Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: istart websearch Probleme

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.05.2014, 20:35   #1
rrox
 
istart websearch Probleme - Standard

istart websearch Probleme



Hallo Zusammen,

habe mir den hier schon beschriebenen istart-Virus eingefangen. Habe bisher lediglich die Add-Ons bei Google Chrome entfernt bzw. gelöscht. Weiterhin habe ich über die Systemsteuerung alle fremden Programme gelöscht. Leider werden immer noch fremde Inhalte auf Webseiten angezeigt und habe die Vermutung, dass noch nicht alles beseitigt wurde. Es öffnen sich ständig Seiten mit angeblichen Javaupdates.
Ich benutze ein Asus Zenbook ux32 mit Windows 7.

Ich bedanke mich schon einmal vorab,

Grüße

Timo

PS: Hätte noch eine Frage, da ich mich mit solchen Problemen nicht besonders gut auskenne. Ist es sicher, wenn ich zu dieser Zeit E-Mails verschicke?

Geändert von rrox (04.05.2014 um 20:41 Uhr)

Alt 05.05.2014, 06:48   #2
schrauber
/// the machine
/// TB-Ausbilder
 

istart websearch Probleme - Standard

istart websearch Probleme



hi,

Emails kannste schicken,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 05.05.2014, 15:57   #3
rrox
 
istart websearch Probleme - Standard

istart websearch Probleme



Möchte mich schon einmal für die schnelle Antwort bedanken! Leider taucht bei Suchanfragen in der Leiste mit den Webadressen weiterhin istart Suchergebnisse mit folgendem Link auf: hxxp://istart.webssearches.com/web/?type=dspp&ts=1399237181&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX&q

FRST.txt:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-05-2014
Ran by Timo (administrator) on TIMO-PC on 05-05-2014 16:50:04
Running from C:\Users\Timo\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\SysWOW64\DptfParticipantProcessorService.exe
() C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
() C:\Windows\System32\GFilterSvc.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Windows\System32\DeviceDenter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
() C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(Spotify Ltd) C:\Users\Timo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Timo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Users\Timo\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Timo\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Timo\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Timo\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Timo\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Timo\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12476520 2012-04-10] (Realtek Semiconductor)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11407120 2012-03-27] (Intel Corporation)
HKLM\...\Run: [ASUS Quick Gesture (x86)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [17376 2012-07-07] (ASUSTeK Computer Inc.)
HKLM\...\Run: [ASUS TP Center (x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe [235488 2012-07-07] (AsusTek)
HKLM\...\Run: [ASUS Quick Gesture (x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe [19424 2012-07-07] (ASUSTeK Computer Inc.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\SysWOW64\DptfPolicyLpmServiceHelper.exe
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35768 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-24] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568 2012-02-22] (ASUS)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3058304 2012-12-13] (ASUS)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-20] (CyberLink)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208 2012-06-25] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174752 2012-06-19] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2013-12-13] (Cisco Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2216232264-1511523134-287659929-1001\...\Run: [Google Update] => C:\Users\Timo\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-08] (Google Inc.)
HKU\S-1-5-21-2216232264-1511523134-287659929-1001\...\Run: [Spotify Web Helper] => C:\Users\Timo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1105408 2013-04-16] (Spotify Ltd)
HKU\S-1-5-21-2216232264-1511523134-287659929-1001\...\Run: [pnwrtorp] => C:\Users\Timo\AppData\Local\Temp\Fhmpfdelf\olkrklntorp.exe <===== ATTENTION
HKU\S-1-5-21-2216232264-1511523134-287659929-1001\...\Run: [defol] => "C:\Users\Timo\AppData\Roaming\defol.exe" -autorun
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [260928 2012-03-30] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-03-30] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Timo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1399226616&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1399226616&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1399226616&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1399226616&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1399226616&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1399226616&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1399226616&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1399226616&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1399226616&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1399226616&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1399226616&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1399226616&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1399226616&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1399226616&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1399226616&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKCU - {B427AC2A-9DE9-4D43-9D7C-D57A244DECC0} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=en_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=9FAA97FF-8357-4447-9843-E89A18AFC526&apn_sauid=DAF8C094-AB91-4F55-827C-2314F9983098
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Timo\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Timo\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Timo\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-01-05]
FF HKLM-x32\...\Firefox\Extensions: [{97573DA5-C946-49B0-B575-47AF170745F4}] - C:\Windows\Installer\{E0815E8F-785E-461B-A0B1-0471389C7CEF}\{97573DA5-C946-49B0-B575-47AF170745F4}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{E0815E8F-785E-461B-A0B1-0471389C7CEF}\{97573DA5-C946-49B0-B575-47AF170745F4}.xpi [2014-05-04]

Chrome: 
=======
CHR HomePage: hxxp://istart.webssearches.com/?type=hppp&ts=1399298044&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX
CHR StartupUrls: "hxxp://istart.webssearches.com/?type=hppp&ts=1399298044&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX"
CHR DefaultSearchKeyword: webssearches
CHR DefaultSearchProvider: webssearches
CHR DefaultSearchURL: hxxp://istart.webssearches.com/web/?type=dspp&ts=1399237181&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX&q={searchTerms}
CHR DefaultNewTabURL: 
CHR Extension: (Google Drive) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-05]
CHR Extension: (YouTube) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-05]
CHR Extension: (Google-Suche) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-05]
CHR Extension: (Download Protect) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkoedmojibfkjahkcfkhjabfhdpelffi [2014-05-04]
CHR Extension: (Google Wallet) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-05]
CHR HKLM-x32\...\Chrome\Extension: [aakchaleigkohafkfjfjbblobjifikek] - C:\Users\Timo\AppData\LocalLow\proxtube\CHROME\proxtube.crx [2014-05-05]
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://istart.webssearches.com/?type=scpp&ts=1399298044&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 DptfParticipantProcessorService; C:\Windows\SysWOW64\DptfParticipantProcessorService.exe [18944 2012-02-20] ()
R2 DptfPolicyConfigTDPService; C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe [19968 2012-02-20] ()
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 GFilterSvc; C:\Windows\System32\GFilterSvc.exe [116224 2012-09-21] ()
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-05-10] ()
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2012-04-10] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-05-11] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-04-18] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 runas64; C:\Windows\system32\DeviceDenter.exe [106496 2012-09-21] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2671376 2012-04-18] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-02-29] (ASUSTek Computer Inc.)
R0 assd; C:\Windows\System32\Drivers\assd.sys [27056 2011-10-29] (ASUS Corporation)
R3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [35968 2012-07-07] (Windows (R) Win 7 DDK provider)
R3 AsusVTouch; C:\Windows\System32\DRIVERS\AsusVTouch.sys [19104 2012-07-07] (ASUS)
R3 ATP; C:\Windows\System32\DRIVERS\AsusTP.sys [49824 2012-07-07] (ASUS Corporation)
S3 AX88772B; C:\Windows\System32\DRIVERS\ax88772b.sys [110592 2012-04-05] (ASIX Electronics Corp.)
R3 DptfDevDram; C:\Windows\System32\DRIVERS\DptfDevDram.sys [107288 2012-02-20] (Intel Corporation)
R3 DptfDevFan; C:\Windows\System32\DRIVERS\DptfDevFan.sys [42776 2012-02-20] (Intel Corporation)
R3 DptfDevGen; C:\Windows\System32\DRIVERS\DptfDevGen.sys [64792 2012-02-20] (Intel Corporation)
R3 DptfDevPch; C:\Windows\System32\DRIVERS\DptfDevPch.sys [96024 2012-02-20] (Intel Corporation)
R3 DptfDevProc; C:\Windows\System32\DRIVERS\DptfDevProc.sys [220952 2012-02-20] (Intel Corporation)
R3 DptfManager; C:\Windows\System32\DRIVERS\DptfManager.sys [357656 2012-02-20] (Intel Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-04-10] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-12-13] (Cisco Systems, Inc.)
S2 avgntflt; \??\C:\Windows\SYSTEM32\drivers\avgntflt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-05 16:50 - 2014-05-05 16:50 - 00026401 _____ () C:\Users\Timo\Desktop\FRST.txt
2014-05-05 16:47 - 2014-05-05 16:50 - 00000000 ____D () C:\FRST
2014-05-05 07:36 - 2014-05-05 15:53 - 00000112 _____ () C:\Windows\setupact.log
2014-05-05 07:36 - 2014-05-05 07:36 - 00003352 _____ () C:\Windows\PFRO.log
2014-05-05 07:36 - 2014-05-05 07:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-04 23:04 - 2014-05-04 23:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Timo\Downloads\revosetup95.exe
2014-05-04 23:04 - 2014-05-04 23:04 - 00000915 _____ () C:\Users\Timo\Desktop\Revo Uninstaller.lnk
2014-05-04 21:47 - 2014-05-04 21:47 - 02062336 _____ (Farbar) C:\Users\Timo\Desktop\FRST64.exe
2014-05-04 20:54 - 2014-05-04 20:54 - 00003146 _____ () C:\Windows\System32\Tasks\{D5E9D659-0A90-416C-9B8B-FEC8DC58E30E}
2014-05-04 20:28 - 2014-05-04 20:28 - 00000000 __SHD () C:\Users\Timo\AppData\Local\EmieUserList
2014-05-04 20:28 - 2014-05-04 20:28 - 00000000 __SHD () C:\Users\Timo\AppData\Local\EmieSiteList
2014-05-04 20:09 - 2014-05-04 20:09 - 00000318 _____ () C:\Users\Timo\AppData\Roaming\aps.uninstall.scan.results
2014-05-04 20:08 - 2014-05-05 16:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-04 20:08 - 2014-05-04 20:09 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-04 20:08 - 2014-05-04 20:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-04 20:08 - 2014-05-04 20:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-04 20:08 - 2014-05-04 20:08 - 00000000 ____D () C:\Windows\system32\Macromed
2014-05-04 20:05 - 2014-05-04 20:06 - 00000000 ____D () C:\ProgramData\IePluginService
2014-05-04 20:05 - 2014-05-04 20:06 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-05-04 20:05 - 2014-05-04 20:05 - 01745872 _____ (AnyProtect.com) C:\Users\Timo\AppData\Local\nsw30D3.tmp
2014-05-04 20:05 - 2014-05-04 20:05 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\SupTab
2014-05-04 20:05 - 2014-05-04 20:05 - 00000000 ____D () C:\ProgramData\WPM
2014-05-04 20:03 - 2014-05-04 22:59 - 00000000 ____D () C:\Users\Timo\AppData\Local\Genesis
2014-05-04 20:03 - 2014-05-04 20:09 - 00000000 ____D () C:\Program Files (x86)\VPHQ-c11
2014-05-04 20:02 - 2014-05-04 20:02 - 00499184 _____ () C:\Users\Timo\Downloads\Java (1).exe
2014-05-04 20:01 - 2014-05-04 20:01 - 00499184 _____ () C:\Users\Timo\Downloads\Java.exe
2014-05-03 13:48 - 2014-05-03 13:48 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\DropboxMaster
2014-05-02 23:36 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-02 23:36 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-02 23:36 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-02 23:36 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-02 16:19 - 2014-05-02 16:19 - 00796672 _____ () C:\Users\Timo\Downloads\Heilbronn 2010-05-16-HM.xls
2014-04-23 09:23 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-23 09:23 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-23 09:23 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-23 09:23 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-23 09:23 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-23 09:23 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-23 09:23 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-23 09:23 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-23 09:23 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-23 09:23 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-23 09:23 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-23 09:23 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-23 09:23 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-23 09:23 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-23 09:23 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-23 09:23 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-23 09:23 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-23 09:23 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-23 09:23 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-23 09:23 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-23 09:23 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-23 09:23 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-23 09:23 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-23 09:23 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-23 09:23 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-23 09:23 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-23 09:23 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-23 09:23 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-23 09:23 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-23 09:23 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-23 09:23 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-23 09:23 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-23 09:22 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-23 09:22 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-23 09:22 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-23 09:22 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-23 09:22 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-23 09:22 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-23 09:22 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-23 09:22 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-23 09:22 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-23 09:22 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-23 09:22 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-23 09:22 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-18 15:45 - 2014-04-18 15:45 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-18 15:45 - 2014-04-18 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-18 15:45 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-18 15:45 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-18 15:45 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-18 15:45 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-12 13:59 - 2014-04-12 13:59 - 00238368 _____ (Premium Installer ) C:\Users\Timo\Downloads\Player-Chrome (1).exe
2014-04-12 12:54 - 2014-04-12 12:54 - 00634872 _____ () C:\Users\Timo\Downloads\Player_Setup.exe
2014-04-09 07:55 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 07:55 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 07:55 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 07:55 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 07:55 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 07:55 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 07:55 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 07:55 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 07:55 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 07:55 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 07:55 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 07:55 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 07:55 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 07:55 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 07:55 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 07:55 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 07:55 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-08 21:27 - 2014-04-08 21:27 - 00516472 _____ () C:\Users\Timo\Downloads\streamhunter_download.exe

