Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Firefox, doppelt unterstrichene grüne Werbelinks, popup-Werbefenster öffnen automatisch

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 19.01.2014, 16:46   #1
haislbauer
 
Firefox, doppelt unterstrichene grüne Werbelinks, popup-Werbefenster öffnen automatisch - Standard

Firefox, doppelt unterstrichene grüne Werbelinks, popup-Werbefenster öffnen automatisch



Hallo zusammen,

ich habe gerade Eure Beiträge durchgestöbert und bemerkt, dass schon mehrere Nutzer mein Problem hatten: im Firefox werden beliebige Wörter einer Webseite doppelt grün und führen zu Werbelinks. Auch öffnen sich automatisch popup-Werbefenster. Woher ich diesen Virus habe, weiß ich nicht.
Ich habe gelesen, dass man zuerst mal einen FRST-Scan machen sollte. Das habe ich bereits gemacht und die beiden Codes angefügt.
Vielen Dank für Eure Hilfe. Ich bin neu hier, darum schon mal danke für Eurer Verständnis, wenn nicht gleich alles so gut klappt bei mir.

Anhang:
FRST.txt
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2014 02
Ran by LEHNER24 (ATTENTION: The logged in user is not administrator) on SC4683 on 19-01-2014 17:29:02
Running from C:\Users\LEHNER24\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Novell, Inc.) C:\Program Files (x86)\Novell\ZENworks\bin\ZenUserDaemon.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Novell, Inc.) C:\Program Files (x86)\Novell\ZENworks\esm\ZESUser.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
() C:\Windows\System32\nwtray.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(NTeWORKS) C:\Program Files (x86)\PicPick\picpick.exe
(Updater) C:\ProgramData\Updater\updater.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Novell, Inc.) C:\Program Files (x86)\Novell\ZENworks\bin\ZenNotifyIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(WatchDog) C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
(WatchDog) C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe
(WatchDog) C:\ProgramData\RHelpers\IeHelper\IeHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Dropbox, Inc.) C:\Users\LEHNER24\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
(Mozilla Corporation) C:\Users\LEHNER24\AppData\Local\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Users\LEHNER24\AppData\Local\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavMain.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavProgress.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-02-13] (IDT, Inc.)
HKLM\...\Run: [IntelPROSet] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4756240 2012-03-29] (Intel(R) Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [626552 2012-01-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [DFEPApplication] - C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7078424 2012-05-08] (Dell Inc.)
HKLM\...\Run: [NWTRAY] - C:\Windows\system32\NWTRAY.EXE [38016 2012-07-13] ()
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2747680 2013-12-04] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [ZenNotifyIcon] - C:\Program Files (x86)\Novell\Zenworks\bin\ZenNotifyIcon.exe [303104 2012-03-01] (Novell, Inc.)
HKLM-x32\...\Run: [NalView] - C:\Program Files (x86)\Novell\ZENworks\bin\nalview.exe [57344 2012-03-01] (Novell, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [929272 2013-07-17] (Sophos Limited)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [Updater] - C:\ProgramData\Updater\Updater.exe [486264 2013-12-18] (Updater)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LCredMgr: C:\Program Files\Novell\CASA\bin\lcredmgr.dll ()
HKCU\...\Run: [PicPick Start] - C:\Program Files (x86)\PicPick\picpick.exe [11438576 2012-12-21] (NTeWORKS)
HKCU\...\Run: [Luraklp] - C:\Users\LEHNER24\AppData\Roaming\WMSPDMODC.dll [460800 2013-08-12] ()
HKCU\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [486264 2013-12-18] (Updater)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [NextLive] - C:\Users\Administrator\AppData\Roaming\newnext.me\nengine.dll [1283584 2013-11-14] (NewNextDotMe)
HKCU\...\Policies\Explorer: [NoOnlinePrintsWizard] 1
HKCU\...\Policies\Explorer: [NoPublishingWizard] 1
HKCU\...\Policies\Explorer: [NoStartMenuMyGames] 1
MountPoints2: {e2b7429c-6003-11e3-a087-74e543508e02} - E:\GoWire\MPLauncher.exe
MountPoints2: {e2b742b1-6003-11e3-a087-74e543508e02} - E:\GoWire\MPLauncher.exe
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [184048 2013-12-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL,C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156256 2013-12-04] (NVIDIA Corporation)
Lsa: [Authentication Packages] msv1_0 ZenV1_0 ncv1_0
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\LEHNER24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\LEHNER24\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\LEHNER24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.uni-passau.de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.uni-passau.de
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
SearchScopes: HKLM - DefaultScope {60D4D856-18A4-4E6D-9069-F9653AFD4CEA} URL = hxxp://websearch.uni-passau.de/cgi-bin/search.cgi?q={searchTerms}&wm=beg
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {60D4D856-18A4-4E6D-9069-F9653AFD4CEA} URL = hxxp://websearch.uni-passau.de/cgi-bin/search.cgi?q={searchTerms}&wm=beg
SearchScopes: HKLM-x32 - DefaultScope {60D4D856-18A4-4E6D-9069-F9653AFD4CEA} URL = hxxp://websearch.uni-passau.de/cgi-bin/search.cgi?q={searchTerms}&wm=beg
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {60D4D856-18A4-4E6D-9069-F9653AFD4CEA} URL = hxxp://websearch.uni-passau.de/cgi-bin/search.cgi?q={searchTerms}&wm=beg
SearchScopes: HKCU - DefaultScope {9E30C1EF-B8CF-4F7C-A5F8-2044152B4018} URL = hxxp://websearch.uni-passau.de/cgi-bin/search.cgi?q={searchTerms}&wm=beg
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=6A7774E543508E02&affID=119357&tsp=5023
SearchScopes: HKCU - {51398DED-6795-403D-A22D-521C8C22EF16} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=6a77d9b9000000000000000000000000&r=494
SearchScopes: HKCU - {6B259D3B-639A-4360-BCEA-C2C5C4C8AAA5} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {85D9DFED-88CB-4362-B1D7-D01C3D5DE5B1} URL = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
SearchScopes: HKCU - {9E30C1EF-B8CF-4F7C-A5F8-2044152B4018} URL = hxxp://websearch.uni-passau.de/cgi-bin/search.cgi?q={searchTerms}&wm=beg
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: flash-Enhancer - {5A60B6BB-FA81-4EFA-AB9C-A820E2143736} - C:\Program Files (x86)\AmiExt\flashEnhancer\ie\AmiBho.dll ()
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: No Name - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -  No File
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
ShellExecuteHooks: Softwareverteilung - {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Program Files (x86)\Novell\ZENworks\bin\NalShell.dll [1427968 2012-03-01] (Novell, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E25765CE-165D-433D-8786-F1207CE512D2}: [NameServer]62.109.121.1 62.109.121.2

FireFox:
========
FF ProfilePath: C:\Users\LEHNER24\AppData\Roaming\Mozilla\Firefox\Profiles\2ape5dn6.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-12-20]
FF HKLM-x32\...\Firefox\Extensions: [ext@flash-Enhancer.com] - C:\Program Files (x86)\AmiExt\flashEnhancer\ff
FF Extension: flash-Enhancer - C:\Program Files (x86)\AmiExt\flashEnhancer\ff [2014-01-03]

==================== Services (Whitelisted) =================

R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2279960 2012-05-08] (Dell Inc.)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-11-08] (Ellora Assets Corp.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office 2010\Office14\GROOVE.EXE [50921648 2013-03-09] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-03-29] ()
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 Novell Identity Store; C:\Program Files (x86)\Novell\CASA\bin\micasad.exe [249856 2012-01-06] (Novell, Inc)
R2 Novell ZENworks Agent Service; C:\Program Files (x86)\Novell\ZENworks\bin\ZenworksWindowsService.exe [28672 2012-03-01] (Novell, Inc.)
S2 Novell ZENworks Image-Safe Data Service; C:\Program Files (x86)\Novell\ZENworks\bin\preboot\novell-zisdservice.exe [90112 2012-03-01] ()
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] ()
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] ()
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [290296 2013-10-21] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [206328 2013-10-21] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-07-17] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2012-09-17] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3109880 2013-10-21] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2012152 2013-10-21] (Sophos Limited)
R2 XTSvcMgr; C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe [20096 2012-07-13] (Novell, Inc.)
S3 ZENPreAgent; C:\Windows\novell\zenworks\bin\ZENPreAgent.exe [233472 2012-08-20] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-03-29] (Intel® Corporation)
R2 ZESService; C:\Program Files (x86)\Novell\ZENworks\esm\ZESService.exe [50344 2012-02-28] (Novell, Inc.)

