12-16 18:56 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-01 14:50 - 2012-03-28 20:19 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-01 14:50 - 2012-03-28 20:19 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-01 14:50 - 2012-03-28 20:18 - 00000000 ____D C:\Program Files\Java
2013-12-01 14:49 - 2013-12-01 14:48 - 30694824 _____ (Oracle Corporation) C:\Users\Anna\Downloads\jre-7u45-windows-x64.exe
2013-12-01 14:48 - 2012-04-03 18:32 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-29 19:36 - 2012-10-29 20:55 - 00000316 _____ C:\Windows\Tasks\PrintProjects Communicator.job
2013-11-29 18:24 - 2013-11-03 18:43 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForAnna.job
2013-11-27 18:43 - 2013-11-03 18:43 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAnna
2013-11-27 18:43 - 2012-05-15 14:54 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-11-27 18:43 - 2012-02-29 18:52 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-11-27 18:41 - 2012-02-29 18:50 - 00000000 ____D C:\Users\Anna\AppData\Roaming\HpUpdate
2013-11-27 18:41 - 2012-02-29 18:50 - 00000000 ____D C:\Users\Anna\AppData\Roaming\HP Support Assistant
2013-11-27 18:29 - 2013-05-07 21:18 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-27 18:29 - 2013-03-27 10:00 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-27 18:29 - 2013-03-27 10:00 - 00106904 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-11-27 18:29 - 2013-03-27 10:00 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-25 00:31 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-11-24 22:59 - 2012-04-06 17:28 - 00000000 ____D C:\Users\Anna\AppData\Local\CrashDumps
2013-11-24 18:57 - 2013-03-06 19:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-24 18:57 - 2013-03-06 19:44 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-24 18:57 - 2013-03-06 19:44 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-24 18:55 - 2012-04-03 18:42 - 00000000 ____D C:\Users\Anna\AppData\Local\Adobe
2013-11-24 18:44 - 2013-09-13 18:52 - 00000000 ____D C:\ProgramData\BitGuard
2013-11-22 21:37 - 2013-08-17 19:01 - 00000000 ____D C:\ProgramData\eSafe
2013-11-22 21:31 - 2013-11-22 21:31 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-11-15 20:48 - 2011-02-11 18:15 - 01819218 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-15 19:54 - 2012-09-01 15:30 - 00002472 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-15 19:44 - 2013-11-15 19:44 - 00169272 _____ (Firseria·s·l·) C:\Users\Anna\Downloads\Setup (6).exe
2013-11-15 19:44 - 2013-11-15 19:44 - 00169272 _____ (Firseria·s·l·) C:\Users\Anna\Downloads\Setup (5).exe
2013-11-14 21:44 - 2009-07-14 03:34 - 00000499 _____ C:\Windows\win.ini
2013-11-14 21:43 - 2013-08-14 18:04 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 21:41 - 2012-03-06 09:50 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 17:58 - 2012-03-28 20:20 - 00000000 ____D C:\ProgramData\Lexware
2013-11-11 05:50 - 2010-11-21 04:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-06 23:18 - 2013-11-06 23:18 - 00165176 _____ (Firseria·s·l ) C:\Users\Anna\Downloads\Setup (4).exe
2013-11-06 16:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-06 09:04 - 2013-11-06 09:04 - 00169272 _____ (Firseria·s·l·) C:\Users\Anna\Downloads\Setup (3).exe
2013-11-06 08:58 - 2013-11-06 08:58 - 18093752 _____ (Adobe Systems Inc.) C:\Users\Anna\Downloads\air3-9_win.exe
2013-11-04 10:14 - 2012-02-28 19:22 - 00000000 ____D C:\Users\Anna
2013-11-04 10:13 - 2013-09-13 18:52 - 00000000 ____D C:\Users\DefaultAppPool
2013-11-04 10:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-11-04 09:53 - 2013-11-04 09:53 - 00000000 ____D C:\ProgramData\APN
2013-11-04 09:35 - 2013-11-04 09:35 - 00004886 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-04 09:35 - 2012-03-29 14:59 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-04 09:30 - 2013-11-04 09:30 - 00915368 _____ (Oracle Corporation) C:\Users\Anna\Downloads\chromeinstall-7u45.exe
2013-11-04 09:29 - 2013-11-04 09:29 - 00319384 _____ C:\Users\Anna\Downloads\Setup (2).exe
2013-11-04 09:29 - 2013-11-04 09:29 - 00319384 _____ C:\Users\Anna\Downloads\Setup (1).exe
2013-11-03 18:31 - 2013-10-29 15:53 - 00000320 _____ C:\Windows\Tasks\Start Registry Reviver for Anna-HP@Anna(scheduling).job

Files to move or delete:
====================
C:\ProgramData\RegistryReviver.exe
C:\Users\Anna\sysrc_trial_9407_german.exe
C:\Users\Public\AlexaNSISPlugin.6500.dll


Some content of TEMP:
====================
C:\Users\Anna\AppData\Local\Temp\avgnt.exe
C:\Users\Anna\AppData\Local\Temp\BackupSetup.exe
C:\Users\Anna\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Anna\AppData\Local\Temp\Resource.exe
C:\Users\Anna\AppData\Local\Temp\sp58915.exe
C:\Users\Anna\AppData\Local\Temp\uninst1.exe
C:\Users\Anna\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Anna\AppData\Local\Temp\?odec Performer803975.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-12 23:02

==================== End Of Log ============================
         
+++

Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2013
Ran by Anna at 2013-12-01 15:55:09
Running from C:\Users\Anna\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 3.9.0.1200)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.152)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95)
aioprnt (Version: 5.3.1.0)
aioscnnr (x32 Version: 6.2.3.10)
aioscnnr (x32 Version: 7.6.13.10)
AMD APP SDK Runtime (Version: 2.4.595.10)
AMD VISION Engine Control Center (x32 Version: 2011.0531.2216.38124)
ATI Catalyst Install Manager (Version: 3.0.825.0)
Avira Antivirus Premium (x32 Version: 14.0.1.749)
Bejeweled 3 (x32 Version: 2.2.0.97)
BitGuard (x32)
Blasterball 3 (x32 Version: 2.2.0.97)
Bounce Symphony (x32 Version: 2.2.0.97)
Cake Mania (x32 Version: 2.2.0.95)
CANON iMAGE GATEWAY MyCamera Download Plugin (x32 Version: 3.1.1.2)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.9.0.9)
Canon MOV Decoder (x32 Version: 1.8.0.7)
Canon MOV Encoder (x32 Version: 1.6.0.1)
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.7.0.4)
Canon Utilities CameraWindow DC 8 (x32 Version: 8.4.0.3)
Canon Utilities CameraWindow Launcher (x32 Version: 7.5.0.2)
Canon Utilities Movie Uploader for YouTube (x32 Version: 1.2.0.7)
Canon Utilities MyCamera (x32 Version: 7.4.0.2)
Canon Utilities PhotoStitch (x32 Version: 3.1.22.46)
Canon Utilities ZoomBrowser EX (x32 Version: 6.7.0.24)
Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.5.0.9)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0531.2216.38124)
Catalyst Control Center InstallProxy (x32 Version: 2011.0531.2216.38124)
Catalyst Control Center Localization All (x32 Version: 2011.0531.2216.38124)
Catalyst Control Center Profiles Desktop (x32 Version: 2011.0531.2216.38124)
CCC Help Chinese Standard (x32 Version: 2011.0531.2215.38124)
CCC Help Chinese Traditional (x32 Version: 2011.0531.2215.38124)
CCC Help Czech (x32 Version: 2011.0531.2215.38124)
CCC Help Danish (x32 Version: 2011.0531.2215.38124)
CCC Help Dutch (x32 Version: 2011.0531.2215.38124)
CCC Help English (x32 Version: 2011.0531.2215.38124)
CCC Help Finnish (x32 Version: 2011.0531.2215.38124)
CCC Help French (x32 Version: 2011.0531.2215.38124)
CCC Help German (x32 Version: 2011.0531.2215.38124)
CCC Help Greek (x32 Version: 2011.0531.2215.38124)
CCC Help Hungarian (x32 Version: 2011.0531.2215.38124)
CCC Help Italian (x32 Version: 2011.0531.2215.38124)
CCC Help Japanese (x32 Version: 2011.0531.2215.38124)
CCC Help Korean (x32 Version: 2011.0531.2215.38124)
CCC Help Norwegian (x32 Version: 2011.0531.2215.38124)
CCC Help Polish (x32 Version: 2011.0531.2215.38124)
CCC Help Portuguese (x32 Version: 2011.0531.2215.38124)
CCC Help Russian (x32 Version: 2011.0531.2215.38124)
CCC Help Spanish (x32 Version: 2011.0531.2215.38124)
CCC Help Swedish (x32 Version: 2011.0531.2215.38124)
CCC Help Thai (x32 Version: 2011.0531.2215.38124)
CCC Help Turkish (x32 Version: 2011.0531.2215.38124)
ccc-utility64 (Version: 2011.0531.2216.38124)
center (x32 Version: 7.7.2.0)
Chronicles of Albian (x32 Version: 2.2.0.95)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Cradle of Rome 2 (x32 Version: 2.2.0.95)
D3DX10 (x32 Version: 15.4.2368.0902)
dm-Fotowelt (x32 Version: 5.0.4)
DriverTuner 3.1.0.0 (x32 Version: 3.1.0.0)
Duplicate Cleaner Free 3.2.1 (x32 Version: 3.2.1)
essentials (x32 Version: 7.7.2.0)
Farm Frenzy (x32 Version: 2.2.0.95)
FATE (x32 Version: 2.2.0.97)
FileHippo.com Update Checker (x32)
Fotogalerie (x32 Version: 16.4.3508.0205)
Google Chrome (x32 Version: 31.0.1650.57)
Google Earth (x32 Version: 7.1.1.1871)
Google Update Helper (x32 Version: 1.3.21.165)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95)
Haufe Formular-Manager (x32 Version: 12.05.03.0009)
Haufe iDesk-Browser (x32 Version: 12.10.08.8873)
Haufe iDesk-Service (x32 Version: 12.11.21.8888)
Haufe-Lexware ERiC (x32 Version: 15.03.00.0005)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Games (x32 Version: 1.0.2.5)
HP LinkUp (x32 Version: 2.01.028)
HP Odometer (x32 Version: 2.10.0000)
HP Setup (x32 Version: 8.7.4747.3786)
HP Setup Manager (x32 Version: 1.1.13880.3792)
HP Support Information (x32 Version: 10.1.1000)
HP Update (x32 Version: 5.002.003.003)
HP Vision Hardware Diagnostics (Version: 2.9.0.0)
HydraVision (x32 Version: 4.2.200.0)
ImageMixer VCD/DVD2 for OLYMPUS (x32 Version: 2.01.102.1)
iMesh (HKCU Version: 12.5.0.134242)
Java 7 Update 45 (64-bit) (Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Java(TM) 6 Update 13 (64-bit) (Version: 6.0.130)
Java(TM) 6 Update 35 (x32 Version: 6.0.350)
Jewel Quest Solitaire (x32 Version: 2.2.0.95)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95)
Kodak AIO Printer (Version: 7.7.2.0)
KODAK All-in-One Software (x32 Version: 7.7.6.0)
KODAK Create@Home Software (für dm) (x32 Version: 7.3.8392)
Konz 2012 (x32 Version: 1.00.0000)
Konz 2013 (x32 Version: 1.00.0000)
LabelPrint (x32 Version: 2.5.3925)
Lexware buchhalter 2013 (x32 Version: 18.51.00.0371)
Lexware Elster (x32 Version: 13.15.00.0074)
Lexware Info Service (x32 Version: 2.90.00.0009)
Lexware online banking (x32 Version: 20.00.00.0059)
Lohnsteuer-Tabellen (x32 Version: 4.1.0.0)
Magic Desktop (x32 Version: 3.0)
Mah Jong Medley (x32 Version: 2.2.0.95)
MapsGalaxy Toolbar (x32)
metaCrawler (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Mathematics (x32 Version: 4.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000)
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Movie Maker (x32 Version: 16.4.3508.0205)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97)
MyTomTom 3.2.0.1220 (x32 Version: 3.2.0.1220)
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95)
NetCologne NetDSL-Installationsdateien entfernen (x32)
ocr (x32 Version: 6.2.3.50)
OLYMPUS Master (x32 Version: 1.42.5000)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
PDF Complete Special Edition (x32 Version: 4.0.54)
Penguins! (x32 Version: 2.2.0.95)
Photo Common (x32 Version: 16.4.3508.0205)
Photo Gallery (x32 Version: 16.4.3508.0205)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Plus-HD-1.6 (x32 Version: 1.27.153.8) <==== ATTENTION
Polar Bowler (x32 Version: 2.2.0.97)
Power2Go (x32 Version: 6.1.5331)
PreReq (x32 Version: 6.2.4.0)
PrintProjects (x32 Version: 1.0.0.10712)
Ratelex 2000 V. 3.6  (x32 Version: V. 3.6)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6531)
Recovery Manager (x32 Version: 5.5.0.4320)
Registry Reviver (Version: 3.0.1.142)
Remote Graphics Receiver (x32 Version: 5.4.5)
Slingo Deluxe (x32 Version: 2.2.0.95)
Steuer 2011 (x32 Version: 19.00.7304)
Steuer 2012 (x32 Version: 20.00.8137)
TeamViewer 7 (x32 Version: 7.0.12799)
TomTom HOME (x32 Version: 2.9.6)
TomTom HOME Visual Studio Merge Modules (x32 Version: 1.0.2)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update Installer for WildTangent Games App (x32)
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95)
Visual Studio C++ 10.0 Runtime (x32 Version: 10.0.0)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live Family Safety (Version: 16.4.3508.0205)
Windows Live Family Safety (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Messenger (x32 Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
Windows Live Writer (x32 Version: 16.4.3508.0205)
Windows Live Writer Resources (x32 Version: 16.4.3508.0205)
Windows Media Center Add-in for Silverlight (x32 Version: 4.7.3.0)
Zinio Reader 4 (x32 Version: 4.2.4164)
Zuma Deluxe (x32 Version: 2.2.0.95)

==================== Restore Points  =========================

06-11-2013 22:23:00 Registry Reviver Restore Point (11/06/13)
09-11-2013 15:14:10 Windows Update
14-11-2013 20:40:35 Windows Update
22-11-2013 20:35:43 Windows Update
22-11-2013 20:37:35 Avira Antivirus Premium - 22.11.2013 21:37
22-11-2013 20:39:45 Avira Antivirus Premium - 22.11.2013 21:39
22-11-2013 22:17:55 Registry Reviver Restore Point (11/22/13)
27-11-2013 17:27:49 Windows Update
01-12-2013 13:49:33 Installed Java 7 Update 45 (64-bit)