==================== One Month Modified Files and Folders =======

2014-05-05 16:50 - 2014-05-05 16:50 - 00026401 _____ () C:\Users\Timo\Desktop\FRST.txt
2014-05-05 16:50 - 2014-05-05 16:47 - 00000000 ____D () C:\FRST
2014-05-05 16:45 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-05 16:45 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-05 16:44 - 2011-02-19 06:24 - 00729694 _____ () C:\Windows\system32\perfh007.dat
2014-05-05 16:44 - 2011-02-19 06:24 - 00160782 _____ () C:\Windows\system32\perfc007.dat
2014-05-05 16:44 - 2009-07-14 07:13 - 01671868 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-05 16:43 - 2014-05-04 20:08 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-05 16:43 - 2013-12-08 21:22 - 01234797 _____ () C:\Windows\WindowsUpdate.log
2014-05-05 16:43 - 2012-10-16 08:39 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\Dropbox
2014-05-05 16:43 - 2012-09-08 21:13 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2216232264-1511523134-287659929-1001UA.job
2014-05-05 16:43 - 2012-09-08 13:13 - 00000387 _____ () C:\Users\Timo\AppData\Roaming\sp_data.sys
2014-05-05 16:43 - 2012-02-24 04:29 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-05 15:54 - 2012-09-08 21:18 - 00002674 _____ () C:\Users\Timo\Desktop\Google Chrome.lnk
2014-05-05 15:54 - 2012-09-08 13:11 - 00001655 _____ () C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-05 15:53 - 2014-05-05 07:36 - 00000112 _____ () C:\Windows\setupact.log
2014-05-05 15:53 - 2014-03-26 23:08 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-05-05 15:53 - 2012-12-12 23:50 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-05-05 15:53 - 2012-12-12 23:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-05 15:53 - 2012-02-24 04:29 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-05 15:53 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-05 07:38 - 2012-09-08 21:17 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-05 07:36 - 2014-05-05 07:36 - 00003352 _____ () C:\Windows\PFRO.log
2014-05-05 07:36 - 2014-05-05 07:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-04 23:14 - 2013-02-07 18:47 - 00000000 ____D () C:\Users\Timo\Documents\TrackMania
2014-05-04 23:04 - 2014-05-04 23:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Timo\Downloads\revosetup95.exe
2014-05-04 23:04 - 2014-05-04 23:04 - 00000915 _____ () C:\Users\Timo\Desktop\Revo Uninstaller.lnk
2014-05-04 23:04 - 2014-01-02 23:08 - 00064000 ___SH () C:\Users\Timo\Desktop\Thumbs.db
2014-05-04 23:04 - 2012-09-08 13:10 - 00000000 ____D () C:\Users\Timo
2014-05-04 23:01 - 2012-09-08 21:13 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2216232264-1511523134-287659929-1001Core.job
2014-05-04 22:59 - 2014-05-04 20:03 - 00000000 ____D () C:\Users\Timo\AppData\Local\Genesis
2014-05-04 21:47 - 2014-05-04 21:47 - 02062336 _____ (Farbar) C:\Users\Timo\Desktop\FRST64.exe
2014-05-04 20:54 - 2014-05-04 20:54 - 00003146 _____ () C:\Windows\System32\Tasks\{D5E9D659-0A90-416C-9B8B-FEC8DC58E30E}
2014-05-04 20:28 - 2014-05-04 20:28 - 00000000 __SHD () C:\Users\Timo\AppData\Local\EmieUserList
2014-05-04 20:28 - 2014-05-04 20:28 - 00000000 __SHD () C:\Users\Timo\AppData\Local\EmieSiteList
2014-05-04 20:09 - 2014-05-04 20:09 - 00000318 _____ () C:\Users\Timo\AppData\Roaming\aps.uninstall.scan.results
2014-05-04 20:09 - 2014-05-04 20:08 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-04 20:09 - 2014-05-04 20:03 - 00000000 ____D () C:\Program Files (x86)\VPHQ-c11
2014-05-04 20:08 - 2014-05-04 20:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-04 20:08 - 2014-05-04 20:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-04 20:08 - 2014-05-04 20:08 - 00000000 ____D () C:\Windows\system32\Macromed
2014-05-04 20:07 - 2012-09-08 13:11 - 00000000 ___RD () C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-04 20:06 - 2014-05-04 20:05 - 00000000 ____D () C:\ProgramData\IePluginService
2014-05-04 20:06 - 2014-05-04 20:05 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-05-04 20:05 - 2014-05-04 20:05 - 01745872 _____ (AnyProtect.com) C:\Users\Timo\AppData\Local\nsw30D3.tmp
2014-05-04 20:05 - 2014-05-04 20:05 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\SupTab
2014-05-04 20:05 - 2014-05-04 20:05 - 00000000 ____D () C:\ProgramData\WPM
2014-05-04 20:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-05-04 20:02 - 2014-05-04 20:02 - 00499184 _____ () C:\Users\Timo\Downloads\Java (1).exe
2014-05-04 20:01 - 2014-05-04 20:01 - 00499184 _____ () C:\Users\Timo\Downloads\Java.exe
2014-05-04 18:58 - 2012-12-12 23:50 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-05-03 14:47 - 2013-10-03 19:55 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-05-03 13:48 - 2014-05-03 13:48 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\DropboxMaster
2014-05-03 13:48 - 2012-10-16 08:42 - 00001017 _____ () C:\Users\Timo\Desktop\Dropbox.lnk
2014-05-03 13:48 - 2012-10-16 08:39 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-02 16:34 - 2013-10-31 10:53 - 00000000 ____D () C:\Users\Timo\Desktop\Bewerbungsunterlagen
2014-05-02 16:19 - 2014-05-02 16:19 - 00796672 _____ () C:\Users\Timo\Downloads\Heilbronn 2010-05-16-HM.xls
2014-04-29 16:01 - 2014-05-02 23:36 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 15:40 - 2014-05-02 23:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 15:37 - 2014-01-10 17:00 - 00000000 ____D () C:\Users\Timo\Desktop\Hausarbeit
2014-04-29 14:48 - 2014-05-02 23:36 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 14:34 - 2014-05-02 23:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-23 09:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-18 16:30 - 2013-10-09 17:56 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-18 15:45 - 2014-04-18 15:45 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-18 15:45 - 2014-04-18 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-18 15:45 - 2013-10-09 17:55 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-14 20:13 - 2014-04-18 15:45 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-04-18 15:45 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-04-18 15:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-04-18 15:45 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-12 13:59 - 2014-04-12 13:59 - 00238368 _____ (Premium Installer ) C:\Users\Timo\Downloads\Player-Chrome (1).exe
2014-04-12 12:54 - 2014-04-12 12:54 - 00634872 _____ () C:\Users\Timo\Downloads\Player_Setup.exe
2014-04-10 13:24 - 2012-09-09 20:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-08 21:27 - 2014-04-08 21:27 - 00516472 _____ () C:\Users\Timo\Downloads\streamhunter_download.exe

Files to move or delete:
====================
C:\Users\Timo\Rar.exe
C:\Users\Timo\RarExt.dll
C:\Users\Timo\RarExt32.dll
C:\Users\Timo\rarnew.dat
C:\Users\Timo\Uninstall.exe
C:\Users\Timo\UnRAR.exe
C:\Users\Timo\WinRAR.exe
C:\Users\Timo\zipnew.dat


Some content of TEMP:
====================
C:\Users\Timo\AppData\Local\Temp\BackupSetup.exe
C:\Users\Timo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpex7brt.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-26 21:35

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-05-2014
Ran by Timo at 2014-05-05 16:51:04
Running from C:\Users\Timo\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\{41042E28-CCA1-4147-869F-9E928B38F04C}) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.14.1.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.0.20064 - Ask.com) <==== ATTENTION
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.25 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0014 - ASUS)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.2 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.1 - ASUS)
ASUS PWR Option (HKLM-x32\...\{B800CE44-D206-475D-A6E2-5B3808E2D60A}) (Version: 1.1.0 - ASUS)
ASUS Secure Delete (HKLM\...\{761C6783-D3BC-48AB-8E7C-61CE918A8436}) (Version: 1.00.0011 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.22 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0041 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.4 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.0.9 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.26 - ASUS)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
AsusScr_UX32VD (HKLM-x32\...\AsusScr_UX32VD) (Version: 1.0.0003 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.9.157 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0020 - ASUS)
AX88772B Windows 7 Drivers (HKLM-x32\...\InstallShield_{54A168C9-2250-4058-80EB-1F4A4192548A}) (Version: 1.0.2.0 - ASIX Electronics Corporation)
AX88772B Windows 7 Drivers (x32 Version: 1.0.2.0 - ASIX Electronics Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - ‪Canon Inc.‬)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MG4200 series Benutzerregistrierung (HKLM-x32\...\Canon MG4200 series Benutzerregistrierung) (Version:  - Canon Inc.‎)
Canon MG4200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4200_series) (Version: 1.01 - Canon Inc.)
Canon MG4200 series On-screen Manual (HKLM-x32\...\Canon MG4200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05152 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05152 - Cisco Systems, Inc.) Hidden
Citrix Online Launcher (HKLM-x32\...\{F82C81F9-ADB5-42BD-AFE9-DD5DFDD215E3}) (Version: 1.0.135 - Citrix)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
CyberLink Media Suite (x32 Version: 8.0.2926 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.1126 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dream Vacation Solitaire (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111249233}) (Version:  - Oberon Media)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.31 - Dropbox, Inc.)
ExpressCache (HKLM\...\{FF607B1F-A78B-4F1D-BC8E-6C2AB3B75405}) (Version: 1.0.87 - Diskeeper Corporation)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 15.0.874.120 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
gutscheinfilter.de (HKCU\...\{206a7328-437f-4bd9-b53e-12bfee24d588}) (Version:  - gutscheinfilter.de)
Hama Black Force Pad (HKLM-x32\...\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}) (Version: 2007.01.01 - )
High-Definition Video Playback (x32 Version: 7.1.13900.47.0 - Nero AG) Hidden
HP Deskjet 3000 J310 series - Grundlegende Software für das Gerät (HKLM\...\{CCA69073-0A9C-4601-90AB-8A1860A3E219}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 3000 J310 series Hilfe (HKLM-x32\...\{654A65DA-7173-4B51-ACEB-F855201EE033}) (Version: 140.0.66.66 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.3.2 - ASUS)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Dynamic Platform & Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.1.1067 - Intel Corporation)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36354 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.12.1498 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2761 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{705EE775-5776-48FD-B704-C3C9CF535420}) (Version: 15.1.1.0170 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}) (Version: 2.1.1.0153 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1024 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{4E4282C3-F66E-4852-837A-7675527178C2}) (Version: 3.1.26.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® AT Service signup (HKLM-x32\...\{CD49AEDB-FFB4-4A9A-A3C2-E9AF814FE6FE}) (Version: 2.0.0.3 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{BAA0BE9B-9E6D-4802-91CB-FB7ED5CD4BEF}) (Version: 15.01.1500.1034 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
myBitCast 1.0.0.3 (HKLM\...\myBitCast) (Version: 1.0.0.3 - ASUS Cloud Corporation)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.6.11700.17.100 - Nero AG)
Nero BackItUp 10 Help (CHM) (x32 Version: 10.5.10700 - Nero AG) Hidden
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10500.1.102 - Nero AG)
Nero BurnRights 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.2.11100.1.1 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.19800.9.10 - Nero AG) Hidden
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.2.11400.11.100 - Nero AG)
Nero CoverDesigner 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12400.25.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 10.5.10200 - Nero AG) Hidden
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.2.10400.5.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{89590A73-9AC3-48ED-B83E-6489900DED5A}) (Version: 10.5.10000 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11300.12.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
NVIDIA 3D Vision Driver 296.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 296.44 - NVIDIA Corporation)
NVIDIA Control Panel 296.44 (Version: 296.44 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 296.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.44 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.62.312 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.7.12 (Version: 1.7.12 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.9644 - NVIDIA Corporation) Hidden
NVIDIA Update 1.7.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.7.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.7.12 - NVIDIA Corporation) Hidden
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6612 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10010 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Spotify (HKCU\...\Spotify) (Version: 0.9.0.128.g3134f863 - Spotify AB)
TSST OEM Content (HKLM-x32\...\{885AFEC2-0809-47CE-8B3F-00AEC19DDD5F}) (Version: 10.0.10300.0.0 - Nero AG)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Windows Driver Package - ASUS (ATP) Mouse  (07/04/2012 1.0.0.90) (HKLM\...\1E69FD7AD5518E7CDB2F55D730CACCD8ED89F5D5) (Version: 07/04/2012 1.0.0.90 - ASUS)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.30 - ASUS)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Restore Points  =========================

22-04-2014 07:15:33 Windows Update
23-04-2014 07:21:50 Windows Update
26-04-2014 07:56:23 Windows Update
27-04-2014 18:05:12 Windows-Sicherung
02-05-2014 06:35:12 Windows Update
02-05-2014 21:35:46 Windows Update
04-05-2014 17:00:14 Windows-Sicherung
04-05-2014 18:03:50 Uniblue SpeedUpMyPC installation
04-05-2014 21:00:22 Removed Adobe Flash Player 11 ActiveX.
04-05-2014 21:12:27 Revo Uninstaller's restore point - TmNationsForever

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {07482282-1EDF-40E7-8EE6-45C7B8C96B5E} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {0B3022E3-1822-42D2-853B-060D9B16FE85} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24] (Google Inc.)
Task: {114EBFE4-9B21-4F14-A6A1-2AC9B904A912} - System32\Tasks\ASUS Wireless Console 3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2012-05-17] (ASUSTeK Computer Inc.)
Task: {1E6CDEE2-B684-461E-B9E7-32591DD77CA4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {26394FF8-8467-4135-8D78-A76188C6385E} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2012-02-17] (ASUSTek Computer Inc.)
Task: {2E29068B-E5AC-4E93-9C42-F48A1BF218FE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3FBB4117-C54B-41FC-97DC-62BC591D6F21} - System32\Tasks\AIRecoveryRemind => C:\Program Files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe [2012-04-13] (ASUSTek Computer Inc.)
Task: {56C8C962-C708-4654-8F59-F01E56EBA145} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-02-16] (ASUS)
Task: {632B6377-C881-403A-B1B2-5292435DBFAA} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-02-29] (ASUSTek Computer Inc.)
Task: {65262CF8-10F5-4869-B28F-EA8F92B72500} - System32\Tasks\Secure Delete => C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe [2012-03-14] ()
Task: {68FE75D7-6569-496F-B863-12153949D0B3} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {6CC0CEED-B6F7-4F38-810E-794BE6244BB1} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {72D0C738-8757-4332-8678-C6A50EE0FB83} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2216232264-1511523134-287659929-1001UA => C:\Users\Timo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-08] (Google Inc.)
Task: {8BDBB152-A8C0-48EF-9670-5BBAB5171EE5} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-06-25] (ASUSTek Computer Inc.)
Task: {8BDDB50A-894A-44C8-8F18-AC996B599520} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24] (Google Inc.)
Task: {97C84E38-723C-4543-86AB-E56A2D2DEF5F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-04] (Adobe Systems Incorporated)
Task: {D447A136-641B-4AC1-8838-76FA841B7675} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2216232264-1511523134-287659929-1001Core => C:\Users\Timo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-08] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2216232264-1511523134-287659929-1001Core.job => C:\Users\Timo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2216232264-1511523134-287659929-1001UA.job => C:\Users\Timo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Loaded Modules (whitelisted) =============