==================== Drivers (Whitelisted) ====================

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [135720 2012-08-20] (Broadcom Corporation.)
R0 NCFilter; C:\Windows\System32\DRIVERS\NCFilter.sys [112256 2012-07-13] ()
R2 NCFSD; C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys [108672 2012-07-13] ()
R2 NCIOCTL; C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys [90240 2012-07-13] ()
R0 NCRecognizer; C:\Windows\System32\DRIVERS\NCRecognizer.sys [119936 2012-07-13] ()
R0 NCUncFilter; C:\Windows\System32\DRIVERS\NCUncFilter.sys [26240 2012-07-13] ()
R1 NICM; C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys [31360 2012-07-13] (Novell, Inc.)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-12-04] (NVIDIA Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2013-07-17] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2012-09-17] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2012-09-17] (Sophos Plc)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2011-11-04] (STMicroelectronics)
R0 zesdac; C:\Windows\System32\DRIVERS\zesdac.sys [27952 2012-02-28] (Novell, Inc)
S4 ZesDisk; C:\Windows\System32\DRIVERS\ZesDisk.sys [17712 2012-02-28] (Novell, Inc.)
S4 zesds; C:\Windows\System32\DRIVERS\ZesDS.sys [204080 2012-02-28] (Novell, Inc.)
S4 zesdt; C:\Windows\System32\DRIVERS\ZesDT.sys [128816 2012-02-28] (Novell, Inc.)
R0 zesfsfd; C:\Windows\System32\DRIVERS\ZESFSFD.sys [66352 2012-02-28] (Novell, Inc)
R1 ZESFW; C:\Windows\System32\DRIVERS\ZESFW.sys [58160 2011-12-15] (Novell, Inc)
S4 zesocc; C:\Windows\System32\DRIVERS\ZesOCC.sys [488240 2012-02-28] (Novell, Inc.)
R2 zestdi; C:\Windows\System32\DRIVERS\zestdi.sys [46896 2012-02-28] (Novell, Inc)
R1 ZESWIFI; C:\Windows\System32\DRIVERS\ZESWIFI.sys [36656 2011-12-15] (Novell, Inc)
U3 nccache; C:\Program Files\Novell\Client\XTier\Drivers\nccache.sys [34432 2012-07-13] (Novell, Inc.)
U3 nciom; C:\Program Files\Novell\Client\XTier\Drivers\nciom.sys [80000 2012-07-13] (Novell, Inc.)
U3 ncp; C:\Program Files\Novell\Client\XTier\Drivers\ncp.sys [78976 2012-07-13] (Novell, Inc.)
U3 ncpfsp; C:\Program Files\Novell\Client\XTier\Drivers\ncpfsp.sys [100992 2012-07-13] (Novell, Inc.)
U3 ncpl; C:\Program Files\Novell\Client\XTier\Drivers\ncpl.sys [49280 2012-07-13] (Novell, Inc.)
U3 ndm; C:\Program Files\Novell\Client\XTier\Drivers\ndm.sys [19584 2012-07-13] (Novell, Inc.)
U3 ndmndap; C:\Program Files\Novell\Client\XTier\Drivers\ndmndap.sys [83584 2012-07-13] (Novell, Inc.)
U3 niam; C:\Program Files\Novell\Client\XTier\Drivers\niam.sys [39040 2012-07-13] (Novell, Inc.)
U3 nipctl; C:\Program Files\Novell\Client\XTier\Drivers\nipctl.sys [55936 2012-07-13] (Novell, Inc.)
U3 nscm; C:\Program Files\Novell\Client\XTier\Drivers\nscm.sys [36992 2012-07-13] (Novell, Inc.)
U3 nsns; C:\Program Files\Novell\Client\XTier\Drivers\nsns.sys [25216 2012-07-13] (Novell, Inc.)
U3 nsvccost; C:\Program Files\Novell\Client\XTier\Drivers\nsvccost.sys [35968 2012-07-13] (Novell, Inc.)
U3 xtxplat; C:\Program Files\Novell\Client\XTier\Drivers\xtxplat.sys [59520 2012-07-13] (Novell, Inc.)
S4 npf; system32\drivers\npf.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-19 17:29 - 2014-01-19 17:30 - 00023094 _____ C:\Users\LEHNER24\Downloads\FRST.txt
2014-01-19 17:28 - 2014-01-19 17:28 - 02076672 _____ (Farbar) C:\Users\LEHNER24\Downloads\FRST64.exe
2014-01-19 17:28 - 2014-01-19 17:28 - 00000000 ____D C:\FRST
2014-01-19 17:22 - 2014-01-19 17:22 - 00001137 _____ C:\Users\LEHNER24\Desktop\Continue Zip Opener Installation.lnk
2014-01-19 17:13 - 2014-01-19 17:13 - 00001140 _____ C:\Users\Administrator\Desktop\Continue Zip Opener Installation.lnk
2014-01-19 17:11 - 2014-01-19 17:12 - 00680328 _____ (                                                            ) C:\Users\LEHNER24\Downloads\ZipOpenerSetup.exe
2014-01-17 16:06 - 2014-01-19 15:38 - 00000086 _____ C:\Users\LEHNER24\Desktop\Problemmeldung an das RZ.nal
2014-01-17 16:06 - 2014-01-19 15:38 - 00000086 _____ C:\Users\LEHNER24\Desktop\Firefox.nal
2014-01-17 16:06 - 2014-01-17 16:06 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RZ-Support.{763370C4-268E-4308-A60C-D8DA0342BE32}
2014-01-17 16:06 - 2014-01-17 16:06 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RZ-Installationen.{763370C4-268E-4308-A60C-D8DA0342BE32}
2014-01-17 16:06 - 2014-01-17 16:06 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RZ-Anwendungen.{763370C4-268E-4308-A60C-D8DA0342BE32}
2014-01-15 20:28 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 20:28 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 20:28 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 20:28 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 20:28 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 20:28 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 20:28 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 20:28 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 20:28 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 10:28 - 2014-01-14 10:28 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\NVIDIA
2014-01-13 10:57 - 2014-01-13 10:57 - 00001524 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2014-01-08 22:52 - 2014-01-08 23:00 - 00000000 ____D C:\Users\LEHNER24\Documents\FalkData
2014-01-08 22:47 - 2014-01-19 13:24 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\newnext.me
2014-01-08 22:47 - 2014-01-08 22:47 - 00000000 ____D C:\ProgramData\Websteroids
2014-01-08 22:41 - 2014-01-08 22:41 - 00000000 ____D C:\Users\Administrator\Documents\FalkData
2014-01-08 22:41 - 2012-03-01 13:43 - 00001340 _____ C:\Windows\SysWOW64\KMLImportPlugin.tlb
2014-01-08 22:40 - 2014-01-08 22:40 - 00001930 _____ C:\Users\Public\Desktop\Falk Navi-Manager classic.lnk
2014-01-08 22:40 - 2014-01-08 22:40 - 00000000 ____D C:\Program Files (x86)\Falk
2014-01-08 22:40 - 2012-03-01 13:45 - 00003600 _____ C:\Windows\SysWOW64\FNMPlugin.tlb
2014-01-08 22:40 - 2012-03-01 13:42 - 01089536 _____ (eHelp Corporation.) C:\Windows\SysWOW64\ROBOEX32.DLL
2014-01-08 22:39 - 2012-05-15 10:33 - 18600878 ____N C:\Users\LEHNER24\Downloads\data2.cab
2014-01-08 22:39 - 2012-05-15 10:33 - 01039399 ____N C:\Users\LEHNER24\Downloads\data1.cab
2014-01-08 22:39 - 2012-05-15 10:33 - 00470282 ____N C:\Users\LEHNER24\Downloads\setup.ibt
2014-01-08 22:39 - 2012-05-15 10:33 - 00226966 ____N C:\Users\LEHNER24\Downloads\setup.inx
2014-01-08 22:39 - 2012-05-15 10:33 - 00034895 ____N C:\Users\LEHNER24\Downloads\data1.hdr
2014-01-08 22:39 - 2012-05-15 10:33 - 00000579 ____N C:\Users\LEHNER24\Downloads\setup.ini
2014-01-08 22:39 - 2012-05-15 10:33 - 00000455 ____N C:\Users\LEHNER24\Downloads\layout.bin
2014-01-08 22:39 - 2012-05-15 09:49 - 00000000 ____D C:\Users\LEHNER24\Downloads\ActiveSync
2014-01-08 22:39 - 2005-04-07 01:39 - 00543481 ____N C:\Users\LEHNER24\Downloads\engine32.cab
2014-01-08 22:39 - 2005-04-07 01:39 - 00121064 ____N (Macrovision Corporation) C:\Users\LEHNER24\Downloads\setup.exe
2014-01-08 22:13 - 2014-01-08 22:14 - 00000000 ____D C:\Windows\WindowsMobile
2014-01-08 22:12 - 2014-01-08 22:36 - 63647153 _____ C:\Users\LEHNER24\Downloads\FaNaMa_2.11_Classic.exe
2014-01-08 21:53 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-01-08 21:52 - 2014-01-08 21:53 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-08 21:52 - 2014-01-08 21:53 - 00000000 ____D C:\Program Files\iTunes
2014-01-08 21:52 - 2014-01-08 21:53 - 00000000 ____D C:\Program Files (x86)\iTunes
2014-01-08 21:52 - 2014-01-08 21:52 - 00000000 ____D C:\Program Files\iPod
2014-01-08 21:49 - 2014-01-08 21:49 - 00000000 ____D C:\Program Files\Common Files\Apple
2014-01-08 21:40 - 2014-01-08 21:45 - 100400976 _____ (Apple Inc.) C:\Users\LEHNER24\Downloads\iTunes64Setup.exe
2014-01-06 21:01 - 2014-01-06 21:01 - 00000000 ____D C:\Users\Administrator\Documents\FormatFactory
2014-01-06 20:56 - 2014-01-07 11:58 - 00000000 ____D C:\FFOutput
2014-01-06 20:55 - 2014-01-06 20:55 - 00001204 _____ C:\Users\Administrator\Desktop\Format Factory.lnk
2014-01-06 20:55 - 2014-01-06 20:55 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2014-01-06 20:55 - 2014-01-06 20:55 - 00000000 ____D C:\Program Files (x86)\FreeTime
2014-01-06 20:42 - 2014-01-06 20:43 - 61746584 _____ (Free Time) C:\Users\LEHNER24\Downloads\FFSetup3.2.1.0.exe
2014-01-06 00:46 - 2014-01-06 00:50 - 00001467 _____ C:\Users\LEHNER24\AppData\Local\RecConfig.xml
2014-01-05 14:04 - 2014-01-05 14:04 - 00001035 _____ C:\Users\LEHNER24\Desktop\No23 Recorder.lnk
2014-01-05 14:04 - 2014-01-05 14:04 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No23 Recorder
2014-01-05 14:04 - 2014-01-05 14:04 - 00000000 ____D C:\Users\LEHNER24\AppData\Local\No23 Recorder
2014-01-05 14:03 - 2014-01-05 14:03 - 02497825 _____ (No23) C:\Users\LEHNER24\Downloads\No23Recorder2103.exe
2014-01-03 20:16 - 2014-01-03 20:16 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-03 20:16 - 2014-01-03 20:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-03 20:16 - 2014-01-03 20:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-03 20:16 - 2014-01-03 20:16 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-03 20:16 - 2014-01-03 20:16 - 00000000 ____D C:\Program Files\Java
2014-01-03 20:15 - 2014-01-03 20:16 - 30694824 _____ (Oracle Corporation) C:\Users\LEHNER24\Downloads\jre-7u45-windows-x64.exe
2014-01-03 15:52 - 2014-01-03 15:52 - 00000076 _____ C:\extensions.ini
2014-01-03 15:52 - 2014-01-03 15:52 - 00000000 ____D C:\Program Files (x86)\AmiExt
2014-01-03 15:52 - 2014-01-03 15:52 - 00000000 _____ C:\extensions.sqlite
2014-01-03 15:51 - 2014-01-08 22:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\Lollipop
2014-01-03 15:51 - 2014-01-03 21:52 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\newnext.me
2014-01-03 15:51 - 2014-01-03 15:54 - 00000000 ____D C:\Users\Administrator\AppData\Local\Mobogenie
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\Users\Administrator\Documents\Mobogenie
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\genienext
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\cache
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\Users\Administrator\.android
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\ProgramData\Updater
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\ProgramData\RHelpers
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 _____ C:\Users\Administrator\daemonprocess.txt
2014-01-03 15:49 - 2014-01-03 15:49 - 00337448 _____ (Amônétízé Ltd) C:\Users\LEHNER24\Downloads\FlashPlayersetup__5047_i230741755_il3.exe
2013-12-23 22:09 - 2014-01-18 14:25 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\com.adobe.WidgetBrowser
2013-12-22 22:37 - 2013-12-22 22:37 - 00915368 _____ (Oracle Corporation) C:\Users\LEHNER24\Downloads\jxpiinstall(2).exe
2013-12-22 22:33 - 2013-12-22 22:33 - 00471568 _____ C:\Users\LEHNER24\Downloads\Java.exe
2013-12-21 22:59 - 2014-01-16 21:26 - 00001456 _____ C:\Users\LEHNER24\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2013-12-21 20:23 - 2013-12-22 00:20 - 00000000 ____D C:\Users\LEHNER24\Documents\Unbenannte Site 2
2013-12-20 22:27 - 2013-12-20 22:27 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\PACE Anti-Piracy
2013-12-20 22:27 - 2013-12-20 22:27 - 00000000 ____D C:\Users\LEHNER24\AppData\Local\PACE Anti-Piracy
2013-12-20 22:27 - 2013-12-20 22:27 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy
2013-12-20 22:11 - 2013-12-20 22:11 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2013-12-20 21:58 - 2013-12-20 23:00 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-12-20 21:03 - 2013-12-20 21:03 - 00000000 ____D C:\Users\Administrator\Adobe Flash Builder 4.6
2013-12-20 20:48 - 2013-12-20 20:48 - 00002032 _____ C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2013-12-20 20:37 - 2011-10-17 03:00 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdralw2k.sys
2013-12-20 20:37 - 2011-10-17 03:00 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdr4_xp.sys
2013-12-20 20:36 - 2013-12-20 20:36 - 00000000 ____D C:\Program Files (x86)\My Company Name
2013-12-20 19:37 - 2013-12-20 19:55 - 00000000 ____D C:\Users\Administrator\Desktop\Adobe CS6 Master Collection
2013-12-20 16:05 - 2013-12-20 16:21 - 00000000 ____D C:\Users\LEHNER24\Desktop\Adobe CS6 Master Collection
2013-12-20 15:15 - 2013-12-20 16:02 - 00000000 ____D C:\Users\LEHNER24\AppData\Local\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-01-19 17:30 - 2014-01-19 17:29 - 00023094 _____ C:\Users\LEHNER24\Downloads\FRST.txt
2014-01-19 17:28 - 2014-01-19 17:28 - 02076672 _____ (Farbar) C:\Users\LEHNER24\Downloads\FRST64.exe
2014-01-19 17:28 - 2014-01-19 17:28 - 00000000 ____D C:\FRST
2014-01-19 17:22 - 2014-01-19 17:22 - 00001137 _____ C:\Users\LEHNER24\Desktop\Continue Zip Opener Installation.lnk
2014-01-19 17:13 - 2014-01-19 17:13 - 00001140 _____ C:\Users\Administrator\Desktop\Continue Zip Opener Installation.lnk
2014-01-19 17:12 - 2014-01-19 17:11 - 00680328 _____ (                                                            ) C:\Users\LEHNER24\Downloads\ZipOpenerSetup.exe
2014-01-19 16:51 - 2013-10-02 09:48 - 00000314 _____ C:\Windows\Tasks\DigitalSite.job
2014-01-19 16:40 - 2012-08-20 09:34 - 01768523 _____ C:\Windows\WindowsUpdate.log
2014-01-19 16:39 - 2012-08-20 12:35 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-19 16:37 - 2012-12-21 12:27 - 00000000 ____D C:\Users\LEHNER24\AppData\Local\Adobe
2014-01-19 15:38 - 2014-01-17 16:06 - 00000086 _____ C:\Users\LEHNER24\Desktop\Problemmeldung an das RZ.nal
2014-01-19 15:38 - 2014-01-17 16:06 - 00000086 _____ C:\Users\LEHNER24\Desktop\Firefox.nal
2014-01-19 13:37 - 2012-08-20 09:45 - 00000000 ____D C:\Windows\system32\Drivers\{4bb8218c-aebf-4113-882f-b10ae15c8218}
2014-01-19 13:24 - 2014-01-08 22:47 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\newnext.me
2014-01-18 14:25 - 2013-12-23 22:09 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\com.adobe.WidgetBrowser
2014-01-18 14:10 - 2012-09-14 12:12 - 00000000 ____D C:\Windows\system32\appmgmt
2014-01-17 16:12 - 2009-07-14 05:45 - 00019136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-17 16:12 - 2009-07-14 05:45 - 00019136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-17 16:07 - 2013-12-04 23:16 - 00000000 ___RD C:\Users\LEHNER24\Dropbox
2014-01-17 16:07 - 2013-12-04 23:11 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\Dropbox
2014-01-17 16:06 - 2014-01-17 16:06 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RZ-Support.{763370C4-268E-4308-A60C-D8DA0342BE32}
2014-01-17 16:06 - 2014-01-17 16:06 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RZ-Installationen.{763370C4-268E-4308-A60C-D8DA0342BE32}
2014-01-17 16:06 - 2014-01-17 16:06 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RZ-Anwendungen.{763370C4-268E-4308-A60C-D8DA0342BE32}
2014-01-17 16:06 - 2012-08-20 09:41 - 00082368 _____ C:\Windows\system32\ZCredMgr.LOG
2014-01-17 16:03 - 2012-08-20 09:42 - 00126652 _____ C:\ziswin.hst
2014-01-17 16:02 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-17 16:01 - 2012-08-16 15:46 - 00073713 _____ C:\Windows\setupact.log
2014-01-17 12:20 - 2010-11-21 07:21 - 00696870 _____ C:\Windows\system32\perfh007.dat
2014-01-17 12:20 - 2010-11-21 07:21 - 00148134 _____ C:\Windows\system32\perfc007.dat
2014-01-17 12:20 - 2009-07-14 06:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-17 11:15 - 2013-01-09 23:11 - 00000000 ____D C:\Users\LEHNER24\Documents\Any Video Converter
2014-01-17 09:10 - 2009-07-14 05:45 - 03022256 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 21:26 - 2013-12-21 22:59 - 00001456 _____ C:\Users\LEHNER24\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-01-16 09:27 - 2013-12-05 10:36 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 09:27 - 2013-12-04 23:16 - 00001032 _____ C:\Users\LEHNER24\Desktop\Dropbox.lnk
2014-01-16 09:27 - 2013-12-04 23:12 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-16 09:27 - 2012-12-21 09:57 - 00000000 ___RD C:\Users\LEHNER24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-16 09:22 - 2012-08-16 10:30 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 23:26 - 2013-03-06 14:02 - 00000000 ____D C:\Users\LEHNER24\Documents\Citavi 3
2014-01-15 22:08 - 2012-12-30 14:29 - 00000187 _____ C:\Users\LEHNER24\AppData\Roaming\default.rss
2014-01-15 00:20 - 2013-07-24 10:40 - 00000000 _____ C:\Windows\system32\vireng.log
2014-01-14 15:11 - 2013-03-16 16:04 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\Apple Computer
2014-01-14 11:00 - 2012-12-30 14:28 - 00000000 ____D C:\Users\LEHNER24\Documents\Adobe
2014-01-14 11:00 - 2012-12-21 09:57 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\Adobe
2014-01-14 10:28 - 2014-01-14 10:28 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\NVIDIA
2014-01-13 11:34 - 2012-08-20 12:32 - 00000000 ____D C:\Program Files (x86)\Adobe
2014-01-13 11:30 - 2012-12-21 10:20 - 00000000 ____D C:\Program Files\Common Files\Adobe
2014-01-13 11:10 - 2013-01-15 14:14 - 00000000 ____D C:\Program Files\Adobe
2014-01-13 11:06 - 2012-08-20 12:32 - 00000000 ____D C:\ProgramData\Adobe
2014-01-13 10:57 - 2014-01-13 10:57 - 00001524 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2014-01-09 10:47 - 2010-11-21 04:47 - 00036596 _____ C:\Windows\PFRO.log
2014-01-08 23:00 - 2014-01-08 22:52 - 00000000 ____D C:\Users\LEHNER24\Documents\FalkData
2014-01-08 22:51 - 2014-01-03 15:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\Lollipop
2014-01-08 22:47 - 2014-01-08 22:47 - 00000000 ____D C:\ProgramData\Websteroids
2014-01-08 22:41 - 2014-01-08 22:41 - 00000000 ____D C:\Users\Administrator\Documents\FalkData
2014-01-08 22:40 - 2014-01-08 22:40 - 00001930 _____ C:\Users\Public\Desktop\Falk Navi-Manager classic.lnk
2014-01-08 22:40 - 2014-01-08 22:40 - 00000000 ____D C:\Program Files (x86)\Falk
2014-01-08 22:40 - 2012-08-20 10:14 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-08 22:36 - 2014-01-08 22:12 - 63647153 _____ C:\Users\LEHNER24\Downloads\FaNaMa_2.11_Classic.exe
2014-01-08 22:14 - 2014-01-08 22:13 - 00000000 ____D C:\Windows\WindowsMobile
2014-01-08 21:53 - 2014-01-08 21:52 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-08 21:53 - 2014-01-08 21:52 - 00000000 ____D C:\Program Files\iTunes
2014-01-08 21:53 - 2014-01-08 21:52 - 00000000 ____D C:\Program Files (x86)\iTunes
2014-01-08 21:53 - 2013-11-21 19:45 - 00000000 ____D C:\Users\LEHNER24\AppData\Local\Apple Computer
2014-01-08 21:52 - 2014-01-08 21:52 - 00000000 ____D C:\Program Files\iPod
2014-01-08 21:52 - 2013-03-09 10:38 - 00000000 ____D C:\ProgramData\Apple Computer
2014-01-08 21:49 - 2014-01-08 21:49 - 00000000 ____D C:\Program Files\Common Files\Apple
2014-01-08 21:49 - 2013-03-09 10:37 - 00000000 ____D C:\ProgramData\Apple
2014-01-08 21:45 - 2014-01-08 21:40 - 100400976 _____ (Apple Inc.) C:\Users\LEHNER24\Downloads\iTunes64Setup.exe
2014-01-07 11:58 - 2014-01-06 20:56 - 00000000 ____D C:\FFOutput
2014-01-06 21:01 - 2014-01-06 21:01 - 00000000 ____D C:\Users\Administrator\Documents\FormatFactory
2014-01-06 20:55 - 2014-01-06 20:55 - 00001204 _____ C:\Users\Administrator\Desktop\Format Factory.lnk
2014-01-06 20:55 - 2014-01-06 20:55 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2014-01-06 20:55 - 2014-01-06 20:55 - 00000000 ____D C:\Program Files (x86)\FreeTime
2014-01-06 20:43 - 2014-01-06 20:42 - 61746584 _____ (Free Time) C:\Users\LEHNER24\Downloads\FFSetup3.2.1.0.exe
2014-01-06 00:50 - 2014-01-06 00:46 - 00001467 _____ C:\Users\LEHNER24\AppData\Local\RecConfig.xml
2014-01-05 14:04 - 2014-01-05 14:04 - 00001035 _____ C:\Users\LEHNER24\Desktop\No23 Recorder.lnk
2014-01-05 14:04 - 2014-01-05 14:04 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No23 Recorder
2014-01-05 14:04 - 2014-01-05 14:04 - 00000000 ____D C:\Users\LEHNER24\AppData\Local\No23 Recorder
2014-01-05 14:03 - 2014-01-05 14:03 - 02497825 _____ (No23) C:\Users\LEHNER24\Downloads\No23Recorder2103.exe
2014-01-03 21:52 - 2014-01-03 15:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\newnext.me
2014-01-03 20:27 - 2012-12-21 10:18 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2014-01-03 20:22 - 2012-08-20 12:35 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-03 20:22 - 2012-08-20 12:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-03 20:17 - 2013-12-05 10:43 - 00000000 ____D C:\ProgramData\Oracle
2014-01-03 20:16 - 2014-01-03 20:16 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-03 20:16 - 2014-01-03 20:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-03 20:16 - 2014-01-03 20:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-03 20:16 - 2014-01-03 20:16 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-03 20:16 - 2014-01-03 20:16 - 00000000 ____D C:\Program Files\Java
2014-01-03 20:16 - 2014-01-03 20:15 - 30694824 _____ (Oracle Corporation) C:\Users\LEHNER24\Downloads\jre-7u45-windows-x64.exe
2014-01-03 15:54 - 2014-01-03 15:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\Mobogenie
2014-01-03 15:52 - 2014-01-03 15:52 - 00000076 _____ C:\extensions.ini
2014-01-03 15:52 - 2014-01-03 15:52 - 00000000 ____D C:\Program Files (x86)\AmiExt
2014-01-03 15:52 - 2014-01-03 15:52 - 00000000 _____ C:\extensions.sqlite
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\Users\Administrator\Documents\Mobogenie
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\genienext
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\cache
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\Users\Administrator\.android
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\ProgramData\Updater
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\ProgramData\RHelpers
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 _____ C:\Users\Administrator\daemonprocess.txt
2014-01-03 15:51 - 2013-12-19 21:57 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2014-01-03 15:51 - 2012-08-20 09:38 - 00000000 ____D C:\Users\Administrator
2014-01-03 15:49 - 2014-01-03 15:49 - 00337448 _____ (Amônétízé Ltd) C:\Users\LEHNER24\Downloads\FlashPlayersetup__5047_i230741755_il3.exe
2013-12-24 10:38 - 2012-08-20 10:10 - 00404601 _____ C:\Windows\system32\ZenNotify.log
2013-12-24 10:37 - 2012-08-20 10:10 - 00003257 _____ C:\Windows\system32\ZENLGN.LOG
2013-12-22 22:37 - 2013-12-22 22:37 - 00915368 _____ (Oracle Corporation) C:\Users\LEHNER24\Downloads\jxpiinstall(2).exe
2013-12-22 22:33 - 2013-12-22 22:33 - 00471568 _____ C:\Users\LEHNER24\Downloads\Java.exe
2013-12-22 00:20 - 2013-12-21 20:23 - 00000000 ____D C:\Users\LEHNER24\Documents\Unbenannte Site 2
2013-12-20 23:00 - 2013-12-20 21:58 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-12-20 22:36 - 2012-08-20 13:19 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2013-12-20 22:27 - 2013-12-20 22:27 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\PACE Anti-Piracy
2013-12-20 22:27 - 2013-12-20 22:27 - 00000000 ____D C:\Users\LEHNER24\AppData\Local\PACE Anti-Piracy
2013-12-20 22:27 - 2013-12-20 22:27 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy
2013-12-20 22:11 - 2013-12-20 22:11 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2013-12-20 21:42 - 2012-12-21 09:58 - 00111480 _____ C:\Users\LEHNER24\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-20 21:03 - 2013-12-20 21:03 - 00000000 ____D C:\Users\Administrator\Adobe Flash Builder 4.6
2013-12-20 20:48 - 2013-12-20 20:48 - 00002032 _____ C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2013-12-20 20:36 - 2013-12-20 20:36 - 00000000 ____D C:\Program Files (x86)\My Company Name
2013-12-20 19:55 - 2013-12-20 19:37 - 00000000 ____D C:\Users\Administrator\Desktop\Adobe CS6 Master Collection
2013-12-20 19:35 - 2012-08-20 09:55 - 00113096 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-20 16:21 - 2013-12-20 16:05 - 00000000 ____D C:\Users\LEHNER24\Desktop\Adobe CS6 Master Collection
2013-12-20 16:02 - 2013-12-20 15:15 - 00000000 ____D C:\Users\LEHNER24\AppData\Local\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Administrator\AppData\Local\Temp\BackupSetup.exe
C:\Users\Administrator\AppData\Local\Temp\FreemakeVideoDownloader_3.6.1.0.exe
C:\Users\Administrator\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe
C:\Users\Administrator\AppData\Local\Temp\IMsetup.exe
C:\Users\Administrator\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Administrator\AppData\Local\Temp\uninst1.exe
C:\Users\Administrator\AppData\Local\Temp\v-bates.exe
C:\Users\Administrator\AppData\Local\Temp\vcredist_x64.exe
C:\Users\LEHNER24\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\LEHNER24\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\LEHNER24\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
         
Addition.txt

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2014 02
Ran by LEHNER24 (ATTENTION: The logged in user is not administrator) on SC4683 on 19-01-2014 17:29:02
Running from C:\Users\LEHNER24\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Novell, Inc.) C:\Program Files (x86)\Novell\ZENworks\bin\ZenUserDaemon.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Novell, Inc.) C:\Program Files (x86)\Novell\ZENworks\esm\ZESUser.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
() C:\Windows\System32\nwtray.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(NTeWORKS) C:\Program Files (x86)\PicPick\picpick.exe
(Updater) C:\ProgramData\Updater\updater.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Novell, Inc.) C:\Program Files (x86)\Novell\ZENworks\bin\ZenNotifyIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(WatchDog) C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
(WatchDog) C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe
(WatchDog) C:\ProgramData\RHelpers\IeHelper\IeHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Dropbox, Inc.) C:\Users\LEHNER24\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
(Mozilla Corporation) C:\Users\LEHNER24\AppData\Local\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Users\LEHNER24\AppData\Local\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavMain.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavProgress.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-02-13] (IDT, Inc.)
HKLM\...\Run: [IntelPROSet] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4756240 2012-03-29] (Intel(R) Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [626552 2012-01-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [DFEPApplication] - C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7078424 2012-05-08] (Dell Inc.)
HKLM\...\Run: [NWTRAY] - C:\Windows\system32\NWTRAY.EXE [38016 2012-07-13] ()
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2747680 2013-12-04] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [ZenNotifyIcon] - C:\Program Files (x86)\Novell\Zenworks\bin\ZenNotifyIcon.exe [303104 2012-03-01] (Novell, Inc.)
HKLM-x32\...\Run: [NalView] - C:\Program Files (x86)\Novell\ZENworks\bin\nalview.exe [57344 2012-03-01] (Novell, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [929272 2013-07-17] (Sophos Limited)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [Updater] - C:\ProgramData\Updater\Updater.exe [486264 2013-12-18] (Updater)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LCredMgr: C:\Program Files\Novell\CASA\bin\lcredmgr.dll ()
HKCU\...\Run: [PicPick Start] - C:\Program Files (x86)\PicPick\picpick.exe [11438576 2012-12-21] (NTeWORKS)
HKCU\...\Run: [Luraklp] - C:\Users\LEHNER24\AppData\Roaming\WMSPDMODC.dll [460800 2013-08-12] ()
HKCU\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [486264 2013-12-18] (Updater)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [NextLive] - C:\Users\Administrator\AppData\Roaming\newnext.me\nengine.dll [1283584 2013-11-14] (NewNextDotMe)
HKCU\...\Policies\Explorer: [NoOnlinePrintsWizard] 1
HKCU\...\Policies\Explorer: [NoPublishingWizard] 1
HKCU\...\Policies\Explorer: [NoStartMenuMyGames] 1
MountPoints2: {e2b7429c-6003-11e3-a087-74e543508e02} - E:\GoWire\MPLauncher.exe
MountPoints2: {e2b742b1-6003-11e3-a087-74e543508e02} - E:\GoWire\MPLauncher.exe
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [184048 2013-12-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL,C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156256 2013-12-04] (NVIDIA Corporation)
Lsa: [Authentication Packages] msv1_0 ZenV1_0 ncv1_0
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\LEHNER24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\LEHNER24\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\LEHNER24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.uni-passau.de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.uni-passau.de
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
SearchScopes: HKLM - DefaultScope {60D4D856-18A4-4E6D-9069-F9653AFD4CEA} URL = hxxp://websearch.uni-passau.de/cgi-bin/search.cgi?q={searchTerms}&wm=beg
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {60D4D856-18A4-4E6D-9069-F9653AFD4CEA} URL = hxxp://websearch.uni-passau.de/cgi-bin/search.cgi?q={searchTerms}&wm=beg
SearchScopes: HKLM-x32 - DefaultScope {60D4D856-18A4-4E6D-9069-F9653AFD4CEA} URL = hxxp://websearch.uni-passau.de/cgi-bin/search.cgi?q={searchTerms}&wm=beg
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {60D4D856-18A4-4E6D-9069-F9653AFD4CEA} URL = hxxp://websearch.uni-passau.de/cgi-bin/search.cgi?q={searchTerms}&wm=beg
SearchScopes: HKCU - DefaultScope {9E30C1EF-B8CF-4F7C-A5F8-2044152B4018} URL = hxxp://websearch.uni-passau.de/cgi-bin/search.cgi?q={searchTerms}&wm=beg
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=6A7774E543508E02&affID=119357&tsp=5023
SearchScopes: HKCU - {51398DED-6795-403D-A22D-521C8C22EF16} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=6a77d9b9000000000000000000000000&r=494
SearchScopes: HKCU - {6B259D3B-639A-4360-BCEA-C2C5C4C8AAA5} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {85D9DFED-88CB-4362-B1D7-D01C3D5DE5B1} URL = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
SearchScopes: HKCU - {9E30C1EF-B8CF-4F7C-A5F8-2044152B4018} URL = hxxp://websearch.uni-passau.de/cgi-bin/search.cgi?q={searchTerms}&wm=beg
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: flash-Enhancer - {5A60B6BB-FA81-4EFA-AB9C-A820E2143736} - C:\Program Files (x86)\AmiExt\flashEnhancer\ie\AmiBho.dll ()
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: No Name - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -  No File
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
ShellExecuteHooks: Softwareverteilung - {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Program Files (x86)\Novell\ZENworks\bin\NalShell.dll [1427968 2012-03-01] (Novell, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E25765CE-165D-433D-8786-F1207CE512D2}: [NameServer]62.109.121.1 62.109.121.2