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {079245EA-5D22-49BE-A630-7E38EE01D608} - System32\Tasks\Plus-HD-1.6-firefoxinstaller => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-firefoxinstaller.exe [2013-07-19] (Plus HD) <==== ATTENTION
Task: {084E5737-9EA6-4B77-9FE8-88183F13907D} - System32\Tasks\MetaCrawler => C:\Users\Anna\AppData\Roaming\MetaCrawler\UpdateProc\UpdateTask.exe [2013-08-17] ()
Task: {18BFF88D-C4A0-4389-8B09-15CB107F82DC} - System32\Tasks\{9BEDB6C5-D123-44AF-97EF-9C193BF9EC97} => C:\Program Files (x86)\McAfee Security Scan\3.0.207\mcuicnt.exe
Task: {19808A24-27C9-4632-8236-45CEBD6F94F9} - System32\Tasks\{B19BFBD3-22E7-40B1-8092-5E0933F64BFB} => C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe [2013-11-27] (Avira Operations GmbH & Co. KG)
Task: {208DDB4F-44CF-4B94-8BFF-0D16CA12594F} - System32\Tasks\{5B24A3E6-8484-451D-AC85-8119A1AA3093} => Chrome.exe 
Task: {2898FA0B-BFB3-4255-BA06-E621803BA92B} - System32\Tasks\{5EE4981E-4C60-4D95-A137-28D6B1684E15} => G:\Fehler 0x8004210A\setup.exe
Task: {28C53F3E-7359-46D2-91EC-6F86E7A08FAD} - System32\Tasks\{81587730-B882-4280-AEF9-DA69CD1E799F} => C:\Program Files (x86)\McAfee Security Scan\3.0.207\mcuicnt.exe
Task: {2C258B51-4D4B-4A60-B867-2F4C95216304} - System32\Tasks\{D56307B7-5708-42CF-AC0F-ABE15B9FA25B} => G:\Fehler 0x8004210A\setup.exe
Task: {2C283087-C7AF-4A3D-9A41-F90ABD3742CC} - System32\Tasks\{C1E8B04E-84D0-4D81-9BFF-A03FCA749C81} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.3.0.111.396/de/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {30CED0A6-2ED1-46A9-9088-7DEE746E3391} - System32\Tasks\Plus-HD-1.6-chromeinstaller => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe [2013-07-19] (Plus HD) <==== ATTENTION
Task: {33CCD810-6700-4215-8F61-04878E3E7CE6} - System32\Tasks\{32F73D83-6C58-4536-AD9E-F14806ECF03F} => C:\Program Files (x86)\Uniblue\PowerSuite\launcher.exe
Task: {3AE89158-85A2-480F-AEDD-A720F74D92DF} - System32\Tasks\Start Registry Reviver for Anna-HP@Anna(scheduling) => C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe [2013-09-10] (ReviverSoft LLC)
Task: {3B08B24C-0FF2-4CB1-95AE-784EFC5D0EDB} - System32\Tasks\{ACF5D4BD-FF59-4B01-91B2-970FACBCBEDE} => C:\Windows\ISW\netcol.dsl\signup\service.exe [2003-07-30] (ProDyne)
Task: {3C581A9D-01E7-4546-9F80-4285FE0F374E} - System32\Tasks\{CCB9DD6C-4693-44B6-BC40-1C7E28B676E4} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.3.0.111.396/de/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {46E5FF93-CC87-4037-94CC-037139968D8C} - System32\Tasks\{09F221CF-5372-4EBC-A941-0C25D8BA0C4F} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.3.0.111.396/de/eula
Task: {56C8A226-B660-433D-847E-E8CB350F927B} - System32\Tasks\{76E36731-5736-4569-85A6-FE0670CEAF75} => G:\Programme\stman2012.exe
Task: {5D6F3C68-F43D-40C6-AF2C-A5AF23EC9D8D} - System32\Tasks\{9E4DEDD3-6C2E-4CBE-9972-C7B59E61036B} => Chrome.exe 
Task: {64DC6785-1874-4DA9-AC36-C84F02A55D93} - System32\Tasks\Plus-HD-1.6-codedownloader => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe [2013-07-19] (Plus HD) <==== ATTENTION
Task: {661B4304-FA5E-4BC0-AC4C-8F8AE71EFE85} - System32\Tasks\PrintProjects Communicator => C:\ProgramData\PrintProjects\Communicator.exe [2013-01-27] ()
Task: {6679333B-5E69-4B0C-9204-7B147E778085} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {67CBE5E6-DAE4-4E11-A357-AE187C95906A} - System32\Tasks\Dealply => C:\Users\Anna\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {6C483C03-8FD1-44E0-B84D-6247FFC4C7B3} - System32\Tasks\{BF4AD9D4-27AD-4FEE-871B-FF0CDF4C02FD} => C:\Program Files (x86)\Uniblue\PowerSuite\launcher.exe
Task: {6C5C22AF-0EE2-4D92-AA4A-173933E27239} - System32\Tasks\{97ED5C55-9D35-4713-8D4F-DCC5A954C281} => C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\OLYMPUS Master.exe [2006-05-16] (OLYMPUS IMAGING CORP.)
Task: {6FD9D447-9D2F-41A4-AAAD-CFA0D1EFA4E9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {811F68D1-6870-4BAD-AECA-725645D4D51F} - System32\Tasks\Plus-HD-1.6-enabler => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe [2013-10-24] (Plus HD) <==== ATTENTION
Task: {8800D31B-1993-4306-872E-28A27E87D4A6} - System32\Tasks\{86A7E65F-EA74-48C8-BE48-F829E2218ADE} => C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\OLYMPUS Master.exe [2006-05-16] (OLYMPUS IMAGING CORP.)
Task: {919AFD07-5D0C-4DE1-8170-76E2CDCAE020} - System32\Tasks\0 => Iexplore.exe 
Task: {9A867098-A4E0-4FC0-A2F2-819C511136C7} - System32\Tasks\{4B9CC145-EDE1-43FE-9507-F860382684C0} => C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe [2013-11-27] (Avira Operations GmbH & Co. KG)
Task: {A3D13AB7-45E4-45BC-8FB2-5904025C656E} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-07-21] (CyberLink)
Task: {B45E8B42-3FED-4187-B7E0-440FED723D16} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-03] (Google Inc.)
Task: {B5F9F659-CB8C-4427-AC83-E073C6B9CD37} - System32\Tasks\{E39B35A4-6CFE-49B7-8891-C89ED75D6ABA} => Chrome.exe 
Task: {B7156EEA-C217-4062-A235-88C761B15D71} - System32\Tasks\Plus-HD-1.6-updater => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe [2013-07-19] (Plus HD) <==== ATTENTION
Task: {B91F8336-43B0-48BE-BE95-E850F143FDDE} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-06-15] ()
Task: {C0CBB9F9-205D-4CBC-8888-FD067B9F6D65} - System32\Tasks\{FC35D34F-B49D-4354-AB3C-12AF5B01AE0A} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.3.0.111.396/de/eula
Task: {C6273A4B-2967-47BA-863B-4584F06F05FE} - System32\Tasks\{69B65542-C7B3-414B-8887-24545BB287E6} => C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\ZoomBrowser.exe [2010-10-28] ()
Task: {C9F85312-E50E-4851-95A7-AD7F1088E2CC} - System32\Tasks\{549F9680-829F-4CB3-B1E7-6CDD14632762} => C:\Program Files (x86)\Uniblue\PowerSuite\launcher.exe
Task: {D1E8142B-02C7-42A5-A48C-6E5B9B666524} - System32\Tasks\{4865926C-8A7E-4A41-84BC-586F1DFCEEB9} => C:\Windows\ISW\netcol.dsl\signup\service.exe [2003-07-30] (ProDyne)
Task: {D700C092-3399-41FE-BDCE-24E066236C65} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {E3E76A49-EADB-4556-94A9-693C048A0EB4} - System32\Tasks\{892FFB6F-60EC-45AD-8761-7DF820F915FD} => C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\OLYMPUS Master.exe [2006-05-16] (OLYMPUS IMAGING CORP.)
Task: {EC92B5DD-48DD-4006-BB47-42E77E31AFFA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {ECE8C452-3F6F-493C-A448-77F5A2256E5D} - System32\Tasks\HPCeeScheduleForAnna => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {F1C80705-9190-4C5F-9087-68B55427A86F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-24] (Adobe Systems Incorporated)
Task: {F75561FD-3233-4E3E-8252-DEFD36A3211B} - System32\Tasks\4563 => C:\Users\Anna\AppData\Local\Temp\launchie.vbsC:\Users\Anna\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {F926BAC4-1F1B-4723-93A3-24BD9FFFAFA7} - System32\Tasks\{F925D1D6-B290-4F3D-97B0-3A1CB3D2EE55} => C:\Program Files (x86)\Uniblue\PowerSuite\launcher.exe
Task: {FA209C9C-3F6D-4E9A-87D9-BDB268ECBC14} - System32\Tasks\{55DFE667-D8AD-4CD7-8B29-E68BA369E5C1} => G:\Fehler 0x8004210A\setup.exe
Task: {FD8A9183-5055-4469-8667-FE183FD0047A} - System32\Tasks\{104A9456-5371-4F06-9435-57CFB4552876} => G:\Programme\stman2012.exe
Task: {FEB83217-414D-4B5F-A80F-4A7C8AA6DD27} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-03] (Google Inc.)
Task: {FF80DD1C-03A9-4E20-9E16-E33B3E5B6C21} - System32\Tasks\HPCeeScheduleForANNA-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\Anna\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForANNA-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForAnna.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\MetaCrawler.job => C:\Users\Anna\AppData\Roaming\METACR~1\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\Plus-HD-1.6-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe
Task: C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe
Task: C:\Windows\Tasks\Plus-HD-1.6-enabler.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe
Task: C:\Windows\Tasks\Plus-HD-1.6-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-firefoxinstaller.exe
Task: C:\Windows\Tasks\Plus-HD-1.6-updater.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe
Task: C:\Windows\Tasks\PrintProjects Communicator.job => C:\ProgramData\PrintProjects\Communicator.exe
Task: C:\Windows\Tasks\Start Registry Reviver for Anna-HP@Anna(scheduling).job => C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe

==================== Loaded Modules (whitelisted) =============

2013-11-22 21:31 - 2013-11-18 15:32 - 01958880 _____ () C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll
2013-06-15 19:25 - 2013-06-15 19:25 - 00292424 _____ () C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\AppIntegratorStub64.dll
2013-06-15 19:25 - 2013-06-15 19:25 - 00442952 _____ () C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\HPG64.DLL
2012-11-08 15:31 - 2012-11-08 15:21 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-11-20 00:32 - 2012-11-20 00:32 - 00103824 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\pywintypes24.dll
2012-11-21 00:24 - 2012-11-21 00:24 - 00071056 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\zlib.pyd
2012-11-21 00:31 - 2012-11-21 00:31 - 00032144 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32process.pyd
2012-11-21 00:31 - 2012-11-21 00:31 - 00019344 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32event.pyd
2012-11-21 00:24 - 2012-11-21 00:24 - 00054672 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\_socket.pyd
2012-11-21 00:24 - 2012-11-21 00:24 - 00017296 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\_ssl.pyd
2012-11-21 00:19 - 2012-11-21 00:19 - 00832912 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\LIBEAY32.dll
2012-11-21 00:19 - 2012-11-21 00:19 - 00161168 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\SSLEAY32.dll
2012-11-21 00:31 - 2012-11-21 00:31 - 00075152 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32api.pyd
2012-11-21 00:31 - 2012-11-21 00:31 - 00019344 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32evtlog.pyd
2012-11-21 00:31 - 2012-11-21 00:31 - 00029584 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\servicemanager.pyd
2012-11-21 00:31 - 2012-11-21 00:31 - 00083344 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32file.pyd
2012-11-21 00:31 - 2012-11-21 00:31 - 00021392 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32pipe.pyd
2012-11-21 00:31 - 2012-11-21 00:31 - 00107920 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32security.pyd
2012-11-21 00:31 - 2012-11-21 00:31 - 00037776 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32service.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00021392 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\persistent.cPersistence.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00014224 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\persistent.TimeStamp.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00020880 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\persistent.cPickleCache.pyd
2012-11-21 01:40 - 2012-11-21 01:40 - 00026512 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Acquisition._Acquisition.pyd
2012-11-21 01:40 - 2012-11-21 01:40 - 00020880 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\ExtensionClass._ExtensionClass.pyd
2012-11-21 01:40 - 2012-11-21 01:40 - 00010640 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\ComputedAttribute._ComputedAttribute.pyd
2012-11-21 01:40 - 2012-11-21 01:40 - 00027024 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\AccessControl.cAccessControl.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00013200 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Record._Record.pyd
2012-11-21 01:40 - 2012-11-21 01:40 - 00020368 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\DocumentTemplate.cDocumentTemplate.pyd
2012-11-21 00:24 - 2012-11-21 00:24 - 00140688 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\pyexpat.pyd
2012-11-21 01:40 - 2012-11-21 01:40 - 00058768 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._OOBTree.pyd
2012-11-21 01:40 - 2012-11-21 01:40 - 00062864 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._OIBTree.pyd
2012-11-21 01:40 - 2012-11-21 01:40 - 00062864 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._IOBTree.pyd
2012-11-21 01:40 - 2012-11-21 01:40 - 00062864 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._IIBTree.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00011152 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Persistence._Persistence.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00010128 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\MethodObject._MethodObject.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00011152 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Missing._Missing.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00011664 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\MultiMapping._MultiMapping.pyd
2012-11-21 00:24 - 2012-11-21 00:24 - 00013712 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\select.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00010128 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\ZODB.winlock.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00010128 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Products.ZCTextIndex.stopper.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00010128 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Products.ZCTextIndex.okascore.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00341392 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\_jpype.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00013200 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\TextIndexNG2\normalizer.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00012688 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\TextIndexNG2\indexsupport.pyd
2012-03-29 05:41 - 2012-03-29 05:41 - 00607232 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\OSR32V10.dll
2012-11-21 01:40 - 2012-11-21 01:40 - 00062864 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._fsBTree.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00271760 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\M2Crypto.__m2crypto.pyd
2012-10-19 10:28 - 2012-10-19 10:28 - 00024464 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32wnet.pyd
2013-08-01 11:47 - 2013-08-01 11:47 - 00026040 _____ () C:\Program Files (x86)\MyTomTom 3\DeviceDetection.dll
2013-08-01 11:47 - 2013-08-01 11:47 - 00074680 _____ () C:\Program Files (x86)\MyTomTom 3\TomTomSupporterBase.dll
2013-08-01 11:47 - 2013-08-01 11:47 - 00317880 _____ () C:\Program Files (x86)\MyTomTom 3\TomTomSupporterProxy.dll
2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2013-11-15 19:54 - 2013-11-14 12:28 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
2013-11-15 19:54 - 2013-11-14 12:28 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll
2013-11-15 19:54 - 2013-11-14 12:29 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
2013-11-15 19:54 - 2013-11-14 12:29 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
2013-11-15 19:54 - 2013-11-14 12:28 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
2013-11-15 19:54 - 2013-11-14 12:29 - 13582800 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/24/2013 10:59:31 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16736, Zeitstempel: 0x5258c4cc
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116
Ausnahmecode: 0xe06d7363
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0x59c
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (11/24/2013 07:00:00 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "G:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (11/22/2013 11:17:55 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {21ee995e-4fd9-4199-b0dd-40141c36176c}

Error: (11/22/2013 09:39:08 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "G:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (11/22/2013 09:37:35 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service Wsys Service since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (11/12/2013 11:54:13 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16720, Zeitstempel: 0x523cf127
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116
Ausnahmecode: 0xe06d7363
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0x1404
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (11/11/2013 10:59:46 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "G:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (11/06/2013 11:23:00 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {bc750725-dbff-48a2-8293-1e9a2b2b4b9f}

Error: (11/04/2013 09:27:51 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: hidb.exe, Version: 2012.10.7.0, Zeitstempel: 0x5071eed4
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x06446ef8
ID des fehlerhaften Prozesses: 0x129c
Startzeit der fehlerhaften Anwendung: 0xhidb.exe0
Pfad der fehlerhaften Anwendung: hidb.exe1
Pfad des fehlerhaften Moduls: hidb.exe2
Berichtskennung: hidb.exe3

Error: (11/03/2013 07:00:01 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "G:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"


System errors:
=============
Error: (12/01/2013 03:51:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Easybits Services for Windows" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (12/01/2013 03:50:51 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (12/01/2013 03:23:26 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (12/01/2013 03:19:02 PM) (Source: DCOM) (User: Anna-HP)
Description: AnwendungsspezifischLokalAktivierung{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}Anna-HPAnnaS-1-5-21-278328990-3096719447-1476682975-1000LocalHost (unter Verwendung von LRPC)

Error: (12/01/2013 02:45:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Easybits Services for Windows" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (12/01/2013 02:45:42 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (11/29/2013 07:57:37 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (11/29/2013 06:24:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Easybits Services for Windows" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (11/29/2013 06:24:04 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (11/27/2013 07:37:52 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}


Microsoft Office Sessions:
=========================
Error: (11/24/2013 10:59:31 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.167365258c4ccKERNELBASE.dll6.1.7601.1822951fb1116e06d73630000c41f59c01cee9597d363f1aC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\KERNELBASE.dllb204c764-5553-11e3-9219-38607789fdcd

Error: (11/24/2013 07:00:00 PM) (Source: Windows Backup)(User: )
Description: G:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (11/22/2013 11:17:55 PM) (Source: VSS)(User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {21ee995e-4fd9-4199-b0dd-40141c36176c}

Error: (11/22/2013 09:39:08 PM) (Source: Windows Backup)(User: )
Description: G:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (11/22/2013 09:37:35 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service Wsys Service since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (11/12/2013 11:54:13 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.16720523cf127KERNELBASE.dll6.1.7601.1822951fb1116e06d73630000c41f140401cedff88cd4e821C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\KERNELBASE.dll59529614-4bed-11e3-98bd-38607789fdcd

Error: (11/11/2013 10:59:46 PM) (Source: Windows Backup)(User: )
Description: G:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (11/06/2013 11:23:00 PM) (Source: VSS)(User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {bc750725-dbff-48a2-8293-1e9a2b2b4b9f}

Error: (11/04/2013 09:27:51 AM) (Source: Application Error)(User: )
Description: hidb.exe2012.10.7.05071eed4unknown0.0.0.000000000c000000506446ef8129c01ced93778be0b62C:\Program Files (x86)\Haufe\iDesk\iDeskBrowser\hidb.exeunknownfe4b0a4a-452a-11e3-8958-38607789fdcd

Error: (11/03/2013 07:00:01 PM) (Source: Windows Backup)(User: )
Description: G:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)