2012-07-09 10:40 - 2012-02-20 05:31 - 00018944 _____ () C:\Windows\SysWOW64\DptfParticipantProcessorService.exe
2012-07-09 10:40 - 2012-02-20 05:31 - 00019968 _____ () C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe
2012-09-21 19:35 - 2012-09-21 19:35 - 00116224 _____ () C:\Windows\System32\GFilterSvc.exe
2013-10-03 19:58 - 2012-03-28 14:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2012-09-21 19:35 - 2012-09-21 19:35 - 00106496 _____ () C:\Windows\system32\DeviceDenter.exe
2010-07-15 02:11 - 2010-07-15 02:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-03-14 20:59 - 2012-03-14 20:59 - 00556976 _____ () C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
2012-12-12 23:50 - 2012-05-10 22:03 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2013-12-13 00:36 - 2013-12-13 00:36 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-01-28 14:08 - 2013-01-28 14:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 14:08 - 2013-01-28 14:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-01-31 19:25 - 2012-01-31 19:25 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2014-05-05 15:53 - 2014-05-05 15:53 - 00041984 _____ () c:\users\timo\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpex7brt.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Timo\AppData\Roaming\Dropbox\bin\libcef.dll
2012-02-22 00:49 - 2012-02-22 00:49 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-08-20 19:57 - 2010-08-20 19:57 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-20 19:57 - 2010-08-20 19:57 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-04-30 13:05 - 2014-04-24 02:33 - 00065352 _____ () C:\Users\Timo\AppData\Local\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
2014-03-26 23:08 - 2014-05-04 19:01 - 00012288 _____ () C:\Users\Timo\AppData\Local\Google\Chrome\Application\WTSAPI32.dll
2014-04-30 13:05 - 2014-04-24 02:33 - 00674632 _____ () C:\Users\Timo\AppData\Local\Google\Chrome\Application\34.0.1847.131\libglesv2.dll
2014-04-30 13:05 - 2014-04-24 02:33 - 00093000 _____ () C:\Users\Timo\AppData\Local\Google\Chrome\Application\34.0.1847.131\libegl.dll
2014-04-30 13:05 - 2014-04-24 02:33 - 04081480 _____ () C:\Users\Timo\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll
2014-04-30 13:05 - 2014-04-24 02:33 - 00390472 _____ () C:\Users\Timo\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
2014-04-30 13:05 - 2014-04-24 02:33 - 01647432 _____ () C:\Users\Timo\AppData\Local\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
2014-04-30 13:05 - 2014-04-24 02:33 - 13692232 _____ () C:\Users\Timo\AppData\Local\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll
2012-12-12 23:49 - 2012-05-11 01:03 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
MSCONFIG\startupreg: Spotify => "C:\Users\Timo\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Timo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/05/2014 04:43:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2679894

Error: (05/05/2014 04:43:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2679894

Error: (05/05/2014 04:43:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/05/2014 04:43:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2678865

Error: (05/05/2014 04:43:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2678865

Error: (05/05/2014 04:43:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/05/2014 04:43:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2677866

Error: (05/05/2014 04:43:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2677866

Error: (05/05/2014 04:43:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/05/2014 04:43:08 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2676868


System errors:
=============
Error: (05/05/2014 03:54:40 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/05/2014 03:53:41 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (05/05/2014 03:53:38 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "avgntflt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/05/2014 07:37:43 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/05/2014 07:36:43 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (05/05/2014 07:36:41 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "avgntflt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/04/2014 00:49:59 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/04/2014 00:49:24 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Bluetooth Device Monitor" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/04/2014 00:48:59 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (05/04/2014 00:48:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "avgntflt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (01/06/2014 00:53:25 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 12 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/06/2014 00:52:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 9999 seconds with 5100 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 73%
Total physical RAM: 3981.89 MB
Available physical RAM: 1044.34 MB
Total Pagefile: 7961.95 MB
Available Pagefile: 4303.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:128.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:254.14 GB) (Free:21.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: D79ED201)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 22 GB) (Disk ID: 1F31B247)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
__________________

Alt 06.05.2014, 11:23   #4
schrauber
/// the machine
/// TB-Ausbilder
 

istart websearch Probleme - Standard

istart websearch Probleme



Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.




Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.05.2014, 15:17   #5
rrox
 
istart websearch Probleme - Standard

istart websearch Probleme



Hallo Schrauber,
hier die Logs:

mbam:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 06.05.2014
Suchlauf-Zeit: 15:08:27
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.05.06.04
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Timo

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 294870
Verstrichene Zeit: 16 Min, 56 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, 1596, Löschen bei Neustart, [dc244eb2d0307e82fae1e271f908cf31]

Module: 1
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, Löschen bei Neustart, [d42cf20e1ee2619f98873b504fb303fd], 

Registrierungsschlüssel: 15
PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginService, In Quarantäne, [dc244eb2d0307e82fae1e271f908cf31], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [ae52966a4ab6ef11ff30ce533fc34db3], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, In Quarantäne, [ae52966a4ab6ef11ff30ce533fc34db3], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [ae52966a4ab6ef11ff30ce533fc34db3], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [ae52966a4ab6ef11ff30ce533fc34db3], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, In Quarantäne, [ae52966a4ab6ef11ff30ce533fc34db3], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [ae52966a4ab6ef11ff30ce533fc34db3], 
PUP.Optional.SupTab.A, HKU\S-1-5-21-2216232264-1511523134-287659929-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [ae52966a4ab6ef11ff30ce533fc34db3], 
PUP.Optional.SupTab.A, HKU\S-1-5-21-2216232264-1511523134-287659929-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [ae52966a4ab6ef11ff30ce533fc34db3], 
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [c33d5ca4be4204fce079b6fa62a1c739], 
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, In Quarantäne, [22de768a748caa56bdae661b2ad82ed2], 
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [e21e827e0df313ed6ced614fde2515eb], 
PUP.Optional.MediaPlayerplus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerplus, In Quarantäne, [04fccb35e21eef11a8ed6b15a35f728e], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2216232264-1511523134-287659929-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [b34de41c49b7867a051b9524758eae52], 
PUP.Optional.Qone8, HKU\S-1-5-21-2216232264-1511523134-287659929-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [7d8306fa43bda7595efaeac6c63d33cd], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 14
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://istart.webssearches.com/?type=scpp&ts=1399298044&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX, Gut: (Chrome.exe), Schlecht: ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://istart.webssearches.com/?type=scpp&ts=1399298044&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX),Ersetzt,[e719d22e29d79a662807e54c28dc42be]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1399226616&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1399226616&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX),Ersetzt,[ed1330d0b64a43bd181538f91ce89e62]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1399226616&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1399226616&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX&q={searchTerms}),Ersetzt,[50b0cf312ed2c63a58ccf33ed03428d8]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1399226616&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1399226616&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX),Ersetzt,[aa56669aa7597b8546dce44dd62e7b85]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1399226616&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1399226616&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX),Ersetzt,[639de7193bc59b65e442f8396b99867a]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[e0202ed224dc808041161e1d25df24dc]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://istart.webssearches.com/?type=scpp&ts=1399298044&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX, Gut: (Chrome.exe), Schlecht: ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://istart.webssearches.com/?type=scpp&ts=1399298044&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX),Ersetzt,[4cb4649c669a936d09265bd68480758b]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1399226616&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1399226616&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX),Ersetzt,[669a4bb5c53ba15f83aa9998db295da3]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1399226616&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1399226616&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX&q={searchTerms}),Ersetzt,[c838b050a957d42c170ddf5218ecae52]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1399226616&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1399226616&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX),Ersetzt,[3cc4bd43a15f857b38ea70c17f859c64]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1399226616&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1399226616&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX),Ersetzt,[8a76a55b7c84827e82a4ff3250b4966a]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[23ddd030847cc0408ccba19a1aea49b7]
PUP.Optional.WebsSearches.A, HKU\S-1-5-21-2216232264-1511523134-287659929-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1399226616&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1399226616&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX),Ersetzt,[a15f1be5837dd22ee0472908b4502ad6]
PUP.Optional.WebsSearches.A, HKU\S-1-5-21-2216232264-1511523134-287659929-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1399226616&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1399226616&from=tugs&uid=HitachiXHTS545050A7E380_TA85113VCG0P6NCG0P6NX),Ersetzt,[19e7ca3645bbd927d54eaa878282a55b]

Ordner: 30
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, Löschen bei Neustart, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, Löschen bei Neustart, [c43c0af6e9173cc406df2942e91951af], 
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, In Quarantäne, [c43c0af6e9173cc406df2942e91951af], 
PUP.Optional.WebsSearches.A, C:\Users\Timo\AppData\Roaming\webssearches, In Quarantäne, [5fa103fda55ba858c94c155b699901ff], 
PUP.Optional.WebsSearches.A, C:\Users\Timo\AppData\Roaming\webssearches\images, In Quarantäne, [5fa103fda55ba858c94c155b699901ff], 
PUP.Optional.WebsSearches.A, C:\Users\Timo\AppData\Roaming\webssearches\log, In Quarantäne, [5fa103fda55ba858c94c155b699901ff], 

Dateien: 75
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, Löschen bei Neustart, [dc244eb2d0307e82fae1e271f908cf31], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, In Quarantäne, [ae52966a4ab6ef11ff30ce533fc34db3], 
PUP.Optional.WpManager, C:\ProgramData\WPM\wprotectmanager.exe, In Quarantäne, [a759d030c13fb050b77899c5c73a0df3], 
PUP.Optional.SupTab.A, C:\Users\Timo\AppData\Roaming\SupTab\SupTab.dll, In Quarantäne, [59a732ce867a16eac688d65fbe4209f7], 
PUP.Optional.DomaIQ, C:\Users\Timo\AppData\Local\Temp\dfs5DB1.tmp, In Quarantäne, [4bb5629e19e7f010d72fcea959a89868], 
PUP.Optional.IePluginService.A, C:\Users\Timo\AppData\Local\Temp\fullpackage_temp1399226591\tmp\SupTab.exe, In Quarantäne, [05fb2ed23ec21de319c25df654ad7888], 
PUP.Optional.WpManager, C:\Users\Timo\AppData\Local\Temp\fullpackage_temp1399226591\tmp\wpm.exe, In Quarantäne, [857bbf41b24e35cbe34c6df1c73a55ab], 
Backdoor.Bot, C:\Users\Timo\AppData\Local\Temp\04388ee2-4bd6-4e89-8ddc-52c51e767920\android.exe, In Quarantäne, [4fb1db257789629e060318526a9730d0], 
PUP.Optional.SkyTech.A, C:\Users\Timo\AppData\Local\Temp\04388ee2-4bd6-4e89-8ddc-52c51e767920\software\lly_webssearches.exe .exe, In Quarantäne, [11effb058c742bd5f8c3d57edc250ff1], 
Backdoor.Bot, C:\Users\Timo\AppData\Local\Temp\android\android.exe, In Quarantäne, [d32d5da3f40c15eba2670664ce3306fa], 
PUP.Optional.OptimumInstaller.A, C:\Users\Timo\Downloads\Player-Chrome (1).exe, In Quarantäne, [0df3b050df216a963ef3cf7cf40d2cd4], 
PUP.Optional.OptimumInstaller.A, C:\Users\Timo\Downloads\Player-Chrome.exe, In Quarantäne, [7d834bb57c845ba54ce55eedb74a60a0], 
PUP.Optional.DomaIQ, C:\Users\Timo\Downloads\Player_Setup.exe, In Quarantäne, [f40c9c6432ce51afd17e2718b44c20e0], 
PUP.Optional.OneClickDownloader.A, C:\Users\Timo\Downloads\streamhunter_download.exe, In Quarantäne, [f10fd42cfd0327d9037af51a639eaa56], 
PUP.Optional.OneClickDownloader.A, C:\Users\Timo\Downloads\Inception.German.AC3.HDRip.exe, In Quarantäne, [936d01ff0af620e0324b54bb8081c23e], 
PUP.Optional.DomaIQ, C:\Users\Timo\Downloads\Java (1).exe, In Quarantäne, [7a868080847c956bb2c00042c33d8b75], 
PUP.Optional.DomaIQ, C:\Users\Timo\Downloads\Java.exe, In Quarantäne, [8a76a858c53bef11343eeb57d03006fa], 
Trojan.Agent, C:\Users\Timo\WinRAR.exe, In Quarantäne, [fc04b848bc4438c88c9ded99fe0422de], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, Löschen bei Neustart, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface64.dll, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterfacef32.dll, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\RSHP.exe, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SearchProtect32.dll, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SearchProtect64.dll, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SpAPPSv32.dll, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SpAPPSv64.dll, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WebDataJs, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\arrow.png, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo.png, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo_hover.png, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_logo.png, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo.png, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo2.png, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\0.png, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ie8.js, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit.js, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, In Quarantäne, [d42cf20e1ee2619f98873b504fb303fd], 

Physische Sektoren: 0
(No malicious items detected)


(end)
         
AdwCleaner:
Code:
ATTFilter
# AdwCleaner v3.207 - Bericht erstellt am 06/05/2014 um 15:40:20
# Aktualisiert 05/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Timo - TIMO-PC
# Gestartet von : C:\Users\Timo\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : GFilterSvc

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Users\Timo\AppData\Local\Genesis
Ordner Gelöscht : C:\Users\Timo\AppData\Roaming\SupTab
Datei Gelöscht : C:\Windows\System32\GFilterSvc.exe
Datei Gelöscht : C:\Users\Timo\Uninstall.exe
Datei Gelöscht : C:\Users\Timo\AppData\Roaming\aps.uninstall.scan.results

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Timo\Desktop\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Chrome App Launcher.lnk
Verknüpfung Desinfiziert : C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Chrome-App-Übersicht.lnk
Verknüpfung Desinfiziert : C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Timo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Timo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Timo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\genesis
Schlüssel Gelöscht : HKLM\Software\supTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\Wpm

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v15.0.874.120

[ Datei : C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5483 octets] - [06/05/2014 15:21:09]
AdwCleaner[R1].txt - [5602 octets] - [06/05/2014 15:40:01]
AdwCleaner[S0].txt - [312 octets] - [06/05/2014 15:37:57]
AdwCleaner[S1].txt - [4018 octets] - [06/05/2014 15:40:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4078 octets] ##########
         
JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Timo on 06.05.2014 at 15:54:29,11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B427AC2A-9DE9-4D43-9D7C-D57A244DECC0}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Timo\appdata\local\{18D5062C-3AB3-43EF-87BE-DA83DC5A74E8}
Successfully deleted: [Empty Folder] C:\Users\Timo\appdata\local\{35754D1A-4DD8-4EB7-AA2E-A3E285D14EEF}
Successfully deleted: [Empty Folder] C:\Users\Timo\appdata\local\{4FAE8592-D4A5-44C6-A2AC-9FBDF42F19E8}
Successfully deleted: [Empty Folder] C:\Users\Timo\appdata\local\{E5E9B769-CAD6-4EDF-B097-F45E6367D6E4}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.05.2014 at 16:00:37,26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Und schließlich nocheinmal FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2014
Ran by Timo (administrator) on TIMO-PC on 06-05-2014 16:07:18
Running from C:\Users\Timo\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\SysWOW64\DptfParticipantProcessorService.exe
() C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Windows\System32\DeviceDenter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(Spotify Ltd) C:\Users\Timo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Timo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
() C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12476520 2012-04-10] (Realtek Semiconductor)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11407120 2012-03-27] (Intel Corporation)
HKLM\...\Run: [ASUS Quick Gesture (x86)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [17376 2012-07-07] (ASUSTeK Computer Inc.)
HKLM\...\Run: [ASUS TP Center (x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe [235488 2012-07-07] (AsusTek)
HKLM\...\Run: [ASUS Quick Gesture (x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe [19424 2012-07-07] (ASUSTeK Computer Inc.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\SysWOW64\DptfPolicyLpmServiceHelper.exe
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35768 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-24] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568 2012-02-22] (ASUS)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3058304 2012-12-13] (ASUS)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-20] (CyberLink)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208 2012-06-25] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174752 2012-06-19] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2013-12-13] (Cisco Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2216232264-1511523134-287659929-1001\...\Run: [Google Update] => C:\Users\Timo\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-08] (Google Inc.)
HKU\S-1-5-21-2216232264-1511523134-287659929-1001\...\Run: [Spotify Web Helper] => C:\Users\Timo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1105408 2013-04-16] (Spotify Ltd)
HKU\S-1-5-21-2216232264-1511523134-287659929-1001\...\Run: [pnwrtorp] => C:\Users\Timo\AppData\Local\Temp\Fhmpfdelf\olkrklntorp.exe <===== ATTENTION
HKU\S-1-5-21-2216232264-1511523134-287659929-1001\...\Run: [defol] => "C:\Users\Timo\AppData\Roaming\defol.exe" -autorun
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [260928 2012-03-30] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-03-30] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Timo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Timo\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Timo\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Timo\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-01-05]
FF HKLM-x32\...\Firefox\Extensions: [{97573DA5-C946-49B0-B575-47AF170745F4}] - C:\Windows\Installer\{E0815E8F-785E-461B-A0B1-0471389C7CEF}\{97573DA5-C946-49B0-B575-47AF170745F4}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{E0815E8F-785E-461B-A0B1-0471389C7CEF}\{97573DA5-C946-49B0-B575-47AF170745F4}.xpi [2014-05-04]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Google Drive) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-05]
CHR Extension: (YouTube) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-05]
CHR Extension: (Google-Suche) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-05]
CHR Extension: (Download Protect) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkoedmojibfkjahkcfkhjabfhdpelffi [2014-05-04]
CHR Extension: (WhatFont) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2014-05-06]
CHR Extension: (Google Wallet) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-05]
CHR HKLM-x32\...\Chrome\Extension: [aakchaleigkohafkfjfjbblobjifikek] - C:\Users\Timo\AppData\LocalLow\proxtube\CHROME\proxtube.crx [2014-05-05]
CHR StartMenuInternet: Google Chrome - Chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 DptfParticipantProcessorService; C:\Windows\SysWOW64\DptfParticipantProcessorService.exe [18944 2012-02-20] ()
R2 DptfPolicyConfigTDPService; C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe [19968 2012-02-20] ()
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-05-10] ()
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2012-04-10] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-05-11] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-04-18] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 runas64; C:\Windows\system32\DeviceDenter.exe [106496 2012-09-21] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2671376 2012-04-18] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-02-29] (ASUSTek Computer Inc.)
R0 assd; C:\Windows\System32\Drivers\assd.sys [27056 2011-10-29] (ASUS Corporation)
R3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [35968 2012-07-07] (Windows (R) Win 7 DDK provider)
R3 AsusVTouch; C:\Windows\System32\DRIVERS\AsusVTouch.sys [19104 2012-07-07] (ASUS)
R3 ATP; C:\Windows\System32\DRIVERS\AsusTP.sys [49824 2012-07-07] (ASUS Corporation)
S3 AX88772B; C:\Windows\System32\DRIVERS\ax88772b.sys [110592 2012-04-05] (ASIX Electronics Corp.)
R3 DptfDevDram; C:\Windows\System32\DRIVERS\DptfDevDram.sys [107288 2012-02-20] (Intel Corporation)
R3 DptfDevFan; C:\Windows\System32\DRIVERS\DptfDevFan.sys [42776 2012-02-20] (Intel Corporation)
R3 DptfDevGen; C:\Windows\System32\DRIVERS\DptfDevGen.sys [64792 2012-02-20] (Intel Corporation)
R3 DptfDevPch; C:\Windows\System32\DRIVERS\DptfDevPch.sys [96024 2012-02-20] (Intel Corporation)
R3 DptfDevProc; C:\Windows\System32\DRIVERS\DptfDevProc.sys [220952 2012-02-20] (Intel Corporation)
R3 DptfManager; C:\Windows\System32\DRIVERS\DptfManager.sys [357656 2012-02-20] (Intel Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-04-10] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-12-13] (Cisco Systems, Inc.)
S2 avgntflt; \??\C:\Windows\SYSTEM32\drivers\avgntflt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-06 16:07 - 2014-05-06 16:07 - 00021924 _____ () C:\Users\Timo\Desktop\FRST.txt
2014-05-06 16:07 - 2014-05-06 16:07 - 00000000 ____D () C:\Users\Timo\Desktop\FRST-OlderVersion
2014-05-06 16:00 - 2014-05-06 16:00 - 00001193 _____ () C:\Users\Timo\Desktop\JRT.txt
2014-05-06 15:54 - 2014-05-06 15:54 - 00000000 ____D () C:\Windows\ERUNT
2014-05-06 15:52 - 2014-05-06 15:52 - 01016261 _____ (Thisisu) C:\Users\Timo\Downloads\JRT.exe
2014-05-06 15:52 - 2014-05-06 15:52 - 01016261 _____ (Thisisu) C:\Users\Timo\Desktop\JRT.exe
2014-05-06 15:21 - 2014-05-06 15:40 - 00000000 ____D () C:\AdwCleaner
2014-05-06 15:21 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-06 15:20 - 2014-05-06 15:20 - 01316991 _____ () C:\Users\Timo\Downloads\adwcleaner.exe
2014-05-06 15:19 - 2014-05-06 15:19 - 00023664 _____ () C:\Users\Timo\Desktop\mbam.txt
2014-05-06 14:48 - 2014-05-06 14:48 - 00000000 ____D () C:\Users\Timo\Desktop\InsO
2014-05-06 14:47 - 2014-05-06 15:42 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-06 14:47 - 2014-05-06 14:47 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-06 14:47 - 2014-05-06 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-06 14:47 - 2014-05-06 14:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-06 14:47 - 2014-05-06 14:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-06 14:47 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-06 14:47 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-06 14:47 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-06 14:46 - 2014-05-06 14:46 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Timo\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-05 16:47 - 2014-05-06 16:07 - 00000000 ____D () C:\FRST
2014-05-05 07:36 - 2014-05-06 15:41 - 00028918 _____ () C:\Windows\PFRO.log
2014-05-05 07:36 - 2014-05-06 15:41 - 00000224 _____ () C:\Windows\setupact.log
2014-05-05 07:36 - 2014-05-05 07:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-04 23:04 - 2014-05-04 23:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Timo\Downloads\revosetup95.exe
2014-05-04 23:04 - 2014-05-04 23:04 - 00000915 _____ () C:\Users\Timo\Desktop\Revo Uninstaller.lnk
2014-05-04 21:47 - 2014-05-06 16:07 - 02063872 _____ (Farbar) C:\Users\Timo\Desktop\FRST64.exe
2014-05-04 20:54 - 2014-05-04 20:54 - 00003146 _____ () C:\Windows\System32\Tasks\{D5E9D659-0A90-416C-9B8B-FEC8DC58E30E}
2014-05-04 20:28 - 2014-05-04 20:28 - 00000000 __SHD () C:\Users\Timo\AppData\Local\EmieUserList
2014-05-04 20:28 - 2014-05-04 20:28 - 00000000 __SHD () C:\Users\Timo\AppData\Local\EmieSiteList
2014-05-04 20:08 - 2014-05-06 16:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-04 20:08 - 2014-05-04 20:09 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-04 20:08 - 2014-05-04 20:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-04 20:08 - 2014-05-04 20:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-04 20:08 - 2014-05-04 20:08 - 00000000 ____D () C:\Windows\system32\Macromed
2014-05-04 20:05 - 2014-05-04 20:05 - 01745872 _____ (AnyProtect.com) C:\Users\Timo\AppData\Local\nsw30D3.tmp
2014-05-04 20:03 - 2014-05-04 20:09 - 00000000 ____D () C:\Program Files (x86)\VPHQ-c11
2014-05-03 13:48 - 2014-05-03 13:48 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\DropboxMaster
2014-05-02 23:36 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-02 23:36 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-02 23:36 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-02 23:36 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-02 16:19 - 2014-05-02 16:19 - 00796672 _____ () C:\Users\Timo\Downloads\Heilbronn 2010-05-16-HM.xls
2014-04-23 09:23 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-23 09:23 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-23 09:23 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-23 09:23 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-23 09:23 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-23 09:23 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-23 09:23 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-23 09:23 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-23 09:23 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-23 09:23 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-23 09:23 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-23 09:23 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-23 09:23 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-23 09:23 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-23 09:23 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-23 09:23 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-23 09:23 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-23 09:23 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-23 09:23 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-23 09:23 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-23 09:23 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-23 09:23 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-23 09:23 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-23 09:23 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-23 09:23 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-23 09:23 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-23 09:23 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-23 09:23 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-23 09:23 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-23 09:23 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-23 09:23 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-23 09:23 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-23 09:22 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-23 09:22 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-23 09:22 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-23 09:22 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-23 09:22 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-23 09:22 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-23 09:22 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-23 09:22 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-23 09:22 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-23 09:22 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-23 09:22 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-23 09:22 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-18 15:45 - 2014-04-18 15:45 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-18 15:45 - 2014-04-18 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-18 15:45 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-18 15:45 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-18 15:45 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-18 15:45 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-09 07:55 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 07:55 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 07:55 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 07:55 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 07:55 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 07:55 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 07:55 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 07:55 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 07:55 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 07:55 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 07:55 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 07:55 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 07:55 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 07:55 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 07:55 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 07:55 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 07:55 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

==================== One Month Modified Files and Folders =======

2014-05-06 16:07 - 2014-05-06 16:07 - 00021924 _____ () C:\Users\Timo\Desktop\FRST.txt
2014-05-06 16:07 - 2014-05-06 16:07 - 00000000 ____D () C:\Users\Timo\Desktop\FRST-OlderVersion
2014-05-06 16:07 - 2014-05-05 16:47 - 00000000 ____D () C:\FRST
2014-05-06 16:07 - 2014-05-04 21:47 - 02063872 _____ (Farbar) C:\Users\Timo\Desktop\FRST64.exe
2014-05-06 16:01 - 2014-05-04 20:08 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-06 16:01 - 2012-09-08 21:13 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2216232264-1511523134-287659929-1001UA.job
2014-05-06 16:00 - 2014-05-06 16:00 - 00001193 _____ () C:\Users\Timo\Desktop\JRT.txt
2014-05-06 15:54 - 2014-05-06 15:54 - 00000000 ____D () C:\Windows\ERUNT
2014-05-06 15:52 - 2014-05-06 15:52 - 01016261 _____ (Thisisu) C:\Users\Timo\Downloads\JRT.exe
2014-05-06 15:52 - 2014-05-06 15:52 - 01016261 _____ (Thisisu) C:\Users\Timo\Desktop\JRT.exe
2014-05-06 15:48 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-06 15:48 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-06 15:46 - 2012-09-08 21:18 - 00001513 _____ () C:\Users\Timo\Desktop\Google Chrome.lnk
2014-05-06 15:46 - 2011-02-19 06:24 - 00729694 _____ () C:\Windows\system32\perfh007.dat
2014-05-06 15:46 - 2011-02-19 06:24 - 00160782 _____ () C:\Windows\system32\perfc007.dat
2014-05-06 15:46 - 2009-07-14 07:13 - 01671868 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-06 15:42 - 2014-05-06 14:47 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-06 15:42 - 2012-12-12 23:50 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-05-06 15:42 - 2012-10-16 08:39 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\Dropbox
2014-05-06 15:42 - 2012-09-08 13:13 - 00000387 _____ () C:\Users\Timo\AppData\Roaming\sp_data.sys
2014-05-06 15:42 - 2012-02-24 04:29 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-06 15:41 - 2014-05-05 07:36 - 00028918 _____ () C:\Windows\PFRO.log
2014-05-06 15:41 - 2014-05-05 07:36 - 00000224 _____ () C:\Windows\setupact.log
2014-05-06 15:41 - 2014-03-26 23:08 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-05-06 15:41 - 2013-12-08 21:22 - 01296130 _____ () C:\Windows\WindowsUpdate.log
2014-05-06 15:41 - 2012-12-12 23:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-06 15:41 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-06 15:40 - 2014-05-06 15:21 - 00000000 ____D () C:\AdwCleaner
2014-05-06 15:40 - 2012-09-08 21:17 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-06 15:40 - 2012-09-08 13:11 - 00000995 _____ () C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-06 15:40 - 2012-09-08 13:10 - 00000000 ____D () C:\Users\Timo
2014-05-06 15:40 - 2012-02-24 04:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-06 15:33 - 2012-02-24 04:29 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-06 15:20 - 2014-05-06 15:20 - 01316991 _____ () C:\Users\Timo\Downloads\adwcleaner.exe
2014-05-06 15:19 - 2014-05-06 15:19 - 00023664 _____ () C:\Users\Timo\Desktop\mbam.txt
2014-05-06 15:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-05-06 14:48 - 2014-05-06 14:48 - 00000000 ____D () C:\Users\Timo\Desktop\InsO
2014-05-06 14:47 - 2014-05-06 14:47 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-06 14:47 - 2014-05-06 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-06 14:47 - 2014-05-06 14:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-06 14:47 - 2014-05-06 14:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-06 14:46 - 2014-05-06 14:46 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Timo\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-06 13:49 - 2012-09-08 21:13 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2216232264-1511523134-287659929-1001Core.job
2014-05-05 19:43 - 2012-12-12 23:50 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-05-05 07:36 - 2014-05-05 07:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-04 23:14 - 2013-02-07 18:47 - 00000000 ____D () C:\Users\Timo\Documents\TrackMania
2014-05-04 23:04 - 2014-05-04 23:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Timo\Downloads\revosetup95.exe
2014-05-04 23:04 - 2014-05-04 23:04 - 00000915 _____ () C:\Users\Timo\Desktop\Revo Uninstaller.lnk
2014-05-04 23:04 - 2014-01-02 23:08 - 00064000 ___SH () C:\Users\Timo\Desktop\Thumbs.db
2014-05-04 20:54 - 2014-05-04 20:54 - 00003146 _____ () C:\Windows\System32\Tasks\{D5E9D659-0A90-416C-9B8B-FEC8DC58E30E}
2014-05-04 20:28 - 2014-05-04 20:28 - 00000000 __SHD () C:\Users\Timo\AppData\Local\EmieUserList
2014-05-04 20:28 - 2014-05-04 20:28 - 00000000 __SHD () C:\Users\Timo\AppData\Local\EmieSiteList
2014-05-04 20:09 - 2014-05-04 20:08 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-04 20:09 - 2014-05-04 20:03 - 00000000 ____D () C:\Program Files (x86)\VPHQ-c11
2014-05-04 20:08 - 2014-05-04 20:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-04 20:08 - 2014-05-04 20:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-04 20:08 - 2014-05-04 20:08 - 00000000 ____D () C:\Windows\system32\Macromed
2014-05-04 20:07 - 2012-09-08 13:11 - 00000000 ___RD () C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-04 20:05 - 2014-05-04 20:05 - 01745872 _____ (AnyProtect.com) C:\Users\Timo\AppData\Local\nsw30D3.tmp
2014-05-04 20:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-05-03 14:47 - 2013-10-03 19:55 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-05-03 13:48 - 2014-05-03 13:48 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\DropboxMaster
2014-05-03 13:48 - 2012-10-16 08:42 - 00001017 _____ () C:\Users\Timo\Desktop\Dropbox.lnk
2014-05-03 13:48 - 2012-10-16 08:39 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-02 16:34 - 2013-10-31 10:53 - 00000000 ____D () C:\Users\Timo\Desktop\Bewerbungsunterlagen
2014-05-02 16:19 - 2014-05-02 16:19 - 00796672 _____ () C:\Users\Timo\Downloads\Heilbronn 2010-05-16-HM.xls
2014-04-29 16:01 - 2014-05-02 23:36 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 15:40 - 2014-05-02 23:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 15:37 - 2014-01-10 17:00 - 00000000 ____D () C:\Users\Timo\Desktop\Hausarbeit
2014-04-29 14:48 - 2014-05-02 23:36 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 14:34 - 2014-05-02 23:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-23 09:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-18 16:30 - 2013-10-09 17:56 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-18 15:45 - 2014-04-18 15:45 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-18 15:45 - 2014-04-18 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-18 15:45 - 2013-10-09 17:55 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-14 20:13 - 2014-04-18 15:45 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-04-18 15:45 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-04-18 15:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-04-18 15:45 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-10 13:24 - 2012-09-09 20:50 - 00000000 ____D () C:\ProgramData\Microsoft Help