FireFox:
========
FF ProfilePath: C:\Users\LEHNER24\AppData\Roaming\Mozilla\Firefox\Profiles\2ape5dn6.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-12-20]
FF HKLM-x32\...\Firefox\Extensions: [ext@flash-Enhancer.com] - C:\Program Files (x86)\AmiExt\flashEnhancer\ff
FF Extension: flash-Enhancer - C:\Program Files (x86)\AmiExt\flashEnhancer\ff [2014-01-03]

==================== Services (Whitelisted) =================

R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2279960 2012-05-08] (Dell Inc.)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-11-08] (Ellora Assets Corp.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office 2010\Office14\GROOVE.EXE [50921648 2013-03-09] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-03-29] ()
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 Novell Identity Store; C:\Program Files (x86)\Novell\CASA\bin\micasad.exe [249856 2012-01-06] (Novell, Inc)
R2 Novell ZENworks Agent Service; C:\Program Files (x86)\Novell\ZENworks\bin\ZenworksWindowsService.exe [28672 2012-03-01] (Novell, Inc.)
S2 Novell ZENworks Image-Safe Data Service; C:\Program Files (x86)\Novell\ZENworks\bin\preboot\novell-zisdservice.exe [90112 2012-03-01] ()
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] ()
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] ()
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [290296 2013-10-21] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [206328 2013-10-21] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-07-17] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2012-09-17] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3109880 2013-10-21] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2012152 2013-10-21] (Sophos Limited)
R2 XTSvcMgr; C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe [20096 2012-07-13] (Novell, Inc.)
S3 ZENPreAgent; C:\Windows\novell\zenworks\bin\ZENPreAgent.exe [233472 2012-08-20] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-03-29] (Intel® Corporation)
R2 ZESService; C:\Program Files (x86)\Novell\ZENworks\esm\ZESService.exe [50344 2012-02-28] (Novell, Inc.)

==================== Drivers (Whitelisted) ====================

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [135720 2012-08-20] (Broadcom Corporation.)
R0 NCFilter; C:\Windows\System32\DRIVERS\NCFilter.sys [112256 2012-07-13] ()
R2 NCFSD; C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys [108672 2012-07-13] ()
R2 NCIOCTL; C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys [90240 2012-07-13] ()
R0 NCRecognizer; C:\Windows\System32\DRIVERS\NCRecognizer.sys [119936 2012-07-13] ()
R0 NCUncFilter; C:\Windows\System32\DRIVERS\NCUncFilter.sys [26240 2012-07-13] ()
R1 NICM; C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys [31360 2012-07-13] (Novell, Inc.)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-12-04] (NVIDIA Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2013-07-17] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2012-09-17] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2012-09-17] (Sophos Plc)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2011-11-04] (STMicroelectronics)
R0 zesdac; C:\Windows\System32\DRIVERS\zesdac.sys [27952 2012-02-28] (Novell, Inc)
S4 ZesDisk; C:\Windows\System32\DRIVERS\ZesDisk.sys [17712 2012-02-28] (Novell, Inc.)
S4 zesds; C:\Windows\System32\DRIVERS\ZesDS.sys [204080 2012-02-28] (Novell, Inc.)
S4 zesdt; C:\Windows\System32\DRIVERS\ZesDT.sys [128816 2012-02-28] (Novell, Inc.)
R0 zesfsfd; C:\Windows\System32\DRIVERS\ZESFSFD.sys [66352 2012-02-28] (Novell, Inc)
R1 ZESFW; C:\Windows\System32\DRIVERS\ZESFW.sys [58160 2011-12-15] (Novell, Inc)
S4 zesocc; C:\Windows\System32\DRIVERS\ZesOCC.sys [488240 2012-02-28] (Novell, Inc.)
R2 zestdi; C:\Windows\System32\DRIVERS\zestdi.sys [46896 2012-02-28] (Novell, Inc)
R1 ZESWIFI; C:\Windows\System32\DRIVERS\ZESWIFI.sys [36656 2011-12-15] (Novell, Inc)
U3 nccache; C:\Program Files\Novell\Client\XTier\Drivers\nccache.sys [34432 2012-07-13] (Novell, Inc.)
U3 nciom; C:\Program Files\Novell\Client\XTier\Drivers\nciom.sys [80000 2012-07-13] (Novell, Inc.)
U3 ncp; C:\Program Files\Novell\Client\XTier\Drivers\ncp.sys [78976 2012-07-13] (Novell, Inc.)
U3 ncpfsp; C:\Program Files\Novell\Client\XTier\Drivers\ncpfsp.sys [100992 2012-07-13] (Novell, Inc.)
U3 ncpl; C:\Program Files\Novell\Client\XTier\Drivers\ncpl.sys [49280 2012-07-13] (Novell, Inc.)
U3 ndm; C:\Program Files\Novell\Client\XTier\Drivers\ndm.sys [19584 2012-07-13] (Novell, Inc.)
U3 ndmndap; C:\Program Files\Novell\Client\XTier\Drivers\ndmndap.sys [83584 2012-07-13] (Novell, Inc.)
U3 niam; C:\Program Files\Novell\Client\XTier\Drivers\niam.sys [39040 2012-07-13] (Novell, Inc.)
U3 nipctl; C:\Program Files\Novell\Client\XTier\Drivers\nipctl.sys [55936 2012-07-13] (Novell, Inc.)
U3 nscm; C:\Program Files\Novell\Client\XTier\Drivers\nscm.sys [36992 2012-07-13] (Novell, Inc.)
U3 nsns; C:\Program Files\Novell\Client\XTier\Drivers\nsns.sys [25216 2012-07-13] (Novell, Inc.)
U3 nsvccost; C:\Program Files\Novell\Client\XTier\Drivers\nsvccost.sys [35968 2012-07-13] (Novell, Inc.)
U3 xtxplat; C:\Program Files\Novell\Client\XTier\Drivers\xtxplat.sys [59520 2012-07-13] (Novell, Inc.)
S4 npf; system32\drivers\npf.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-19 17:29 - 2014-01-19 17:30 - 00023094 _____ C:\Users\LEHNER24\Downloads\FRST.txt
2014-01-19 17:28 - 2014-01-19 17:28 - 02076672 _____ (Farbar) C:\Users\LEHNER24\Downloads\FRST64.exe
2014-01-19 17:28 - 2014-01-19 17:28 - 00000000 ____D C:\FRST
2014-01-19 17:22 - 2014-01-19 17:22 - 00001137 _____ C:\Users\LEHNER24\Desktop\Continue Zip Opener Installation.lnk
2014-01-19 17:13 - 2014-01-19 17:13 - 00001140 _____ C:\Users\Administrator\Desktop\Continue Zip Opener Installation.lnk
2014-01-19 17:11 - 2014-01-19 17:12 - 00680328 _____ (                                                            ) C:\Users\LEHNER24\Downloads\ZipOpenerSetup.exe
2014-01-17 16:06 - 2014-01-19 15:38 - 00000086 _____ C:\Users\LEHNER24\Desktop\Problemmeldung an das RZ.nal
2014-01-17 16:06 - 2014-01-19 15:38 - 00000086 _____ C:\Users\LEHNER24\Desktop\Firefox.nal
2014-01-17 16:06 - 2014-01-17 16:06 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RZ-Support.{763370C4-268E-4308-A60C-D8DA0342BE32}
2014-01-17 16:06 - 2014-01-17 16:06 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RZ-Installationen.{763370C4-268E-4308-A60C-D8DA0342BE32}
2014-01-17 16:06 - 2014-01-17 16:06 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RZ-Anwendungen.{763370C4-268E-4308-A60C-D8DA0342BE32}
2014-01-15 20:28 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 20:28 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 20:28 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 20:28 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 20:28 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 20:28 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 20:28 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 20:28 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 20:28 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 10:28 - 2014-01-14 10:28 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\NVIDIA
2014-01-13 10:57 - 2014-01-13 10:57 - 00001524 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2014-01-08 22:52 - 2014-01-08 23:00 - 00000000 ____D C:\Users\LEHNER24\Documents\FalkData
2014-01-08 22:47 - 2014-01-19 13:24 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\newnext.me
2014-01-08 22:47 - 2014-01-08 22:47 - 00000000 ____D C:\ProgramData\Websteroids
2014-01-08 22:41 - 2014-01-08 22:41 - 00000000 ____D C:\Users\Administrator\Documents\FalkData
2014-01-08 22:41 - 2012-03-01 13:43 - 00001340 _____ C:\Windows\SysWOW64\KMLImportPlugin.tlb
2014-01-08 22:40 - 2014-01-08 22:40 - 00001930 _____ C:\Users\Public\Desktop\Falk Navi-Manager classic.lnk
2014-01-08 22:40 - 2014-01-08 22:40 - 00000000 ____D C:\Program Files (x86)\Falk
2014-01-08 22:40 - 2012-03-01 13:45 - 00003600 _____ C:\Windows\SysWOW64\FNMPlugin.tlb
2014-01-08 22:40 - 2012-03-01 13:42 - 01089536 _____ (eHelp Corporation.) C:\Windows\SysWOW64\ROBOEX32.DLL
2014-01-08 22:39 - 2012-05-15 10:33 - 18600878 ____N C:\Users\LEHNER24\Downloads\data2.cab
2014-01-08 22:39 - 2012-05-15 10:33 - 01039399 ____N C:\Users\LEHNER24\Downloads\data1.cab
2014-01-08 22:39 - 2012-05-15 10:33 - 00470282 ____N C:\Users\LEHNER24\Downloads\setup.ibt
2014-01-08 22:39 - 2012-05-15 10:33 - 00226966 ____N C:\Users\LEHNER24\Downloads\setup.inx
2014-01-08 22:39 - 2012-05-15 10:33 - 00034895 ____N C:\Users\LEHNER24\Downloads\data1.hdr
2014-01-08 22:39 - 2012-05-15 10:33 - 00000579 ____N C:\Users\LEHNER24\Downloads\setup.ini
2014-01-08 22:39 - 2012-05-15 10:33 - 00000455 ____N C:\Users\LEHNER24\Downloads\layout.bin
2014-01-08 22:39 - 2012-05-15 09:49 - 00000000 ____D C:\Users\LEHNER24\Downloads\ActiveSync
2014-01-08 22:39 - 2005-04-07 01:39 - 00543481 ____N C:\Users\LEHNER24\Downloads\engine32.cab
2014-01-08 22:39 - 2005-04-07 01:39 - 00121064 ____N (Macrovision Corporation) C:\Users\LEHNER24\Downloads\setup.exe
2014-01-08 22:13 - 2014-01-08 22:14 - 00000000 ____D C:\Windows\WindowsMobile
2014-01-08 22:12 - 2014-01-08 22:36 - 63647153 _____ C:\Users\LEHNER24\Downloads\FaNaMa_2.11_Classic.exe
2014-01-08 21:53 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-01-08 21:52 - 2014-01-08 21:53 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-08 21:52 - 2014-01-08 21:53 - 00000000 ____D C:\Program Files\iTunes
2014-01-08 21:52 - 2014-01-08 21:53 - 00000000 ____D C:\Program Files (x86)\iTunes
2014-01-08 21:52 - 2014-01-08 21:52 - 00000000 ____D C:\Program Files\iPod
2014-01-08 21:49 - 2014-01-08 21:49 - 00000000 ____D C:\Program Files\Common Files\Apple
2014-01-08 21:40 - 2014-01-08 21:45 - 100400976 _____ (Apple Inc.) C:\Users\LEHNER24\Downloads\iTunes64Setup.exe
2014-01-06 21:01 - 2014-01-06 21:01 - 00000000 ____D C:\Users\Administrator\Documents\FormatFactory
2014-01-06 20:56 - 2014-01-07 11:58 - 00000000 ____D C:\FFOutput
2014-01-06 20:55 - 2014-01-06 20:55 - 00001204 _____ C:\Users\Administrator\Desktop\Format Factory.lnk
2014-01-06 20:55 - 2014-01-06 20:55 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2014-01-06 20:55 - 2014-01-06 20:55 - 00000000 ____D C:\Program Files (x86)\FreeTime
2014-01-06 20:42 - 2014-01-06 20:43 - 61746584 _____ (Free Time) C:\Users\LEHNER24\Downloads\FFSetup3.2.1.0.exe
2014-01-06 00:46 - 2014-01-06 00:50 - 00001467 _____ C:\Users\LEHNER24\AppData\Local\RecConfig.xml
2014-01-05 14:04 - 2014-01-05 14:04 - 00001035 _____ C:\Users\LEHNER24\Desktop\No23 Recorder.lnk
2014-01-05 14:04 - 2014-01-05 14:04 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No23 Recorder
2014-01-05 14:04 - 2014-01-05 14:04 - 00000000 ____D C:\Users\LEHNER24\AppData\Local\No23 Recorder
2014-01-05 14:03 - 2014-01-05 14:03 - 02497825 _____ (No23) C:\Users\LEHNER24\Downloads\No23Recorder2103.exe
2014-01-03 20:16 - 2014-01-03 20:16 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-03 20:16 - 2014-01-03 20:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-03 20:16 - 2014-01-03 20:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-03 20:16 - 2014-01-03 20:16 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-03 20:16 - 2014-01-03 20:16 - 00000000 ____D C:\Program Files\Java
2014-01-03 20:15 - 2014-01-03 20:16 - 30694824 _____ (Oracle Corporation) C:\Users\LEHNER24\Downloads\jre-7u45-windows-x64.exe
2014-01-03 15:52 - 2014-01-03 15:52 - 00000076 _____ C:\extensions.ini
2014-01-03 15:52 - 2014-01-03 15:52 - 00000000 ____D C:\Program Files (x86)\AmiExt
2014-01-03 15:52 - 2014-01-03 15:52 - 00000000 _____ C:\extensions.sqlite
2014-01-03 15:51 - 2014-01-08 22:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\Lollipop
2014-01-03 15:51 - 2014-01-03 21:52 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\newnext.me
2014-01-03 15:51 - 2014-01-03 15:54 - 00000000 ____D C:\Users\Administrator\AppData\Local\Mobogenie
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\Users\Administrator\Documents\Mobogenie
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\genienext
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\cache
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\Users\Administrator\.android
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\ProgramData\Updater
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\ProgramData\RHelpers
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 _____ C:\Users\Administrator\daemonprocess.txt
2014-01-03 15:49 - 2014-01-03 15:49 - 00337448 _____ (Amônétízé Ltd) C:\Users\LEHNER24\Downloads\FlashPlayersetup__5047_i230741755_il3.exe
2013-12-23 22:09 - 2014-01-18 14:25 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\com.adobe.WidgetBrowser
2013-12-22 22:37 - 2013-12-22 22:37 - 00915368 _____ (Oracle Corporation) C:\Users\LEHNER24\Downloads\jxpiinstall(2).exe
2013-12-22 22:33 - 2013-12-22 22:33 - 00471568 _____ C:\Users\LEHNER24\Downloads\Java.exe
2013-12-21 22:59 - 2014-01-16 21:26 - 00001456 _____ C:\Users\LEHNER24\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2013-12-21 20:23 - 2013-12-22 00:20 - 00000000 ____D C:\Users\LEHNER24\Documents\Unbenannte Site 2
2013-12-20 22:27 - 2013-12-20 22:27 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\PACE Anti-Piracy
2013-12-20 22:27 - 2013-12-20 22:27 - 00000000 ____D C:\Users\LEHNER24\AppData\Local\PACE Anti-Piracy
2013-12-20 22:27 - 2013-12-20 22:27 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy
2013-12-20 22:11 - 2013-12-20 22:11 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2013-12-20 21:58 - 2013-12-20 23:00 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-12-20 21:03 - 2013-12-20 21:03 - 00000000 ____D C:\Users\Administrator\Adobe Flash Builder 4.6
2013-12-20 20:48 - 2013-12-20 20:48 - 00002032 _____ C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2013-12-20 20:37 - 2011-10-17 03:00 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdralw2k.sys
2013-12-20 20:37 - 2011-10-17 03:00 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdr4_xp.sys
2013-12-20 20:36 - 2013-12-20 20:36 - 00000000 ____D C:\Program Files (x86)\My Company Name
2013-12-20 19:37 - 2013-12-20 19:55 - 00000000 ____D C:\Users\Administrator\Desktop\Adobe CS6 Master Collection
2013-12-20 16:05 - 2013-12-20 16:21 - 00000000 ____D C:\Users\LEHNER24\Desktop\Adobe CS6 Master Collection
2013-12-20 15:15 - 2013-12-20 16:02 - 00000000 ____D C:\Users\LEHNER24\AppData\Local\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-01-19 17:30 - 2014-01-19 17:29 - 00023094 _____ C:\Users\LEHNER24\Downloads\FRST.txt
2014-01-19 17:28 - 2014-01-19 17:28 - 02076672 _____ (Farbar) C:\Users\LEHNER24\Downloads\FRST64.exe
2014-01-19 17:28 - 2014-01-19 17:28 - 00000000 ____D C:\FRST
2014-01-19 17:22 - 2014-01-19 17:22 - 00001137 _____ C:\Users\LEHNER24\Desktop\Continue Zip Opener Installation.lnk
2014-01-19 17:13 - 2014-01-19 17:13 - 00001140 _____ C:\Users\Administrator\Desktop\Continue Zip Opener Installation.lnk
2014-01-19 17:12 - 2014-01-19 17:11 - 00680328 _____ (                                                            ) C:\Users\LEHNER24\Downloads\ZipOpenerSetup.exe
2014-01-19 16:51 - 2013-10-02 09:48 - 00000314 _____ C:\Windows\Tasks\DigitalSite.job
2014-01-19 16:40 - 2012-08-20 09:34 - 01768523 _____ C:\Windows\WindowsUpdate.log
2014-01-19 16:39 - 2012-08-20 12:35 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-19 16:37 - 2012-12-21 12:27 - 00000000 ____D C:\Users\LEHNER24\AppData\Local\Adobe
2014-01-19 15:38 - 2014-01-17 16:06 - 00000086 _____ C:\Users\LEHNER24\Desktop\Problemmeldung an das RZ.nal
2014-01-19 15:38 - 2014-01-17 16:06 - 00000086 _____ C:\Users\LEHNER24\Desktop\Firefox.nal
2014-01-19 13:37 - 2012-08-20 09:45 - 00000000 ____D C:\Windows\system32\Drivers\{4bb8218c-aebf-4113-882f-b10ae15c8218}
2014-01-19 13:24 - 2014-01-08 22:47 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\newnext.me
2014-01-18 14:25 - 2013-12-23 22:09 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\com.adobe.WidgetBrowser
2014-01-18 14:10 - 2012-09-14 12:12 - 00000000 ____D C:\Windows\system32\appmgmt
2014-01-17 16:12 - 2009-07-14 05:45 - 00019136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-17 16:12 - 2009-07-14 05:45 - 00019136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-17 16:07 - 2013-12-04 23:16 - 00000000 ___RD C:\Users\LEHNER24\Dropbox
2014-01-17 16:07 - 2013-12-04 23:11 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\Dropbox
2014-01-17 16:06 - 2014-01-17 16:06 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RZ-Support.{763370C4-268E-4308-A60C-D8DA0342BE32}
2014-01-17 16:06 - 2014-01-17 16:06 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RZ-Installationen.{763370C4-268E-4308-A60C-D8DA0342BE32}
2014-01-17 16:06 - 2014-01-17 16:06 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RZ-Anwendungen.{763370C4-268E-4308-A60C-D8DA0342BE32}
2014-01-17 16:06 - 2012-08-20 09:41 - 00082368 _____ C:\Windows\system32\ZCredMgr.LOG
2014-01-17 16:03 - 2012-08-20 09:42 - 00126652 _____ C:\ziswin.hst
2014-01-17 16:02 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-17 16:01 - 2012-08-16 15:46 - 00073713 _____ C:\Windows\setupact.log
2014-01-17 12:20 - 2010-11-21 07:21 - 00696870 _____ C:\Windows\system32\perfh007.dat
2014-01-17 12:20 - 2010-11-21 07:21 - 00148134 _____ C:\Windows\system32\perfc007.dat
2014-01-17 12:20 - 2009-07-14 06:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-17 11:15 - 2013-01-09 23:11 - 00000000 ____D C:\Users\LEHNER24\Documents\Any Video Converter
2014-01-17 09:10 - 2009-07-14 05:45 - 03022256 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 21:26 - 2013-12-21 22:59 - 00001456 _____ C:\Users\LEHNER24\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-01-16 09:27 - 2013-12-05 10:36 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 09:27 - 2013-12-04 23:16 - 00001032 _____ C:\Users\LEHNER24\Desktop\Dropbox.lnk
2014-01-16 09:27 - 2013-12-04 23:12 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-16 09:27 - 2012-12-21 09:57 - 00000000 ___RD C:\Users\LEHNER24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-16 09:22 - 2012-08-16 10:30 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 23:26 - 2013-03-06 14:02 - 00000000 ____D C:\Users\LEHNER24\Documents\Citavi 3
2014-01-15 22:08 - 2012-12-30 14:29 - 00000187 _____ C:\Users\LEHNER24\AppData\Roaming\default.rss
2014-01-15 00:20 - 2013-07-24 10:40 - 00000000 _____ C:\Windows\system32\vireng.log
2014-01-14 15:11 - 2013-03-16 16:04 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\Apple Computer
2014-01-14 11:00 - 2012-12-30 14:28 - 00000000 ____D C:\Users\LEHNER24\Documents\Adobe
2014-01-14 11:00 - 2012-12-21 09:57 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\Adobe
2014-01-14 10:28 - 2014-01-14 10:28 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\NVIDIA
2014-01-13 11:34 - 2012-08-20 12:32 - 00000000 ____D C:\Program Files (x86)\Adobe
2014-01-13 11:30 - 2012-12-21 10:20 - 00000000 ____D C:\Program Files\Common Files\Adobe
2014-01-13 11:10 - 2013-01-15 14:14 - 00000000 ____D C:\Program Files\Adobe
2014-01-13 11:06 - 2012-08-20 12:32 - 00000000 ____D C:\ProgramData\Adobe
2014-01-13 10:57 - 2014-01-13 10:57 - 00001524 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2014-01-09 10:47 - 2010-11-21 04:47 - 00036596 _____ C:\Windows\PFRO.log
2014-01-08 23:00 - 2014-01-08 22:52 - 00000000 ____D C:\Users\LEHNER24\Documents\FalkData
2014-01-08 22:51 - 2014-01-03 15:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\Lollipop
2014-01-08 22:47 - 2014-01-08 22:47 - 00000000 ____D C:\ProgramData\Websteroids
2014-01-08 22:41 - 2014-01-08 22:41 - 00000000 ____D C:\Users\Administrator\Documents\FalkData
2014-01-08 22:40 - 2014-01-08 22:40 - 00001930 _____ C:\Users\Public\Desktop\Falk Navi-Manager classic.lnk
2014-01-08 22:40 - 2014-01-08 22:40 - 00000000 ____D C:\Program Files (x86)\Falk
2014-01-08 22:40 - 2012-08-20 10:14 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-08 22:36 - 2014-01-08 22:12 - 63647153 _____ C:\Users\LEHNER24\Downloads\FaNaMa_2.11_Classic.exe
2014-01-08 22:14 - 2014-01-08 22:13 - 00000000 ____D C:\Windows\WindowsMobile
2014-01-08 21:53 - 2014-01-08 21:52 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-08 21:53 - 2014-01-08 21:52 - 00000000 ____D C:\Program Files\iTunes
2014-01-08 21:53 - 2014-01-08 21:52 - 00000000 ____D C:\Program Files (x86)\iTunes
2014-01-08 21:53 - 2013-11-21 19:45 - 00000000 ____D C:\Users\LEHNER24\AppData\Local\Apple Computer
2014-01-08 21:52 - 2014-01-08 21:52 - 00000000 ____D C:\Program Files\iPod
2014-01-08 21:52 - 2013-03-09 10:38 - 00000000 ____D C:\ProgramData\Apple Computer
2014-01-08 21:49 - 2014-01-08 21:49 - 00000000 ____D C:\Program Files\Common Files\Apple
2014-01-08 21:49 - 2013-03-09 10:37 - 00000000 ____D C:\ProgramData\Apple
2014-01-08 21:45 - 2014-01-08 21:40 - 100400976 _____ (Apple Inc.) C:\Users\LEHNER24\Downloads\iTunes64Setup.exe
2014-01-07 11:58 - 2014-01-06 20:56 - 00000000 ____D C:\FFOutput
2014-01-06 21:01 - 2014-01-06 21:01 - 00000000 ____D C:\Users\Administrator\Documents\FormatFactory
2014-01-06 20:55 - 2014-01-06 20:55 - 00001204 _____ C:\Users\Administrator\Desktop\Format Factory.lnk
2014-01-06 20:55 - 2014-01-06 20:55 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2014-01-06 20:55 - 2014-01-06 20:55 - 00000000 ____D C:\Program Files (x86)\FreeTime
2014-01-06 20:43 - 2014-01-06 20:42 - 61746584 _____ (Free Time) C:\Users\LEHNER24\Downloads\FFSetup3.2.1.0.exe
2014-01-06 00:50 - 2014-01-06 00:46 - 00001467 _____ C:\Users\LEHNER24\AppData\Local\RecConfig.xml
2014-01-05 14:04 - 2014-01-05 14:04 - 00001035 _____ C:\Users\LEHNER24\Desktop\No23 Recorder.lnk
2014-01-05 14:04 - 2014-01-05 14:04 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No23 Recorder
2014-01-05 14:04 - 2014-01-05 14:04 - 00000000 ____D C:\Users\LEHNER24\AppData\Local\No23 Recorder
2014-01-05 14:03 - 2014-01-05 14:03 - 02497825 _____ (No23) C:\Users\LEHNER24\Downloads\No23Recorder2103.exe
2014-01-03 21:52 - 2014-01-03 15:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\newnext.me
2014-01-03 20:27 - 2012-12-21 10:18 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2014-01-03 20:22 - 2012-08-20 12:35 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-03 20:22 - 2012-08-20 12:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-03 20:17 - 2013-12-05 10:43 - 00000000 ____D C:\ProgramData\Oracle
2014-01-03 20:16 - 2014-01-03 20:16 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-03 20:16 - 2014-01-03 20:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-03 20:16 - 2014-01-03 20:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-03 20:16 - 2014-01-03 20:16 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-03 20:16 - 2014-01-03 20:16 - 00000000 ____D C:\Program Files\Java
2014-01-03 20:16 - 2014-01-03 20:15 - 30694824 _____ (Oracle Corporation) C:\Users\LEHNER24\Downloads\jre-7u45-windows-x64.exe
2014-01-03 15:54 - 2014-01-03 15:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\Mobogenie
2014-01-03 15:52 - 2014-01-03 15:52 - 00000076 _____ C:\extensions.ini
2014-01-03 15:52 - 2014-01-03 15:52 - 00000000 ____D C:\Program Files (x86)\AmiExt
2014-01-03 15:52 - 2014-01-03 15:52 - 00000000 _____ C:\extensions.sqlite
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\Users\Administrator\Documents\Mobogenie
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\genienext
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\cache
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\Users\Administrator\.android
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\ProgramData\Updater
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\ProgramData\RHelpers
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 _____ C:\Users\Administrator\daemonprocess.txt
2014-01-03 15:51 - 2013-12-19 21:57 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2014-01-03 15:51 - 2012-08-20 09:38 - 00000000 ____D C:\Users\Administrator
2014-01-03 15:49 - 2014-01-03 15:49 - 00337448 _____ (Amônétízé Ltd) C:\Users\LEHNER24\Downloads\FlashPlayersetup__5047_i230741755_il3.exe
2013-12-24 10:38 - 2012-08-20 10:10 - 00404601 _____ C:\Windows\system32\ZenNotify.log
2013-12-24 10:37 - 2012-08-20 10:10 - 00003257 _____ C:\Windows\system32\ZENLGN.LOG
2013-12-22 22:37 - 2013-12-22 22:37 - 00915368 _____ (Oracle Corporation) C:\Users\LEHNER24\Downloads\jxpiinstall(2).exe
2013-12-22 22:33 - 2013-12-22 22:33 - 00471568 _____ C:\Users\LEHNER24\Downloads\Java.exe
2013-12-22 00:20 - 2013-12-21 20:23 - 00000000 ____D C:\Users\LEHNER24\Documents\Unbenannte Site 2
2013-12-20 23:00 - 2013-12-20 21:58 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-12-20 22:36 - 2012-08-20 13:19 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2013-12-20 22:27 - 2013-12-20 22:27 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\PACE Anti-Piracy
2013-12-20 22:27 - 2013-12-20 22:27 - 00000000 ____D C:\Users\LEHNER24\AppData\Local\PACE Anti-Piracy
2013-12-20 22:27 - 2013-12-20 22:27 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy
2013-12-20 22:11 - 2013-12-20 22:11 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2013-12-20 21:42 - 2012-12-21 09:58 - 00111480 _____ C:\Users\LEHNER24\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-20 21:03 - 2013-12-20 21:03 - 00000000 ____D C:\Users\Administrator\Adobe Flash Builder 4.6
2013-12-20 20:48 - 2013-12-20 20:48 - 00002032 _____ C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2013-12-20 20:36 - 2013-12-20 20:36 - 00000000 ____D C:\Program Files (x86)\My Company Name
2013-12-20 19:55 - 2013-12-20 19:37 - 00000000 ____D C:\Users\Administrator\Desktop\Adobe CS6 Master Collection
2013-12-20 19:35 - 2012-08-20 09:55 - 00113096 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-20 16:21 - 2013-12-20 16:05 - 00000000 ____D C:\Users\LEHNER24\Desktop\Adobe CS6 Master Collection
2013-12-20 16:02 - 2013-12-20 15:15 - 00000000 ____D C:\Users\LEHNER24\AppData\Local\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Administrator\AppData\Local\Temp\BackupSetup.exe
C:\Users\Administrator\AppData\Local\Temp\FreemakeVideoDownloader_3.6.1.0.exe
C:\Users\Administrator\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe
C:\Users\Administrator\AppData\Local\Temp\IMsetup.exe
C:\Users\Administrator\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Administrator\AppData\Local\Temp\uninst1.exe
C:\Users\Administrator\AppData\Local\Temp\v-bates.exe
C:\Users\Administrator\AppData\Local\Temp\vcredist_x64.exe
C:\Users\LEHNER24\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\LEHNER24\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\LEHNER24\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
         