==================== Memory info =========================== 

Percentage of memory in use: 34%
Total physical RAM: 8178.82 MB
Available physical RAM: 5397.2 MB
Total Pagefile: 9711 MB
Available Pagefile: 6812.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1850.26 GB) (Free:1773.03 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.65 GB) (Free:1.48 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (MyDrive) (Fixed) (Total:465.76 GB) (Free:441.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: E91B7F62)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-212318814208) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 466 GB) (Disk ID: 5B5D6C0A)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 02.12.2013, 09:34   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Delta-Homes bzw. QV06 in IE, FF und Chrome - Standard

Delta-Homes bzw. QV06 in IE, FF und Chrome



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.12.2013, 17:44   #5
Roddinho
 
Delta-Homes bzw. QV06 in IE, FF und Chrome - Standard

Delta-Homes bzw. QV06 in IE, FF und Chrome



Malwarebytes:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.03.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Anna :: ANNA-HP [Administrator]

03.12.2013 17:58:16
mbam-log-2013-12-03 (17-58-16).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 238557
Laufzeit: 7 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe (PUP.Optional.MindSpark) -> 4476 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 33
HKCR\CLSID\{11111111-1111-1111-1111-110311201102} (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{44444444-4444-4444-4444-440344204402} (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{55555555-5555-5555-5555-550355205502} (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0032002.BHO.1 (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311201102} (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311201102} (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311201102} (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311201102} (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{93488930-185C-4CED-AFEB-0FD4930F8423} (PUP.Optional.BestToolbars) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA} (PUP.Optional.WebCake.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0032002.BHO (PUP.Optional.CrossRider.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0032002.Sandbox (PUP.Optional.CrossRider.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0032002.Sandbox.1 (PUP.Optional.CrossRider.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\DealPlyLive (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\delta LTD (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\BabSolution\Redir (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Distromatic\Toolbars (PUP.Optional.AlexaTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\InstalledBrowserExtensions\Plus HD (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\BPROTECTSETTINGS (PUP.Optional.BProtector.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\babylontoolbar (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\DealPlyLive (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Plus-HD-1.6 (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\qvo6Software (PUP.Optional.qvo6.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo (PUP.Optional.Elex.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-1.6 (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 5
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Daten: hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=B6CA38607789FDCD&affID=121284&tsp=4981 -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Daten: {33BB0A4E-99AF-4226-BDF6-49120163DE86} -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0W0U -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MapsGalaxy Search Scope Monitor (PUP.Optional.MindSpark) -> Daten: "C:\PROGRA~2\MAPSGA~2\bar\1.bin\39srchmn.exe" /m=2 /w /h -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MapsGalaxy_39 Browser Plugin Loader (PUP.Optional.MindSpark) -> Daten: C:\PROGRA~2\MAPSGA~2\bar\1.bin\39brmon.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Bösartig: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 14
C:\ProgramData\IBUpdaterService (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Roaming\SpeedAnalysis2 (PUP.Optional.SpeedAnalysis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\DealPlyLive (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\DealPlyLive\Update (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\DealPlyLive\Update\Log (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Roaming\Dealply (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Roaming\Dealply\UpdateProc (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\DealPlyLive (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\DealPlyLive\CrashReports (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Roaming\File Scout (PUP.Optional.FileScout.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\DealPlyLive (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\DealPlyLive\CrashReports (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-1.6 (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 84
C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho.dll (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\eSafe\eGdpSvc.exe.temp (Trojan.Staser) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Roaming\eIntaller\189872E7F3394c9eBDCDAF700462CD66\eGdpSvc.exe (PUP.Optional.Wsys.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Roaming\File Scout\filescout.exe (PUP.Optional.FileScout.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Temp\195A.tmp (PUP.Optional.PerformerSoft.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Temp\2A89.tmp (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Temp\D00B.tmp (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Temp\DD73.tmp (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Temp\Сodec Performer803975.exe (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Temp\BB05BC96-BAB0-7891-B995-599CC7C15577\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Temp\BB05BC96-BAB0-7891-B995-599CC7C15577\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Temp\BB05BC96-BAB0-7891-B995-599CC7C15577\Latest\BUSolution.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Temp\BB05BC96-BAB0-7891-B995-599CC7C15577\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Temp\BB05BC96-BAB0-7891-B995-599CC7C15577\Latest\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Temp\BB05BC96-BAB0-7891-B995-599CC7C15577\Latest\MyDeltaTB.exe (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Temp\BB05BC96-BAB0-7891-B995-599CC7C15577\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Temp\BD07822B-BAB0-7891-BB77-476CABA3BA60\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Temp\BD07822B-BAB0-7891-BB77-476CABA3BA60\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Temp\BD07822B-BAB0-7891-BB77-476CABA3BA60\Latest\BUSolution.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Temp\BD07822B-BAB0-7891-BB77-476CABA3BA60\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Temp\BD07822B-BAB0-7891-BB77-476CABA3BA60\Latest\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Temp\BD07822B-BAB0-7891-BB77-476CABA3BA60\Latest\MyDeltaTB.exe (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Temp\BD07822B-BAB0-7891-BB77-476CABA3BA60\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Temp\DA0B7E09-BAB0-7891-9D24-7E6C043F2302\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Temp\DA0B7E09-BAB0-7891-9D24-7E6C043F2302\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Temp\DA0B7E09-BAB0-7891-9D24-7E6C043F2302\Latest\BUSolution.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Temp\DA0B7E09-BAB0-7891-9D24-7E6C043F2302\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Temp\DA0B7E09-BAB0-7891-9D24-7E6C043F2302\Latest\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Temp\DA0B7E09-BAB0-7891-9D24-7E6C043F2302\Latest\MyDeltaTB.exe (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Temp\DA0B7E09-BAB0-7891-9D24-7E6C043F2302\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Temp\eIntaller\249B1E10D8BD41d19AFBE6FCDE69CE7D\eXQ.exe (PUP.Optional.Wilsys.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Temp\eIntaller\2CCA7E2A45DE4f259D6CB3008ED1F337\eXQ.exe (PUP.Optional.Wilsys.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Temp\eIntaller\537BBED61BD64cd4B76AD7C110E50566\eXQ.exe (PUP.Optional.Wilsys.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Temp\eIntaller\A132D7F135FD4faa83FA83CB76348070\eXQ.exe (PUP.Optional.Wilsys.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Temp\eIntaller\EBA6E46398054ccbB8D5EB17AFB535A7\eXQ.exe (PUP.Optional.Wilsys.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Temp\ins2253\ins2253.exe (PUP.Optional.Firseria) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Temp\is1275519350\DeltaTB.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Temp\is1275519350\dp.exe (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Temp\is1275519350\wajam_download.exe (PUP.Optional.Wajam) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Temp\~nsu.tmp\Au_.exe (PUP.Optional.Bandoo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\32002_updater.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\sysrc_trial_9407_german.exe (PUP.Optional.RegCleanerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\Downloads\Setup (1).exe (PUP.Optional.BundleInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\Downloads\Setup (2).exe (PUP.Optional.BundleInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\Downloads\Setup (3).exe (PUP.Optional.Firseria) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\Downloads\Setup (4).exe (PUP.Optional.Firseria) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\Downloads\Setup (5).exe (PUP.Optional.Firseria) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\Downloads\Setup (6).exe (PUP.Optional.Firseria) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\Plus-HD-1.6-chromeinstaller.job (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\Plus-HD-1.6-enabler.job (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\Plus-HD-1.6-firefoxinstaller.job (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\Plus-HD-1.6-updater.job (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\IBUpdaterService\repository.xml (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Roaming\SpeedAnalysis2\speedanalysis.crx (PUP.Optional.SpeedAnalysis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Roaming\speedanalysis.ico (PUP.Optional.SpeedAnalysis2.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data (PUP.Optional.BProtector.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences (PUP.Optional.BProtector.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrchMn.exe (PUP.Optional.MindSpark) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe (PUP.Optional.MindSpark) -> Löschen bei Neustart.
C:\ProgramData\DealPlyLive\Update\Log\DealPlyLive.log (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Roaming\Dealply\UpdateProc\config.dat (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Roaming\Dealply\UpdateProc\STTL.DAT (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Roaming\Dealply\UpdateProc\TTL.DAT (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Anna\AppData\Roaming\File Scout\uninst.exe (PUP.Optional.FileScout.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-1.6\32002.crx (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-1.6\32002.xpi (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-1.6\background.html (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-1.6\Installer.log (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bg.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-buttonutil.dll (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-buttonutil.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-buttonutil64.dll (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-buttonutil64.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-firefoxinstaller.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-helper.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6.ico (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-1.6\Uninstall.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-1.6\utils.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Adwcleaner:

Code:
ATTFilter
# AdwCleaner v3.014 - Bericht erstellt am 03/12/2013 um 18:19:40
# Updated 01/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Anna - ANNA-HP
# Gestartet von : C:\Users\Anna\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : BitGuard
Dienst Gelöscht : MapsGalaxy_39Service

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
[!] Ordner Gelöscht : C:\ProgramData\BitGuard
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\ProgramData\Systweak
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\Uniblue\DriverScanner
Ordner Gelöscht : C:\Program Files (x86)\DealPly
Ordner Gelöscht : C:\Program Files (x86)\iMesh Applications
Ordner Gelöscht : C:\Program Files (x86)\mapsgalaxy_39
Ordner Gelöscht : C:\Program Files (x86)\MetaCrawler
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files (x86)\WinZipper
Ordner Gelöscht : C:\Users\Anna\AppData\Local\mapsgalaxy_39
Ordner Gelöscht : C:\Users\Anna\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Anna\AppData\Local\Temp\eIntaller
Ordner Gelöscht : C:\Users\Anna\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Anna\AppData\LocalLow\iac
Ordner Gelöscht : C:\Users\Anna\AppData\LocalLow\mapsgalaxy_39
Ordner Gelöscht : C:\Users\Anna\AppData\LocalLow\MetaCrawler
Ordner Gelöscht : C:\Users\Anna\AppData\LocalLow\UtilityChest_49
Ordner Gelöscht : C:\Users\Anna\AppData\Roaming\eIntaller
Ordner Gelöscht : C:\Users\Anna\AppData\Roaming\eUpdate
Ordner Gelöscht : C:\Users\Anna\AppData\Roaming\mapsgalaxy_39
Ordner Gelöscht : C:\Users\Anna\AppData\Roaming\MetaCrawler
Ordner Gelöscht : C:\Users\Anna\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\Anna\AppData\Roaming\SeeSimilar02
Ordner Gelöscht : C:\Users\Anna\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Anna\AppData\Roaming\Uniblue\DriverScanner
Ordner Gelöscht : C:\Users\Anna\AppData\Roaming\UtilityChest_49
Ordner Gelöscht : C:\Users\Anna\AppData\Roaming\WinZipper
Ordner Gelöscht : C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Ordner Gelöscht : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\Extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}
Ordner Gelöscht : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\Extensions\39ffxtbr@MapsGalaxy_39.com
Ordner Gelöscht : C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk
Datei Gelöscht : C:\Users\Anna\Desktop\SpeedAnalysis.lnk
Datei Gelöscht : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\invalidprefs.js
Datei Gelöscht : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\delta.xml
Datei Gelöscht : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\my-web-search.xml
Datei Gelöscht : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\user.js
Datei Gelöscht : C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
Datei Gelöscht : C:\Windows\System32\Tasks\BitGuard
Datei Gelöscht : C:\Windows\Tasks\Dealply.job
Datei Gelöscht : C:\Windows\System32\Tasks\Dealply
Datei Gelöscht : C:\Windows\Tasks\MetaCrawler.job
Datei Gelöscht : C:\Windows\System32\Tasks\MetaCrawler

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Anna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Anna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Anna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Anna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [39ffxtbr@MapsGalaxy_39.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\*\shell\filescout
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iMesh.AudioCD
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DEALPL~1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DEALPL~1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@MapsGalaxy_39.com/Plugin
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gelöscht : HKCU\Software\908d88b23eed12
Schlüssel Gelöscht : HKLM\SOFTWARE\908d88b23eed12
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{364EA597-E728-4CE4-BB4A-ED846EF47970}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4EF7D75-52C9-4BCE-B6DC-0976EFAB4B0B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322202202}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366206602}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4EF7D75-52C9-4BCE-B6DC-0976EFAB4B0B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{268CA04C-106C-4636-B707-95E8CD5859E0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{364EA597-E728-4CE4-BB4A-ED846EF47970}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4EF7D75-52C9-4BCE-B6DC-0976EFAB4B0B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{364EA597-E728-4CE4-BB4A-ED846EF47970}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4EF7D75-52C9-4BCE-B6DC-0976EFAB4B0B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{364EA597-E728-4CE4-BB4A-ED846EF47970}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{364EA597-E728-4CE4-BB4A-ED846EF47970}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0E1FE4D8-70CE-417E-8FF4-C2B17FF3DD07}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{13B8FF9D-DEB0-4070-B846-D049218307B3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1E877590-30B7-400E-A835-B942489EB7BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366206602}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\Alexa Internet
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\distromatic
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\MapsGalaxy_39
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\LyricsContainer
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\MapsGalaxy_39
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Plus-HD-1.6
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\delta-homesSoftware
Schlüssel Gelöscht : HKLM\Software\eSafeSecControl
Schlüssel Gelöscht : HKLM\Software\hdcode
Schlüssel Gelöscht : HKLM\Software\InstallCore
Schlüssel Gelöscht : HKLM\Software\MapsGalaxy_39
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\V9
Schlüssel Gelöscht : HKLM\Software\winzipersvc
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Imesh
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MapsGalaxy_39bar Uninstall
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16736

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v

[ Datei : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\prefs.js ]

Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=9014491E-1888-4829-981D-2EA46184459D&n=77fce190&p2=^UX^xdm080^YY^de&si=CPyx7tbX5rcCFQeS3godXzsAVA");
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.backgroundjs", "\n\n/*****************************************************************************[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie.previous_page.value", "%22hxxp%3A//www1.delta-search.com/%3Fbabsrc%3DHP_ss%26mntrId%3DB6CA3[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.cache/3518e1eac042730aa1274618984462b3_DE.value", "%22var%20cat_3518e1eac042730aa127461[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.cache/5cdf8a7ef2ec84abac286c67587b78d9.value", "%22function%20tcmMarkWindow%28a%29%7Bva[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.cache/d5baae4ef839769f8eb7e9f9d82d8a40_DE.value", "%22var%20cat_d5baae4ef839769f8eb7e9f[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.cache/d9fe5d2850f1ed167451b193e8bd0e0c_DE.value", "%22var%20cat_d9fe5d2850f1ed167451b19[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.js", "\n\n  /************************************************************************************\[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return app[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_102.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_104.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_119.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_120.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_123.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_13.name", "CrossriderAppUtils");
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_138.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_14.name", "CrossriderUtils");
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_155.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n    appAP[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.a[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.que[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_con[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_78.name", "CrossriderInfo");
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_87.code", "var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jquery;if(appAPI.platform==\[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_9.code", "appAPI.hooks.addHook(\"searchEngine\",(function(a){return function(){var [...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_91.code", "(function(h){var p=(function(){var R=0;var Z=\"\";function Q(ac){return [...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_92.code", "if(typeof appAPI.internal.monetization===\"undefined\"){appAPI.internal.[...]
Zeile gelöscht : user_pref("extensions.crossrider.bic", "13ff81f0a1c7d5622ac6bb6bc0d95fcc");
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.bbDpng", "17");
Zeile gelöscht : user_pref("extensions.delta.cntry", "DE");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.hdrMd5", "61B07786922AEDE375C73461BEE9C103");
Zeile gelöscht : user_pref("extensions.delta.id", "b6ca621c00000000000038607789fdcd");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15938");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.lastVrsnTs", "1.8.24.519:49:24");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.sg", "azb");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.24.621:36:36");
Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=121284&tsp=4981");
Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
Zeile gelöscht : user_pref("extensions.ffxtlbr@delta.com.install-event-fired", true);
Zeile gelöscht : user_pref("extensions.mywebsearch.prevDefaultEngine", "Google");
Zeile gelöscht : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Zeile gelöscht : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=D60E4018-12A0-4218-AED1-19D0E43896AA&n=77fce18b&ind=2013061515&p2=^ZO^xdm071^YY^de&si=[...]
Zeile gelöscht : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");
Zeile gelöscht : user_pref("extensions.plugin@getwebcake.com.install-event-fired", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=9014491E-1888-4829-981D-2EA46184459D&n=77fce190&p2=^UX^xdm080^YY^de&si=CPyx7tbX5rcCFQeS3godX[...]
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.hp.enabled", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.hp.lastGuardTime", 1019619684);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.hp.numGuards", 1);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.initialized", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.installation.contextKey", "");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.installation.installDate", "2013061520");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.installation.partnerId", "^UX^xdm080^YY^de");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.installation.partnerSubId", "CPyx7tbX5rcCFQeS3godXzsAVA");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.installation.success", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.installation.toolbarId", "9014491E-1888-4829-981D-2EA46184459D");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.lastActivePing", "1379704070245");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.options.defaultSearch", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.options.homePageEnabled", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.options.keywordEnabled", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.options.tabEnabled", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.searchHistory", "Exarchat||Avaren||Schwalbenstein");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.weather.location", "10001");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._49Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=D60E4018-12A0-4218-AED1-19D0E43896AA&n=77fce18b&p2=^ZO^xdm071^YY^de&si=PI_UT_FIG_GER_27");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._49Members_.hp.enabled", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._49Members_.initialized", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._49Members_.installation.contextKey", "");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._49Members_.installation.installDate", "2013061515");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._49Members_.installation.partnerId", "^ZO^xdm071^YY^de");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._49Members_.installation.partnerSubId", "PI_UT_FIG_GER_27");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._49Members_.installation.success", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._49Members_.installation.toolbarId", "D60E4018-12A0-4218-AED1-19D0E43896AA");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._49Members_.lastActivePing", "1374937006565");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._49Members_.options.defaultSearch", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._49Members_.options.homePageEnabled", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._49Members_.options.keywordEnabled", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._49Members_.options.tabEnabled", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._49Members_.searchHistory", "funfatin varicocha||foundation viracocha||foundation viracocha san augustin||absolutismus||Batholom�usnacht||K�ln-D�sseldorfe[...]
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._49Members_.weather.location", "10001");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark.lastInstalled", "mapsgalaxy@mindspark.com");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=9014491E-1888-4829-981D-2EA46184459D&n=77fce190&ind=2013061520&p2=^UX^xdm080^YY^de&si=CPyx7tbX5rcCFQeS3godXz[...]