Files to move or delete:
====================
C:\Users\Timo\Rar.exe
C:\Users\Timo\RarExt.dll
C:\Users\Timo\RarExt32.dll
C:\Users\Timo\rarnew.dat
C:\Users\Timo\UnRAR.exe
C:\Users\Timo\zipnew.dat


Some content of TEMP:
====================
C:\Users\Timo\AppData\Local\Temp\BackupSetup.exe
C:\Users\Timo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgn9jko.dll
C:\Users\Timo\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-26 21:35

==================== End Of Log ============================
         
--- --- ---


Möchte mich nochmal für die schnelle Hilfe bedanken!!

Grüße


Alt 07.05.2014, 09:45   #6
schrauber
/// the machine
/// TB-Ausbilder
 

istart websearch Probleme - Standard

istart websearch Probleme




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> istart websearch Probleme

Alt 07.05.2014, 20:04   #7
rrox
 
istart websearch Probleme - Standard

istart websearch Probleme



Hallo Schrauber,
ich bemerke von den ursprünglichen Problemen nichts mehr. Google Chrome ist auch wieder viel schneller als vorher
Danke dafür!
Wollte mich noch informieren ob du einen guten Tipp hast bezüglich guter Antivirensoftware? (Am besten kostenlos, bin armer Student)

ESET:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=00864bb74711f540838fbbe36ce0baa3
# engine=18171
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-07 06:46:11
# local_time=2014-05-07 08:46:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 103333 151118221 0 0
# scanned=175944
# found=20
# cleaned=0
# scan_time=10989
sh=57BC6852056339D7420C413547FC47C42BC4DA7E ft=1 fh=589a2e5bfe869455 vn="Variante von Win32/AdWare.NaviPromo.AV Anwendung" ac=I fn="C:\Users\Timo\AppData\Local\Temp\04388ee2-4bd6-4e89-8ddc-52c51e767920\software\GenesisInstaller.exe"
sh=6BFD066CFB020701C2E27BA88C16831FB519C279 ft=0 fh=0000000000000000 vn="Win32/Adware.Bundlore Anwendung" ac=I fn="D:\TIMO-PC\Backup Set 2012-11-11 232010\Backup Files 2012-12-02 192735\Backup files 1.zip"
sh=690750AE9B105CF16FB53B044AACCCFA430F7ABC ft=0 fh=0000000000000000 vn="Win32/Adware.Bundlore Anwendung" ac=I fn="D:\TIMO-PC\Backup Set 2012-11-11 232010\Backup Files 2012-12-02 192735\Backup files 2.zip"
sh=37F9F5AC9D7776C74216DFDF56B814257E93B2DF ft=0 fh=0000000000000000 vn="Win32/Adware.Bundlore Anwendung" ac=I fn="D:\TIMO-PC\Backup Set 2012-12-09 201539\Backup Files 2012-12-09 201539\Backup files 5.zip"
sh=FC1C5D40FAE11E8FAEBEA150F329378631B2EEA8 ft=0 fh=0000000000000000 vn="JS/Agent.NKW Trojaner" ac=I fn="D:\TIMO-PC\Backup Set 2013-03-24 205107\Backup Files 2013-03-31 200922\Backup files 2.zip"
sh=9C1F5CC39B9F54F5464411670BFBF81D51E8DCA4 ft=0 fh=0000000000000000 vn="JS/Agent.NKW Trojaner" ac=I fn="D:\TIMO-PC\Backup Set 2013-08-08 183657\Backup Files 2013-08-08 183657\Backup files 2.zip"
sh=658CEABB1FEC1041BE3FBE9DABAA94AD3D3DB553 ft=0 fh=0000000000000000 vn="Win32/Trustezeb.E Trojaner" ac=I fn="D:\TIMO-PC\Backup Set 2013-08-08 183657\Backup Files 2013-08-25 190001\Backup files 3.zip"
sh=C5BFD9C729E9B4812F6E404160F3115992B66968 ft=0 fh=0000000000000000 vn="Win32/Trustezeb.E Trojaner" ac=I fn="D:\TIMO-PC\Backup Set 2013-09-01 230406\Backup Files 2013-09-01 230406\Backup files 14.zip"
sh=1BE94BEE8217035618A7A8C739C67191997D471A ft=0 fh=0000000000000000 vn="Variante von Generik.NAHRVHB Trojaner" ac=I fn="D:\TIMO-PC\Backup Set 2013-09-01 230406\Backup Files 2013-09-08 204022\Backup files 1.zip"
sh=6718F94ACFAB6974EA0604CE46724CB3BA672097 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\TIMO-PC\Backup Set 2013-09-01 230406\Backup Files 2013-09-15 195714\Backup files 1.zip"
sh=2CBB7C5333B61B88DF81039F63350BF788C77AD7 ft=0 fh=0000000000000000 vn="Win32/Trustezeb.E Trojaner" ac=I fn="D:\TIMO-PC\Backup Set 2013-09-29 190000\Backup Files 2013-09-29 190000\Backup files 14.zip"
sh=F4EF03F8A843A47E02CB6616B68C2FF317DA4152 ft=0 fh=0000000000000000 vn="Win32/AdWare.1ClickDownload.AR Anwendung" ac=I fn="D:\TIMO-PC\Backup Set 2013-11-17 193302\Backup Files 2013-11-24 210135\Backup files 2.zip"
sh=F893B37945574D095D78B013E4433E8252A5A7B4 ft=0 fh=0000000000000000 vn="Win32/AdWare.1ClickDownload.AR Anwendung" ac=I fn="D:\TIMO-PC\Backup Set 2013-12-08 192218\Backup Files 2013-12-08 192218\Backup files 3.zip"
sh=BBFAB598A0CAF24977507DC8AFF8B10A49368532 ft=0 fh=0000000000000000 vn="Win32/AdWare.1ClickDownload.AR Anwendung" ac=I fn="D:\TIMO-PC\Backup Set 2013-12-08 192218\Backup Files 2013-12-29 190000\Backup files 2.zip"
sh=EA7D8891F0AE87DCFE969108612811E4E79E88DD ft=0 fh=0000000000000000 vn="Win32/AdWare.1ClickDownload.AR Anwendung" ac=I fn="D:\TIMO-PC\Backup Set 2014-01-12 190004\Backup Files 2014-01-12 190004\Backup files 8.zip"
sh=83D9AA5F7F3854E4ACDB6318487AF9FB19531BC2 ft=0 fh=0000000000000000 vn="Win32/AdWare.1ClickDownload.AR Anwendung" ac=I fn="D:\TIMO-PC\Backup Set 2014-02-16 190002\Backup Files 2014-02-16 190002\Backup files 9.zip"
sh=74B5E01F24F9CFC01F14E55261A68864EB5A6039 ft=0 fh=0000000000000000 vn="Win32/AdWare.1ClickDownload.AR Anwendung" ac=I fn="D:\TIMO-PC\Backup Set 2014-03-23 190007\Backup Files 2014-03-23 190007\Backup files 10.zip"
sh=001E0139B1B96F1C0586629CA4329EFA3DCAAA9B ft=0 fh=0000000000000000 vn="Variante von Win32/AdWare.iBryte.V.gen Anwendung" ac=I fn="D:\TIMO-PC\Backup Set 2014-03-23 190007\Backup Files 2014-04-06 192514\Backup files 4.zip"
sh=E34952185F7A336A407C6C75B2D1D46F1B8C2D60 ft=0 fh=0000000000000000 vn="Variante von Win32/AdWare.iBryte.W Anwendung" ac=I fn="D:\TIMO-PC\Backup Set 2014-03-23 190007\Backup Files 2014-04-14 132115\Backup files 4.zip"
sh=83D7C52804C3876D5830839FB019583CE98166DD ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\TIMO-PC\Backup Set 2014-04-21 112351\Backup Files 2014-04-21 112351\Backup files 9.zip"
         