Alt 19.01.2014, 16:56   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Firefox, doppelt unterstrichene grüne Werbelinks, popup-Werbefenster öffnen automatisch - Standard

Firefox, doppelt unterstrichene grüne Werbelinks, popup-Werbefenster öffnen automatisch



Hi,

Zitat:
Windows 7 Professional Service Pack 1
HKLM-x32\...\Run: [AdobeCS6ServiceManager]
Ist das ein gewerblich genutztes System?

Zitat:
Ran by LEHNER24 (ATTENTION: The logged in user is not administrator)
Warum hast du keine Adminrechte? Ohne Adminrechte kann man nicht bereinigen
Außerdem fehlt die additions.txt
__________________

__________________

Alt 19.01.2014, 17:08   #3
haislbauer
 
Firefox, doppelt unterstrichene grüne Werbelinks, popup-Werbefenster öffnen automatisch - Standard

Firefox, doppelt unterstrichene grüne Werbelinks, popup-Werbefenster öffnen automatisch



Hi cosinus,

danke für Deine schnelle Antwort. Es handelt sich nicht um ein gewerblich genutztes System, sondern um einen Dienstrechner einer Universität, an der ich arbeite. Ich habe Admin-Rechte, war aber im Moment des Scans nicht als Admin angemeldet. Soll ich das unter meiner Admin-Kennung wiederholen? Die addition.txt hab ich gepostet, oder meinst Du eine andere Datei?
__________________

Alt 19.01.2014, 17:14   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Firefox, doppelt unterstrichene grüne Werbelinks, popup-Werbefenster öffnen automatisch - Standard

Firefox, doppelt unterstrichene grüne Werbelinks, popup-Werbefenster öffnen automatisch



Für den Dienstrechner sollte normalerweise einer der Uni-Admins zuständig sein
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.01.2014, 17:26   #5
haislbauer
 
Firefox, doppelt unterstrichene grüne Werbelinks, popup-Werbefenster öffnen automatisch - Standard

Firefox, doppelt unterstrichene grüne Werbelinks, popup-Werbefenster öffnen automatisch



Da sieht's bei uns leider mit individueller Hilfe schlecht aus. Entweder man hilft sich selbst oder die machen den Rechner platt und es ist fast unmöglich, alles wieder so herzustellen, wie es vorher war ... abgesehen von dem immensen zeitlichen Aufwand. Es würde mich daher sehr freuen, wenn ich hier auf Hilfe zählen könnte. Aber ich versteh es auch, falls ihr dafür Eure Zeit nicht opfern wollt. Trotzdem schon mal danke!


Alt 20.01.2014, 08:09   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Firefox, doppelt unterstrichene grüne Werbelinks, popup-Werbefenster öffnen automatisch - Standard

Firefox, doppelt unterstrichene grüne Werbelinks, popup-Werbefenster öffnen automatisch



Dann mach mal weiter. Neue FRST Log mit Adminrechten bitte.
__________________
--> Firefox, doppelt unterstrichene grüne Werbelinks, popup-Werbefenster öffnen automatisch

Alt 20.01.2014, 21:12   #7
haislbauer
 
Firefox, doppelt unterstrichene grüne Werbelinks, popup-Werbefenster öffnen automatisch - Standard

Firefox, doppelt unterstrichene grüne Werbelinks, popup-Werbefenster öffnen automatisch



Da ich gestern etwas verunsichert war, ob ich noch mit Hilfe rechnen kann, habe ich mich an die Empfehlungen anderer Board-Einträge mit meinem Problem gehalten und bereits Adwcleaner, Junkware und Malwarebytes über mein System laufen lassen. Sorry, das war zu voreilig und ich hoffe, Du hilfst mir trotzdem noch, das ganze abzuschließen.

Die Werbepopups und doppelt unterstrichenen grünen Werbelinks sind jetzt weg, allerdings weiß ich natürlich nicht, ob nicht doch noch versteckte Probleme im System schlummern.

Ich habe mal die Protokolle angehängt:

Adwcleaner:

Code:
ATTFilter
# AdwCleaner v3.017 - Bericht erstellt am 19/01/2014 um 19:43:27
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Administrator - SC4683
# Gestartet von : C:\Users\LEHNER24\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\RHelpers
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files\DomaIQ Uninstaller
Ordner Gelöscht : C:\Users\ADMINI~1\AppData\Local\Temp\Iminent
Ordner Gelöscht : C:\Users\LEHNER24\AppData\Roaming\newnext.me
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\genienext
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\lollipop
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Wajam
Ordner Gelöscht : C:\Users\Administrator\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Administrator\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\digitalsite
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\newnext.me
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Administrator\Documents\Mobogenie
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Datei Gelöscht : C:\Windows\Tasks\digitalsite.job

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Schlüssel Gelöscht : HKCU\Software\Classes\Applications\lollipop.exe
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [lollipop]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Updater]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Updater]
Schlüssel Gelöscht : HKLM\SOFTWARE\5d57d9dee035be48
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\DataMngr
[#] Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\lollipop
Schlüssel Gelöscht : HKCU\Software\tuguu sl
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DynConIE
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DomaIQ
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Iminent
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v

[ Datei : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [7072 octets] - [19/01/2014 19:35:20]
AdwCleaner[R1].txt - [7130 octets] - [19/01/2014 19:42:56]
AdwCleaner[S0].txt - [5777 octets] - [19/01/2014 19:43:27]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [5837 octets] ##########
         
Junkware:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Professional x64
Ran by Administrator on 19.01.2014 at 20:12:41,60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1559344680-1987030886-325594063-500\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{51398DED-6795-403D-A22D-521C8C22EF16}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{85D9DFED-88CB-4362-B1D7-D01C3D5DE5B1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9E30C1EF-B8CF-4F7C-A5F8-2044152B4018}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{60D4D856-18A4-4E6D-9069-F9653AFD4CEA}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.01.2014 at 20:18:12,92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Malwarebytes:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.19.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Administrator :: SC4683 [Administrator]

19.01.2014 20:20:36
MBAM-log-2014-01-19 (20-31-52).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 293001
Laufzeit: 8 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 13
HKCR\CLSID\{5A60B6BB-FA81-4EFA-AB9C-A820E2143736} (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{BDB0F124-48E8-43A5-A263-45A7093CF058} (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
HKCR\Interface\{5C6B193D-C4D0-4A0C-8509-8EA566380A7C} (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A60B6BB-FA81-4EFA-AB9C-A820E2143736} (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5A60B6BB-FA81-4EFA-AB9C-A820E2143736} (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5A60B6BB-FA81-4EFA-AB9C-A820E2143736} (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6} (PUP.Optional.DynConIE.A) -> Keine Aktion durchgeführt.
HKCU\Software\AmiExt\IE plugin (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\AmiExt\flash-Enhancer (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\ehmnjgkmbpbohelngpclcdhgochdeoej (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\flash-Enhancer (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{66B51873-B53D-42EC-BC1A-862EB4DB041D} (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
HKCR\Interface\{D01C1E11-ED7A-4791-8408-E63EECDA48FF} (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 2
HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744} (PUP.Optional.VBates) -> Daten:  -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{21EAF666-26B3-4a3c-ABD0-CA2F5A326744} (PUP.Optional.VBates) -> Daten: C:\Program Files\V-bates\Firefox -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 17
C:\Program Files (x86)\AmiExt\flashEnhancer (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ch (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\core (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\icons (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\icons\default (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\utils (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\locale (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\defaults (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\defaults\preferences (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\core (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Users\LEHNER24\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt.