-\\ Google Chrome v31.0.1650.57

[ Datei : C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : homepage

*************************

AdwCleaner[R0].txt - [31270 octets] - [03/12/2013 18:18:40]
AdwCleaner[S0].txt - [28399 octets] - [03/12/2013 18:19:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [28460 octets] ##########
         
Junkware Removal Tool:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Anna on 03.12.2013 at 18:26:53,60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.dynamicbarbutton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.dynamicbarbutton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.feedmanager
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.feedmanager.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlmenu
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlmenu.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlpanel
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlpanel.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.multiplebutton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.multiplebutton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.pseudotransparentplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.pseudotransparentplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radio
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radio.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radiosettings
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radiosettings.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.scriptbutton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.scriptbutton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.settingsplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.settingsplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.thirdpartyinstaller
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.thirdpartyinstaller.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.urlalertbutton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.urlalertbutton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.xmlsessionplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.xmlsessionplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1241CEBD-9777-4BC6-AAE5-2A77E25DB246}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{173A5778-34BF-48A2-8A5E-6963CE922FED}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1796EC91-D094-4A5F-B681-E16015D1CEAC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1E91A655-BB4B-4693-A05E-2EDEBC4C9D89}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{26842A09-FFA8-4E2C-AE12-0C80F01C3295}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{37ED966D-4D0E-4D66-9633-BEA542C92860}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3ED5E5EC-0965-4DD3-B7D8-DBC48A1172B9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4B7D0B0C-CFF3-49C5-9BC3-FFABC031C822}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4F28FA5F-7D15-4753-B4FC-D548A0F02BFB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{5E1BDCF6-DD5F-4DD3-8783-B1454AEF1830}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{71C1D63A-C944-428A-A5BD-BA513190E5D2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7D4DFAF7-F2CE-4C91-91A4-514C9612914D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9B58A6CE-B337-43D5-9C2F-8C6D92FBA094}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A083C35D-61A9-4625-BBB6-FB54E71B8527}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A35FF019-6DBE-4044-B080-6F3FA78A947F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B70E008C-967B-4104-BC7B-6F7C77DBC38D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C4A25B73-8EF5-4282-9D21-C8920DD577A1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CAE88E60-CEA5-4FCB-B611-54EA6305D8AB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DB1384D8-1BDA-4C8D-A743-E9CA671FEB00}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E045DF14-BF1D-405C-A37B-A75C1551AD17}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F3477E9D-D2F6-49F0-9B23-854D7958D07E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-278328990-3096719447-1476682975-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{99647E08-DB20-4472-B9D7-40CAA95BB787}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{99647E08-DB20-4472-B9D7-40CAA95BB787}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E91A655-BB4B-4693-A05E-2EDEBC4C9D89}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71C1D63A-C944-428A-A5BD-BA513190E5D2}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{04327153-03B5-4B29-9C5D-A640688E6CF4}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{0F962476-7C98-40C9-A66C-215E017C397B}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{13490B7B-15CB-44C0-A7BE-6FB7C09BB192}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{13CD612F-DBDC-4DB0-841B-1BBC7BE8EDA8}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{2BE7D370-0729-4379-8F3F-7A8266B04B1B}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{35CD5689-E490-4464-8911-6624300ABADE}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{4082C316-5891-4BD4-9364-DF6D4B9C1C32}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{41AD4C9D-06A1-46C0-B804-8F2CBFA07CF7}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{486BAA99-F4D3-4611-B94B-823944FBB1AF}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{4D1220FA-4658-4DB0-8D24-AD4DC4F4F166}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{4DEEFC36-7DA4-4185-9F63-5DFCB040B68D}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{53661771-9E49-47B9-82FA-F0801143DD7D}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{59D6EE8E-B52B-4F99-90DE-25F739A4572C}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{5E5C03C7-AEB5-4162-A921-B762062062D0}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{67DE1C12-51A7-41E4-B120-8BF512989606}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{70376B98-1EAC-44C5-866D-0C75396F8F46}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{7442C02A-F119-451A-8BF6-1A8086DEE085}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{76955757-6AA9-4E38-95B2-7120A494DC6B}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{7D6DACB2-1060-404C-94CF-7CC48A1D9F00}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{89C6F603-1195-42D8-8FAA-BDDD9F5EFC00}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{A49AF344-C907-4539-88D3-459DB38B0065}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{AC7772B4-BA8E-4B47-B311-E88D1517EF0F}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{ACBEB5F4-3870-48D7-BDD4-0A144444A0C4}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{B32EFF24-80E6-45B5-882C-C35EAB368A14}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{BA9BE17A-5D70-41B0-A4B1-6C6FCBD9D6FB}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{BFB3C7DC-3804-4B63-900B-3B22C850EA70}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{C384ECE8-8AE1-477E-9EA6-3E58AF071C57}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{CD2031D6-49EB-4E01-8FC4-E8224B36FAC1}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{D17FF579-0405-4372-82E9-E58E1E37F881}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{D8B8A1F8-A15B-468C-A4D3-CE5E5F22FC68}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{E0412E89-5C1E-464C-B8A3-07EC37AA25A1}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{E4681D5A-E8FB-4DB9-8988-8857C4A4DA56}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{F8091867-7BF7-491B-BEC5-F123BDB7BECA}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{FFE379FC-0EF6-40BA-99C9-115063D5F9C9}



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Anna\appdata\local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.12.2013 at 18:34:33,67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST64 Scan:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2013 01
Ran by Anna (administrator) on ANNA-HP on 03-12-2013 18:43:07
Running from C:\Users\Anna\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
() C:\Program Files (x86)\Haufe\iDesk\iDeskService\ideskservice.exe
(Eastman Kodak Company) C:\Program Files (x86)\AiO\Center\EKAiOHostService.exe
(Haufe Mediengruppe) C:\Program Files (x86)\Haufe\iDesk\iDeskService\ideskpython.exe
(Eastman Kodak Company) C:\Program Files (x86)\AiO\StatusMonitor\EKPrinterSDK.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TomTom) H:\Programme\Tom-Tom\Home\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\Monitor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TomTom) C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Desktop.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [170496 2012-03-28] (Sun Microsystems, Inc.)
HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM\...\Run: [MapsGalaxy Home Page Guard 64 bit] - "C:\PROGRA~2\MAPSGA~2\bar\1.bin\AppIntegrator64.exe"
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-11-27] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [FileHippo.com] - C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKCU\...\Run: [OM_Monitor] - C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\Monitor.exe [57344 2006-05-16] (OLYMPUS IMAGING CORP.)
HKCU\...\Run: [MyTomTomSA.exe] - C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [458680 2013-08-01] (TomTom)
HKCU\...\Run: [TomTomHOME.exe] - [x]
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LexwareInfoService] - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [OM_Monitor] - C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\FirstStart.exe [40960 2006-05-16] (OLYMPUS IMAGING CORP.)
HKLM-x32\...\Run: [EKStatusMonitor] - C:\Program Files (x86)\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-05-17] (EasyBits Software AS)
AppInit_DLLs:   [ ] ()
Startup: C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.de/
URLSearchHook: HKCU - (No Name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBzzzy0F0D0C0DyCtBtC0CtN0D0Tzu0CyDzyyDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu&cr=1696389174&ir=
SearchScopes: HKLM - {99647E08-DB20-4472-B9D7-40CAA95BB787} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBzzzy0F0D0C0DyCtBtC0CtN0D0Tzu0CyDzyyDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu&cr=1696389174&ir=
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - metacrawler  Toolbar - {7EACAC38-B7F6-4514-9DC1-3428A7964ABD} - C:\Program Files (x86)\metaCrawler\1.8.19.0\metacrawlerTlbr.dll No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: haufereader - No CLSID Value - 
Handler-x32: haufereader - No CLSID Value - 
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2012-01-03] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin - C:\Program Files (x86)\Java\jre6\bin\dtplugin\npDeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\webde-suche.xml
FF Extension: Plus-HD-1.6 - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\Extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com
FF Extension: testpilot - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: toolbar - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\Extensions\toolbar@gmx.net.xpi

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.de/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U10) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RocketLife Secure Plug-In Layer) - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_175.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Google Wallet) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0

==================== Services (Whitelisted) =================

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [948296 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 HRService; C:\Program Files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe [71056 2012-11-21] ()
R2 Kodak AiO Network Discovery Service; C:\Program Files (x86)\AiO\Center\EKAiOHostService.exe [395640 2013-03-15] (Eastman Kodak Company)
R2 Kodak AiO Status Monitor Service; C:\Program Files (x86)\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-01-15] (Eastman Kodak Company)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-14] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
R2 TomTomHOMEService; H:\Programme\Tom-Tom\Home\TomTom HOME 2\TomTomHOMEService.exe [93072 2013-07-02] (TomTom)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
S2 ezSharedSvc; 
S3 Uniblue.PowersuiteSvc; "C:\Program Files (x86)\Uniblue\PowerSuite\powersuite_service.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
S1 cdrbsdrv; C:\Windows\SysWow64\Drivers\cdrbsdrv.sys [32256 2005-05-11] (B.H.A Corporation)
R3 CRFILTER; C:\Windows\System32\DRIVERS\CRFILTER.sys [7168 2012-07-14] (Generic)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-14] (Microsoft Corporation)
R3 pmkbdfltr; C:\Windows\System32\DRIVERS\pmkbdfltr.sys [18832 2012-08-01] (PenMount)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-03 18:43 - 2013-12-03 18:43 - 00020116 _____ C:\Users\Anna\Downloads\FRST.txt
2013-12-03 18:42 - 2013-12-03 18:42 - 01959582 _____ (Farbar) C:\Users\Anna\Downloads\FRST64.exe
2013-12-03 18:37 - 2013-12-03 18:37 - 00000193 _____ C:\Windows\WORDPAD.INI
2013-12-03 18:26 - 2013-12-03 18:26 - 00000000 ____D C:\Windows\ERUNT
2013-12-03 18:17 - 2013-12-03 18:20 - 00000000 ____D C:\AdwCleaner
2013-12-03 17:57 - 2013-12-03 17:57 - 00001162 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-03 17:57 - 2013-12-03 17:57 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Malwarebytes
2013-12-03 17:57 - 2013-12-03 17:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-03 17:57 - 2013-12-03 17:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-03 17:57 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-03 17:56 - 2013-12-03 17:56 - 01034531 _____ (Thisisu) C:\Users\Anna\Downloads\JRT.exe
2013-12-03 17:55 - 2013-12-03 17:55 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Anna\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-03 17:55 - 2013-12-03 17:55 - 01110034 _____ C:\Users\Anna\Downloads\adwcleaner.exe
2013-12-03 14:33 - 2013-12-03 14:33 - 00002265 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-01 15:53 - 2013-12-01 15:53 - 00000000 ____D C:\FRST
2013-12-01 14:50 - 2013-12-01 14:50 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-11-14 21:45 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 21:45 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 21:45 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-14 21:45 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 21:45 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 21:45 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 21:45 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 21:45 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 21:45 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-14 21:45 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-14 21:45 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 21:45 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-14 21:45 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 21:45 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-14 21:45 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 21:45 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 21:45 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-14 21:45 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 21:44 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 21:44 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 21:44 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 18:53 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 18:53 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 18:53 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 18:53 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 18:53 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 18:53 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 18:53 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 18:53 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-14 18:53 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-14 18:52 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 18:52 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 18:52 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 18:52 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-14 18:52 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 18:52 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 18:52 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 18:52 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 18:52 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 18:52 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 18:52 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 18:52 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 18:52 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 18:52 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 18:52 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 18:52 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-14 18:52 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-14 18:52 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-14 18:52 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-14 18:52 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 18:52 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-04 09:36 - 2013-12-01 14:50 - 00000000 ____D C:\ProgramData\Oracle
2013-11-04 09:35 - 2013-11-04 09:35 - 00004886 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-04 09:35 - 2012-08-28 19:10 - 00157680 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2013-11-04 09:35 - 2012-08-28 19:10 - 00149488 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2013-11-04 09:35 - 2012-08-28 19:09 - 00149488 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2013-11-03 18:43 - 2013-12-03 18:43 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAnna
2013-11-03 18:43 - 2013-12-03 18:43 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForAnna.job