SC:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.82  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 55  
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Reader 10.1.4 Adobe Reader out of Date!  
 Google Chrome 15.0.874.120  
 Google Chrome wtsapi32.dll..  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2014
Ran by Timo (administrator) on TIMO-PC on 07-05-2014 20:54:24
Running from C:\Users\Timo\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\SysWOW64\DptfParticipantProcessorService.exe
() C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Windows\System32\DeviceDenter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(Spotify Ltd) C:\Users\Timo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Timo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
() C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Users\Timo\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Timo\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Timo\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Timo\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Timo\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Timo\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12476520 2012-04-10] (Realtek Semiconductor)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11407120 2012-03-27] (Intel Corporation)
HKLM\...\Run: [ASUS Quick Gesture (x86)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [17376 2012-07-07] (ASUSTeK Computer Inc.)
HKLM\...\Run: [ASUS TP Center (x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe [235488 2012-07-07] (AsusTek)
HKLM\...\Run: [ASUS Quick Gesture (x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe [19424 2012-07-07] (ASUSTeK Computer Inc.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\SysWOW64\DptfPolicyLpmServiceHelper.exe
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35768 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-24] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568 2012-02-22] (ASUS)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3058304 2012-12-13] (ASUS)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-20] (CyberLink)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208 2012-06-25] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174752 2012-06-19] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2013-12-13] (Cisco Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2216232264-1511523134-287659929-1001\...\Run: [Google Update] => C:\Users\Timo\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-08] (Google Inc.)
HKU\S-1-5-21-2216232264-1511523134-287659929-1001\...\Run: [Spotify Web Helper] => C:\Users\Timo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1105408 2013-04-16] (Spotify Ltd)
HKU\S-1-5-21-2216232264-1511523134-287659929-1001\...\Run: [pnwrtorp] => C:\Users\Timo\AppData\Local\Temp\Fhmpfdelf\olkrklntorp.exe <===== ATTENTION
HKU\S-1-5-21-2216232264-1511523134-287659929-1001\...\Run: [defol] => "C:\Users\Timo\AppData\Roaming\defol.exe" -autorun
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [260928 2012-03-30] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-03-30] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Timo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Timo\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Timo\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Timo\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-01-05]
FF HKLM-x32\...\Firefox\Extensions: [{97573DA5-C946-49B0-B575-47AF170745F4}] - C:\Windows\Installer\{E0815E8F-785E-461B-A0B1-0471389C7CEF}\{97573DA5-C946-49B0-B575-47AF170745F4}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{E0815E8F-785E-461B-A0B1-0471389C7CEF}\{97573DA5-C946-49B0-B575-47AF170745F4}.xpi [2014-05-04]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Google Drive) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-05]
CHR Extension: (YouTube) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-05]
CHR Extension: (Google-Suche) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-05]
CHR Extension: (Download Protect) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkoedmojibfkjahkcfkhjabfhdpelffi [2014-05-04]
CHR Extension: (WhatFont) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2014-05-06]
CHR Extension: (Google Wallet) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-05]
CHR HKLM-x32\...\Chrome\Extension: [aakchaleigkohafkfjfjbblobjifikek] - C:\Users\Timo\AppData\LocalLow\proxtube\CHROME\proxtube.crx [2014-05-05]
CHR StartMenuInternet: Google Chrome - Chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 DptfParticipantProcessorService; C:\Windows\SysWOW64\DptfParticipantProcessorService.exe [18944 2012-02-20] ()
R2 DptfPolicyConfigTDPService; C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe [19968 2012-02-20] ()
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-05-10] ()
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2012-04-10] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-05-11] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-04-18] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 runas64; C:\Windows\system32\DeviceDenter.exe [106496 2012-09-21] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2671376 2012-04-18] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-02-29] (ASUSTek Computer Inc.)
R0 assd; C:\Windows\System32\Drivers\assd.sys [27056 2011-10-29] (ASUS Corporation)
R3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [35968 2012-07-07] (Windows (R) Win 7 DDK provider)
R3 AsusVTouch; C:\Windows\System32\DRIVERS\AsusVTouch.sys [19104 2012-07-07] (ASUS)
R3 ATP; C:\Windows\System32\DRIVERS\AsusTP.sys [49824 2012-07-07] (ASUS Corporation)
S3 AX88772B; C:\Windows\System32\DRIVERS\ax88772b.sys [110592 2012-04-05] (ASIX Electronics Corp.)
R3 DptfDevDram; C:\Windows\System32\DRIVERS\DptfDevDram.sys [107288 2012-02-20] (Intel Corporation)
R3 DptfDevFan; C:\Windows\System32\DRIVERS\DptfDevFan.sys [42776 2012-02-20] (Intel Corporation)
R3 DptfDevGen; C:\Windows\System32\DRIVERS\DptfDevGen.sys [64792 2012-02-20] (Intel Corporation)
R3 DptfDevPch; C:\Windows\System32\DRIVERS\DptfDevPch.sys [96024 2012-02-20] (Intel Corporation)
R3 DptfDevProc; C:\Windows\System32\DRIVERS\DptfDevProc.sys [220952 2012-02-20] (Intel Corporation)
R3 DptfManager; C:\Windows\System32\DRIVERS\DptfManager.sys [357656 2012-02-20] (Intel Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-04-10] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-12-13] (Cisco Systems, Inc.)
S2 avgntflt; \??\C:\Windows\SYSTEM32\drivers\avgntflt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-07 20:54 - 2014-05-07 20:54 - 00022388 _____ () C:\Users\Timo\Desktop\FRST.txt
2014-05-07 20:52 - 2014-05-07 20:52 - 00855379 _____ () C:\Users\Timo\Downloads\SecurityCheck.exe
2014-05-07 20:52 - 2014-05-07 20:52 - 00855379 _____ () C:\Users\Timo\Desktop\SecurityCheck.exe
2014-05-07 17:34 - 2014-05-07 17:34 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-07 17:33 - 2014-05-07 17:33 - 02347384 _____ (ESET) C:\Users\Timo\Desktop\esetsmartinstaller_deu.exe
2014-05-07 17:28 - 2014-05-07 17:28 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-06 16:07 - 2014-05-06 16:24 - 00000000 ____D () C:\Users\Timo\Desktop\FRST-OlderVersion
2014-05-06 15:54 - 2014-05-06 15:54 - 00000000 ____D () C:\Windows\ERUNT
2014-05-06 15:52 - 2014-05-06 15:52 - 01016261 _____ (Thisisu) C:\Users\Timo\Downloads\JRT.exe
2014-05-06 15:52 - 2014-05-06 15:52 - 01016261 _____ (Thisisu) C:\Users\Timo\Desktop\JRT.exe
2014-05-06 15:21 - 2014-05-06 15:40 - 00000000 ____D () C:\AdwCleaner
2014-05-06 15:21 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-06 15:20 - 2014-05-06 15:20 - 01316991 _____ () C:\Users\Timo\Desktop\adwcleaner.exe
2014-05-06 14:48 - 2014-05-06 14:48 - 00000000 ____D () C:\Users\Timo\Desktop\InsO
2014-05-06 14:47 - 2014-05-07 17:26 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-06 14:47 - 2014-05-06 14:47 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-06 14:47 - 2014-05-06 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-06 14:47 - 2014-05-06 14:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-06 14:47 - 2014-05-06 14:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-06 14:47 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-06 14:47 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-06 14:47 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-06 14:46 - 2014-05-06 14:46 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Timo\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-06 13:47 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-06 13:47 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-05 16:47 - 2014-05-07 20:54 - 00000000 ____D () C:\FRST
2014-05-05 07:36 - 2014-05-07 17:24 - 00000560 _____ () C:\Windows\setupact.log
2014-05-05 07:36 - 2014-05-06 15:41 - 00028918 _____ () C:\Windows\PFRO.log
2014-05-05 07:36 - 2014-05-05 07:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-04 23:04 - 2014-05-04 23:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Timo\Downloads\revosetup95.exe
2014-05-04 23:04 - 2014-05-04 23:04 - 00000915 _____ () C:\Users\Timo\Desktop\Revo Uninstaller.lnk
2014-05-04 21:47 - 2014-05-06 16:07 - 02063872 _____ (Farbar) C:\Users\Timo\Desktop\FRST64.exe
2014-05-04 20:54 - 2014-05-04 20:54 - 00003146 _____ () C:\Windows\System32\Tasks\{D5E9D659-0A90-416C-9B8B-FEC8DC58E30E}
2014-05-04 20:28 - 2014-05-04 20:28 - 00000000 __SHD () C:\Users\Timo\AppData\Local\EmieUserList
2014-05-04 20:28 - 2014-05-04 20:28 - 00000000 __SHD () C:\Users\Timo\AppData\Local\EmieSiteList
2014-05-04 20:08 - 2014-05-07 20:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-04 20:08 - 2014-05-04 20:09 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-04 20:08 - 2014-05-04 20:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-04 20:08 - 2014-05-04 20:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-04 20:08 - 2014-05-04 20:08 - 00000000 ____D () C:\Windows\system32\Macromed
2014-05-04 20:05 - 2014-05-04 20:05 - 01745872 _____ (AnyProtect.com) C:\Users\Timo\AppData\Local\nsw30D3.tmp
2014-05-04 20:03 - 2014-05-04 20:09 - 00000000 ____D () C:\Program Files (x86)\VPHQ-c11
2014-05-03 13:48 - 2014-05-03 13:48 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\DropboxMaster
2014-05-02 23:36 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-02 23:36 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-02 23:36 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-02 23:36 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-02 16:19 - 2014-05-02 16:19 - 00796672 _____ () C:\Users\Timo\Downloads\Heilbronn 2010-05-16-HM.xls
2014-04-23 09:23 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-23 09:23 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-23 09:23 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-23 09:23 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-23 09:23 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-23 09:23 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-23 09:23 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-23 09:23 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-23 09:23 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-23 09:23 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-23 09:23 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-23 09:23 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-23 09:23 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-23 09:23 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-23 09:23 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-23 09:23 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-23 09:23 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-23 09:23 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-23 09:23 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-23 09:23 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-23 09:23 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-23 09:23 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-23 09:23 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-23 09:23 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-23 09:23 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-23 09:23 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-23 09:23 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-23 09:23 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-23 09:23 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-23 09:23 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-23 09:23 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-23 09:23 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-23 09:22 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-23 09:22 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-23 09:22 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-23 09:22 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-23 09:22 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-23 09:22 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-23 09:22 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-23 09:22 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-23 09:22 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-23 09:22 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-23 09:22 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-23 09:22 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-18 15:45 - 2014-04-18 15:45 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-18 15:45 - 2014-04-18 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-18 15:45 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-18 15:45 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-18 15:45 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-18 15:45 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-09 07:55 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 07:55 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 07:55 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 07:55 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 07:55 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 07:55 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 07:55 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 07:55 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 07:55 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 07:55 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 07:55 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 07:55 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 07:55 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 07:55 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 07:55 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 07:55 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 07:55 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

==================== One Month Modified Files and Folders =======

2014-05-07 20:54 - 2014-05-07 20:54 - 00022388 _____ () C:\Users\Timo\Desktop\FRST.txt
2014-05-07 20:54 - 2014-05-05 16:47 - 00000000 ____D () C:\FRST
2014-05-07 20:52 - 2014-05-07 20:52 - 00855379 _____ () C:\Users\Timo\Downloads\SecurityCheck.exe
2014-05-07 20:52 - 2014-05-07 20:52 - 00855379 _____ () C:\Users\Timo\Desktop\SecurityCheck.exe
2014-05-07 20:43 - 2012-09-08 21:13 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2216232264-1511523134-287659929-1001UA.job
2014-05-07 20:33 - 2012-02-24 04:29 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-07 20:01 - 2014-05-04 20:08 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-07 19:43 - 2012-09-08 21:13 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2216232264-1511523134-287659929-1001Core.job
2014-05-07 18:58 - 2012-12-12 23:50 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-05-07 17:34 - 2014-05-07 17:34 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-07 17:33 - 2014-05-07 17:33 - 02347384 _____ (ESET) C:\Users\Timo\Desktop\esetsmartinstaller_deu.exe
2014-05-07 17:31 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-07 17:31 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-07 17:29 - 2013-12-08 21:22 - 01328230 _____ () C:\Windows\WindowsUpdate.log
2014-05-07 17:29 - 2011-02-19 06:24 - 00729694 _____ () C:\Windows\system32\perfh007.dat
2014-05-07 17:29 - 2011-02-19 06:24 - 00160782 _____ () C:\Windows\system32\perfc007.dat
2014-05-07 17:29 - 2009-07-14 07:13 - 01671868 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-07 17:28 - 2014-05-07 17:28 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-07 17:26 - 2014-05-06 14:47 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-07 17:26 - 2012-10-16 08:39 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\Dropbox
2014-05-07 17:25 - 2012-12-12 23:50 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-05-07 17:25 - 2012-09-08 13:13 - 00000387 _____ () C:\Users\Timo\AppData\Roaming\sp_data.sys
2014-05-07 17:25 - 2012-02-24 04:29 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-07 17:24 - 2014-05-05 07:36 - 00000560 _____ () C:\Windows\setupact.log
2014-05-07 17:24 - 2012-12-12 23:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-07 17:24 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-06 19:38 - 2012-09-08 21:13 - 00004084 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2216232264-1511523134-287659929-1001UA
2014-05-06 19:38 - 2012-09-08 21:13 - 00003688 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2216232264-1511523134-287659929-1001Core
2014-05-06 16:24 - 2014-05-06 16:07 - 00000000 ____D () C:\Users\Timo\Desktop\FRST-OlderVersion
2014-05-06 16:07 - 2014-05-04 21:47 - 02063872 _____ (Farbar) C:\Users\Timo\Desktop\FRST64.exe
2014-05-06 15:54 - 2014-05-06 15:54 - 00000000 ____D () C:\Windows\ERUNT
2014-05-06 15:52 - 2014-05-06 15:52 - 01016261 _____ (Thisisu) C:\Users\Timo\Downloads\JRT.exe
2014-05-06 15:52 - 2014-05-06 15:52 - 01016261 _____ (Thisisu) C:\Users\Timo\Desktop\JRT.exe
2014-05-06 15:46 - 2012-09-08 21:18 - 00001513 _____ () C:\Users\Timo\Desktop\Google Chrome.lnk
2014-05-06 15:41 - 2014-05-05 07:36 - 00028918 _____ () C:\Windows\PFRO.log
2014-05-06 15:41 - 2014-03-26 23:08 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-05-06 15:40 - 2014-05-06 15:21 - 00000000 ____D () C:\AdwCleaner
2014-05-06 15:40 - 2012-09-08 21:17 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-06 15:40 - 2012-09-08 13:11 - 00000995 _____ () C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-06 15:40 - 2012-09-08 13:10 - 00000000 ____D () C:\Users\Timo
2014-05-06 15:40 - 2012-02-24 04:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-06 15:20 - 2014-05-06 15:20 - 01316991 _____ () C:\Users\Timo\Desktop\adwcleaner.exe
2014-05-06 15:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-05-06 14:48 - 2014-05-06 14:48 - 00000000 ____D () C:\Users\Timo\Desktop\InsO
2014-05-06 14:47 - 2014-05-06 14:47 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-06 14:47 - 2014-05-06 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-06 14:47 - 2014-05-06 14:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-06 14:47 - 2014-05-06 14:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-06 14:46 - 2014-05-06 14:46 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Timo\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-05 07:36 - 2014-05-05 07:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-04 23:14 - 2013-02-07 18:47 - 00000000 ____D () C:\Users\Timo\Documents\TrackMania
2014-05-04 23:04 - 2014-05-04 23:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Timo\Downloads\revosetup95.exe
2014-05-04 23:04 - 2014-05-04 23:04 - 00000915 _____ () C:\Users\Timo\Desktop\Revo Uninstaller.lnk
2014-05-04 23:04 - 2014-01-02 23:08 - 00064000 ___SH () C:\Users\Timo\Desktop\Thumbs.db
2014-05-04 20:54 - 2014-05-04 20:54 - 00003146 _____ () C:\Windows\System32\Tasks\{D5E9D659-0A90-416C-9B8B-FEC8DC58E30E}
2014-05-04 20:28 - 2014-05-04 20:28 - 00000000 __SHD () C:\Users\Timo\AppData\Local\EmieUserList
2014-05-04 20:28 - 2014-05-04 20:28 - 00000000 __SHD () C:\Users\Timo\AppData\Local\EmieSiteList
2014-05-04 20:09 - 2014-05-04 20:08 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-04 20:09 - 2014-05-04 20:03 - 00000000 ____D () C:\Program Files (x86)\VPHQ-c11
2014-05-04 20:08 - 2014-05-04 20:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-04 20:08 - 2014-05-04 20:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-04 20:08 - 2014-05-04 20:08 - 00000000 ____D () C:\Windows\system32\Macromed
2014-05-04 20:07 - 2012-09-08 13:11 - 00000000 ___RD () C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-04 20:05 - 2014-05-04 20:05 - 01745872 _____ (AnyProtect.com) C:\Users\Timo\AppData\Local\nsw30D3.tmp
2014-05-04 20:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-05-03 14:47 - 2013-10-03 19:55 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-05-03 13:48 - 2014-05-03 13:48 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\DropboxMaster
2014-05-03 13:48 - 2012-10-16 08:42 - 00001017 _____ () C:\Users\Timo\Desktop\Dropbox.lnk
2014-05-03 13:48 - 2012-10-16 08:39 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-02 16:34 - 2013-10-31 10:53 - 00000000 ____D () C:\Users\Timo\Desktop\Bewerbungsunterlagen
2014-05-02 16:19 - 2014-05-02 16:19 - 00796672 _____ () C:\Users\Timo\Downloads\Heilbronn 2010-05-16-HM.xls
2014-04-29 16:01 - 2014-05-02 23:36 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 15:40 - 2014-05-02 23:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 15:37 - 2014-01-10 17:00 - 00000000 ____D () C:\Users\Timo\Desktop\Hausarbeit
2014-04-29 14:48 - 2014-05-02 23:36 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 14:34 - 2014-05-02 23:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-23 09:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-18 16:30 - 2013-10-09 17:56 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-18 15:45 - 2014-04-18 15:45 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-18 15:45 - 2014-04-18 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-18 15:45 - 2013-10-09 17:55 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-14 20:13 - 2014-04-18 15:45 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-04-18 15:45 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-04-18 15:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-04-18 15:45 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-14 04:24 - 2014-05-06 13:47 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-05-06 13:47 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-10 13:24 - 2012-09-09 20:50 - 00000000 ____D () C:\ProgramData\Microsoft Help

Files to move or delete:
====================
C:\Users\Timo\Rar.exe
C:\Users\Timo\RarExt.dll
C:\Users\Timo\RarExt32.dll
C:\Users\Timo\rarnew.dat
C:\Users\Timo\UnRAR.exe
C:\Users\Timo\zipnew.dat


Some content of TEMP:
====================
C:\Users\Timo\AppData\Local\Temp\BackupSetup.exe
C:\Users\Timo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr_gjev.dll
C:\Users\Timo\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-26 21:35

==================== End Of Log ============================
         
--- --- ---


Grüße

Alt 08.05.2014, 16:11   #8
schrauber
/// the machine
/// TB-Ausbilder
 

istart websearch Probleme - Standard

istart websearch Probleme



Flash und Adobe updaten.