Infizierte Dateien: 68
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\AmiBho.dll (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Users\Administrator\AppData\Local\Temp\FreemakeVideoDownloader_3.6.1.0.exe (PUP.Optional.Opencandy) -> Keine Aktion durchgeführt.
C:\Users\Administrator\AppData\Local\Temp\IMsetup.exe (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt.
C:\Users\Administrator\AppData\Local\Temp\Umbrella.exe90e8b1e (PUP.Optional.Iminent) -> Keine Aktion durchgeführt.
C:\Users\Administrator\AppData\Local\Temp\237DDD21-BAB0-7891-A6C7-94613FE8B918\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\Users\Administrator\AppData\Local\Temp\237DDD21-BAB0-7891-A6C7-94613FE8B918\MyBabylonTB.exe (PUP.Optional.Delta) -> Keine Aktion durchgeführt.
C:\Users\Administrator\AppData\Local\Temp\2D9B15B5-BAB0-7891-B063-7CAC0429566B\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\Users\Administrator\AppData\Local\Temp\2D9B15B5-BAB0-7891-B063-7CAC0429566B\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\Users\Administrator\AppData\Local\Temp\2D9B15B5-BAB0-7891-B063-7CAC0429566B\Latest\ccp.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\Administrator\AppData\Local\Temp\2D9B15B5-BAB0-7891-B063-7CAC0429566B\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\Users\Administrator\AppData\Local\Temp\2D9B15B5-BAB0-7891-B063-7CAC0429566B\Latest\DSearchLink.exe (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
C:\Users\Administrator\AppData\Local\Temp\2D9B15B5-BAB0-7891-B063-7CAC0429566B\Latest\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\Users\Administrator\AppData\Local\Temp\2D9B15B5-BAB0-7891-B063-7CAC0429566B\Latest\MyDeltaTB.exe (PUP.Optional.Delta) -> Keine Aktion durchgeführt.
C:\Users\Administrator\AppData\Local\Temp\2D9B15B5-BAB0-7891-B063-7CAC0429566B\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\Users\Administrator\AppData\Local\Temp\DIQ\FlashPlayer_151\DomaIQ.exe (Adware.DomaIQ) -> Keine Aktion durchgeführt.
C:\Users\Administrator\AppData\Local\Temp\DIQ\FlashPlayer_151\DomaIQ10.exe (Adware.DomaIQ) -> Keine Aktion durchgeführt.
C:\Users\Administrator\AppData\Local\Temp\DIQ\FlashPlayer_151\exes.zip (Adware.DomaIQ) -> Keine Aktion durchgeführt.
C:\Users\Administrator\AppData\Local\Temp\DIQ\FlashPlayer_151\software\Delta Babylon.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\Users\Administrator\AppData\Local\Temp\DIQ\FlashPlayer_151\software\FlashPlayer.exe (Trojan.DomaIQ) -> Keine Aktion durchgeführt.
C:\Users\Administrator\AppData\Local\Temp\DIQ\FlashPlayer_151\software\OptimizerPro.exe (PUP.Optional.OptimizePro.A) -> Keine Aktion durchgeführt.
C:\Users\Administrator\AppData\Local\Temp\flashEnhancer1\Install\flashEnhancerInstaller.exe (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Users\Administrator\AppData\Local\Temp\is357113909\92411529_stp\DeltaTB.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\Users\Administrator\AppData\Local\Temp\is357113909\92411713_stp\rcpsetup_adppi_adppi.exe (PUP.Optional.RegCleanerPro) -> Keine Aktion durchgeführt.
C:\Users\Administrator\AppData\Local\Temp\is357113909\92411724_stp\wajam_download.exe (PUP.Optional.Wajam) -> Keine Aktion durchgeführt.
C:\Users\LEHNER24\AppData\Local\Temp\3mjYZijy.exe.part (PUP.BundleInstaller.DW) -> Keine Aktion durchgeführt.
C:\Users\LEHNER24\AppData\Local\Temp\WvynPDGY.exe.part (PUP.BundleInstaller.DW) -> Keine Aktion durchgeführt.
C:\Windows\Temp\INJ001\ExtensionUpdate.exe (PUP.Optional.VbatesHelper.A) -> Keine Aktion durchgeführt.
C:\Users\LEHNER24\Downloads\FlashPlayersetup__5047_i230741755_il3.exe (PUP.Optional.InstallMonetizer) -> Keine Aktion durchgeführt.
C:\Users\LEHNER24\Downloads\FlashPlayer_V.62078867b.exe (Adware.DomaIQ) -> Keine Aktion durchgeführt.
C:\Users\LEHNER24\Downloads\FlashPlayer_V.98127318b.exe (Adware.DomaIQ) -> Keine Aktion durchgeführt.
C:\Users\LEHNER24\Downloads\FreemakeVideo361DownloaderSetup.exe (PUP.Optional.Opencandy) -> Keine Aktion durchgeführt.
C:\Users\LEHNER24\Downloads\iLividSetup-r418-n-bf(1).exe (PUP.Optional.Bandoo) -> Keine Aktion durchgeführt.
C:\Users\LEHNER24\Downloads\iLividSetup-r418-n-bf.exe (PUP.Optional.Bandoo) -> Keine Aktion durchgeführt.
C:\Users\LEHNER24\Downloads\Java.exe (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\LEHNER24\Downloads\picpick_inst312.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\LEHNER24\Downloads\SoftonicDownloader_fuer_freemind.exe (PUP.Optional.Softonic) -> Keine Aktion durchgeführt.
C:\Users\LEHNER24\Downloads\SoftonicDownloader_fuer_nvu.exe (PUP.Optional.Softonic.A) -> Keine Aktion durchgeführt.
C:\Users\LEHNER24\Downloads\UltimateCodec.exe (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\uninstall.exe (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ch\flashEnhancer.crx (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\bootstrap.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome.manifest (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\install.rdf (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\preferencesWindow.xul (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\myext.xul (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\core\core.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\icons\Thumbs.db (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\icons\default\star1_32.png (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\utils\amiextension.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\utils\amihelper.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\utils\amilocal.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\utils\chaddon.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\utils\chback.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\utils\ffaddon.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\utils\hostutils.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\utils\ieaddon.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\defaults\preferences\myext.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\AmiStorage.exe (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\core\core.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\amiextension.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\amihelper.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\amilocal.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\chaddon.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\chback.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\ffaddon.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\hostutils.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\js\utils\ieaddon.js (PUP.Optional.Amonetize.A) -> Keine Aktion durchgeführt.
C:\Users\LEHNER24\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt.

(Ende)
         

Frischer FRST-Log nach der Anwendung der oben genannten Programme:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2014 02
Ran by Administrator (administrator) on SC4683 on 20-01-2014 22:09:24
Running from C:\Users\LEHNER24\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Novell, Inc) C:\Program Files (x86)\Novell\CASA\bin\micasad.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Novell, Inc.) C:\Program Files (x86)\Novell\ZENworks\bin\ZenworksWindowsService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Novell, Inc.) C:\Program Files\Novell\Client\XTier\Services\xtsvcmgr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
() C:\Windows\SysWOW64\srvany.exe
(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Novell, Inc.) C:\Program Files (x86)\Novell\ZENworks\esm\ZESService.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Novell, Inc.) C:\Program Files (x86)\Novell\ZENworks\bin\ZenUserDaemon.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
() C:\Windows\System32\nwtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Novell, Inc.) C:\Program Files (x86)\Novell\ZENworks\esm\ZESUser.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Novell, Inc.) C:\Program Files (x86)\Novell\ZENworks\bin\ZenNotifyIcon.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-02-13] (IDT, Inc.)
HKLM\...\Run: [IntelPROSet] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4756240 2012-03-29] (Intel(R) Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [626552 2012-01-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [DFEPApplication] - C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7078424 2012-05-08] (Dell Inc.)
HKLM\...\Run: [NWTRAY] - C:\Windows\system32\NWTRAY.EXE [38016 2012-07-13] ()
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2747680 2013-12-04] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [ZenNotifyIcon] - C:\Program Files (x86)\Novell\Zenworks\bin\ZenNotifyIcon.exe [303104 2012-03-01] (Novell, Inc.)
HKLM-x32\...\Run: [NalView] - C:\Program Files (x86)\Novell\ZENworks\bin\nalview.exe [57344 2012-03-01] (Novell, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [929272 2013-07-17] (Sophos Limited)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LCredMgr: C:\Program Files\Novell\CASA\bin\lcredmgr.dll ()
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Policies\Explorer: [NoOnlinePrintsWizard] 1
HKCU\...\Policies\Explorer: [NoPublishingWizard] 1
HKCU\...\Policies\Explorer: [NoStartMenuMyGames] 1
HKU\FREUND\...\Run: [AdobeBridge] - [x]
HKU\FREUND\...\Run: [lollipop] - "c:\users\administrator\appdata\local\lollipop\lollipop.exe" lollipop
HKU\FREUND\...\Run: [NextLive] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\Administrator\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\FREUND\...\Run: [Updater] - C:\ProgramData\Updater\Updater.exe [486264 2013-12-18] (Updater)
HKU\LEHNER24\...\Run: [PicPick Start] - C:\Program Files (x86)\PicPick\picpick.exe [11438576 2012-12-21] (NTeWORKS)
HKU\LEHNER24\...\Run: [Luraklp] - rundll32 "C:\Users\LEHNER24\AppData\Roaming\WMSPDMODC.dll",Aotqdhuwlov
HKU\LEHNER24\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [486264 2013-12-18] (Updater)
HKU\LEHNER24\...\Run: [AdobeBridge] - [x]
HKU\LEHNER24\...\Run: [NextLive] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\Administrator\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\LEHNER24\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe [839560 2014-01-03] (Adobe Systems Incorporated)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [184048 2013-12-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL, => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2013-10-21] (Sophos Limited)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156256 2013-12-04] (NVIDIA Corporation)
Lsa: [Authentication Packages] msv1_0 ZenV1_0 ncv1_0
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\FREUND\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\LEHNER24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\LEHNER24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)

==================== Internet (Whitelisted) ====================

ProxyServer: hxxp://www-cache.rz.uni-passau.de:3128
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.uni-passau.de
SearchScopes: HKLM - DefaultScope {60D4D856-18A4-4E6D-9069-F9653AFD4CEA} URL = hxxp://websearch.uni-passau.de/cgi-bin/search.cgi?q={searchTerms}&wm=beg
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {60D4D856-18A4-4E6D-9069-F9653AFD4CEA} URL = hxxp://websearch.uni-passau.de/cgi-bin/search.cgi?q={searchTerms}&wm=beg
SearchScopes: HKCU - DefaultScope {60D4D856-18A4-4E6D-9069-F9653AFD4CEA} URL = 
SearchScopes: HKCU - {6B259D3B-639A-4360-BCEA-C2C5C4C8AAA5} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
ShellExecuteHooks: ZENworks Adaptive Agent - {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Program Files (x86)\Novell\ZENworks\bin\NalShell.dll [1427968 2012-03-01] (Novell, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome: 
=======
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf [2013-11-20]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2279960 2012-05-08] (Dell Inc.)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-11-08] (Ellora Assets Corp.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
S3 Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office 2010\Office14\GROOVE.EXE [50921648 2013-03-09] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-03-29] ()
R2 Novell Identity Store; C:\Program Files (x86)\Novell\CASA\bin\micasad.exe [249856 2012-01-06] (Novell, Inc)
R2 Novell ZENworks Agent Service; C:\Program Files (x86)\Novell\ZENworks\bin\ZenworksWindowsService.exe [28672 2012-03-01] (Novell, Inc.)
S2 Novell ZENworks Image-Safe Data Service; C:\Program Files (x86)\Novell\ZENworks\bin\preboot\novell-zisdservice.exe [90112 2012-03-01] ()
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] ()
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] ()
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [290296 2013-10-21] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [206328 2013-10-21] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-07-17] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2012-09-17] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3109880 2013-10-21] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2012152 2013-10-21] (Sophos Limited)
R2 XTSvcMgr; C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe [20096 2012-07-13] (Novell, Inc.)
S3 ZENPreAgent; C:\Windows\novell\zenworks\bin\ZENPreAgent.exe [233472 2012-08-20] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-03-29] (Intel® Corporation)
R2 ZESService; C:\Program Files (x86)\Novell\ZENworks\esm\ZESService.exe [50344 2012-02-28] (Novell, Inc.)

==================== Drivers (Whitelisted) ====================

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [135720 2012-08-20] (Broadcom Corporation.)
R0 NCFilter; C:\Windows\System32\DRIVERS\NCFilter.sys [112256 2012-07-13] ()
R2 NCFSD; C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys [108672 2012-07-13] ()
R2 NCIOCTL; C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys [90240 2012-07-13] ()
R0 NCRecognizer; C:\Windows\System32\DRIVERS\NCRecognizer.sys [119936 2012-07-13] ()
R0 NCUncFilter; C:\Windows\System32\DRIVERS\NCUncFilter.sys [26240 2012-07-13] ()
R1 NICM; C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys [31360 2012-07-13] (Novell, Inc.)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-12-04] (NVIDIA Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2013-07-17] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2012-09-17] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2012-09-17] (Sophos Plc)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2011-11-04] (STMicroelectronics)
R0 zesdac; C:\Windows\System32\DRIVERS\zesdac.sys [27952 2012-02-28] (Novell, Inc)
S4 ZesDisk; C:\Windows\System32\DRIVERS\ZesDisk.sys [17712 2012-02-28] (Novell, Inc.)
S4 zesds; C:\Windows\System32\DRIVERS\ZesDS.sys [204080 2012-02-28] (Novell, Inc.)
S4 zesdt; C:\Windows\System32\DRIVERS\ZesDT.sys [128816 2012-02-28] (Novell, Inc.)
R0 zesfsfd; C:\Windows\System32\DRIVERS\ZESFSFD.sys [66352 2012-02-28] (Novell, Inc)
R1 ZESFW; C:\Windows\System32\DRIVERS\ZESFW.sys [58160 2011-12-15] (Novell, Inc)
S4 zesocc; C:\Windows\System32\DRIVERS\ZesOCC.sys [488240 2012-02-28] (Novell, Inc.)
R2 zestdi; C:\Windows\System32\DRIVERS\zestdi.sys [46896 2012-02-28] (Novell, Inc)
R1 ZESWIFI; C:\Windows\System32\DRIVERS\ZESWIFI.sys [36656 2011-12-15] (Novell, Inc)
U3 nccache; C:\Program Files\Novell\Client\XTier\Drivers\nccache.sys [34432 2012-07-13] (Novell, Inc.)
U3 nciom; C:\Program Files\Novell\Client\XTier\Drivers\nciom.sys [80000 2012-07-13] (Novell, Inc.)
U3 ncp; C:\Program Files\Novell\Client\XTier\Drivers\ncp.sys [78976 2012-07-13] (Novell, Inc.)
U3 ncpfsp; C:\Program Files\Novell\Client\XTier\Drivers\ncpfsp.sys [100992 2012-07-13] (Novell, Inc.)
U3 ncpl; C:\Program Files\Novell\Client\XTier\Drivers\ncpl.sys [49280 2012-07-13] (Novell, Inc.)
U3 ndm; C:\Program Files\Novell\Client\XTier\Drivers\ndm.sys [19584 2012-07-13] (Novell, Inc.)
U3 ndmndap; C:\Program Files\Novell\Client\XTier\Drivers\ndmndap.sys [83584 2012-07-13] (Novell, Inc.)
U3 niam; C:\Program Files\Novell\Client\XTier\Drivers\niam.sys [39040 2012-07-13] (Novell, Inc.)
U3 nipctl; C:\Program Files\Novell\Client\XTier\Drivers\nipctl.sys [55936 2012-07-13] (Novell, Inc.)
U3 nscm; C:\Program Files\Novell\Client\XTier\Drivers\nscm.sys [36992 2012-07-13] (Novell, Inc.)
U3 nsns; C:\Program Files\Novell\Client\XTier\Drivers\nsns.sys [25216 2012-07-13] (Novell, Inc.)
U3 nsvccost; C:\Program Files\Novell\Client\XTier\Drivers\nsvccost.sys [35968 2012-07-13] (Novell, Inc.)
U3 xtxplat; C:\Program Files\Novell\Client\XTier\Drivers\xtxplat.sys [59520 2012-07-13] (Novell, Inc.)
S3 NPF; system32\drivers\NPF.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-20 21:52 - 2014-01-20 21:52 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RZ-Support.{763370C4-268E-4308-A60C-D8DA0342BE32}
2014-01-20 21:52 - 2014-01-20 21:52 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RZ-Installationen.{763370C4-268E-4308-A60C-D8DA0342BE32}
2014-01-20 21:52 - 2014-01-20 21:52 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RZ-Anwendungen.{763370C4-268E-4308-A60C-D8DA0342BE32}
2014-01-19 20:20 - 2014-01-19 20:20 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2014-01-19 20:19 - 2014-01-19 20:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-19 20:19 - 2014-01-19 20:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-19 20:19 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-19 20:18 - 2014-01-19 20:18 - 00001503 _____ C:\Users\LEHNER24\Downloads\JRT.txt
2014-01-19 20:18 - 2014-01-19 20:18 - 00001503 _____ C:\Users\Administrator\Desktop\JRT.txt
2014-01-19 20:12 - 2014-01-19 20:12 - 00000000 ____D C:\Windows\ERUNT
2014-01-19 19:35 - 2014-01-19 19:43 - 00000000 ____D C:\AdwCleaner
2014-01-19 18:00 - 2014-01-19 18:00 - 01037068 _____ (Thisisu) C:\Users\LEHNER24\Downloads\JRT.exe
2014-01-19 17:57 - 2014-01-19 17:57 - 01236282 _____ C:\Users\LEHNER24\Downloads\adwcleaner.exe
2014-01-19 17:52 - 2014-01-19 17:52 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\LEHNER24\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-19 17:32 - 2014-01-19 17:33 - 00038110 _____ C:\Users\LEHNER24\Downloads\Addition.txt
2014-01-19 17:29 - 2014-01-20 22:09 - 00020897 _____ C:\Users\LEHNER24\Downloads\FRST.txt
2014-01-19 17:28 - 2014-01-19 17:28 - 02076672 _____ (Farbar) C:\Users\LEHNER24\Downloads\FRST64.exe
2014-01-19 17:28 - 2014-01-19 17:28 - 00000000 ____D C:\FRST
2014-01-19 17:13 - 2014-01-19 17:13 - 00001140 _____ C:\Users\Administrator\Desktop\Continue Zip Opener Installation.lnk
2014-01-19 17:11 - 2014-01-19 17:12 - 00680328 _____ (                                                            ) C:\Users\LEHNER24\Downloads\ZipOpenerSetup.exe
2014-01-15 20:28 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 20:28 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 20:28 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 20:28 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 20:28 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 20:28 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 20:28 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 20:28 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 20:28 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 10:28 - 2014-01-14 10:28 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\NVIDIA
2014-01-13 11:07 - 2014-01-13 11:07 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Adobe
2014-01-13 11:07 - 2014-01-13 11:07 - 00000000 ____D C:\Users\FREUND\AppData\Local\Adobe
2014-01-13 10:57 - 2014-01-13 10:57 - 00001524 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2014-01-08 22:52 - 2014-01-08 23:00 - 00000000 ____D C:\Users\LEHNER24\Documents\FalkData
2014-01-08 22:47 - 2014-01-08 22:47 - 00000000 ____D C:\ProgramData\Websteroids
2014-01-08 22:41 - 2014-01-08 22:41 - 00000000 ____D C:\Users\Administrator\Documents\FalkData
2014-01-08 22:41 - 2012-03-01 13:43 - 00001340 _____ C:\Windows\SysWOW64\KMLImportPlugin.tlb
2014-01-08 22:40 - 2014-01-08 22:40 - 00001930 _____ C:\Users\Public\Desktop\Falk Navi-Manager classic.lnk
2014-01-08 22:40 - 2014-01-08 22:40 - 00000000 ____D C:\Program Files (x86)\Falk
2014-01-08 22:40 - 2012-03-01 13:45 - 00003600 _____ C:\Windows\SysWOW64\FNMPlugin.tlb
2014-01-08 22:40 - 2012-03-01 13:42 - 01089536 _____ (eHelp Corporation.) C:\Windows\SysWOW64\ROBOEX32.DLL
2014-01-08 22:39 - 2012-05-15 10:33 - 18600878 ____N C:\Users\LEHNER24\Downloads\data2.cab
2014-01-08 22:39 - 2012-05-15 10:33 - 01039399 ____N C:\Users\LEHNER24\Downloads\data1.cab
2014-01-08 22:39 - 2012-05-15 10:33 - 00470282 ____N C:\Users\LEHNER24\Downloads\setup.ibt
2014-01-08 22:39 - 2012-05-15 10:33 - 00226966 ____N C:\Users\LEHNER24\Downloads\setup.inx
2014-01-08 22:39 - 2012-05-15 10:33 - 00034895 ____N C:\Users\LEHNER24\Downloads\data1.hdr
2014-01-08 22:39 - 2012-05-15 10:33 - 00000579 ____N C:\Users\LEHNER24\Downloads\setup.ini
2014-01-08 22:39 - 2012-05-15 10:33 - 00000455 ____N C:\Users\LEHNER24\Downloads\layout.bin
2014-01-08 22:39 - 2012-05-15 09:49 - 00000000 ____D C:\Users\LEHNER24\Downloads\ActiveSync
2014-01-08 22:39 - 2005-04-07 01:39 - 00543481 ____N C:\Users\LEHNER24\Downloads\engine32.cab
2014-01-08 22:39 - 2005-04-07 01:39 - 00121064 ____N (Macrovision Corporation) C:\Users\LEHNER24\Downloads\setup.exe
2014-01-08 22:13 - 2014-01-08 22:14 - 00000000 ____D C:\Windows\WindowsMobile
2014-01-08 22:12 - 2014-01-08 22:36 - 63647153 _____ C:\Users\LEHNER24\Downloads\FaNaMa_2.11_Classic.exe
2014-01-08 21:53 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-01-08 21:52 - 2014-01-08 21:53 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-08 21:52 - 2014-01-08 21:53 - 00000000 ____D C:\Program Files\iTunes
2014-01-08 21:52 - 2014-01-08 21:53 - 00000000 ____D C:\Program Files (x86)\iTunes
2014-01-08 21:52 - 2014-01-08 21:52 - 00000000 ____D C:\Program Files\iPod
2014-01-08 21:49 - 2014-01-08 21:49 - 00000000 ____D C:\Program Files\Common Files\Apple
2014-01-08 21:40 - 2014-01-08 21:45 - 100400976 _____ (Apple Inc.) C:\Users\LEHNER24\Downloads\iTunes64Setup.exe
2014-01-06 21:01 - 2014-01-06 21:01 - 00000000 ____D C:\Users\Administrator\Documents\FormatFactory
2014-01-06 20:56 - 2014-01-07 11:58 - 00000000 ____D C:\FFOutput
2014-01-06 20:55 - 2014-01-06 20:55 - 00001204 _____ C:\Users\Administrator\Desktop\Format Factory.lnk
2014-01-06 20:55 - 2014-01-06 20:55 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2014-01-06 20:55 - 2014-01-06 20:55 - 00000000 ____D C:\Program Files (x86)\FreeTime
2014-01-06 20:42 - 2014-01-06 20:43 - 61746584 _____ (Free Time) C:\Users\LEHNER24\Downloads\FFSetup3.2.1.0.exe
2014-01-06 00:46 - 2014-01-06 00:50 - 00001467 _____ C:\Users\LEHNER24\AppData\Local\RecConfig.xml
2014-01-05 14:04 - 2014-01-05 14:04 - 00001035 _____ C:\Users\LEHNER24\Desktop\No23 Recorder.lnk
2014-01-05 14:04 - 2014-01-05 14:04 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No23 Recorder
2014-01-05 14:04 - 2014-01-05 14:04 - 00000000 ____D C:\Users\LEHNER24\AppData\Local\No23 Recorder
2014-01-05 14:03 - 2014-01-05 14:03 - 02497825 _____ (No23) C:\Users\LEHNER24\Downloads\No23Recorder2103.exe
2014-01-03 20:16 - 2014-01-03 20:16 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-03 20:16 - 2014-01-03 20:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-03 20:16 - 2014-01-03 20:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-03 20:16 - 2014-01-03 20:16 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-03 20:16 - 2014-01-03 20:16 - 00000000 ____D C:\Program Files\Java
2014-01-03 20:15 - 2014-01-03 20:16 - 30694824 _____ (Oracle Corporation) C:\Users\LEHNER24\Downloads\jre-7u45-windows-x64.exe
2014-01-03 15:52 - 2014-01-19 20:32 - 00000000 ____D C:\Program Files (x86)\AmiExt
2014-01-03 15:52 - 2014-01-03 15:52 - 00000076 _____ C:\extensions.ini
2014-01-03 15:52 - 2014-01-03 15:52 - 00000000 _____ C:\extensions.sqlite
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\cache
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\Users\Administrator\.android
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\ProgramData\Updater
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 _____ C:\Users\Administrator\daemonprocess.txt
2013-12-23 22:09 - 2014-01-18 14:25 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\com.adobe.WidgetBrowser
2013-12-22 22:37 - 2013-12-22 22:37 - 00915368 _____ (Oracle Corporation) C:\Users\LEHNER24\Downloads\jxpiinstall(2).exe
2013-12-21 22:59 - 2014-01-20 10:21 - 00001456 _____ C:\Users\LEHNER24\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2013-12-21 20:23 - 2013-12-22 00:20 - 00000000 ____D C:\Users\LEHNER24\Documents\Unbenannte Site 2