==================== One Month Modified Files and Folders =======

2013-12-03 18:43 - 2013-12-03 18:43 - 00020116 _____ C:\Users\Anna\Downloads\FRST.txt
2013-12-03 18:43 - 2013-11-03 18:43 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAnna
2013-12-03 18:43 - 2013-11-03 18:43 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForAnna.job
2013-12-03 18:42 - 2013-12-03 18:42 - 01959582 _____ (Farbar) C:\Users\Anna\Downloads\FRST64.exe
2013-12-03 18:37 - 2013-12-03 18:37 - 00000193 _____ C:\Windows\WORDPAD.INI
2013-12-03 18:29 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-03 18:29 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-03 18:27 - 2012-10-29 20:55 - 00000316 _____ C:\Windows\Tasks\PrintProjects Communicator.job
2013-12-03 18:26 - 2013-12-03 18:26 - 00000000 ____D C:\Windows\ERUNT
2013-12-03 18:26 - 2012-01-03 04:53 - 00771210 _____ C:\Windows\system32\perfh007.dat
2013-12-03 18:26 - 2012-01-03 04:53 - 00173944 _____ C:\Windows\system32\perfc007.dat
2013-12-03 18:26 - 2009-07-14 06:13 - 01799742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-03 18:22 - 2012-01-03 05:24 - 00000000 ____D C:\ProgramData\PDFC
2013-12-03 18:21 - 2012-04-03 18:32 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-03 18:21 - 2012-02-29 20:35 - 00000000 ____D C:\ProgramData\Kodak
2013-12-03 18:21 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-03 18:21 - 2009-07-14 05:51 - 00069210 _____ C:\Windows\setupact.log
2013-12-03 18:20 - 2013-12-03 18:17 - 00000000 ____D C:\AdwCleaner
2013-12-03 18:20 - 2012-02-28 19:23 - 01097994 _____ C:\Windows\WindowsUpdate.log
2013-12-03 18:19 - 2012-09-01 15:30 - 00001331 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-03 18:19 - 2012-02-28 19:36 - 00000995 _____ C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-03 18:14 - 2010-11-21 04:47 - 00972674 _____ C:\Windows\PFRO.log
2013-12-03 18:11 - 2012-02-28 19:22 - 00000000 ____D C:\Users\Anna
2013-12-03 18:03 - 2013-03-06 19:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-03 17:57 - 2013-12-03 17:57 - 00001162 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-03 17:57 - 2013-12-03 17:57 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Malwarebytes
2013-12-03 17:57 - 2013-12-03 17:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-03 17:57 - 2013-12-03 17:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-03 17:56 - 2013-12-03 17:56 - 01034531 _____ (Thisisu) C:\Users\Anna\Downloads\JRT.exe
2013-12-03 17:55 - 2013-12-03 17:55 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Anna\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-03 17:55 - 2013-12-03 17:55 - 01110034 _____ C:\Users\Anna\Downloads\adwcleaner.exe
2013-12-03 17:52 - 2012-03-28 20:20 - 00000000 ____D C:\ProgramData\Lexware
2013-12-03 17:48 - 2012-04-03 18:32 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-03 17:33 - 2012-08-10 22:44 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForANNA-HP$.job
2013-12-03 17:33 - 2012-04-17 17:41 - 00003216 _____ C:\Windows\System32\Tasks\HPCeeScheduleForANNA-HP$
2013-12-03 14:33 - 2013-12-03 14:33 - 00002265 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-03 14:33 - 2012-04-03 18:32 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-03 14:26 - 2013-03-27 10:00 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-01 21:11 - 2012-04-06 17:28 - 00000000 ____D C:\Users\Anna\AppData\Local\CrashDumps
2013-12-01 21:10 - 2013-01-20 17:56 - 00000000 ____D C:\ProgramData\tmp
2013-12-01 19:22 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-12-01 15:53 - 2013-12-01 15:53 - 00000000 ____D C:\FRST
2013-12-01 14:50 - 2013-12-01 14:50 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-12-01 14:50 - 2013-11-04 09:36 - 00000000 ____D C:\ProgramData\Oracle
2013-12-01 14:50 - 2012-12-16 18:56 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-01 14:50 - 2012-03-28 20:19 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-01 14:50 - 2012-03-28 20:19 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-01 14:50 - 2012-03-28 20:18 - 00000000 ____D C:\Program Files\Java
2013-11-27 18:43 - 2012-05-15 14:54 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-11-27 18:43 - 2012-02-29 18:52 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-11-27 18:41 - 2012-02-29 18:50 - 00000000 ____D C:\Users\Anna\AppData\Roaming\HpUpdate
2013-11-27 18:41 - 2012-02-29 18:50 - 00000000 ____D C:\Users\Anna\AppData\Roaming\HP Support Assistant
2013-11-27 18:29 - 2013-05-07 21:18 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-27 18:29 - 2013-03-27 10:00 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-27 18:29 - 2013-03-27 10:00 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-24 18:57 - 2013-03-06 19:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-24 18:57 - 2013-03-06 19:44 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-24 18:57 - 2013-03-06 19:44 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-24 18:55 - 2012-04-03 18:42 - 00000000 ____D C:\Users\Anna\AppData\Local\Adobe
2013-11-15 20:48 - 2011-02-11 18:15 - 01819218 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-14 21:44 - 2009-07-14 03:34 - 00000499 _____ C:\Windows\win.ini
2013-11-14 21:43 - 2013-08-14 18:04 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 21:41 - 2012-03-06 09:50 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-11 05:50 - 2010-11-21 04:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-06 16:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-04 10:13 - 2013-09-13 18:52 - 00000000 ____D C:\Users\DefaultAppPool
2013-11-04 10:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-11-04 09:35 - 2013-11-04 09:35 - 00004886 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-04 09:35 - 2012-03-29 14:59 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-03 18:31 - 2013-10-29 15:53 - 00000320 _____ C:\Windows\Tasks\Start Registry Reviver for Anna-HP@Anna(scheduling).job

Files to move or delete:
====================
C:\ProgramData\RegistryReviver.exe
C:\Users\Public\AlexaNSISPlugin.6500.dll


Some content of TEMP:
====================
C:\Users\Anna\AppData\Local\Temp\avgnt.exe
C:\Users\Anna\AppData\Local\Temp\BackupSetup.exe
C:\Users\Anna\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Anna\AppData\Local\Temp\Quarantine.exe
C:\Users\Anna\AppData\Local\Temp\Resource.exe
C:\Users\Anna\AppData\Local\Temp\sp58915.exe
C:\Users\Anna\AppData\Local\Temp\uninst1.exe
C:\Users\Anna\AppData\Local\Temp\UninstallHPSA.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-12 23:02

==================== End Of Log ============================
         
Danke schonmal im Voraus.


Alt 04.12.2013, 10:34   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Delta-Homes bzw. QV06 in IE, FF und Chrome - Standard

Delta-Homes bzw. QV06 in IE, FF und Chrome




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> Delta-Homes bzw. QV06 in IE, FF und Chrome

Alt 04.12.2013, 19:54   #7
Roddinho
 
Delta-Homes bzw. QV06 in IE, FF und Chrome - Standard

Delta-Homes bzw. QV06 in IE, FF und Chrome



Der Eset Virusscan war ohne Meldungen, habe direkt nach dem Run ein Uninstall gemacht, ergo gibt es keine TXT Datei.

Beim SecurityCheck folgende TXT Datei:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.76  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Duplicate Cleaner Free 3.2.1  
 Java(TM) 6 Update 35  
 Java version out of Date! 
 Adobe Flash Player 11.9.900.117  
 Adobe Reader XI  
 Google Chrome 30.0.1599.101  
 Google Chrome 31.0.1650.57  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Hier die FRST Logdatei:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2013 01
Ran by Anna (administrator) on ANNA-HP on 04-12-2013 19:28:39
Running from C:\Users\Anna\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
() C:\Program Files (x86)\Haufe\iDesk\iDeskService\ideskservice.exe
(Eastman Kodak Company) C:\Program Files (x86)\AiO\Center\EKAiOHostService.exe
(Haufe Mediengruppe) C:\Program Files (x86)\Haufe\iDesk\iDeskService\ideskpython.exe
(Eastman Kodak Company) C:\Program Files (x86)\AiO\StatusMonitor\EKPrinterSDK.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TomTom) H:\Programme\Tom-Tom\Home\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\Monitor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TomTom) C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Desktop.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [170496 2012-03-28] (Sun Microsystems, Inc.)
HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM\...\Run: [MapsGalaxy Home Page Guard 64 bit] - "C:\PROGRA~2\MAPSGA~2\bar\1.bin\AppIntegrator64.exe"
HKLM\...\RunOnce: [NCPluginUpdater] - "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update [21720 2013-11-27] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [FileHippo.com] - C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKCU\...\Run: [OM_Monitor] - C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\Monitor.exe [57344 2006-05-16] (OLYMPUS IMAGING CORP.)
HKCU\...\Run: [MyTomTomSA.exe] - C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [458680 2013-08-01] (TomTom)
HKCU\...\Run: [TomTomHOME.exe] - [x]
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LexwareInfoService] - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [OM_Monitor] - C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\FirstStart.exe [40960 2006-05-16] (OLYMPUS IMAGING CORP.)
HKLM-x32\...\Run: [EKStatusMonitor] - C:\Program Files (x86)\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-05-17] (EasyBits Software AS)
AppInit_DLLs:   [ ] ()
Startup: C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.de/
URLSearchHook: HKCU - (No Name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBzzzy0F0D0C0DyCtBtC0CtN0D0Tzu0CyDzyyDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu&cr=1696389174&ir=
SearchScopes: HKLM - {99647E08-DB20-4472-B9D7-40CAA95BB787} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBzzzy0F0D0C0DyCtBtC0CtN0D0Tzu0CyDzyyDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu&cr=1696389174&ir=
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - metacrawler  Toolbar - {7EACAC38-B7F6-4514-9DC1-3428A7964ABD} - C:\Program Files (x86)\metaCrawler\1.8.19.0\metacrawlerTlbr.dll No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: haufereader - No CLSID Value - 
Handler-x32: haufereader - No CLSID Value - 
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2012-01-03] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin - C:\Program Files (x86)\Java\jre6\bin\dtplugin\npDeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\webde-suche.xml
FF Extension: Plus-HD-1.6 - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\Extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com
FF Extension: testpilot - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: toolbar - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\Extensions\toolbar@gmx.net.xpi

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.de/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U10) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RocketLife Secure Plug-In Layer) - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_175.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Google Wallet) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0

==================== Services (Whitelisted) =================

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [948296 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 HRService; C:\Program Files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe [71056 2012-11-21] ()
R2 Kodak AiO Network Discovery Service; C:\Program Files (x86)\AiO\Center\EKAiOHostService.exe [395640 2013-03-15] (Eastman Kodak Company)
R2 Kodak AiO Status Monitor Service; C:\Program Files (x86)\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-01-15] (Eastman Kodak Company)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-14] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
R2 TomTomHOMEService; H:\Programme\Tom-Tom\Home\TomTom HOME 2\TomTomHOMEService.exe [93072 2013-07-02] (TomTom)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
S2 ezSharedSvc; 
S3 Uniblue.PowersuiteSvc; "C:\Program Files (x86)\Uniblue\PowerSuite\powersuite_service.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
S1 cdrbsdrv; C:\Windows\SysWow64\Drivers\cdrbsdrv.sys [32256 2005-05-11] (B.H.A Corporation)
R3 CRFILTER; C:\Windows\System32\DRIVERS\CRFILTER.sys [7168 2012-07-14] (Generic)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-14] (Microsoft Corporation)
R3 pmkbdfltr; C:\Windows\System32\DRIVERS\pmkbdfltr.sys [18832 2012-08-01] (PenMount)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-04 19:24 - 2013-12-04 19:24 - 00891184 _____ C:\Users\Anna\Downloads\SecurityCheck.exe
2013-12-04 17:39 - 2013-12-04 17:39 - 02347384 _____ (ESET) C:\Users\Anna\Downloads\esetsmartinstaller_enu.exe
2013-12-04 17:39 - 2013-12-04 17:39 - 00000000 ____D C:\Program Files (x86)\ESET
2013-12-04 17:08 - 2013-12-04 17:08 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{36105830-6F2B-41FE-A4C7-151C1769D162}
2013-12-03 20:48 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-03 20:44 - 2013-12-03 20:44 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-03 20:44 - 2013-12-03 20:44 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-03 20:43 - 2013-12-03 20:43 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-03 20:43 - 2013-12-03 20:43 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-03 20:43 - 2013-12-03 20:43 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-03 20:43 - 2013-12-03 20:43 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-03 20:43 - 2013-12-03 20:43 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-03 20:43 - 2013-12-03 20:43 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-03 20:43 - 2013-12-03 20:43 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-03 20:43 - 2013-12-03 20:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-03 20:43 - 2013-12-03 20:43 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-03 20:43 - 2013-12-03 20:43 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-03 20:42 - 2013-12-03 20:48 - 00009768 _____ C:\Windows\IE11_main.log
2013-12-03 18:43 - 2013-12-04 19:28 - 00020296 _____ C:\Users\Anna\Downloads\FRST.txt
2013-12-03 18:42 - 2013-12-03 18:42 - 01959582 _____ (Farbar) C:\Users\Anna\Downloads\FRST64.exe
2013-12-03 18:37 - 2013-12-03 18:37 - 00000193 _____ C:\Windows\WORDPAD.INI
2013-12-03 18:26 - 2013-12-03 18:26 - 00000000 ____D C:\Windows\ERUNT
2013-12-03 18:17 - 2013-12-03 18:20 - 00000000 ____D C:\AdwCleaner
2013-12-03 17:57 - 2013-12-03 17:57 - 00001162 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-03 17:57 - 2013-12-03 17:57 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Malwarebytes
2013-12-03 17:57 - 2013-12-03 17:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-03 17:57 - 2013-12-03 17:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-03 17:57 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-03 17:56 - 2013-12-03 17:56 - 01034531 _____ (Thisisu) C:\Users\Anna\Downloads\JRT.exe
2013-12-03 17:55 - 2013-12-03 17:55 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Anna\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-03 17:55 - 2013-12-03 17:55 - 01110034 _____ C:\Users\Anna\Downloads\adwcleaner.exe
2013-12-03 14:33 - 2013-12-03 14:33 - 00002265 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-01 15:53 - 2013-12-01 15:53 - 00000000 ____D C:\FRST
2013-12-01 14:50 - 2013-12-01 14:50 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-11-14 18:53 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 18:53 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 18:53 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 18:53 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 18:53 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 18:53 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 18:53 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 18:53 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-14 18:53 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-14 18:52 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 18:52 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 18:52 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 18:52 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-14 18:52 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 18:52 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 18:52 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 18:52 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 18:52 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 18:52 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 18:52 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 18:52 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 18:52 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 18:52 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 18:52 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 18:52 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-14 18:52 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-14 18:52 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-14 18:52 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-14 18:52 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 18:52 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-04 09:36 - 2013-12-01 14:50 - 00000000 ____D C:\ProgramData\Oracle
2013-11-04 09:35 - 2013-11-04 09:35 - 00004886 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-04 09:35 - 2012-08-28 19:10 - 00157680 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2013-11-04 09:35 - 2012-08-28 19:10 - 00149488 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2013-11-04 09:35 - 2012-08-28 19:09 - 00149488 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe

==================== One Month Modified Files and Folders =======

2013-12-04 19:29 - 2013-12-03 18:43 - 00020296 _____ C:\Users\Anna\Downloads\FRST.txt
2013-12-04 19:27 - 2012-10-29 20:55 - 00000316 _____ C:\Windows\Tasks\PrintProjects Communicator.job
2013-12-04 19:24 - 2013-12-04 19:24 - 00891184 _____ C:\Users\Anna\Downloads\SecurityCheck.exe
2013-12-04 19:03 - 2013-03-06 19:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-04 18:48 - 2012-04-03 18:32 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-04 18:44 - 2012-02-29 18:52 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-12-04 18:43 - 2012-05-15 14:54 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-12-04 18:42 - 2012-02-29 18:50 - 00000000 ____D C:\Users\Anna\AppData\Roaming\HpUpdate
2013-12-04 18:42 - 2012-02-29 18:50 - 00000000 ____D C:\Users\Anna\AppData\Roaming\HP Support Assistant
2013-12-04 18:34 - 2012-02-28 19:23 - 01263956 _____ C:\Windows\WindowsUpdate.log
2013-12-04 17:39 - 2013-12-04 17:39 - 02347384 _____ (ESET) C:\Users\Anna\Downloads\esetsmartinstaller_enu.exe
2013-12-04 17:39 - 2013-12-04 17:39 - 00000000 ____D C:\Program Files (x86)\ESET
2013-12-04 17:13 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-04 17:13 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-04 17:12 - 2012-01-03 04:53 - 00771210 _____ C:\Windows\system32\perfh007.dat
2013-12-04 17:12 - 2012-01-03 04:53 - 00173944 _____ C:\Windows\system32\perfc007.dat
2013-12-04 17:12 - 2009-07-14 06:13 - 01799742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-04 17:08 - 2013-12-04 17:08 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{36105830-6F2B-41FE-A4C7-151C1769D162}
2013-12-04 17:08 - 2012-04-03 18:32 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-04 17:08 - 2012-02-28 19:36 - 00001325 _____ C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-04 17:08 - 2012-01-03 05:24 - 00000000 ____D C:\ProgramData\PDFC
2013-12-04 17:07 - 2012-02-29 20:35 - 00000000 ____D C:\ProgramData\Kodak
2013-12-04 17:07 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-04 17:07 - 2009-07-14 05:51 - 00069266 _____ C:\Windows\setupact.log
2013-12-04 17:06 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-03 20:48 - 2013-12-03 20:42 - 00009768 _____ C:\Windows\IE11_main.log
2013-12-03 20:44 - 2013-12-03 20:44 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-03 20:44 - 2013-12-03 20:44 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-03 20:43 - 2013-12-03 20:43 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-03 20:43 - 2013-12-03 20:43 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-03 20:43 - 2013-12-03 20:43 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-03 20:43 - 2013-12-03 20:43 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-03 20:43 - 2013-12-03 20:43 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-03 20:43 - 2013-12-03 20:43 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-03 20:43 - 2013-12-03 20:43 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-03 20:43 - 2013-12-03 20:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-03 20:43 - 2013-12-03 20:43 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-03 20:43 - 2013-12-03 20:43 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-03 20:12 - 2012-03-28 20:20 - 00000000 ____D C:\ProgramData\Lexware
2013-12-03 18:43 - 2013-11-03 18:43 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAnna
2013-12-03 18:43 - 2013-11-03 18:43 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForAnna.job
2013-12-03 18:42 - 2013-12-03 18:42 - 01959582 _____ (Farbar) C:\Users\Anna\Downloads\FRST64.exe
2013-12-03 18:37 - 2013-12-03 18:37 - 00000193 _____ C:\Windows\WORDPAD.INI
2013-12-03 18:26 - 2013-12-03 18:26 - 00000000 ____D C:\Windows\ERUNT
2013-12-03 18:20 - 2013-12-03 18:17 - 00000000 ____D C:\AdwCleaner
2013-12-03 18:19 - 2012-09-01 15:30 - 00001331 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-03 18:19 - 2012-04-08 17:13 - 00000000 ____D C:\ProgramData\Uniblue
2013-12-03 18:14 - 2010-11-21 04:47 - 00972674 _____ C:\Windows\PFRO.log
2013-12-03 18:11 - 2012-02-28 19:22 - 00000000 ____D C:\Users\Anna
2013-12-03 17:57 - 2013-12-03 17:57 - 00001162 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-03 17:57 - 2013-12-03 17:57 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Malwarebytes
2013-12-03 17:57 - 2013-12-03 17:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-03 17:57 - 2013-12-03 17:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-03 17:56 - 2013-12-03 17:56 - 01034531 _____ (Thisisu) C:\Users\Anna\Downloads\JRT.exe
2013-12-03 17:55 - 2013-12-03 17:55 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Anna\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-03 17:55 - 2013-12-03 17:55 - 01110034 _____ C:\Users\Anna\Downloads\adwcleaner.exe
2013-12-03 17:33 - 2012-08-10 22:44 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForANNA-HP$.job
2013-12-03 17:33 - 2012-04-17 17:41 - 00003216 _____ C:\Windows\System32\Tasks\HPCeeScheduleForANNA-HP$
2013-12-03 14:33 - 2013-12-03 14:33 - 00002265 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-03 14:33 - 2012-04-03 18:32 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-03 14:26 - 2013-03-27 10:00 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-01 21:11 - 2012-04-06 17:28 - 00000000 ____D C:\Users\Anna\AppData\Local\CrashDumps
2013-12-01 21:10 - 2013-01-20 17:56 - 00000000 ____D C:\ProgramData\tmp
2013-12-01 19:22 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-12-01 15:53 - 2013-12-01 15:53 - 00000000 ____D C:\FRST
2013-12-01 14:50 - 2013-12-01 14:50 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-12-01 14:50 - 2013-11-04 09:36 - 00000000 ____D C:\ProgramData\Oracle
2013-12-01 14:50 - 2012-12-16 18:56 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-01 14:50 - 2012-03-28 20:19 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-01 14:50 - 2012-03-28 20:19 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-01 14:50 - 2012-03-28 20:18 - 00000000 ____D C:\Program Files\Java
2013-11-27 18:29 - 2013-05-07 21:18 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-27 18:29 - 2013-03-27 10:00 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-27 18:29 - 2013-03-27 10:00 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-24 18:57 - 2013-03-06 19:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-24 18:57 - 2013-03-06 19:44 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-24 18:57 - 2013-03-06 19:44 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-24 18:55 - 2012-04-03 18:42 - 00000000 ____D C:\Users\Anna\AppData\Local\Adobe
2013-11-15 20:48 - 2011-02-11 18:15 - 01819218 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-14 21:44 - 2009-07-14 03:34 - 00000499 _____ C:\Windows\win.ini
2013-11-14 21:43 - 2013-08-14 18:04 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 21:41 - 2012-03-06 09:50 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-11 05:50 - 2010-11-21 04:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-06 16:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-04 10:13 - 2013-09-13 18:52 - 00000000 ____D C:\Users\DefaultAppPool
2013-11-04 10:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-11-04 09:35 - 2013-11-04 09:35 - 00004886 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-04 09:35 - 2012-03-29 14:59 - 00000000 ____D C:\Program Files (x86)\Java