Backup auf D löschen.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.



Ich empfehle immer Emsisoft, ist aber nit kostenlos.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKU\S-1-5-21-2216232264-1511523134-287659929-1001\...\Run: [pnwrtorp] => C:\Users\Timo\AppData\Local\Temp\Fhmpfdelf\olkrklntorp.exe <===== ATTENTION
HKU\S-1-5-21-2216232264-1511523134-287659929-1001\...\Run: [defol] => "C:\Users\Timo\AppData\Roaming\defol.exe" -autorun
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
C:\Users\Timo\AppData\Local\Temp\Fhmpfdelf
C:\Users\Timo\AppData\Roaming\defol.exe
R2 runas64; C:\Windows\system32\DeviceDenter.exe [106496 2012-09-21] ()
C:\Windows\system32\DeviceDenter.exe
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.05.2014, 16:37   #9
rrox
 
istart websearch Probleme - Standard

istart websearch Probleme



Sorry meine Antwort kommt leider ein wenig spät!

Fixlog:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-05-2014 01
Ran by Timo at 2014-05-12 17:14:41 Run:1
Running from C:\Users\Timo\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2216232264-1511523134-287659929-1001\...\Run: [pnwrtorp] => C:\Users\Timo\AppData\Local\Temp\Fhmpfdelf\olkrklntorp.exe <===== ATTENTION
HKU\S-1-5-21-2216232264-1511523134-287659929-1001\...\Run: [defol] => "C:\Users\Timo\AppData\Roaming\defol.exe" -autorun
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
C:\Users\Timo\AppData\Local\Temp\Fhmpfdelf
C:\Users\Timo\AppData\Roaming\defol.exe
R2 runas64; C:\Windows\system32\DeviceDenter.exe [106496 2012-09-21] ()
C:\Windows\system32\DeviceDenter.exe
*****************

HKU\S-1-5-21-2216232264-1511523134-287659929-1001\Software\Microsoft\Windows\CurrentVersion\Run\\pnwrtorp => Value deleted successfully.
HKU\S-1-5-21-2216232264-1511523134-287659929-1001\Software\Microsoft\Windows\CurrentVersion\Run\\defol => Value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"C:\Users\Timo\AppData\Local\Temp\Fhmpfdelf" => File/Directory not found.
"C:\Users\Timo\AppData\Roaming\defol.exe" => File/Directory not found.
runas64 => Service not found.
"C:\Windows\system32\DeviceDenter.exe" => File/Directory not found.


The system needed a reboot. 

==== End of Fixlog ====
         
FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01
Ran by Timo (administrator) on TIMO-PC on 12-05-2014 17:29:59
Running from C:\Users\Timo\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\SysWOW64\DptfParticipantProcessorService.exe
() C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
() C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(Spotify Ltd) C:\Users\Timo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Timo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12476520 2012-04-10] (Realtek Semiconductor)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11407120 2012-03-27] (Intel Corporation)
HKLM\...\Run: [ASUS Quick Gesture (x86)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [17376 2012-07-07] (ASUSTeK Computer Inc.)
HKLM\...\Run: [ASUS TP Center (x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe [235488 2012-07-07] (AsusTek)
HKLM\...\Run: [ASUS Quick Gesture (x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe [19424 2012-07-07] (ASUSTeK Computer Inc.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\SysWOW64\DptfPolicyLpmServiceHelper.exe
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-24] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568 2012-02-22] (ASUS)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3058304 2012-12-13] (ASUS)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-20] (CyberLink)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208 2012-06-25] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174752 2012-06-19] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2013-12-13] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2216232264-1511523134-287659929-1001\...\Run: [Google Update] => C:\Users\Timo\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-08] (Google Inc.)
HKU\S-1-5-21-2216232264-1511523134-287659929-1001\...\Run: [Spotify Web Helper] => C:\Users\Timo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-05-10] (Spotify Ltd)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [260928 2012-03-30] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-03-30] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Timo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Avira Savings Advisor BHO - {A18A516C-AA41-46A9-92DB-60208917E442} - C:\Program Files (x86)\avira\Internet Explorer\avira32.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Timo\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Timo\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Timo\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-01-05]
FF HKLM-x32\...\Firefox\Extensions: [{97573DA5-C946-49B0-B575-47AF170745F4}] - C:\Windows\Installer\{E0815E8F-785E-461B-A0B1-0471389C7CEF}\{97573DA5-C946-49B0-B575-47AF170745F4}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{E0815E8F-785E-461B-A0B1-0471389C7CEF}\{97573DA5-C946-49B0-B575-47AF170745F4}.xpi [2014-05-04]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Google Drive) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-05]
CHR Extension: (YouTube) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-05]
CHR Extension: (Google-Suche) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-05]
CHR Extension: (Download Protect) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkoedmojibfkjahkcfkhjabfhdpelffi [2014-05-04]
CHR Extension: (WhatFont) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2014-05-06]
CHR Extension: (Google Wallet) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-05]
CHR HKLM-x32\...\Chrome\Extension: [aakchaleigkohafkfjfjbblobjifikek] - C:\Users\Timo\AppData\LocalLow\proxtube\CHROME\proxtube.crx [2014-05-05]
CHR HKLM-x32\...\Chrome\Extension: [cojnmaaohncijldefpkpkkakjonfmgeb] - C:\Program Files (x86)\avira\Chrome\avira-1.5.14.crx [2013-12-11]
CHR StartMenuInternet: Google Chrome - Chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 DptfParticipantProcessorService; C:\Windows\SysWOW64\DptfParticipantProcessorService.exe [18944 2012-02-20] ()
R2 DptfPolicyConfigTDPService; C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe [19968 2012-02-20] ()
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-05-10] ()
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2012-04-10] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-05-11] (Intel Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-04-18] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2671376 2012-04-18] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-02-29] (ASUSTek Computer Inc.)
R0 assd; C:\Windows\System32\Drivers\assd.sys [27056 2011-10-29] (ASUS Corporation)
R3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [35968 2012-07-07] (Windows (R) Win 7 DDK provider)
R3 AsusVTouch; C:\Windows\System32\DRIVERS\AsusVTouch.sys [19104 2012-07-07] (ASUS)
R3 ATP; C:\Windows\System32\DRIVERS\AsusTP.sys [49824 2012-07-07] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 AX88772B; C:\Windows\System32\DRIVERS\ax88772b.sys [110592 2012-04-05] (ASIX Electronics Corp.)
R3 DptfDevDram; C:\Windows\System32\DRIVERS\DptfDevDram.sys [107288 2012-02-20] (Intel Corporation)
R3 DptfDevFan; C:\Windows\System32\DRIVERS\DptfDevFan.sys [42776 2012-02-20] (Intel Corporation)
R3 DptfDevGen; C:\Windows\System32\DRIVERS\DptfDevGen.sys [64792 2012-02-20] (Intel Corporation)
R3 DptfDevPch; C:\Windows\System32\DRIVERS\DptfDevPch.sys [96024 2012-02-20] (Intel Corporation)
R3 DptfDevProc; C:\Windows\System32\DRIVERS\DptfDevProc.sys [220952 2012-02-20] (Intel Corporation)
R3 DptfManager; C:\Windows\System32\DRIVERS\DptfManager.sys [357656 2012-02-20] (Intel Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-04-10] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-12-13] (Cisco Systems, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-12 17:29 - 2014-05-12 17:29 - 00022585 _____ () C:\Users\Timo\Desktop\FRST.txt
2014-05-12 17:14 - 2014-05-12 17:14 - 00000000 ____D () C:\Users\Timo\Desktop\FRST-OlderVersion
2014-05-12 17:05 - 2014-05-12 17:06 - 00446464 _____ (OldTimer Tools) C:\Users\Timo\Desktop\TFC.exe
2014-05-12 17:05 - 2014-05-12 17:05 - 00000000 ____D () C:\Users\Timo\Downloads\Neuer Ordner
2014-05-12 17:04 - 2014-05-12 17:04 - 00386912 _____ (Softonic ) C:\Users\Timo\Downloads\SoftonicDownloader_fuer_temp-file-cleaner.exe
2014-05-12 17:02 - 2014-05-12 17:02 - 00929416 _____ (CNET Download.com) C:\Users\Timo\Downloads\cbsidlm-cbsi188-Temp_File_Cleaner-ORG-10628816.exe
2014-05-12 16:57 - 2014-05-12 17:13 - 00000000 ____D () C:\Users\Timo\Desktop\Neuer Ordner (2)
2014-05-08 13:28 - 2014-05-08 13:27 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-05-07 21:15 - 2014-05-07 21:15 - 00003408 _____ () C:\Windows\System32\Tasks\aviraSWU
2014-05-07 21:15 - 2014-05-07 21:15 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\Avira
2014-05-07 21:13 - 2014-05-07 21:15 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-07 21:13 - 2014-05-07 21:13 - 00002068 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-05-07 21:13 - 2014-05-07 21:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-07 21:13 - 2014-02-25 11:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-07 21:13 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-07 21:13 - 2014-02-25 11:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-05-07 21:09 - 2014-05-07 21:11 - 138607664 _____ () C:\Users\Timo\Downloads\avira_free_antivirus614_de.exe
2014-05-07 20:52 - 2014-05-07 20:52 - 00855379 _____ () C:\Users\Timo\Downloads\SecurityCheck.exe
2014-05-07 17:34 - 2014-05-07 17:34 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-07 17:28 - 2014-05-07 17:28 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-06 15:54 - 2014-05-06 15:54 - 00000000 ____D () C:\Windows\ERUNT
2014-05-06 15:52 - 2014-05-06 15:52 - 01016261 _____ (Thisisu) C:\Users\Timo\Downloads\JRT.exe
2014-05-06 15:21 - 2014-05-06 15:40 - 00000000 ____D () C:\AdwCleaner
2014-05-06 15:21 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-06 14:48 - 2014-05-06 14:48 - 00000000 ____D () C:\Users\Timo\Desktop\InsO
2014-05-06 14:47 - 2014-05-11 17:15 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-06 14:47 - 2014-05-06 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-06 14:47 - 2014-05-06 14:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-06 14:47 - 2014-05-06 14:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-06 14:47 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-06 14:47 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-06 14:47 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-06 14:46 - 2014-05-06 14:46 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Timo\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-06 13:47 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-06 13:47 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-05 16:47 - 2014-05-12 17:29 - 00000000 ____D () C:\FRST
2014-05-05 07:36 - 2014-05-12 17:20 - 00001120 _____ () C:\Windows\setupact.log
2014-05-05 07:36 - 2014-05-10 03:02 - 00126882 _____ () C:\Windows\PFRO.log
2014-05-05 07:36 - 2014-05-05 07:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-04 23:04 - 2014-05-04 23:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Timo\Downloads\revosetup95.exe
2014-05-04 23:04 - 2014-05-04 23:04 - 00000915 _____ () C:\Users\Timo\Desktop\Revo Uninstaller.lnk
2014-05-04 21:47 - 2014-05-12 17:14 - 02066944 _____ (Farbar) C:\Users\Timo\Desktop\FRST64.exe
2014-05-04 20:54 - 2014-05-04 20:54 - 00003146 _____ () C:\Windows\System32\Tasks\{D5E9D659-0A90-416C-9B8B-FEC8DC58E30E}
2014-05-04 20:28 - 2014-05-04 20:28 - 00000000 __SHD () C:\Users\Timo\AppData\Local\EmieUserList
2014-05-04 20:28 - 2014-05-04 20:28 - 00000000 __SHD () C:\Users\Timo\AppData\Local\EmieSiteList
2014-05-04 20:08 - 2014-05-12 17:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-04 20:08 - 2014-05-04 20:09 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-04 20:08 - 2014-05-04 20:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-04 20:08 - 2014-05-04 20:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-04 20:08 - 2014-05-04 20:08 - 00000000 ____D () C:\Windows\system32\Macromed
2014-05-04 20:05 - 2014-05-04 20:05 - 01745872 _____ (AnyProtect.com) C:\Users\Timo\AppData\Local\nsw30D3.tmp
2014-05-03 13:48 - 2014-05-03 13:48 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\DropboxMaster
2014-05-02 23:36 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-02 23:36 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-02 23:36 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-02 23:36 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-02 16:19 - 2014-05-02 16:19 - 00796672 _____ () C:\Users\Timo\Downloads\Heilbronn 2010-05-16-HM.xls
2014-04-23 09:23 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-23 09:23 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-23 09:23 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-23 09:23 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-23 09:23 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-23 09:23 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-23 09:23 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-23 09:23 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-23 09:23 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-23 09:23 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-23 09:23 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-23 09:23 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-23 09:23 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-23 09:23 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-23 09:23 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-23 09:23 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-23 09:23 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-23 09:23 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-23 09:23 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-23 09:23 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-23 09:23 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-23 09:23 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-23 09:23 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-23 09:23 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-23 09:23 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-23 09:23 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-23 09:23 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-23 09:23 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-23 09:23 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-23 09:23 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-23 09:23 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-23 09:23 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-23 09:22 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-23 09:22 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-23 09:22 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-23 09:22 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-23 09:22 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-23 09:22 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-23 09:22 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-23 09:22 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-23 09:22 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-23 09:22 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-23 09:22 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-23 09:22 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-18 15:45 - 2014-04-18 15:45 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-18 15:45 - 2014-04-18 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-18 15:45 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-18 15:45 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-18 15:45 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-18 15:45 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