==================== One Month Modified Files and Folders =======

2014-01-20 22:10 - 2014-01-19 17:29 - 00020897 _____ C:\Users\LEHNER24\Downloads\FRST.txt
2014-01-20 22:04 - 2012-08-20 09:45 - 00000000 ____D C:\Windows\system32\Drivers\{4bb8218c-aebf-4113-882f-b10ae15c8218}
2014-01-20 21:52 - 2014-01-20 21:52 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RZ-Support.{763370C4-268E-4308-A60C-D8DA0342BE32}
2014-01-20 21:52 - 2014-01-20 21:52 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RZ-Installationen.{763370C4-268E-4308-A60C-D8DA0342BE32}
2014-01-20 21:52 - 2014-01-20 21:52 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RZ-Anwendungen.{763370C4-268E-4308-A60C-D8DA0342BE32}
2014-01-20 21:51 - 2012-08-20 09:41 - 00084257 _____ C:\Windows\system32\ZCredMgr.LOG
2014-01-20 21:39 - 2012-08-20 12:35 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-20 20:42 - 2012-08-20 09:34 - 01816943 _____ C:\Windows\WindowsUpdate.log
2014-01-20 16:12 - 2013-12-04 23:11 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\Dropbox
2014-01-20 11:49 - 2010-11-21 07:21 - 00696870 _____ C:\Windows\system32\perfh007.dat
2014-01-20 11:49 - 2010-11-21 07:21 - 00148134 _____ C:\Windows\system32\perfc007.dat
2014-01-20 11:49 - 2009-07-14 06:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-20 10:21 - 2013-12-21 22:59 - 00001456 _____ C:\Users\LEHNER24\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-01-19 20:44 - 2013-12-04 23:16 - 00000000 ___RD C:\Users\LEHNER24\Dropbox
2014-01-19 20:43 - 2009-07-14 05:45 - 00019136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-19 20:43 - 2009-07-14 05:45 - 00019136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-19 20:34 - 2012-08-20 09:42 - 00126652 _____ C:\ziswin.hst
2014-01-19 20:34 - 2012-08-16 15:46 - 00073825 _____ C:\Windows\setupact.log
2014-01-19 20:34 - 2010-11-21 04:47 - 00061298 _____ C:\Windows\PFRO.log
2014-01-19 20:34 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-19 20:32 - 2014-01-03 15:52 - 00000000 ____D C:\Program Files (x86)\AmiExt
2014-01-19 20:20 - 2014-01-19 20:20 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2014-01-19 20:19 - 2014-01-19 20:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-19 20:19 - 2014-01-19 20:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-19 20:18 - 2014-01-19 20:18 - 00001503 _____ C:\Users\LEHNER24\Downloads\JRT.txt
2014-01-19 20:18 - 2014-01-19 20:18 - 00001503 _____ C:\Users\Administrator\Desktop\JRT.txt
2014-01-19 20:12 - 2014-01-19 20:12 - 00000000 ____D C:\Windows\ERUNT
2014-01-19 19:43 - 2014-01-19 19:35 - 00000000 ____D C:\AdwCleaner
2014-01-19 18:15 - 2012-08-20 09:55 - 00111480 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-19 18:00 - 2014-01-19 18:00 - 01037068 _____ (Thisisu) C:\Users\LEHNER24\Downloads\JRT.exe
2014-01-19 17:57 - 2014-01-19 17:57 - 01236282 _____ C:\Users\LEHNER24\Downloads\adwcleaner.exe
2014-01-19 17:52 - 2014-01-19 17:52 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\LEHNER24\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-19 17:33 - 2014-01-19 17:32 - 00038110 _____ C:\Users\LEHNER24\Downloads\Addition.txt
2014-01-19 17:28 - 2014-01-19 17:28 - 02076672 _____ (Farbar) C:\Users\LEHNER24\Downloads\FRST64.exe
2014-01-19 17:28 - 2014-01-19 17:28 - 00000000 ____D C:\FRST
2014-01-19 17:13 - 2014-01-19 17:13 - 00001140 _____ C:\Users\Administrator\Desktop\Continue Zip Opener Installation.lnk
2014-01-19 17:12 - 2014-01-19 17:11 - 00680328 _____ (                                                            ) C:\Users\LEHNER24\Downloads\ZipOpenerSetup.exe
2014-01-19 16:37 - 2012-12-21 12:27 - 00000000 ____D C:\Users\LEHNER24\AppData\Local\Adobe
2014-01-18 14:25 - 2013-12-23 22:09 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\com.adobe.WidgetBrowser
2014-01-18 14:10 - 2012-09-14 12:12 - 00000000 ____D C:\Windows\system32\appmgmt
2014-01-17 11:15 - 2013-01-09 23:11 - 00000000 ____D C:\Users\LEHNER24\Documents\Any Video Converter
2014-01-17 09:10 - 2009-07-14 05:45 - 03022256 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 09:27 - 2013-12-05 10:36 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 09:27 - 2013-12-04 23:16 - 00001032 _____ C:\Users\LEHNER24\Desktop\Dropbox.lnk
2014-01-16 09:27 - 2013-12-04 23:12 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-16 09:27 - 2012-12-21 09:57 - 00000000 ___RD C:\Users\LEHNER24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-16 09:22 - 2012-08-16 10:30 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 23:26 - 2013-03-06 14:02 - 00000000 ____D C:\Users\LEHNER24\Documents\Citavi 3
2014-01-15 22:08 - 2012-12-30 14:29 - 00000187 _____ C:\Users\LEHNER24\AppData\Roaming\default.rss
2014-01-15 00:20 - 2013-07-24 10:40 - 00000000 _____ C:\Windows\system32\vireng.log
2014-01-14 15:11 - 2013-03-16 16:04 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\Apple Computer
2014-01-14 11:00 - 2012-12-30 14:28 - 00000000 ____D C:\Users\LEHNER24\Documents\Adobe
2014-01-14 11:00 - 2012-12-21 09:57 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\Adobe
2014-01-14 10:28 - 2014-01-14 10:28 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\NVIDIA
2014-01-13 11:34 - 2012-08-20 12:32 - 00000000 ____D C:\Program Files (x86)\Adobe
2014-01-13 11:30 - 2012-12-21 10:20 - 00000000 ____D C:\Program Files\Common Files\Adobe
2014-01-13 11:10 - 2013-01-15 14:14 - 00000000 ____D C:\Program Files\Adobe
2014-01-13 11:08 - 2013-12-17 11:30 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Adobe
2014-01-13 11:08 - 2012-09-17 08:18 - 00000000 ____D C:\Users\FREUND\AppData\Roaming\Adobe
2014-01-13 11:07 - 2014-01-13 11:07 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Adobe
2014-01-13 11:07 - 2014-01-13 11:07 - 00000000 ____D C:\Users\FREUND\AppData\Local\Adobe
2014-01-13 11:06 - 2012-08-20 12:32 - 00000000 ____D C:\ProgramData\Adobe
2014-01-13 10:57 - 2014-01-13 10:57 - 00001524 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2014-01-08 23:00 - 2014-01-08 22:52 - 00000000 ____D C:\Users\LEHNER24\Documents\FalkData
2014-01-08 22:47 - 2014-01-08 22:47 - 00000000 ____D C:\ProgramData\Websteroids
2014-01-08 22:41 - 2014-01-08 22:41 - 00000000 ____D C:\Users\Administrator\Documents\FalkData
2014-01-08 22:40 - 2014-01-08 22:40 - 00001930 _____ C:\Users\Public\Desktop\Falk Navi-Manager classic.lnk
2014-01-08 22:40 - 2014-01-08 22:40 - 00000000 ____D C:\Program Files (x86)\Falk
2014-01-08 22:40 - 2012-08-20 10:14 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-08 22:36 - 2014-01-08 22:12 - 63647153 _____ C:\Users\LEHNER24\Downloads\FaNaMa_2.11_Classic.exe
2014-01-08 22:14 - 2014-01-08 22:13 - 00000000 ____D C:\Windows\WindowsMobile
2014-01-08 21:53 - 2014-01-08 21:52 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-08 21:53 - 2014-01-08 21:52 - 00000000 ____D C:\Program Files\iTunes
2014-01-08 21:53 - 2014-01-08 21:52 - 00000000 ____D C:\Program Files (x86)\iTunes
2014-01-08 21:53 - 2013-11-21 19:45 - 00000000 ____D C:\Users\LEHNER24\AppData\Local\Apple Computer
2014-01-08 21:52 - 2014-01-08 21:52 - 00000000 ____D C:\Program Files\iPod
2014-01-08 21:52 - 2013-03-09 10:38 - 00000000 ____D C:\ProgramData\Apple Computer
2014-01-08 21:49 - 2014-01-08 21:49 - 00000000 ____D C:\Program Files\Common Files\Apple
2014-01-08 21:49 - 2013-03-09 10:37 - 00000000 ____D C:\ProgramData\Apple
2014-01-08 21:45 - 2014-01-08 21:40 - 100400976 _____ (Apple Inc.) C:\Users\LEHNER24\Downloads\iTunes64Setup.exe
2014-01-07 11:58 - 2014-01-06 20:56 - 00000000 ____D C:\FFOutput
2014-01-06 21:01 - 2014-01-06 21:01 - 00000000 ____D C:\Users\Administrator\Documents\FormatFactory
2014-01-06 20:55 - 2014-01-06 20:55 - 00001204 _____ C:\Users\Administrator\Desktop\Format Factory.lnk
2014-01-06 20:55 - 2014-01-06 20:55 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2014-01-06 20:55 - 2014-01-06 20:55 - 00000000 ____D C:\Program Files (x86)\FreeTime
2014-01-06 20:43 - 2014-01-06 20:42 - 61746584 _____ (Free Time) C:\Users\LEHNER24\Downloads\FFSetup3.2.1.0.exe
2014-01-06 00:50 - 2014-01-06 00:46 - 00001467 _____ C:\Users\LEHNER24\AppData\Local\RecConfig.xml
2014-01-05 14:04 - 2014-01-05 14:04 - 00001035 _____ C:\Users\LEHNER24\Desktop\No23 Recorder.lnk
2014-01-05 14:04 - 2014-01-05 14:04 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No23 Recorder
2014-01-05 14:04 - 2014-01-05 14:04 - 00000000 ____D C:\Users\LEHNER24\AppData\Local\No23 Recorder
2014-01-05 14:03 - 2014-01-05 14:03 - 02497825 _____ (No23) C:\Users\LEHNER24\Downloads\No23Recorder2103.exe
2014-01-03 20:27 - 2012-12-21 10:18 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2014-01-03 20:22 - 2012-08-20 12:35 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-03 20:22 - 2012-08-20 12:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-03 20:22 - 2012-08-20 12:35 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-03 20:17 - 2013-12-05 10:43 - 00000000 ____D C:\ProgramData\Oracle
2014-01-03 20:16 - 2014-01-03 20:16 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-03 20:16 - 2014-01-03 20:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-03 20:16 - 2014-01-03 20:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-03 20:16 - 2014-01-03 20:16 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-03 20:16 - 2014-01-03 20:16 - 00000000 ____D C:\Program Files\Java
2014-01-03 20:16 - 2014-01-03 20:15 - 30694824 _____ (Oracle Corporation) C:\Users\LEHNER24\Downloads\jre-7u45-windows-x64.exe
2014-01-03 15:52 - 2014-01-03 15:52 - 00000076 _____ C:\extensions.ini
2014-01-03 15:52 - 2014-01-03 15:52 - 00000000 _____ C:\extensions.sqlite
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\cache
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\Users\Administrator\.android
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\ProgramData\Updater
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 _____ C:\Users\Administrator\daemonprocess.txt
2014-01-03 15:51 - 2013-12-19 21:57 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2014-01-03 15:51 - 2012-08-20 09:38 - 00000000 ____D C:\Users\Administrator
2013-12-24 10:38 - 2012-08-20 10:10 - 00404601 _____ C:\Windows\system32\ZenNotify.log
2013-12-24 10:37 - 2012-08-20 10:10 - 00003257 _____ C:\Windows\system32\ZENLGN.LOG
2013-12-22 22:37 - 2013-12-22 22:37 - 00915368 _____ (Oracle Corporation) C:\Users\LEHNER24\Downloads\jxpiinstall(2).exe
2013-12-22 00:20 - 2013-12-21 20:23 - 00000000 ____D C:\Users\LEHNER24\Documents\Unbenannte Site 2

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Administrator\AppData\Local\Temp\BackupSetup.exe
C:\Users\Administrator\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe
C:\Users\Administrator\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
C:\Users\Administrator\AppData\Local\Temp\uninst1.exe
C:\Users\Administrator\AppData\Local\Temp\v-bates.exe
C:\Users\Administrator\AppData\Local\Temp\vcredist_x64.exe
C:\Users\LEHNER24\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\LEHNER24\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\LEHNER24\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-30 21:55

==================== End Of Log ============================
         
--- --- ---


Danke für die Hilfe und nochmals sorry für mein voreiliges Handeln.

Alt 20.01.2014, 21:41   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Firefox, doppelt unterstrichene grüne Werbelinks, popup-Werbefenster öffnen automatisch - Standard

Firefox, doppelt unterstrichene grüne Werbelinks, popup-Werbefenster öffnen automatisch



Hast du die Funde mit MBAM nicht entfernt?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.01.2014, 22:12   #9
haislbauer
 
Firefox, doppelt unterstrichene grüne Werbelinks, popup-Werbefenster öffnen automatisch - Standard

Firefox, doppelt unterstrichene grüne Werbelinks, popup-Werbefenster öffnen automatisch



Eigentlich schon, ich bin vorgegangen wie im Board beschrieben. Ich habe die infizierten Dateien markiert und auf "Entferne Auswahl" gedrückt. Geht das aus dem Log nicht so hervor? Soll ich MBAM nochmal laufen lassen?

Alt 20.01.2014, 23:27   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Firefox, doppelt unterstrichene grüne Werbelinks, popup-Werbefenster öffnen automatisch - Standard

Firefox, doppelt unterstrichene grüne Werbelinks, popup-Werbefenster öffnen automatisch



Da steht keine Aktion durchgeführt. Mach den Quickscan nochmal, vorher Malwarebytes aber aktualisieren
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.01.2014, 09:46   #11
haislbauer
 
Firefox, doppelt unterstrichene grüne Werbelinks, popup-Werbefenster öffnen automatisch - Standard

Firefox, doppelt unterstrichene grüne Werbelinks, popup-Werbefenster öffnen automatisch



Hab Malwarebytes aktualisiert und nochmals den Quickscan durchgeführt. Keine infizierten Dateien gefunden.