Files to move or delete:
====================
C:\ProgramData\RegistryReviver.exe
C:\Users\Public\AlexaNSISPlugin.6500.dll


Some content of TEMP:
====================
C:\Users\Anna\AppData\Local\Temp\avgnt.exe
C:\Users\Anna\AppData\Local\Temp\BackupSetup.exe
C:\Users\Anna\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Anna\AppData\Local\Temp\Quarantine.exe
C:\Users\Anna\AppData\Local\Temp\Resource.exe
C:\Users\Anna\AppData\Local\Temp\sp58915.exe
C:\Users\Anna\AppData\Local\Temp\uninst1.exe
C:\Users\Anna\AppData\Local\Temp\UninstallHPSA.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-12 23:02

==================== End Of Log ============================
         
Ich zitiere mal eine Mail meiner Oma von vor 10 Minuten.

Zitat:
Hallo xxx,
wenn ich mit einem link aus einer email in den Internet Browser gehen will, dann kommt immer noch untern rechts diese Ansage: Plus-HD-1.6 ist abgestürzt. Klicken Sie auf dieses Fenster, um die Erweiterung erneut zu laden. Ich kopiere dann den link aus diesem Fenster und füge ihn auf der Google-Startseite ein. Das geht dann, aber eben nicht direkt per Klick auf den Link im Outlook. Dieses Plus-HD hattest du doch entfernt.
Schönen Abend und Gruß
Oma
Ergo: Problem scheinbar noch nicht gelöst, oder ist das was Anderes?

Alt 05.12.2013, 11:23   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Delta-Homes bzw. QV06 in IE, FF und Chrome - Standard

Delta-Homes bzw. QV06 in IE, FF und Chrome



Java updaten.

Öffne bitte mal FRST, setz nen Haken bei Additional und scanne, poste beide Logfiles.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.12.2013, 11:07   #9
Roddinho
 
Delta-Homes bzw. QV06 in IE, FF und Chrome - Standard

Delta-Homes bzw. QV06 in IE, FF und Chrome



Java ist aktuell.
Hier das FRST File und das Additional File:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2013 01
Ran by Anna (administrator) on ANNA-HP on 14-12-2013 12:05:08
Running from C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1EMAMREH
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
() C:\Program Files (x86)\Haufe\iDesk\iDeskService\ideskservice.exe
(Eastman Kodak Company) C:\Program Files (x86)\AiO\Center\EKAiOHostService.exe
(Haufe Mediengruppe) C:\Program Files (x86)\Haufe\iDesk\iDeskService\ideskpython.exe
(Eastman Kodak Company) C:\Program Files (x86)\AiO\StatusMonitor\EKPrinterSDK.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TomTom) H:\Programme\Tom-Tom\Home\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\Monitor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TomTom) C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
(TomTom) H:\Programme\Tom-Tom\Home\TomTom HOME 2\TomTomHOMERunner.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [170496 2012-03-28] (Sun Microsystems, Inc.)
HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM\...\Run: [MapsGalaxy Home Page Guard 64 bit] - "C:\PROGRA~2\MAPSGA~2\bar\1.bin\AppIntegrator64.exe"
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-12-10] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [FileHippo.com] - C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKCU\...\Run: [OM_Monitor] - C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\Monitor.exe [57344 2006-05-16] (OLYMPUS IMAGING CORP.)
HKCU\...\Run: [MyTomTomSA.exe] - C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [458680 2013-08-01] (TomTom)
HKCU\...\Run: [TomTomHOME.exe] - H:\Programme\Tom-Tom\Home\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LexwareInfoService] - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [OM_Monitor] - C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\FirstStart.exe [40960 2006-05-16] (OLYMPUS IMAGING CORP.)
HKLM-x32\...\Run: [EKStatusMonitor] - C:\Program Files (x86)\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-05-17] (EasyBits Software AS)
AppInit_DLLs:   [ ] ()
Startup: C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.de/
URLSearchHook: HKCU - (No Name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBzzzy0F0D0C0DyCtBtC0CtN0D0Tzu0CyDzyyDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu&cr=1696389174&ir=
SearchScopes: HKLM - {99647E08-DB20-4472-B9D7-40CAA95BB787} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBzzzy0F0D0C0DyCtBtC0CtN0D0Tzu0CyDzyyDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu&cr=1696389174&ir=
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - metacrawler  Toolbar - {7EACAC38-B7F6-4514-9DC1-3428A7964ABD} - C:\Program Files (x86)\metaCrawler\1.8.19.0\metacrawlerTlbr.dll No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: haufereader - No CLSID Value - 
Handler-x32: haufereader - No CLSID Value - 
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2012-01-03] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin - C:\Program Files (x86)\Java\jre6\bin\dtplugin\npDeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\webde-suche.xml
FF Extension: Plus-HD-1.6 - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\Extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com
FF Extension: testpilot - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: toolbar - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\Extensions\toolbar@gmx.net.xpi

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.de/"
CHR DefaultSearchKeyword: google.de
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U10) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RocketLife Secure Plug-In Layer) - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_175.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Google Wallet) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0

==================== Services (Whitelisted) =================

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [948296 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 HRService; C:\Program Files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe [71056 2012-11-21] ()
R2 Kodak AiO Network Discovery Service; C:\Program Files (x86)\AiO\Center\EKAiOHostService.exe [395640 2013-03-15] (Eastman Kodak Company)
R2 Kodak AiO Status Monitor Service; C:\Program Files (x86)\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-01-15] (Eastman Kodak Company)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-14] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
R2 TomTomHOMEService; H:\Programme\Tom-Tom\Home\TomTom HOME 2\TomTomHOMEService.exe [93072 2013-08-27] (TomTom)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
S2 ezSharedSvc; 
S3 Uniblue.PowersuiteSvc; "C:\Program Files (x86)\Uniblue\PowerSuite\powersuite_service.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
S1 cdrbsdrv; C:\Windows\SysWow64\Drivers\cdrbsdrv.sys [32256 2005-05-11] (B.H.A Corporation)
R3 CRFILTER; C:\Windows\System32\DRIVERS\CRFILTER.sys [7168 2012-07-14] (Generic)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-14] (Microsoft Corporation)
R3 pmkbdfltr; C:\Windows\System32\DRIVERS\pmkbdfltr.sys [18832 2012-08-01] (PenMount)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-12 20:05 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 20:05 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 20:05 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 20:05 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 20:04 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 20:04 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 20:04 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 20:04 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 20:04 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 20:04 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 20:04 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 20:04 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 20:04 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 20:04 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 20:04 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 20:04 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 20:04 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 20:04 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 20:04 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 20:04 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 20:04 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 20:04 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 20:04 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 20:04 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-12 20:04 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 20:04 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 20:04 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 20:04 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-12 20:04 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 20:04 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 20:04 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 20:04 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 20:04 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-12 20:04 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 20:04 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 10:39 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-12 10:39 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 10:39 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-12 10:39 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-12 10:39 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 10:39 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-12 10:39 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 10:39 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 10:39 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-12 10:39 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 10:39 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 10:39 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-12 10:39 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-12 10:39 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 10:39 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 10:39 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-12 10:39 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-12 10:39 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 10:39 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-04 19:24 - 2013-12-04 19:24 - 00891184 _____ C:\Users\Anna\Downloads\SecurityCheck.exe
2013-12-04 17:39 - 2013-12-04 17:39 - 02347384 _____ (ESET) C:\Users\Anna\Downloads\esetsmartinstaller_enu.exe
2013-12-04 17:08 - 2013-12-13 16:47 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{36105830-6F2B-41FE-A4C7-151C1769D162}
2013-12-03 20:48 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-03 20:44 - 2013-12-03 20:44 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-03 20:44 - 2013-12-03 20:44 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-03 20:43 - 2013-12-03 20:43 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-03 20:43 - 2013-12-03 20:43 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-03 20:43 - 2013-12-03 20:43 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-03 20:43 - 2013-12-03 20:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-03 20:43 - 2013-12-03 20:43 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-03 20:43 - 2013-12-03 20:43 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-03 20:42 - 2013-12-03 20:48 - 00009768 _____ C:\Windows\IE11_main.log
2013-12-03 18:37 - 2013-12-03 18:37 - 00000193 _____ C:\Windows\WORDPAD.INI
2013-12-03 18:26 - 2013-12-03 18:26 - 00000000 ____D C:\Windows\ERUNT
2013-12-03 18:17 - 2013-12-03 18:20 - 00000000 ____D C:\AdwCleaner
2013-12-03 17:57 - 2013-12-03 17:57 - 00001162 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-03 17:57 - 2013-12-03 17:57 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Malwarebytes
2013-12-03 17:57 - 2013-12-03 17:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-03 17:57 - 2013-12-03 17:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-03 17:57 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-03 17:56 - 2013-12-03 17:56 - 01034531 _____ (Thisisu) C:\Users\Anna\Downloads\JRT.exe
2013-12-03 17:55 - 2013-12-03 17:55 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Anna\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-03 17:55 - 2013-12-03 17:55 - 01110034 _____ C:\Users\Anna\Downloads\adwcleaner.exe
2013-12-03 14:33 - 2013-12-03 14:33 - 00002265 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-01 15:53 - 2013-12-01 15:53 - 00000000 ____D C:\FRST
2013-12-01 14:50 - 2013-12-01 14:50 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-11-14 18:53 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 18:53 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 18:53 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 18:53 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 18:53 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 18:53 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 18:53 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 18:53 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-14 18:53 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-14 18:52 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 18:52 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 18:52 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 18:52 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-14 18:52 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 18:52 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 18:52 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 18:52 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 18:52 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 18:52 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 18:52 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 18:52 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 18:52 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 18:52 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 18:52 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 18:52 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-14 18:52 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-14 18:52 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-14 18:52 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-14 18:52 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 18:52 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

==================== One Month Modified Files and Folders =======

2013-12-14 12:03 - 2013-03-06 19:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-14 11:54 - 2012-04-03 18:32 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-14 11:27 - 2012-10-29 20:55 - 00000316 _____ C:\Windows\Tasks\PrintProjects Communicator.job
2013-12-14 11:20 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-14 11:08 - 2012-02-28 19:23 - 01167999 _____ C:\Windows\WindowsUpdate.log
2013-12-14 10:29 - 2012-03-28 20:20 - 00000000 ____D C:\ProgramData\Lexware
2013-12-14 10:25 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-12-14 08:37 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-14 08:37 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-14 08:34 - 2012-01-03 04:53 - 00771210 _____ C:\Windows\system32\perfh007.dat
2013-12-14 08:34 - 2012-01-03 04:53 - 00173944 _____ C:\Windows\system32\perfc007.dat
2013-12-14 08:34 - 2009-07-14 06:13 - 01799742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-14 08:30 - 2012-01-03 05:24 - 00000000 ____D C:\ProgramData\PDFC
2013-12-14 08:29 - 2012-04-03 18:32 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-14 08:29 - 2012-02-29 20:35 - 00000000 ____D C:\ProgramData\Kodak
2013-12-14 08:29 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-14 08:29 - 2009-07-14 05:51 - 00069994 _____ C:\Windows\setupact.log
2013-12-13 21:34 - 2013-04-09 19:28 - 00000000 ____D C:\Users\Anna\AppData\Local\Downloaded Installations
2013-12-13 16:47 - 2013-12-04 17:08 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{36105830-6F2B-41FE-A4C7-151C1769D162}
2013-12-13 16:45 - 2011-02-11 18:15 - 01819218 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-13 16:43 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-13 16:42 - 2009-07-14 05:45 - 00451184 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 20:05 - 2009-07-14 03:34 - 00000499 _____ C:\Windows\win.ini
2013-12-11 21:48 - 2012-02-29 18:52 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-12-11 21:43 - 2012-05-15 14:54 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-12-11 21:39 - 2012-02-29 18:50 - 00000000 ____D C:\Users\Anna\AppData\Roaming\HpUpdate
2013-12-11 21:39 - 2012-02-29 18:50 - 00000000 ____D C:\Users\Anna\AppData\Roaming\HP Support Assistant
2013-12-11 20:03 - 2013-03-06 19:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 20:03 - 2013-03-06 19:44 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 20:03 - 2013-03-06 19:44 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 06:49 - 2012-04-03 18:32 - 00004102 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-11 06:49 - 2012-04-03 18:32 - 00003850 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-11 06:43 - 2013-11-03 18:43 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAnna
2013-12-11 06:43 - 2013-11-03 18:43 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForAnna.job
2013-12-10 17:51 - 2012-09-01 15:30 - 00002228 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-04 19:24 - 2013-12-04 19:24 - 00891184 _____ C:\Users\Anna\Downloads\SecurityCheck.exe
2013-12-04 17:39 - 2013-12-04 17:39 - 02347384 _____ (ESET) C:\Users\Anna\Downloads\esetsmartinstaller_enu.exe
2013-12-04 17:08 - 2012-02-28 19:36 - 00001325 _____ C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-04 17:06 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-03 20:48 - 2013-12-03 20:42 - 00009768 _____ C:\Windows\IE11_main.log
2013-12-03 20:44 - 2013-12-03 20:44 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-03 20:44 - 2013-12-03 20:44 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-03 20:43 - 2013-12-03 20:43 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-03 20:43 - 2013-12-03 20:43 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-03 20:43 - 2013-12-03 20:43 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-03 20:43 - 2013-12-03 20:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-03 20:43 - 2013-12-03 20:43 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-03 20:43 - 2013-12-03 20:43 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-03 18:37 - 2013-12-03 18:37 - 00000193 _____ C:\Windows\WORDPAD.INI
2013-12-03 18:26 - 2013-12-03 18:26 - 00000000 ____D C:\Windows\ERUNT
2013-12-03 18:20 - 2013-12-03 18:17 - 00000000 ____D C:\AdwCleaner
2013-12-03 18:19 - 2012-04-08 17:13 - 00000000 ____D C:\ProgramData\Uniblue
2013-12-03 18:14 - 2010-11-21 04:47 - 00972674 _____ C:\Windows\PFRO.log
2013-12-03 18:11 - 2012-02-28 19:22 - 00000000 ____D C:\Users\Anna
2013-12-03 17:57 - 2013-12-03 17:57 - 00001162 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-03 17:57 - 2013-12-03 17:57 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Malwarebytes
2013-12-03 17:57 - 2013-12-03 17:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-03 17:57 - 2013-12-03 17:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-03 17:56 - 2013-12-03 17:56 - 01034531 _____ (Thisisu) C:\Users\Anna\Downloads\JRT.exe
2013-12-03 17:55 - 2013-12-03 17:55 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Anna\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-03 17:55 - 2013-12-03 17:55 - 01110034 _____ C:\Users\Anna\Downloads\adwcleaner.exe
2013-12-03 17:33 - 2012-08-10 22:44 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForANNA-HP$.job
2013-12-03 17:33 - 2012-04-17 17:41 - 00003216 _____ C:\Windows\System32\Tasks\HPCeeScheduleForANNA-HP$
2013-12-03 14:33 - 2013-12-03 14:33 - 00002265 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-03 14:33 - 2012-04-03 18:32 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-03 14:26 - 2013-03-27 10:00 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-01 21:11 - 2012-04-06 17:28 - 00000000 ____D C:\Users\Anna\AppData\Local\CrashDumps
2013-12-01 21:10 - 2013-01-20 17:56 - 00000000 ____D C:\ProgramData\tmp
2013-12-01 15:53 - 2013-12-01 15:53 - 00000000 ____D C:\FRST
2013-12-01 14:50 - 2013-12-01 14:50 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-12-01 14:50 - 2013-11-04 09:36 - 00000000 ____D C:\ProgramData\Oracle
2013-12-01 14:50 - 2012-12-16 18:56 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-01 14:50 - 2012-03-28 20:19 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-01 14:50 - 2012-03-28 20:19 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-01 14:50 - 2012-03-28 20:18 - 00000000 ____D C:\Program Files\Java
2013-11-27 18:29 - 2013-05-07 21:18 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-27 18:29 - 2013-03-27 10:00 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-27 18:29 - 2013-03-27 10:00 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-26 12:54 - 2013-12-12 20:04 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 11:19 - 2013-12-12 20:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 11:18 - 2013-12-12 20:04 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 11:11 - 2013-12-12 20:04 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 10:48 - 2013-12-12 20:04 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 10:46 - 2013-12-12 20:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 10:41 - 2013-12-12 20:04 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 10:29 - 2013-12-12 20:04 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 10:27 - 2013-12-12 20:04 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 10:23 - 2013-12-12 20:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 10:21 - 2013-12-12 20:04 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 10:18 - 2013-12-12 20:04 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 10:18 - 2013-12-12 20:04 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 10:16 - 2013-12-12 20:04 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 09:57 - 2013-12-12 20:04 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 09:38 - 2013-12-12 20:04 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 09:38 - 2013-12-12 20:04 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 09:35 - 2013-12-12 20:04 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 09:32 - 2013-12-12 20:04 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 09:28 - 2013-12-12 20:04 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 09:16 - 2013-12-12 20:04 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 09:02 - 2013-12-12 20:04 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 08:48 - 2013-12-12 20:04 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 08:32 - 2013-12-12 20:04 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-26 08:26 - 2013-12-12 20:04 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-26 08:07 - 2013-12-12 20:04 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 07:40 - 2013-12-12 20:04 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 07:34 - 2013-12-12 20:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 07:34 - 2013-12-12 20:04 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-26 07:33 - 2013-12-12 20:04 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-26 07:27 - 2013-12-12 20:04 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-24 18:55 - 2012-04-03 18:42 - 00000000 ____D C:\Users\Anna\AppData\Local\Adobe
2013-11-23 19:26 - 2013-12-12 10:39 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-23 18:47 - 2013-12-12 10:39 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-11-14 21:43 - 2013-08-14 18:04 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 21:41 - 2012-03-06 09:50 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\ProgramData\RegistryReviver.exe
C:\Users\Public\AlexaNSISPlugin.6500.dll