==================== One Month Modified Files and Folders =======

2014-05-12 17:30 - 2014-05-12 17:29 - 00022585 _____ () C:\Users\Timo\Desktop\FRST.txt
2014-05-12 17:29 - 2014-05-05 16:47 - 00000000 ____D () C:\FRST
2014-05-12 17:28 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-12 17:28 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-12 17:24 - 2011-02-19 06:24 - 00729694 _____ () C:\Windows\system32\perfh007.dat
2014-05-12 17:24 - 2011-02-19 06:24 - 00160782 _____ () C:\Windows\system32\perfc007.dat
2014-05-12 17:24 - 2009-07-14 07:13 - 01671868 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-12 17:22 - 2012-10-16 08:39 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\Dropbox
2014-05-12 17:21 - 2012-09-08 13:13 - 00000387 _____ () C:\Users\Timo\AppData\Roaming\sp_data.sys
2014-05-12 17:20 - 2014-05-05 07:36 - 00001120 _____ () C:\Windows\setupact.log
2014-05-12 17:20 - 2014-03-26 23:08 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-05-12 17:20 - 2012-12-12 23:50 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-05-12 17:20 - 2012-12-12 23:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-12 17:20 - 2012-02-24 04:29 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-12 17:20 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-12 17:17 - 2013-12-08 21:22 - 01398096 _____ () C:\Windows\WindowsUpdate.log
2014-05-12 17:14 - 2014-05-12 17:14 - 00000000 ____D () C:\Users\Timo\Desktop\FRST-OlderVersion
2014-05-12 17:14 - 2014-05-04 21:47 - 02066944 _____ (Farbar) C:\Users\Timo\Desktop\FRST64.exe
2014-05-12 17:14 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-12 17:13 - 2014-05-12 16:57 - 00000000 ____D () C:\Users\Timo\Desktop\Neuer Ordner (2)
2014-05-12 17:06 - 2014-05-12 17:05 - 00446464 _____ (OldTimer Tools) C:\Users\Timo\Desktop\TFC.exe
2014-05-12 17:05 - 2014-05-12 17:05 - 00000000 ____D () C:\Users\Timo\Downloads\Neuer Ordner
2014-05-12 17:04 - 2014-05-12 17:04 - 00386912 _____ (Softonic ) C:\Users\Timo\Downloads\SoftonicDownloader_fuer_temp-file-cleaner.exe
2014-05-12 17:02 - 2014-05-12 17:02 - 00929416 _____ (CNET Download.com) C:\Users\Timo\Downloads\cbsidlm-cbsi188-Temp_File_Cleaner-ORG-10628816.exe
2014-05-12 17:01 - 2014-05-04 20:08 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-12 17:01 - 2012-09-08 21:13 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2216232264-1511523134-287659929-1001Core.job
2014-05-12 16:52 - 2012-02-24 04:29 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-12 16:48 - 2012-09-08 21:13 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2216232264-1511523134-287659929-1001UA.job
2014-05-12 16:47 - 2012-12-12 23:50 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-05-11 17:15 - 2014-05-06 14:47 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-10 19:25 - 2013-04-15 19:25 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\Spotify
2014-05-10 13:23 - 2013-04-15 19:26 - 00000000 ____D () C:\Users\Timo\AppData\Local\Spotify
2014-05-10 03:43 - 2013-10-03 19:55 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-05-10 03:02 - 2014-05-05 07:36 - 00126882 _____ () C:\Windows\PFRO.log
2014-05-10 02:57 - 2012-02-24 04:38 - 00000000 ____D () C:\Windows\fr
2014-05-10 02:52 - 2012-02-24 04:28 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-10 02:47 - 2012-02-24 04:29 - 00004120 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-10 02:47 - 2012-02-24 04:29 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-08 13:27 - 2014-05-08 13:28 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-05-07 21:15 - 2014-05-07 21:15 - 00003408 _____ () C:\Windows\System32\Tasks\aviraSWU
2014-05-07 21:15 - 2014-05-07 21:15 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\Avira
2014-05-07 21:15 - 2014-05-07 21:13 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-07 21:13 - 2014-05-07 21:13 - 00002068 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-05-07 21:13 - 2014-05-07 21:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-07 21:13 - 2012-09-08 19:47 - 00000000 ____D () C:\ProgramData\Avira
2014-05-07 21:11 - 2014-05-07 21:09 - 138607664 _____ () C:\Users\Timo\Downloads\avira_free_antivirus614_de.exe
2014-05-07 20:52 - 2014-05-07 20:52 - 00855379 _____ () C:\Users\Timo\Downloads\SecurityCheck.exe
2014-05-07 17:34 - 2014-05-07 17:34 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-07 17:28 - 2014-05-07 17:28 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-06 19:38 - 2012-09-08 21:13 - 00004084 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2216232264-1511523134-287659929-1001UA
2014-05-06 19:38 - 2012-09-08 21:13 - 00003688 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2216232264-1511523134-287659929-1001Core
2014-05-06 15:54 - 2014-05-06 15:54 - 00000000 ____D () C:\Windows\ERUNT
2014-05-06 15:52 - 2014-05-06 15:52 - 01016261 _____ (Thisisu) C:\Users\Timo\Downloads\JRT.exe
2014-05-06 15:46 - 2012-09-08 21:18 - 00001513 _____ () C:\Users\Timo\Desktop\Google Chrome.lnk
2014-05-06 15:40 - 2014-05-06 15:21 - 00000000 ____D () C:\AdwCleaner
2014-05-06 15:40 - 2012-09-08 21:17 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-06 15:40 - 2012-09-08 13:11 - 00000995 _____ () C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-06 15:40 - 2012-09-08 13:10 - 00000000 ____D () C:\Users\Timo
2014-05-06 15:40 - 2012-02-24 04:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-06 15:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-05-06 14:48 - 2014-05-06 14:48 - 00000000 ____D () C:\Users\Timo\Desktop\InsO
2014-05-06 14:47 - 2014-05-06 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-06 14:47 - 2014-05-06 14:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-06 14:47 - 2014-05-06 14:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-06 14:46 - 2014-05-06 14:46 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Timo\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-05 07:36 - 2014-05-05 07:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-04 23:14 - 2013-02-07 18:47 - 00000000 ____D () C:\Users\Timo\Documents\TrackMania
2014-05-04 23:04 - 2014-05-04 23:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Timo\Downloads\revosetup95.exe
2014-05-04 23:04 - 2014-05-04 23:04 - 00000915 _____ () C:\Users\Timo\Desktop\Revo Uninstaller.lnk
2014-05-04 23:04 - 2014-01-02 23:08 - 00064000 ___SH () C:\Users\Timo\Desktop\Thumbs.db
2014-05-04 20:54 - 2014-05-04 20:54 - 00003146 _____ () C:\Windows\System32\Tasks\{D5E9D659-0A90-416C-9B8B-FEC8DC58E30E}
2014-05-04 20:28 - 2014-05-04 20:28 - 00000000 __SHD () C:\Users\Timo\AppData\Local\EmieUserList
2014-05-04 20:28 - 2014-05-04 20:28 - 00000000 __SHD () C:\Users\Timo\AppData\Local\EmieSiteList
2014-05-04 20:09 - 2014-05-04 20:08 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-04 20:08 - 2014-05-04 20:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-04 20:08 - 2014-05-04 20:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-04 20:08 - 2014-05-04 20:08 - 00000000 ____D () C:\Windows\system32\Macromed
2014-05-04 20:07 - 2012-09-08 13:11 - 00000000 ___RD () C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-04 20:05 - 2014-05-04 20:05 - 01745872 _____ (AnyProtect.com) C:\Users\Timo\AppData\Local\nsw30D3.tmp
2014-05-04 20:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-05-03 13:48 - 2014-05-03 13:48 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\DropboxMaster
2014-05-03 13:48 - 2012-10-16 08:42 - 00001017 _____ () C:\Users\Timo\Desktop\Dropbox.lnk
2014-05-03 13:48 - 2012-10-16 08:39 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-02 16:34 - 2013-10-31 10:53 - 00000000 ____D () C:\Users\Timo\Desktop\Bewerbungsunterlagen
2014-05-02 16:19 - 2014-05-02 16:19 - 00796672 _____ () C:\Users\Timo\Downloads\Heilbronn 2010-05-16-HM.xls
2014-04-29 16:01 - 2014-05-02 23:36 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 15:40 - 2014-05-02 23:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 15:37 - 2014-01-10 17:00 - 00000000 ____D () C:\Users\Timo\Desktop\Hausarbeit
2014-04-29 14:48 - 2014-05-02 23:36 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 14:34 - 2014-05-02 23:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-23 09:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-18 16:30 - 2013-10-09 17:56 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-18 15:45 - 2014-04-18 15:45 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-18 15:45 - 2014-04-18 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-18 15:45 - 2013-10-09 17:55 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-14 20:13 - 2014-04-18 15:45 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-04-18 15:45 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-04-18 15:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-04-18 15:45 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-14 04:24 - 2014-05-06 13:47 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-05-06 13:47 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Files to move or delete:
====================
C:\Users\Timo\Rar.exe
C:\Users\Timo\RarExt.dll
C:\Users\Timo\RarExt32.dll
C:\Users\Timo\rarnew.dat
C:\Users\Timo\UnRAR.exe
C:\Users\Timo\zipnew.dat


Some content of TEMP:
====================
C:\Users\Timo\AppData\Local\Temp\avgnt.exe
C:\Users\Timo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpccz7zv.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-26 21:35

==================== End Of Log ============================
         
--- --- ---


Grüße

Alt 13.05.2014, 12:29   #10
schrauber
/// the machine
/// TB-Ausbilder
 

istart websearch Probleme - Standard

istart websearch Probleme



Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.05.2014, 17:04   #11
rrox
 
istart websearch Probleme - Standard

istart websearch Probleme



Hi Schrauber,
habe keine Probleme mehr! Dafür ein dickes
Habe mir jetzt noch zusätzlich einen Adblocker in chrome installiert, was das Öffnen von Internetseiten nochmals beschleunigt.

Grüße

Alt 14.05.2014, 19:02   #12
schrauber
/// the machine
/// TB-Ausbilder
 

istart websearch Probleme - Standard

istart websearch Probleme



Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.05.2014, 16:35   #13
rrox
 
istart websearch Probleme - Standard

istart websearch Probleme



Hätte nur noch eine letzte Frage, sollte man Programme wie CC cleaner benutzte?
Ansonsten nochmal Danke für die Hilfe!

Alt 18.05.2014, 12:32   #14
schrauber
/// the machine
/// TB-Ausbilder
 

istart websearch Probleme - Standard

istart websearch Probleme



Kannste machen um die Temps zu reinigen, aber Finger weg von der Registry
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu istart websearch Probleme
backdoor.bot, istart, js/agent.nkw, programme, pup.optional.crossrider.a, pup.optional.domaiq, pup.optional.iepluginservice.a, pup.optional.mediaplayerplus.a, pup.optional.oneclickdownloader.a, pup.optional.optimuminstaller.a, pup.optional.qone8, pup.optional.skytech.a, pup.optional.suptab.a, pup.optional.webssearches.a, pup.optional.wpmanager, systemsteuerung, trojan.agent, webseite, win32/adware.1clickdownload.ar, win32/adware.bundlore, win32/adware.ibryte.v.gen, win32/adware.ibryte.w, win32/adware.navipromo.av, win32/trustezeb.e, zusammen



Ähnliche Themen: istart websearch Probleme


  1. Istart Webssearches
    Plagegeister aller Art und deren Bekämpfung - 25.04.2015 (15)
  2. Windows 8.1 - Trjoanerbefall istart.webssearches
    Log-Analyse und Auswertung - 03.03.2015 (10)
  3. iStart.WebsSearches entfernen
    Anleitungen, FAQs & Links - 04.02.2015 (2)
  4. istart.webssearches bekämpfen! - Wie? > Log
    Log-Analyse und Auswertung - 28.11.2014 (9)
  5. Win 8: TR/Trash.Gen kommt immer wieder und "istart.websearch" als Google Chrome Startseite.
    Log-Analyse und Auswertung - 01.08.2014 (3)
  6. istart.webssearches endlich weg!
    Lob, Kritik und Wünsche - 06.07.2014 (0)
  7. Problem mit istart.webssearches.com
    Log-Analyse und Auswertung - 29.06.2014 (1)
  8. Nach istart.websearch keine Internetverbindung mit dem Browser
    Plagegeister aller Art und deren Bekämpfung - 15.05.2014 (5)
  9. istart webssearches, wie entfernen ?
    Plagegeister aller Art und deren Bekämpfung - 06.05.2014 (16)
  10. Probleme mit istart.webssearches.com
    Plagegeister aller Art und deren Bekämpfung - 30.04.2014 (13)
  11. Problem :istart.webssearches
    Plagegeister aller Art und deren Bekämpfung - 28.04.2014 (12)
  12. istart websearch entfernen
    Log-Analyse und Auswertung - 18.04.2014 (13)
  13. Istart.webbsearches!
    Plagegeister aller Art und deren Bekämpfung - 16.04.2014 (7)
  14. WebSearch.com (WebSearch) entfernen
    Anleitungen, FAQs & Links - 10.04.2014 (2)
  15. istart.webssearches.com
    Plagegeister aller Art und deren Bekämpfung - 03.04.2014 (14)
  16. Istart.webssearches.com entfernen
    Anleitungen, FAQs & Links - 22.03.2014 (2)
  17. istart.webssearches entfernen
    Anleitungen, FAQs & Links - 03.12.2013 (2)

Zum Thema istart websearch Probleme - Hallo Zusammen, habe mir den hier schon beschriebenen istart-Virus eingefangen. Habe bisher lediglich die Add-Ons bei Google Chrome entfernt bzw. gelöscht. Weiterhin habe ich über die Systemsteuerung alle fremden Programme - istart websearch Probleme...
Archiv
Du betrachtest: istart websearch Probleme auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.