Hier das Protokoll:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.21.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Administrator :: SC4683 [Administrator]

21.01.2014 10:35:12
mbam-log-2014-01-21 (10-35-12).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 293470
Laufzeit: 8 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 21.01.2014, 10:04   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Firefox, doppelt unterstrichene grüne Werbelinks, popup-Werbefenster öffnen automatisch - Standard

Firefox, doppelt unterstrichene grüne Werbelinks, popup-Werbefenster öffnen automatisch



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKU\FREUND\...\Run: [lollipop] - "c:\users\administrator\appdata\local\lollipop\lollipop.exe" lollipop
HKU\FREUND\...\Run: [NextLive] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\Administrator\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\FREUND\...\Run: [Updater] - C:\ProgramData\Updater\Updater.exe [486264 2013-12-18] (Updater)
HKU\LEHNER24\...\Run: [Luraklp] - rundll32 "C:\Users\LEHNER24\AppData\Roaming\WMSPDMODC.dll",Aotqdhuwlov
HKU\LEHNER24\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [486264 2013-12-18] (Updater)
C:\Users\Administrator\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Administrator\AppData\Local\Temp\BackupSetup.exe
C:\Users\Administrator\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe
C:\Users\Administrator\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
C:\Users\Administrator\AppData\Local\Temp\uninst1.exe
C:\Users\Administrator\AppData\Local\Temp\v-bates.exe
C:\Users\Administrator\AppData\Local\Temp\vcredist_x64.exe
C:\Users\LEHNER24\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\LEHNER24\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\LEHNER24\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
C:\Users\LEHNER24\Downloads\jxpiinstall(2).exe
C:\Users\LEHNER24\Downloads\ZipOpenerSetup.exe
C:\Users\Administrator\Desktop\Continue Zip Opener Installation.lnk
c:\users\administrator\appdata\local\lollipop
C:\Users\Administrator\AppData\Roaming\newnext.me
C:\ProgramData\Updater
C:\Users\LEHNER24\AppData\Roaming\WMSPDMODC.dll
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.01.2014, 11:27   #13
haislbauer
 
Firefox, doppelt unterstrichene grüne Werbelinks, popup-Werbefenster öffnen automatisch - Standard

Firefox, doppelt unterstrichene grüne Werbelinks, popup-Werbefenster öffnen automatisch



... ist gemacht.

Fixlog.txt

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-01-2014
Ran by Administrator at 2014-01-21 12:25:46 Run:1
Running from C:\Users\LEHNER24\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\FREUND\...\Run: [lollipop] - "c:\users\administrator\appdata\local\lollipop\lollipop.exe" lollipop
HKU\FREUND\...\Run: [NextLive] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\Administrator\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\FREUND\...\Run: [Updater] - C:\ProgramData\Updater\Updater.exe [486264 2013-12-18] (Updater)
HKU\LEHNER24\...\Run: [Luraklp] - rundll32 "C:\Users\LEHNER24\AppData\Roaming\WMSPDMODC.dll",Aotqdhuwlov
HKU\LEHNER24\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [486264 2013-12-18] (Updater)
C:\Users\Administrator\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Administrator\AppData\Local\Temp\BackupSetup.exe
C:\Users\Administrator\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe
C:\Users\Administrator\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
C:\Users\Administrator\AppData\Local\Temp\uninst1.exe
C:\Users\Administrator\AppData\Local\Temp\v-bates.exe
C:\Users\Administrator\AppData\Local\Temp\vcredist_x64.exe
C:\Users\LEHNER24\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\LEHNER24\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\LEHNER24\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
C:\Users\LEHNER24\Downloads\jxpiinstall(2).exe
C:\Users\LEHNER24\Downloads\ZipOpenerSetup.exe
C:\Users\Administrator\Desktop\Continue Zip Opener Installation.lnk
c:\users\administrator\appdata\local\lollipop
C:\Users\Administrator\AppData\Roaming\newnext.me
C:\ProgramData\Updater
C:\Users\LEHNER24\AppData\Roaming\WMSPDMODC.dll

*****************

HKU\FREUND\Software\Microsoft\Windows\CurrentVersion\Run\\lollipop => Value deleted successfully.
HKU\FREUND\Software\Microsoft\Windows\CurrentVersion\Run\\NextLive => Value deleted successfully.
HKU\FREUND\Software\Microsoft\Windows\CurrentVersion\Run\\Updater => Value deleted successfully.
HKU\LEHNER24\Software\Microsoft\Windows\CurrentVersion\Run\\Luraklp => Value deleted successfully.
HKU\LEHNER24\Software\Microsoft\Windows\CurrentVersion\Run\\Updater => Value deleted successfully.
C:\Users\Administrator\AppData\Local\Temp\AskPIP_FF_.exe => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\uninst1.exe => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\v-bates.exe => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\vcredist_x64.exe => Moved successfully.
C:\Users\LEHNER24\AppData\Local\Temp\Creative Cloud Helper.exe => Moved successfully.
C:\Users\LEHNER24\AppData\Local\Temp\firefoxjre_exe.exe => Moved successfully.
C:\Users\LEHNER24\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe => Moved successfully.
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop => Moved successfully.
C:\Users\LEHNER24\Downloads\jxpiinstall(2).exe => Moved successfully.
C:\Users\LEHNER24\Downloads\ZipOpenerSetup.exe => Moved successfully.
"C:\Users\Administrator\Desktop\Continue Zip Opener Installation.lnk" => File/Directory not found.
"c:\users\administrator\appdata\local\lollipop" => File/Directory not found.
"C:\Users\Administrator\AppData\Roaming\newnext.me" => File/Directory not found.
C:\ProgramData\Updater => Moved successfully.
C:\Users\LEHNER24\AppData\Roaming\WMSPDMODC.dll => Moved successfully.

==== End of Fixlog ====
         

Alt 21.01.2014, 11:37   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Firefox, doppelt unterstrichene grüne Werbelinks, popup-Werbefenster öffnen automatisch - Standard

Firefox, doppelt unterstrichene grüne Werbelinks, popup-Werbefenster öffnen automatisch



Frische FRST Logs bitte
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.01.2014, 00:15   #15
haislbauer
 
Firefox, doppelt unterstrichene grüne Werbelinks, popup-Werbefenster öffnen automatisch - Standard

Firefox, doppelt unterstrichene grüne Werbelinks, popup-Werbefenster öffnen automatisch



Frisches FRST-Log:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-01-2014
Ran by Administrator (administrator) on SC4683 on 22-01-2014 01:11:30
Running from C:\Users\LEHNER24\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Novell, Inc) C:\Program Files (x86)\Novell\CASA\bin\micasad.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Novell, Inc.) C:\Program Files (x86)\Novell\ZENworks\bin\ZenworksWindowsService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Novell, Inc.) C:\Program Files\Novell\Client\XTier\Services\xtsvcmgr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
() C:\Windows\SysWOW64\srvany.exe
(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Novell, Inc.) C:\Program Files (x86)\Novell\ZENworks\esm\ZESService.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Novell, Inc.) C:\Program Files (x86)\Novell\ZENworks\bin\ZenUserDaemon.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
() C:\Windows\System32\nwtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
(Novell, Inc.) C:\Program Files (x86)\Novell\ZENworks\bin\ZenNotifyIcon.exe
(Novell, Inc.) C:\Program Files (x86)\Novell\ZENworks\esm\ZESUser.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrodist.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-02-13] (IDT, Inc.)
HKLM\...\Run: [IntelPROSet] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4756240 2012-03-29] (Intel(R) Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [626552 2012-01-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [DFEPApplication] - C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7078424 2012-05-08] (Dell Inc.)
HKLM\...\Run: [NWTRAY] - C:\Windows\system32\NWTRAY.EXE [38016 2012-07-13] ()
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2747680 2013-12-04] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [ZenNotifyIcon] - C:\Program Files (x86)\Novell\Zenworks\bin\ZenNotifyIcon.exe [303104 2012-03-01] (Novell, Inc.)
HKLM-x32\...\Run: [NalView] - C:\Program Files (x86)\Novell\ZENworks\bin\nalview.exe [57344 2012-03-01] (Novell, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [929272 2013-07-17] (Sophos Limited)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LCredMgr: C:\Program Files\Novell\CASA\bin\lcredmgr.dll ()
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Policies\Explorer: [NoOnlinePrintsWizard] 1
HKCU\...\Policies\Explorer: [NoPublishingWizard] 1
HKCU\...\Policies\Explorer: [NoStartMenuMyGames] 1
HKU\FREUND\...\Run: [AdobeBridge] - [x]
HKU\LEHNER24\...\Run: [PicPick Start] - C:\Program Files (x86)\PicPick\picpick.exe [11438576 2012-12-21] (NTeWORKS)
HKU\LEHNER24\...\Run: [AdobeBridge] - [x]
HKU\LEHNER24\...\Run: [NextLive] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\Administrator\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [184048 2013-12-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL, => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2013-10-21] (Sophos Limited)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156256 2013-12-04] (NVIDIA Corporation)
Lsa: [Authentication Packages] msv1_0 ZenV1_0 ncv1_0
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\FREUND\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\LEHNER24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\LEHNER24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)

==================== Internet (Whitelisted) ====================

ProxyServer: hxxp://www-cache.rz.uni-passau.de:3128
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.uni-passau.de
SearchScopes: HKLM - DefaultScope {60D4D856-18A4-4E6D-9069-F9653AFD4CEA} URL = hxxp://websearch.uni-passau.de/cgi-bin/search.cgi?q={searchTerms}&wm=beg
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {60D4D856-18A4-4E6D-9069-F9653AFD4CEA} URL = hxxp://websearch.uni-passau.de/cgi-bin/search.cgi?q={searchTerms}&wm=beg
SearchScopes: HKCU - DefaultScope {60D4D856-18A4-4E6D-9069-F9653AFD4CEA} URL = 
SearchScopes: HKCU - {6B259D3B-639A-4360-BCEA-C2C5C4C8AAA5} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
ShellExecuteHooks: ZENworks Adaptive Agent - {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Program Files (x86)\Novell\ZENworks\bin\NalShell.dll [1427968 2012-03-01] (Novell, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome: 
=======
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf [2013-11-20]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2279960 2012-05-08] (Dell Inc.)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-11-08] (Ellora Assets Corp.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
S3 Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office 2010\Office14\GROOVE.EXE [50921648 2013-03-09] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-03-29] ()
R2 Novell Identity Store; C:\Program Files (x86)\Novell\CASA\bin\micasad.exe [249856 2012-01-06] (Novell, Inc)
R2 Novell ZENworks Agent Service; C:\Program Files (x86)\Novell\ZENworks\bin\ZenworksWindowsService.exe [28672 2012-03-01] (Novell, Inc.)
S2 Novell ZENworks Image-Safe Data Service; C:\Program Files (x86)\Novell\ZENworks\bin\preboot\novell-zisdservice.exe [90112 2012-03-01] ()
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] ()
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] ()
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [290296 2013-10-21] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [206328 2013-10-21] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-07-17] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2012-09-17] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3109880 2013-10-21] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2012152 2013-10-21] (Sophos Limited)
R2 XTSvcMgr; C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe [20096 2012-07-13] (Novell, Inc.)
S3 ZENPreAgent; C:\Windows\novell\zenworks\bin\ZENPreAgent.exe [233472 2012-08-20] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-03-29] (Intel® Corporation)
R2 ZESService; C:\Program Files (x86)\Novell\ZENworks\esm\ZESService.exe [50344 2012-02-28] (Novell, Inc.)

==================== Drivers (Whitelisted) ====================

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [135720 2012-08-20] (Broadcom Corporation.)
R0 NCFilter; C:\Windows\System32\DRIVERS\NCFilter.sys [112256 2012-07-13] ()
R2 NCFSD; C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys [108672 2012-07-13] ()
R2 NCIOCTL; C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys [90240 2012-07-13] ()
R0 NCRecognizer; C:\Windows\System32\DRIVERS\NCRecognizer.sys [119936 2012-07-13] ()
R0 NCUncFilter; C:\Windows\System32\DRIVERS\NCUncFilter.sys [26240 2012-07-13] ()
R1 NICM; C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys [31360 2012-07-13] (Novell, Inc.)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-12-04] (NVIDIA Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2013-07-17] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2012-09-17] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2012-09-17] (Sophos Plc)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2011-11-04] (STMicroelectronics)
R0 zesdac; C:\Windows\System32\DRIVERS\zesdac.sys [27952 2012-02-28] (Novell, Inc)
S4 ZesDisk; C:\Windows\System32\DRIVERS\ZesDisk.sys [17712 2012-02-28] (Novell, Inc.)
S4 zesds; C:\Windows\System32\DRIVERS\ZesDS.sys [204080 2012-02-28] (Novell, Inc.)
S4 zesdt; C:\Windows\System32\DRIVERS\ZesDT.sys [128816 2012-02-28] (Novell, Inc.)
R0 zesfsfd; C:\Windows\System32\DRIVERS\ZESFSFD.sys [66352 2012-02-28] (Novell, Inc)
R1 ZESFW; C:\Windows\System32\DRIVERS\ZESFW.sys [58160 2011-12-15] (Novell, Inc)
S4 zesocc; C:\Windows\System32\DRIVERS\ZesOCC.sys [488240 2012-02-28] (Novell, Inc.)
R2 zestdi; C:\Windows\System32\DRIVERS\zestdi.sys [46896 2012-02-28] (Novell, Inc)
R1 ZESWIFI; C:\Windows\System32\DRIVERS\ZESWIFI.sys [36656 2011-12-15] (Novell, Inc)
U3 nccache; C:\Program Files\Novell\Client\XTier\Drivers\nccache.sys [34432 2012-07-13] (Novell, Inc.)
U3 nciom; C:\Program Files\Novell\Client\XTier\Drivers\nciom.sys [80000 2012-07-13] (Novell, Inc.)
U3 ncp; C:\Program Files\Novell\Client\XTier\Drivers\ncp.sys [78976 2012-07-13] (Novell, Inc.)
U3 ncpfsp; C:\Program Files\Novell\Client\XTier\Drivers\ncpfsp.sys [100992 2012-07-13] (Novell, Inc.)
U3 ncpl; C:\Program Files\Novell\Client\XTier\Drivers\ncpl.sys [49280 2012-07-13] (Novell, Inc.)
U3 ndm; C:\Program Files\Novell\Client\XTier\Drivers\ndm.sys [19584 2012-07-13] (Novell, Inc.)
U3 ndmndap; C:\Program Files\Novell\Client\XTier\Drivers\ndmndap.sys [83584 2012-07-13] (Novell, Inc.)
U3 nds4; C:\Program Files\Novell\Client\XTier\Drivers\nds4.sys [128640 2012-07-13] (Novell, Inc.)
U3 niam; C:\Program Files\Novell\Client\XTier\Drivers\niam.sys [39040 2012-07-13] (Novell, Inc.)
U3 nipctl; C:\Program Files\Novell\Client\XTier\Drivers\nipctl.sys [55936 2012-07-13] (Novell, Inc.)
U3 nscm; C:\Program Files\Novell\Client\XTier\Drivers\nscm.sys [36992 2012-07-13] (Novell, Inc.)
U3 nsns; C:\Program Files\Novell\Client\XTier\Drivers\nsns.sys [25216 2012-07-13] (Novell, Inc.)
U3 nsvccost; C:\Program Files\Novell\Client\XTier\Drivers\nsvccost.sys [35968 2012-07-13] (Novell, Inc.)
U3 xtxplat; C:\Program Files\Novell\Client\XTier\Drivers\xtxplat.sys [59520 2012-07-13] (Novell, Inc.)
S3 NPF; system32\drivers\NPF.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-22 01:11 - 2014-01-22 01:11 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RZ-Support.{763370C4-268E-4308-A60C-D8DA0342BE32}
2014-01-22 01:11 - 2014-01-22 01:11 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RZ-Installationen.{763370C4-268E-4308-A60C-D8DA0342BE32}
2014-01-22 01:11 - 2014-01-22 01:11 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RZ-Anwendungen.{763370C4-268E-4308-A60C-D8DA0342BE32}
2014-01-21 12:24 - 2014-01-21 12:24 - 00000000 ____D C:\Users\LEHNER24\Downloads\FRST-OlderVersion
2014-01-19 20:20 - 2014-01-19 20:20 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2014-01-19 20:19 - 2014-01-19 20:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-19 20:19 - 2014-01-19 20:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-19 20:19 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-19 20:18 - 2014-01-19 20:18 - 00001503 _____ C:\Users\LEHNER24\Downloads\JRT.txt
2014-01-19 20:18 - 2014-01-19 20:18 - 00001503 _____ C:\Users\Administrator\Desktop\JRT.txt
2014-01-19 20:12 - 2014-01-19 20:12 - 00000000 ____D C:\Windows\ERUNT
2014-01-19 19:35 - 2014-01-19 19:43 - 00000000 ____D C:\AdwCleaner
2014-01-19 18:00 - 2014-01-19 18:00 - 01037068 _____ (Thisisu) C:\Users\LEHNER24\Downloads\JRT.exe
2014-01-19 17:57 - 2014-01-19 17:57 - 01236282 _____ C:\Users\LEHNER24\Downloads\adwcleaner.exe
2014-01-19 17:52 - 2014-01-19 17:52 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\LEHNER24\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-19 17:32 - 2014-01-19 17:33 - 00038110 _____ C:\Users\LEHNER24\Downloads\Addition.txt
2014-01-19 17:29 - 2014-01-22 01:11 - 00020211 _____ C:\Users\LEHNER24\Downloads\FRST.txt
2014-01-19 17:28 - 2014-01-21 12:24 - 02077184 _____ (Farbar) C:\Users\LEHNER24\Downloads\FRST64.exe
2014-01-19 17:28 - 2014-01-21 12:24 - 00000000 ____D C:\FRST
2014-01-15 20:28 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 20:28 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 20:28 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 20:28 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 20:28 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 20:28 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 20:28 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 20:28 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 20:28 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 10:28 - 2014-01-14 10:28 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\NVIDIA
2014-01-13 11:07 - 2014-01-13 11:07 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Adobe
2014-01-13 11:07 - 2014-01-13 11:07 - 00000000 ____D C:\Users\FREUND\AppData\Local\Adobe
2014-01-13 10:57 - 2014-01-13 10:57 - 00001524 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2014-01-08 22:52 - 2014-01-08 23:00 - 00000000 ____D C:\Users\LEHNER24\Documents\FalkData
2014-01-08 22:47 - 2014-01-08 22:47 - 00000000 ____D C:\ProgramData\Websteroids
2014-01-08 22:41 - 2014-01-08 22:41 - 00000000 ____D C:\Users\Administrator\Documents\FalkData
2014-01-08 22:41 - 2012-03-01 13:43 - 00001340 _____ C:\Windows\SysWOW64\KMLImportPlugin.tlb
2014-01-08 22:40 - 2014-01-08 22:40 - 00001930 _____ C:\Users\Public\Desktop\Falk Navi-Manager classic.lnk
2014-01-08 22:40 - 2014-01-08 22:40 - 00000000 ____D C:\Program Files (x86)\Falk
2014-01-08 22:40 - 2012-03-01 13:45 - 00003600 _____ C:\Windows\SysWOW64\FNMPlugin.tlb
2014-01-08 22:40 - 2012-03-01 13:42 - 01089536 _____ (eHelp Corporation.) C:\Windows\SysWOW64\ROBOEX32.DLL
2014-01-08 22:39 - 2012-05-15 10:33 - 18600878 ____N C:\Users\LEHNER24\Downloads\data2.cab
2014-01-08 22:39 - 2012-05-15 10:33 - 01039399 ____N C:\Users\LEHNER24\Downloads\data1.cab
2014-01-08 22:39 - 2012-05-15 10:33 - 00470282 ____N C:\Users\LEHNER24\Downloads\setup.ibt
2014-01-08 22:39 - 2012-05-15 10:33 - 00226966 ____N C:\Users\LEHNER24\Downloads\setup.inx
2014-01-08 22:39 - 2012-05-15 10:33 - 00034895 ____N C:\Users\LEHNER24\Downloads\data1.hdr
2014-01-08 22:39 - 2012-05-15 10:33 - 00000579 ____N C:\Users\LEHNER24\Downloads\setup.ini
2014-01-08 22:39 - 2012-05-15 10:33 - 00000455 ____N C:\Users\LEHNER24\Downloads\layout.bin
2014-01-08 22:39 - 2012-05-15 09:49 - 00000000 ____D C:\Users\LEHNER24\Downloads\ActiveSync
2014-01-08 22:39 - 2005-04-07 01:39 - 00543481 ____N C:\Users\LEHNER24\Downloads\engine32.cab
2014-01-08 22:39 - 2005-04-07 01:39 - 00121064 ____N (Macrovision Corporation) C:\Users\LEHNER24\Downloads\setup.exe
2014-01-08 22:13 - 2014-01-08 22:14 - 00000000 ____D C:\Windows\WindowsMobile
2014-01-08 22:12 - 2014-01-08 22:36 - 63647153 _____ C:\Users\LEHNER24\Downloads\FaNaMa_2.11_Classic.exe
2014-01-08 21:53 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-01-08 21:52 - 2014-01-08 21:53 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-08 21:52 - 2014-01-08 21:53 - 00000000 ____D C:\Program Files\iTunes
2014-01-08 21:52 - 2014-01-08 21:53 - 00000000 ____D C:\Program Files (x86)\iTunes
2014-01-08 21:52 - 2014-01-08 21:52 - 00000000 ____D C:\Program Files\iPod
2014-01-08 21:49 - 2014-01-08 21:49 - 00000000 ____D C:\Program Files\Common Files\Apple
2014-01-08 21:40 - 2014-01-08 21:45 - 100400976 _____ (Apple Inc.) C:\Users\LEHNER24\Downloads\iTunes64Setup.exe
2014-01-06 21:01 - 2014-01-06 21:01 - 00000000 ____D C:\Users\Administrator\Documents\FormatFactory
2014-01-06 20:56 - 2014-01-07 11:58 - 00000000 ____D C:\FFOutput
2014-01-06 20:55 - 2014-01-06 20:55 - 00001204 _____ C:\Users\Administrator\Desktop\Format Factory.lnk
2014-01-06 20:55 - 2014-01-06 20:55 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2014-01-06 20:55 - 2014-01-06 20:55 - 00000000 ____D C:\Program Files (x86)\FreeTime
2014-01-06 20:42 - 2014-01-06 20:43 - 61746584 _____ (Free Time) C:\Users\LEHNER24\Downloads\FFSetup3.2.1.0.exe
2014-01-06 00:46 - 2014-01-06 00:50 - 00001467 _____ C:\Users\LEHNER24\AppData\Local\RecConfig.xml
2014-01-05 14:04 - 2014-01-05 14:04 - 00001035 _____ C:\Users\LEHNER24\Desktop\No23 Recorder.lnk
2014-01-05 14:04 - 2014-01-05 14:04 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No23 Recorder
2014-01-05 14:04 - 2014-01-05 14:04 - 00000000 ____D C:\Users\LEHNER24\AppData\Local\No23 Recorder
2014-01-05 14:03 - 2014-01-05 14:03 - 02497825 _____ (No23) C:\Users\LEHNER24\Downloads\No23Recorder2103.exe
2014-01-03 20:16 - 2014-01-03 20:16 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-03 20:16 - 2014-01-03 20:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-03 20:16 - 2014-01-03 20:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-03 20:16 - 2014-01-03 20:16 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-03 20:16 - 2014-01-03 20:16 - 00000000 ____D C:\Program Files\Java
2014-01-03 20:15 - 2014-01-03 20:16 - 30694824 _____ (Oracle Corporation) C:\Users\LEHNER24\Downloads\jre-7u45-windows-x64.exe
2014-01-03 15:52 - 2014-01-19 20:32 - 00000000 ____D C:\Program Files (x86)\AmiExt
2014-01-03 15:52 - 2014-01-03 15:52 - 00000076 _____ C:\extensions.ini
2014-01-03 15:52 - 2014-01-03 15:52 - 00000000 _____ C:\extensions.sqlite
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\cache
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\Users\Administrator\.android
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 _____ C:\Users\Administrator\daemonprocess.txt
2013-12-23 22:09 - 2014-01-18 14:25 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\com.adobe.WidgetBrowser