Some content of TEMP:
====================
C:\Users\Anna\AppData\Local\Temp\avgnt.exe
C:\Users\Anna\AppData\Local\Temp\BackupSetup.exe
C:\Users\Anna\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Anna\AppData\Local\Temp\Quarantine.exe
C:\Users\Anna\AppData\Local\Temp\Resource.exe
C:\Users\Anna\AppData\Local\Temp\sp58915.exe
C:\Users\Anna\AppData\Local\Temp\uninst1.exe
C:\Users\Anna\AppData\Local\Temp\UninstallHPSA.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-14 11:13

==================== End Of Log ============================
         
Additional:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-12-2013 01
Ran by Anna at 2013-12-14 12:05:47
Running from C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1EMAMREH
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 3.9.0.1200)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95)
aioprnt (Version: 5.3.1.0)
aioscnnr (x32 Version: 6.2.3.10)
aioscnnr (x32 Version: 7.6.13.10)
AMD APP SDK Runtime (Version: 2.4.595.10)
AMD VISION Engine Control Center (x32 Version: 2011.0531.2216.38124)
ATI Catalyst Install Manager (Version: 3.0.825.0)
Avira Antivirus Premium (x32 Version: 14.0.1.759)
Bejeweled 3 (x32 Version: 2.2.0.97)
Blasterball 3 (x32 Version: 2.2.0.97)
Bounce Symphony (x32 Version: 2.2.0.97)
Cake Mania (x32 Version: 2.2.0.95)
CANON iMAGE GATEWAY MyCamera Download Plugin (x32 Version: 3.1.1.2)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.9.0.9)
Canon MOV Decoder (x32 Version: 1.8.0.7)
Canon MOV Encoder (x32 Version: 1.6.0.1)
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.7.0.4)
Canon Utilities CameraWindow DC 8 (x32 Version: 8.4.0.3)
Canon Utilities CameraWindow Launcher (x32 Version: 7.5.0.2)
Canon Utilities Movie Uploader for YouTube (x32 Version: 1.2.0.7)
Canon Utilities MyCamera (x32 Version: 7.4.0.2)
Canon Utilities PhotoStitch (x32 Version: 3.1.22.46)
Canon Utilities ZoomBrowser EX (x32 Version: 6.7.0.24)
Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.5.0.9)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0531.2216.38124)
Catalyst Control Center InstallProxy (x32 Version: 2011.0531.2216.38124)
Catalyst Control Center Localization All (x32 Version: 2011.0531.2216.38124)
Catalyst Control Center Profiles Desktop (x32 Version: 2011.0531.2216.38124)
CCC Help Chinese Standard (x32 Version: 2011.0531.2215.38124)
CCC Help Chinese Traditional (x32 Version: 2011.0531.2215.38124)
CCC Help Czech (x32 Version: 2011.0531.2215.38124)
CCC Help Danish (x32 Version: 2011.0531.2215.38124)
CCC Help Dutch (x32 Version: 2011.0531.2215.38124)
CCC Help English (x32 Version: 2011.0531.2215.38124)
CCC Help Finnish (x32 Version: 2011.0531.2215.38124)
CCC Help French (x32 Version: 2011.0531.2215.38124)
CCC Help German (x32 Version: 2011.0531.2215.38124)
CCC Help Greek (x32 Version: 2011.0531.2215.38124)
CCC Help Hungarian (x32 Version: 2011.0531.2215.38124)
CCC Help Italian (x32 Version: 2011.0531.2215.38124)
CCC Help Japanese (x32 Version: 2011.0531.2215.38124)
CCC Help Korean (x32 Version: 2011.0531.2215.38124)
CCC Help Norwegian (x32 Version: 2011.0531.2215.38124)
CCC Help Polish (x32 Version: 2011.0531.2215.38124)
CCC Help Portuguese (x32 Version: 2011.0531.2215.38124)
CCC Help Russian (x32 Version: 2011.0531.2215.38124)
CCC Help Spanish (x32 Version: 2011.0531.2215.38124)
CCC Help Swedish (x32 Version: 2011.0531.2215.38124)
CCC Help Thai (x32 Version: 2011.0531.2215.38124)
CCC Help Turkish (x32 Version: 2011.0531.2215.38124)
ccc-utility64 (Version: 2011.0531.2216.38124)
center (x32 Version: 7.7.2.0)
Chronicles of Albian (x32 Version: 2.2.0.95)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Cradle of Rome 2 (x32 Version: 2.2.0.95)
D3DX10 (x32 Version: 15.4.2368.0902)
dm-Fotowelt (x32 Version: 5.0.4)
DriverTuner 3.1.0.0 (x32 Version: 3.1.0.0)
Duplicate Cleaner Free 3.2.1 (x32 Version: 3.2.1)
essentials (x32 Version: 7.7.2.0)
Farm Frenzy (x32 Version: 2.2.0.95)
FATE (x32 Version: 2.2.0.97)
FileHippo.com Update Checker (x32)
Fotogalerie (x32 Version: 16.4.3508.0205)
Google Chrome (x32 Version: 31.0.1650.63)
Google Earth (x32 Version: 7.1.2.2041)
Google Update Helper (x32 Version: 1.3.22.3)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95)
Haufe Formular-Manager (x32 Version: 12.05.03.0009)
Haufe iDesk-Browser (x32 Version: 12.10.08.8873)
Haufe iDesk-Service (x32 Version: 12.11.21.8888)
Haufe-Lexware ERiC (x32 Version: 15.03.00.0005)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Games (x32 Version: 1.0.2.5)
HP LinkUp (x32 Version: 2.01.028)
HP Odometer (x32 Version: 2.10.0000)
HP Setup (x32 Version: 8.7.4747.3786)
HP Setup Manager (x32 Version: 1.1.13880.3792)
HP Support Information (x32 Version: 10.1.1000)
HP Update (x32 Version: 5.002.003.003)
HP Vision Hardware Diagnostics (Version: 2.9.0.0)
HydraVision (x32 Version: 4.2.200.0)
ImageMixer VCD/DVD2 for OLYMPUS (x32 Version: 2.01.102.1)
Java 7 Update 45 (64-bit) (Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Java(TM) 6 Update 13 (64-bit) (Version: 6.0.130)
Java(TM) 6 Update 35 (x32 Version: 6.0.350)
Jewel Quest Solitaire (x32 Version: 2.2.0.95)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95)
Kodak AIO Printer (Version: 7.7.2.0)
KODAK All-in-One Software (x32 Version: 7.7.6.0)
KODAK Create@Home Software (für dm) (x32 Version: 7.3.8392)
Konz 2012 (x32 Version: 1.00.0000)
Konz 2013 (x32 Version: 1.00.0000)
LabelPrint (x32 Version: 2.5.3925)
Lexware buchhalter 2013 (x32 Version: 18.51.00.0371)
Lexware Elster (x32 Version: 13.15.00.0074)
Lexware Info Service (x32 Version: 2.90.00.0009)
Lexware online banking (x32 Version: 20.00.00.0059)
Lohnsteuer-Tabellen (x32 Version: 4.1.0.0)
Magic Desktop (x32 Version: 3.0)
Mah Jong Medley (x32 Version: 2.2.0.95)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
metaCrawler (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Mathematics (x32 Version: 4.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000)
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Movie Maker (x32 Version: 16.4.3508.0205)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97)
MyTomTom 3.2.0.1220 (x32 Version: 3.2.0.1220)
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95)
NetCologne NetDSL-Installationsdateien entfernen (x32)
ocr (x32 Version: 6.2.3.50)
OLYMPUS Master (x32 Version: 1.42.5000)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
PDF Complete Special Edition (x32 Version: 4.0.54)
Penguins! (x32 Version: 2.2.0.95)
Photo Common (x32 Version: 16.4.3508.0205)
Photo Gallery (x32 Version: 16.4.3508.0205)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Polar Bowler (x32 Version: 2.2.0.97)
Power2Go (x32 Version: 6.1.5331)
PreReq (x32 Version: 6.2.4.0)
PrintProjects (x32 Version: 1.0.0.10712)
Ratelex 2000 V. 3.6  (x32 Version: V. 3.6)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6531)
Recovery Manager (x32 Version: 5.5.0.4320)
Registry Reviver (Version: 3.0.1.142)
Remote Graphics Receiver (x32 Version: 5.4.5)
Slingo Deluxe (x32 Version: 2.2.0.95)
Steuer 2011 (x32 Version: 19.00.7304)
Steuer 2012 (x32 Version: 20.00.8137)
TeamViewer 7 (x32 Version: 7.0.12799)
TomTom HOME (x32 Version: 2.9.7)
TomTom HOME Visual Studio Merge Modules (x32 Version: 1.0.2)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update Installer for WildTangent Games App (x32)
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95)
Visual Studio C++ 10.0 Runtime (x32 Version: 10.0.0)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live Family Safety (Version: 16.4.3508.0205)
Windows Live Family Safety (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Messenger (x32 Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
Windows Live Writer (x32 Version: 16.4.3508.0205)
Windows Live Writer Resources (x32 Version: 16.4.3508.0205)
Windows Media Center Add-in for Silverlight (x32 Version: 4.7.3.0)
Zinio Reader 4 (x32 Version: 4.2.4164)
Zuma Deluxe (x32 Version: 2.2.0.95)