==================== One Month Modified Files and Folders =======

2014-01-22 01:13 - 2014-01-19 17:29 - 00020211 _____ C:\Users\LEHNER24\Downloads\FRST.txt
2014-01-22 01:11 - 2014-01-22 01:11 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RZ-Support.{763370C4-268E-4308-A60C-D8DA0342BE32}
2014-01-22 01:11 - 2014-01-22 01:11 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RZ-Installationen.{763370C4-268E-4308-A60C-D8DA0342BE32}
2014-01-22 01:11 - 2014-01-22 01:11 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RZ-Anwendungen.{763370C4-268E-4308-A60C-D8DA0342BE32}
2014-01-22 01:11 - 2012-08-20 09:45 - 00000000 ____D C:\Windows\system32\Drivers\{4bb8218c-aebf-4113-882f-b10ae15c8218}
2014-01-22 01:09 - 2012-08-20 09:41 - 00085432 _____ C:\Windows\system32\ZCredMgr.LOG
2014-01-22 00:39 - 2012-08-20 12:35 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-21 22:29 - 2013-12-04 23:11 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\Dropbox
2014-01-21 22:27 - 2013-12-04 23:16 - 00000000 ___RD C:\Users\LEHNER24\Dropbox
2014-01-21 15:32 - 2009-07-14 05:45 - 00019136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-21 15:32 - 2009-07-14 05:45 - 00019136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-21 15:23 - 2012-08-20 09:42 - 00126652 _____ C:\ziswin.hst
2014-01-21 15:23 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-21 15:22 - 2012-08-16 15:46 - 00073881 _____ C:\Windows\setupact.log
2014-01-21 13:29 - 2012-08-20 09:34 - 01847748 _____ C:\Windows\WindowsUpdate.log
2014-01-21 13:18 - 2012-12-21 12:27 - 00000000 ____D C:\Users\LEHNER24\AppData\Local\Adobe
2014-01-21 12:28 - 2013-07-24 10:40 - 00000000 _____ C:\Windows\system32\vireng.log
2014-01-21 12:24 - 2014-01-21 12:24 - 00000000 ____D C:\Users\LEHNER24\Downloads\FRST-OlderVersion
2014-01-21 12:24 - 2014-01-19 17:28 - 02077184 _____ (Farbar) C:\Users\LEHNER24\Downloads\FRST64.exe
2014-01-21 12:24 - 2014-01-19 17:28 - 00000000 ____D C:\FRST
2014-01-21 12:00 - 2010-11-21 07:21 - 00696870 _____ C:\Windows\system32\perfh007.dat
2014-01-21 12:00 - 2010-11-21 07:21 - 00148134 _____ C:\Windows\system32\perfc007.dat
2014-01-21 12:00 - 2009-07-14 06:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-21 11:46 - 2012-12-30 13:26 - 00000000 ____D C:\Privat
2014-01-20 10:21 - 2013-12-21 22:59 - 00001456 _____ C:\Users\LEHNER24\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-01-19 20:34 - 2010-11-21 04:47 - 00061298 _____ C:\Windows\PFRO.log
2014-01-19 20:32 - 2014-01-03 15:52 - 00000000 ____D C:\Program Files (x86)\AmiExt
2014-01-19 20:20 - 2014-01-19 20:20 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2014-01-19 20:19 - 2014-01-19 20:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-19 20:19 - 2014-01-19 20:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-19 20:18 - 2014-01-19 20:18 - 00001503 _____ C:\Users\LEHNER24\Downloads\JRT.txt
2014-01-19 20:18 - 2014-01-19 20:18 - 00001503 _____ C:\Users\Administrator\Desktop\JRT.txt
2014-01-19 20:12 - 2014-01-19 20:12 - 00000000 ____D C:\Windows\ERUNT
2014-01-19 19:43 - 2014-01-19 19:35 - 00000000 ____D C:\AdwCleaner
2014-01-19 18:15 - 2012-08-20 09:55 - 00111480 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-19 18:00 - 2014-01-19 18:00 - 01037068 _____ (Thisisu) C:\Users\LEHNER24\Downloads\JRT.exe
2014-01-19 17:57 - 2014-01-19 17:57 - 01236282 _____ C:\Users\LEHNER24\Downloads\adwcleaner.exe
2014-01-19 17:52 - 2014-01-19 17:52 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\LEHNER24\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-19 17:33 - 2014-01-19 17:32 - 00038110 _____ C:\Users\LEHNER24\Downloads\Addition.txt
2014-01-18 14:25 - 2013-12-23 22:09 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\com.adobe.WidgetBrowser
2014-01-18 14:10 - 2012-09-14 12:12 - 00000000 ____D C:\Windows\system32\appmgmt
2014-01-17 11:15 - 2013-01-09 23:11 - 00000000 ____D C:\Users\LEHNER24\Documents\Any Video Converter
2014-01-17 09:10 - 2009-07-14 05:45 - 03022256 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 09:27 - 2013-12-05 10:36 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 09:27 - 2013-12-04 23:16 - 00001032 _____ C:\Users\LEHNER24\Desktop\Dropbox.lnk
2014-01-16 09:27 - 2013-12-04 23:12 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-16 09:27 - 2012-12-21 09:57 - 00000000 ___RD C:\Users\LEHNER24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-16 09:22 - 2012-08-16 10:30 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 23:26 - 2013-03-06 14:02 - 00000000 ____D C:\Users\LEHNER24\Documents\Citavi 3
2014-01-15 22:08 - 2012-12-30 14:29 - 00000187 _____ C:\Users\LEHNER24\AppData\Roaming\default.rss
2014-01-14 15:11 - 2013-03-16 16:04 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\Apple Computer
2014-01-14 11:00 - 2012-12-30 14:28 - 00000000 ____D C:\Users\LEHNER24\Documents\Adobe
2014-01-14 11:00 - 2012-12-21 09:57 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\Adobe
2014-01-14 10:28 - 2014-01-14 10:28 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\NVIDIA
2014-01-13 11:34 - 2012-08-20 12:32 - 00000000 ____D C:\Program Files (x86)\Adobe
2014-01-13 11:30 - 2012-12-21 10:20 - 00000000 ____D C:\Program Files\Common Files\Adobe
2014-01-13 11:10 - 2013-01-15 14:14 - 00000000 ____D C:\Program Files\Adobe
2014-01-13 11:08 - 2013-12-17 11:30 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Adobe
2014-01-13 11:08 - 2012-09-17 08:18 - 00000000 ____D C:\Users\FREUND\AppData\Roaming\Adobe
2014-01-13 11:07 - 2014-01-13 11:07 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Adobe
2014-01-13 11:07 - 2014-01-13 11:07 - 00000000 ____D C:\Users\FREUND\AppData\Local\Adobe
2014-01-13 11:06 - 2012-08-20 12:32 - 00000000 ____D C:\ProgramData\Adobe
2014-01-13 10:57 - 2014-01-13 10:57 - 00001524 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2014-01-08 23:00 - 2014-01-08 22:52 - 00000000 ____D C:\Users\LEHNER24\Documents\FalkData
2014-01-08 22:47 - 2014-01-08 22:47 - 00000000 ____D C:\ProgramData\Websteroids
2014-01-08 22:41 - 2014-01-08 22:41 - 00000000 ____D C:\Users\Administrator\Documents\FalkData
2014-01-08 22:40 - 2014-01-08 22:40 - 00001930 _____ C:\Users\Public\Desktop\Falk Navi-Manager classic.lnk
2014-01-08 22:40 - 2014-01-08 22:40 - 00000000 ____D C:\Program Files (x86)\Falk
2014-01-08 22:40 - 2012-08-20 10:14 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-08 22:36 - 2014-01-08 22:12 - 63647153 _____ C:\Users\LEHNER24\Downloads\FaNaMa_2.11_Classic.exe
2014-01-08 22:14 - 2014-01-08 22:13 - 00000000 ____D C:\Windows\WindowsMobile
2014-01-08 21:53 - 2014-01-08 21:52 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-08 21:53 - 2014-01-08 21:52 - 00000000 ____D C:\Program Files\iTunes
2014-01-08 21:53 - 2014-01-08 21:52 - 00000000 ____D C:\Program Files (x86)\iTunes
2014-01-08 21:53 - 2013-11-21 19:45 - 00000000 ____D C:\Users\LEHNER24\AppData\Local\Apple Computer
2014-01-08 21:52 - 2014-01-08 21:52 - 00000000 ____D C:\Program Files\iPod
2014-01-08 21:52 - 2013-03-09 10:38 - 00000000 ____D C:\ProgramData\Apple Computer
2014-01-08 21:49 - 2014-01-08 21:49 - 00000000 ____D C:\Program Files\Common Files\Apple
2014-01-08 21:49 - 2013-03-09 10:37 - 00000000 ____D C:\ProgramData\Apple
2014-01-08 21:45 - 2014-01-08 21:40 - 100400976 _____ (Apple Inc.) C:\Users\LEHNER24\Downloads\iTunes64Setup.exe
2014-01-07 11:58 - 2014-01-06 20:56 - 00000000 ____D C:\FFOutput
2014-01-06 21:01 - 2014-01-06 21:01 - 00000000 ____D C:\Users\Administrator\Documents\FormatFactory
2014-01-06 20:55 - 2014-01-06 20:55 - 00001204 _____ C:\Users\Administrator\Desktop\Format Factory.lnk
2014-01-06 20:55 - 2014-01-06 20:55 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2014-01-06 20:55 - 2014-01-06 20:55 - 00000000 ____D C:\Program Files (x86)\FreeTime
2014-01-06 20:43 - 2014-01-06 20:42 - 61746584 _____ (Free Time) C:\Users\LEHNER24\Downloads\FFSetup3.2.1.0.exe
2014-01-06 00:50 - 2014-01-06 00:46 - 00001467 _____ C:\Users\LEHNER24\AppData\Local\RecConfig.xml
2014-01-05 14:04 - 2014-01-05 14:04 - 00001035 _____ C:\Users\LEHNER24\Desktop\No23 Recorder.lnk
2014-01-05 14:04 - 2014-01-05 14:04 - 00000000 ____D C:\Users\LEHNER24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No23 Recorder
2014-01-05 14:04 - 2014-01-05 14:04 - 00000000 ____D C:\Users\LEHNER24\AppData\Local\No23 Recorder
2014-01-05 14:03 - 2014-01-05 14:03 - 02497825 _____ (No23) C:\Users\LEHNER24\Downloads\No23Recorder2103.exe
2014-01-03 20:27 - 2012-12-21 10:18 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2014-01-03 20:22 - 2012-08-20 12:35 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-03 20:22 - 2012-08-20 12:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-03 20:22 - 2012-08-20 12:35 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-03 20:17 - 2013-12-05 10:43 - 00000000 ____D C:\ProgramData\Oracle
2014-01-03 20:16 - 2014-01-03 20:16 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-03 20:16 - 2014-01-03 20:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-03 20:16 - 2014-01-03 20:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-03 20:16 - 2014-01-03 20:16 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-03 20:16 - 2014-01-03 20:16 - 00000000 ____D C:\Program Files\Java
2014-01-03 20:16 - 2014-01-03 20:15 - 30694824 _____ (Oracle Corporation) C:\Users\LEHNER24\Downloads\jre-7u45-windows-x64.exe
2014-01-03 15:52 - 2014-01-03 15:52 - 00000076 _____ C:\extensions.ini
2014-01-03 15:52 - 2014-01-03 15:52 - 00000000 _____ C:\extensions.sqlite
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\cache
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 ____D C:\Users\Administrator\.android
2014-01-03 15:51 - 2014-01-03 15:51 - 00000000 _____ C:\Users\Administrator\daemonprocess.txt
2014-01-03 15:51 - 2013-12-19 21:57 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2014-01-03 15:51 - 2012-08-20 09:38 - 00000000 ____D C:\Users\Administrator
2013-12-24 10:38 - 2012-08-20 10:10 - 00404601 _____ C:\Windows\system32\ZenNotify.log
2013-12-24 10:37 - 2012-08-20 10:10 - 00003257 _____ C:\Windows\system32\ZENLGN.LOG

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-30 21:55

==================== End Of Log ============================
         
--- --- ---

Antwort

Themen zu Firefox, doppelt unterstrichene grüne Werbelinks, popup-Werbefenster öffnen automatisch
adware.domaiq, continue, grüne unterstreichungen, icreinstall, nextlive, popup-werbung, pup.bundleinstaller.dw, pup.optional.amonetize.a, pup.optional.babylon.a, pup.optional.bandoo, pup.optional.bundleinstaller.a, pup.optional.conduit.a, pup.optional.delta, pup.optional.delta.a, pup.optional.dynconie.a, pup.optional.iminent, pup.optional.iminent.a, pup.optional.installmonetizer, pup.optional.nextlive.a, pup.optional.opencandy, pup.optional.optimizepro.a, pup.optional.regcleanerpro, pup.optional.softonic, pup.optional.softonic.a, pup.optional.vbates, pup.optional.vbateshelper.a, pup.optional.wajam, sich automatisch, trojan.domaiq, vcredist



Ähnliche Themen: Firefox, doppelt unterstrichene grüne Werbelinks, popup-Werbefenster öffnen automatisch


  1. Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/Werbelinks
    Plagegeister aller Art und deren Bekämpfung - 11.04.2015 (9)
  2. Doppelt unterstrichene Wörter in Firefox
    Plagegeister aller Art und deren Bekämpfung - 01.12.2014 (12)
  3. Firefox, doppelt unterstrichene Wörter + Werbung + automatisch geöffnete Taps
    Log-Analyse und Auswertung - 14.10.2014 (19)
  4. Windows 8/Firefox: Popups/grüne, doppelt unterstichene Wörter/Ads by LyricsBuddy
    Log-Analyse und Auswertung - 21.09.2014 (13)
  5. grüne unterstrichene wörter mit werbung bei firefox
    Log-Analyse und Auswertung - 05.07.2014 (3)
  6. doppelt unterstrichene grüne Wörter tauchen wahlos auf jeder Seite auf
    Plagegeister aller Art und deren Bekämpfung - 09.05.2014 (27)
  7. Win8.1: Firefox: ständige neue Werbefenster und Werbelinks im Text
    Plagegeister aller Art und deren Bekämpfung - 04.05.2014 (41)
  8. Windows 8; Werbe pop-ups und grüne doppelt unterstrichene Wörter in Texten
    Log-Analyse und Auswertung - 04.05.2014 (7)
  9. Win8.1: Firefox: ständige neue Werbefenster und Werbelinks im Text
    Plagegeister aller Art und deren Bekämpfung - 07.04.2014 (17)
  10. Win7: (Popup-)Werbung und blaue, doppelt unterstrichene Werbelinks
    Log-Analyse und Auswertung - 13.03.2014 (7)
  11. Firefox, doppelt unterstrichene, grüne Textstellen, bei Mauszeigerkontakt Pop-up Werbung (schon wieder einer)
    Plagegeister aller Art und deren Bekämpfung - 21.01.2014 (12)
  12. Firefox, doppelt unterstrichene, grüne Textstellen, bei Mauszeigerkontakt Pop-up Werbung
    Log-Analyse und Auswertung - 18.01.2014 (5)
  13. Firefox, doppelt unterstrichene, grüne Textstellen, bei Mauszeigerkontakt Pop-up Werbung
    Plagegeister aller Art und deren Bekämpfung - 14.01.2014 (11)
  14. firefox, doppelt-unterstrichene grüne links mit popups
    Plagegeister aller Art und deren Bekämpfung - 13.01.2014 (1)
  15. grüne, doppelt-unterstrichene Wörter auf Webseiten öffnen Pop-up Fenster
    Plagegeister aller Art und deren Bekämpfung - 14.12.2013 (9)
  16. Explorer und Firefox öffnen automatisch Werbefenster
    Log-Analyse und Auswertung - 14.01.2010 (2)
  17. Werbefenster öffnen sich automatisch in Firefox und I-Explorer
    Log-Analyse und Auswertung - 19.10.2008 (3)

Zum Thema Firefox, doppelt unterstrichene grüne Werbelinks, popup-Werbefenster öffnen automatisch - Hallo zusammen, ich habe gerade Eure Beiträge durchgestöbert und bemerkt, dass schon mehrere Nutzer mein Problem hatten: im Firefox werden beliebige Wörter einer Webseite doppelt grün und führen zu Werbelinks. - Firefox, doppelt unterstrichene grüne Werbelinks, popup-Werbefenster öffnen automatisch...
Archiv
Du betrachtest: Firefox, doppelt unterstrichene grüne Werbelinks, popup-Werbefenster öffnen automatisch auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.