==================== Restore Points  =========================

01-12-2013 13:49:33 Installed Java 7 Update 45 (64-bit)
03-12-2013 13:32:49 Installed Google Earth.
03-12-2013 16:15:45 Windows Update
03-12-2013 19:42:38 Windows Update
10-12-2013 16:37:11 Windows Update
12-12-2013 19:02:40 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {084E5737-9EA6-4B77-9FE8-88183F13907D} - \MetaCrawler No Task File
Task: {18BFF88D-C4A0-4389-8B09-15CB107F82DC} - System32\Tasks\{9BEDB6C5-D123-44AF-97EF-9C193BF9EC97} => C:\Program Files (x86)\McAfee Security Scan\3.0.207\mcuicnt.exe
Task: {19808A24-27C9-4632-8236-45CEBD6F94F9} - System32\Tasks\{B19BFBD3-22E7-40B1-8092-5E0933F64BFB} => C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe [2013-11-27] (Avira Operations GmbH & Co. KG)
Task: {208DDB4F-44CF-4B94-8BFF-0D16CA12594F} - System32\Tasks\{5B24A3E6-8484-451D-AC85-8119A1AA3093} => Chrome.exe 
Task: {2898FA0B-BFB3-4255-BA06-E621803BA92B} - System32\Tasks\{5EE4981E-4C60-4D95-A137-28D6B1684E15} => G:\Fehler 0x8004210A\setup.exe
Task: {28C53F3E-7359-46D2-91EC-6F86E7A08FAD} - System32\Tasks\{81587730-B882-4280-AEF9-DA69CD1E799F} => C:\Program Files (x86)\McAfee Security Scan\3.0.207\mcuicnt.exe
Task: {2C258B51-4D4B-4A60-B867-2F4C95216304} - System32\Tasks\{D56307B7-5708-42CF-AC0F-ABE15B9FA25B} => G:\Fehler 0x8004210A\setup.exe
Task: {2C283087-C7AF-4A3D-9A41-F90ABD3742CC} - System32\Tasks\{C1E8B04E-84D0-4D81-9BFF-A03FCA749C81} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.3.0.111.396/de/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {33CCD810-6700-4215-8F61-04878E3E7CE6} - System32\Tasks\{32F73D83-6C58-4536-AD9E-F14806ECF03F} => C:\Program Files (x86)\Uniblue\PowerSuite\launcher.exe
Task: {3AE89158-85A2-480F-AEDD-A720F74D92DF} - System32\Tasks\Start Registry Reviver for Anna-HP@Anna(scheduling) => C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe [2013-09-10] (ReviverSoft LLC)
Task: {3B08B24C-0FF2-4CB1-95AE-784EFC5D0EDB} - System32\Tasks\{ACF5D4BD-FF59-4B01-91B2-970FACBCBEDE} => C:\Windows\ISW\netcol.dsl\signup\service.exe [2003-07-30] (ProDyne)
Task: {3C581A9D-01E7-4546-9F80-4285FE0F374E} - System32\Tasks\{CCB9DD6C-4693-44B6-BC40-1C7E28B676E4} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.3.0.111.396/de/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {46E5FF93-CC87-4037-94CC-037139968D8C} - System32\Tasks\{09F221CF-5372-4EBC-A941-0C25D8BA0C4F} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.3.0.111.396/de/eula
Task: {56C8A226-B660-433D-847E-E8CB350F927B} - System32\Tasks\{76E36731-5736-4569-85A6-FE0670CEAF75} => G:\Programme\stman2012.exe
Task: {5D6F3C68-F43D-40C6-AF2C-A5AF23EC9D8D} - System32\Tasks\{9E4DEDD3-6C2E-4CBE-9972-C7B59E61036B} => Chrome.exe 
Task: {661B4304-FA5E-4BC0-AC4C-8F8AE71EFE85} - System32\Tasks\PrintProjects Communicator => C:\ProgramData\PrintProjects\Communicator.exe [2013-01-27] ()
Task: {6679333B-5E69-4B0C-9204-7B147E778085} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)
Task: {67CBE5E6-DAE4-4E11-A357-AE187C95906A} - \Dealply No Task File
Task: {6C483C03-8FD1-44E0-B84D-6247FFC4C7B3} - System32\Tasks\{BF4AD9D4-27AD-4FEE-871B-FF0CDF4C02FD} => C:\Program Files (x86)\Uniblue\PowerSuite\launcher.exe
Task: {6C5C22AF-0EE2-4D92-AA4A-173933E27239} - System32\Tasks\{97ED5C55-9D35-4713-8D4F-DCC5A954C281} => C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\OLYMPUS Master.exe [2006-05-16] (OLYMPUS IMAGING CORP.)
Task: {6FD9D447-9D2F-41A4-AAAD-CFA0D1EFA4E9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-09-23] (Hewlett-Packard Company)
Task: {8800D31B-1993-4306-872E-28A27E87D4A6} - System32\Tasks\{86A7E65F-EA74-48C8-BE48-F829E2218ADE} => C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\OLYMPUS Master.exe [2006-05-16] (OLYMPUS IMAGING CORP.)
Task: {919AFD07-5D0C-4DE1-8170-76E2CDCAE020} - System32\Tasks\0 => Iexplore.exe 
Task: {9A867098-A4E0-4FC0-A2F2-819C511136C7} - System32\Tasks\{4B9CC145-EDE1-43FE-9507-F860382684C0} => C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe [2013-11-27] (Avira Operations GmbH & Co. KG)
Task: {A3D13AB7-45E4-45BC-8FB2-5904025C656E} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-07-21] (CyberLink)
Task: {B45E8B42-3FED-4187-B7E0-440FED723D16} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-03] (Google Inc.)
Task: {B5F9F659-CB8C-4427-AC83-E073C6B9CD37} - System32\Tasks\{E39B35A4-6CFE-49B7-8891-C89ED75D6ABA} => Chrome.exe 
Task: {B91F8336-43B0-48BE-BE95-E850F143FDDE} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-06-15] ()
Task: {C0CBB9F9-205D-4CBC-8888-FD067B9F6D65} - System32\Tasks\{FC35D34F-B49D-4354-AB3C-12AF5B01AE0A} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.3.0.111.396/de/eula
Task: {C6273A4B-2967-47BA-863B-4584F06F05FE} - System32\Tasks\{69B65542-C7B3-414B-8887-24545BB287E6} => C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\ZoomBrowser.exe [2010-10-28] ()
Task: {C9F85312-E50E-4851-95A7-AD7F1088E2CC} - System32\Tasks\{549F9680-829F-4CB3-B1E7-6CDD14632762} => C:\Program Files (x86)\Uniblue\PowerSuite\launcher.exe
Task: {D1E8142B-02C7-42A5-A48C-6E5B9B666524} - System32\Tasks\{4865926C-8A7E-4A41-84BC-586F1DFCEEB9} => C:\Windows\ISW\netcol.dsl\signup\service.exe [2003-07-30] (ProDyne)
Task: {D700C092-3399-41FE-BDCE-24E066236C65} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {E3E76A49-EADB-4556-94A9-693C048A0EB4} - System32\Tasks\{892FFB6F-60EC-45AD-8761-7DF820F915FD} => C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\OLYMPUS Master.exe [2006-05-16] (OLYMPUS IMAGING CORP.)
Task: {EC92B5DD-48DD-4006-BB47-42E77E31AFFA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {ECE8C452-3F6F-493C-A448-77F5A2256E5D} - System32\Tasks\HPCeeScheduleForAnna => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {F1C80705-9190-4C5F-9087-68B55427A86F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {F75561FD-3233-4E3E-8252-DEFD36A3211B} - System32\Tasks\4563 => C:\Users\Anna\AppData\Local\Temp\launchie.vbsC:\Users\Anna\AppData\Local\Temp\launchie.vbs //B
Task: {F926BAC4-1F1B-4723-93A3-24BD9FFFAFA7} - System32\Tasks\{F925D1D6-B290-4F3D-97B0-3A1CB3D2EE55} => C:\Program Files (x86)\Uniblue\PowerSuite\launcher.exe
Task: {FA209C9C-3F6D-4E9A-87D9-BDB268ECBC14} - System32\Tasks\{55DFE667-D8AD-4CD7-8B29-E68BA369E5C1} => G:\Fehler 0x8004210A\setup.exe
Task: {FD8A9183-5055-4469-8667-FE183FD0047A} - System32\Tasks\{104A9456-5371-4F06-9435-57CFB4552876} => G:\Programme\stman2012.exe
Task: {FDBAB1AA-1C65-4A66-88EE-C55F41B78BB2} - \BitGuard No Task File
Task: {FEB83217-414D-4B5F-A80F-4A7C8AA6DD27} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-03] (Google Inc.)
Task: {FF80DD1C-03A9-4E20-9E16-E33B3E5B6C21} - System32\Tasks\HPCeeScheduleForANNA-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForANNA-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForAnna.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PrintProjects Communicator.job => C:\ProgramData\PrintProjects\Communicator.exe
Task: C:\Windows\Tasks\Start Registry Reviver for Anna-HP@Anna(scheduling).job => C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe

==================== Loaded Modules (whitelisted) =============

2012-11-08 15:31 - 2012-11-08 15:21 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-11-20 00:32 - 2012-11-20 00:32 - 00103824 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\pywintypes24.dll
2012-11-21 00:24 - 2012-11-21 00:24 - 00071056 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\zlib.pyd
2012-11-21 00:31 - 2012-11-21 00:31 - 00032144 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32process.pyd
2012-11-21 00:31 - 2012-11-21 00:31 - 00019344 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32event.pyd
2012-11-21 00:24 - 2012-11-21 00:24 - 00054672 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\_socket.pyd
2012-11-21 00:24 - 2012-11-21 00:24 - 00017296 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\_ssl.pyd
2012-11-21 00:19 - 2012-11-21 00:19 - 00832912 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\LIBEAY32.dll
2012-11-21 00:19 - 2012-11-21 00:19 - 00161168 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\SSLEAY32.dll
2012-11-21 00:31 - 2012-11-21 00:31 - 00075152 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32api.pyd
2012-11-21 00:31 - 2012-11-21 00:31 - 00019344 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32evtlog.pyd
2012-11-21 00:31 - 2012-11-21 00:31 - 00029584 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\servicemanager.pyd
2012-11-21 00:31 - 2012-11-21 00:31 - 00083344 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32file.pyd
2012-11-21 00:31 - 2012-11-21 00:31 - 00021392 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32pipe.pyd
2012-11-21 00:31 - 2012-11-21 00:31 - 00107920 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32security.pyd
2012-11-21 00:31 - 2012-11-21 00:31 - 00037776 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32service.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00021392 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\persistent.cPersistence.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00014224 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\persistent.TimeStamp.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00020880 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\persistent.cPickleCache.pyd
2012-11-21 01:40 - 2012-11-21 01:40 - 00026512 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Acquisition._Acquisition.pyd
2012-11-21 01:40 - 2012-11-21 01:40 - 00020880 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\ExtensionClass._ExtensionClass.pyd
2012-11-21 01:40 - 2012-11-21 01:40 - 00010640 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\ComputedAttribute._ComputedAttribute.pyd
2012-11-21 01:40 - 2012-11-21 01:40 - 00027024 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\AccessControl.cAccessControl.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00013200 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Record._Record.pyd
2012-11-21 01:40 - 2012-11-21 01:40 - 00020368 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\DocumentTemplate.cDocumentTemplate.pyd
2012-11-21 00:24 - 2012-11-21 00:24 - 00140688 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\pyexpat.pyd
2012-11-21 01:40 - 2012-11-21 01:40 - 00058768 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._OOBTree.pyd
2012-11-21 01:40 - 2012-11-21 01:40 - 00062864 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._OIBTree.pyd
2012-11-21 01:40 - 2012-11-21 01:40 - 00062864 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._IOBTree.pyd
2012-11-21 01:40 - 2012-11-21 01:40 - 00062864 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._IIBTree.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00011152 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Persistence._Persistence.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00010128 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\MethodObject._MethodObject.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00011152 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Missing._Missing.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00011664 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\MultiMapping._MultiMapping.pyd
2012-11-21 00:24 - 2012-11-21 00:24 - 00013712 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\select.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00010128 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\ZODB.winlock.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00010128 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Products.ZCTextIndex.stopper.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00010128 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Products.ZCTextIndex.okascore.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00341392 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\_jpype.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00013200 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\TextIndexNG2\normalizer.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00012688 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\TextIndexNG2\indexsupport.pyd
2012-03-29 05:41 - 2012-03-29 05:41 - 00607232 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\OSR32V10.dll
2012-11-21 01:40 - 2012-11-21 01:40 - 00062864 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._fsBTree.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00271760 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\M2Crypto.__m2crypto.pyd
2012-10-19 10:28 - 2012-10-19 10:28 - 00024464 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32wnet.pyd
2013-08-01 11:47 - 2013-08-01 11:47 - 00026040 _____ () C:\Program Files (x86)\MyTomTom 3\DeviceDetection.dll
2013-08-01 11:47 - 2013-08-01 11:47 - 00074680 _____ () C:\Program Files (x86)\MyTomTom 3\TomTomSupporterBase.dll
2013-08-01 11:47 - 2013-08-01 11:47 - 00317880 _____ () C:\Program Files (x86)\MyTomTom 3\TomTomSupporterProxy.dll
2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/10/2013 05:42:28 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "G:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (12/05/2013 11:07:45 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 11.0.8326.0, Zeitstempel: 0x4c1c2372
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000ce753
ID des fehlerhaften Prozesses: 0x320
Startzeit der fehlerhaften Anwendung: 0xOUTLOOK.EXE0
Pfad der fehlerhaften Anwendung: OUTLOOK.EXE1
Pfad des fehlerhaften Moduls: OUTLOOK.EXE2
Berichtskennung: OUTLOOK.EXE3

Error: (12/04/2013 07:28:20 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/04/2013 05:39:35 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/04/2013 05:39:21 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/04/2013 05:22:29 PM) (Source: Application Hang) (User: )
Description: Programm avcenter.exe, Version 14.0.1.641 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 700

Startzeit: 01cef10cae3aecf4

Endzeit: 60000

Anwendungspfad: C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe

Berichts-ID: 062aaf7c-5d00-11e3-bcad-38607789fdcd


System errors:
=============
Error: (12/14/2013 11:59:41 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Email Schutz" wurde mit folgendem dienstspezifischem Fehler beendet: %%1.

Error: (12/14/2013 08:30:22 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Email Schutz" wurde mit folgendem dienstspezifischem Fehler beendet: %%1.

Error: (12/14/2013 08:29:49 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Easybits Services for Windows" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (12/14/2013 08:29:33 AM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (12/13/2013 11:53:41 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (12/13/2013 11:42:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Email Schutz" wurde mit folgendem dienstspezifischem Fehler beendet: %%1.

Error: (12/13/2013 11:41:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Easybits Services for Windows" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (12/13/2013 11:41:10 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (12/13/2013 11:39:56 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (12/13/2013 10:52:10 PM) (Source: DCOM) (User: )
Description: C:\PROGRA~2\MICROS~1\OFFICE11\OUTLOOK.EXE -Embedding740{0006F020-0000-0000-C000-000000000046}


Microsoft Office Sessions:
=========================
Error: (12/10/2013 05:42:28 PM) (Source: Windows Backup)(User: )
Description: G:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (12/05/2013 11:07:45 AM) (Source: Application Error)(User: )
Description: OUTLOOK.EXE11.0.8326.04c1c2372ntdll.dll6.1.7601.18247521ea8e7c0000374000ce75332001cef1a0de614771C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXEC:\Windows\SysWOW64\ntdll.dll1589ab73-5d95-11e3-b36b-38607789fdcd

Error: (12/04/2013 07:28:20 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Anna\Downloads\esetsmartinstaller_enu.exe

Error: (12/04/2013 05:39:35 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Anna\Downloads\esetsmartinstaller_enu.exe

Error: (12/04/2013 05:39:21 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Anna\Downloads\esetsmartinstaller_enu.exe

Error: (12/04/2013 05:22:29 PM) (Source: Application Hang)(User: )
Description: avcenter.exe14.0.1.64170001cef10cae3aecf460000C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe062aaf7c-5d00-11e3-bcad-38607789fdcd


==================== Memory info =========================== 

Percentage of memory in use: 18%
Total physical RAM: 8178.82 MB
Available physical RAM: 6674.5 MB
Total Pagefile: 9711 MB
Available Pagefile: 7349.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1850.26 GB) (Free:1769.53 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.65 GB) (Free:1.48 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (MyDrive) (Fixed) (Total:465.76 GB) (Free:444.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: E91B7F62)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-212318814208) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 466 GB) (Disk ID: 5B5D6C0A)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Was auffällt:

Nach wie vor führt das Klicken eines Hyperlinks in Outlook dazu, dass angezeigt wird, das Plus-HD 1.6 abgestürzt sei.
Das habe ich eigentlich deinstalliert.

Außerdem lässt sich nach wie vor der Emailschutz von Antivir nicht aktivieren.

Da ist scheinbar immernoch was faul.

Alt 14.12.2013, 15:42   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Delta-Homes bzw. QV06 in IE, FF und Chrome - Standard

Delta-Homes bzw. QV06 in IE, FF und Chrome



Antivir deinstallierne und neu installieren. GLeiches mit allen Browsern.

Dann bitte nen frischen Scan mit FRST machen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Delta-Homes bzw. QV06 in IE, FF und Chrome
adware.installbrain, adware/adware.gen, adware/elex.b, adware/elex.b.1, adware/installco.hk, adware/qvo6.d, pup.bprotector, pup.optional.alexatb.a, pup.optional.babylon.a, pup.optional.besttoolbars, pup.optional.bprotector.a, pup.optional.crossrider.a, pup.optional.datamngr.a, pup.optional.dealply.a, pup.optional.delta.a, pup.optional.elex.a, pup.optional.installcore.a, pup.optional.mindspark, pup.optional.plushd.a, pup.optional.qone8, pup.optional.qvo6.a, pup.optional.speedanalysis.a, pup.optional.wajam.a, pup.optional.webcake.a, tr/wysotot.gen



Ähnliche Themen: Delta-Homes bzw. QV06 in IE, FF und Chrome


  1. Delta-Homes.com redirect entfernen
    Anleitungen, FAQs & Links - 11.10.2015 (2)
  2. delta-homes
    Plagegeister aller Art und deren Bekämpfung - 24.08.2015 (22)
  3. delta-homes browser hijacker geht nicht weg
    Log-Analyse und Auswertung - 19.06.2015 (3)
  4. delta-homes als Startseite
    Log-Analyse und Auswertung - 04.06.2015 (19)
  5. Winzipper und delta homes
    Log-Analyse und Auswertung - 28.05.2015 (19)
  6. Picexa.exe / Suchanbieter in Browsern verändert (Delta-Homes)
    Log-Analyse und Auswertung - 26.05.2015 (15)
  7. Delta Homes, noch nicht Entfernt.
    Plagegeister aller Art und deren Bekämpfung - 30.03.2015 (7)
  8. Delta-Homes lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 19.01.2015 (4)
  9. DELTA- Homes geht net weg
    Plagegeister aller Art und deren Bekämpfung - 22.12.2014 (13)
  10. Delta-homes hijack
    Plagegeister aller Art und deren Bekämpfung - 17.12.2014 (9)
  11. Den Trojaner Delta Homes von meinem PC entfernen
    Log-Analyse und Auswertung - 02.04.2014 (13)
  12. Delta-Homes im Firefox nicht zu entfernen
    Log-Analyse und Auswertung - 27.10.2013 (4)
  13. Delta-Homes in der Eingabezeile und Startseite des Chrome Browsers nicht zu entfernen.
    Plagegeister aller Art und deren Bekämpfung - 06.10.2013 (1)
  14. Delta Homes wie bekomme ich es weg?
    Plagegeister aller Art und deren Bekämpfung - 25.08.2013 (5)
  15. Firefox: Delta Homes
    Plagegeister aller Art und deren Bekämpfung - 11.07.2013 (13)

Zum Thema Delta-Homes bzw. QV06 in IE, FF und Chrome - Hallo zusammen, meine Oma (80) hat auf ihrem Rechner sich was eingefangen. Egal, welche Settings man einstellt, man landet zwangsläufig auf einer Startseite mit der URL im Beginn von QV06. - Delta-Homes bzw. QV06 in IE, FF und Chrome...
Archiv
Du betrachtest: Delta-Homes bzw. QV06 in IE, FF und Chrome auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.