Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win 7: Selbständige Internetseiten und Umleitung auf Werbung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 29.05.2014, 09:57   #1
sushi0510
 
Win 7: Selbständige Internetseiten und Umleitung auf Werbung - Standard

Win 7: Selbständige Internetseiten und Umleitung auf Werbung



Hallo,

habe mir leider (auch noch auf dem Rechner meines Mannes) etwas eingefangen. Wie im Betreff beschrieben werden Internetseiten selbständig geöffnet und Seiten verändern sich sowohl im Firefox 29.0 als auch IE.

Benutze Win 7, G Data Internetsecurity als Virenscanner und habe letzteres sowie Malewarebyte schon heruntergeladen und mehrmals laufen lassen, hat allerdings nichts gebracht. Soll ich hierzu auch die Protokolle schicken?

Hier meine Log files zu , GMER hat nicht funktioniert!! Was kann ich tun?

Für Eure Hilfe recht herzlichen Dank im Voraus!!!
sushi

FRST:

Code:
ATTFilter
 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Petro (administrator) on PETER on 29-05-2014 10:22:42
Running from C:\Users\Petro\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
() C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
(Dropbox, Inc.) C:\Users\Petro\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Deutsche Telekom AG) C:\Program Files\Telekom\Mediencenter\MediencenterSoftware.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Deutsche Telekom AG) C:\Users\Petro\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe
(Deutsche Telekom AG) C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10357008 2011-10-18] (Intel Corporation)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-16] (Intel(R) Corporation)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [4479648 2011-01-25] (Dell Inc.)
HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-28] ()
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [NVHotkey] => C:\Windows\system32\nvHotkey.dll [539456 2011-10-15] (NVIDIA Corporation)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055816 2011-05-30] ()
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-05-30] ()
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2007-10-11] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2007-10-11] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1724728 2013-12-19] (G Data Software AG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-695438745-3103446122-1789299792-1000\...\Run: [WirelessManager] => C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe [194600 2010-07-28] (Ericsson AB)
HKU\S-1-5-21-695438745-3103446122-1789299792-1005\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [908160 2010-03-16] (Microsoft Corporation)
HKU\S-1-5-21-695438745-3103446122-1789299792-1005\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [840784 2012-09-17] (Adobe Systems Incorporated)
HKU\S-1-5-21-695438745-3103446122-1789299792-1005\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-695438745-3103446122-1789299792-1005\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-695438745-3103446122-1789299792-1005\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [135112 2014-05-09] (PC Utilities Software Limited)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\Petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Petro\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter Assistent.lnk
ShortcutTarget: Mediencenter Assistent.lnk -> C:\Program Files\Telekom\Mediencenter\MediencenterSoftware.exe (Deutsche Telekom AG)
Startup: C:\Users\Petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk
ShortcutTarget: Mediencenter.lnk -> C:\Users\Petro\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG)

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1401024587&from=cor&uid=ST9750420AS_6WS0FX3MXXXX6WS0FX3M&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1401024587&from=cor&uid=ST9750420AS_6WS0FX3MXXXX6WS0FX3M&q={searchTerms}
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=CA464C80935A73F6&affID=121565&tt=280813_dt&tsp=4992
SearchScopes: HKCU - {87068D2F-8305-4BF8-9015-4471A124B3E8} URL = 
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: sweet-page
FF SelectedSearchEngine: sweet-page
FF Homepage: www.google.de
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: iCloud Bookmarks - C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\Extensions\firefoxdav@icloud.com [2013-12-20]
FF Extension: ShoppeerMasutera - C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\Extensions\tzfrrj34a@cgcao-.edu [2014-05-25]
FF Extension: Ciuvo - C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\Extensions\extension@ciuvo.com.xpi [2013-01-19]
FF Extension: Shoptimate - C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\Extensions\support@shoptimate.com.xpi [2013-01-19]
FF Extension: Biet-O-Matic Firefox Erweiterung - C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\Extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}.xpi [2013-01-07]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-05-09]

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2244728 2014-02-12] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2723400 2014-03-25] (G Data Software AG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [8704 2012-01-19] (Microsoft)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2992760 2014-01-30] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700024 2014-02-03] (G Data Software AG)
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin)
S2 MailStoreServer; C:\Program Files (x86)\deepinvent\MailStore Server\MailStoreServer_x64.exe [432240 2014-01-10] (MailStore Software GmbH)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 MCSWASVR; C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe [12800 2012-08-13] (Deutsche Telekom AG)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-16] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [57344 2014-05-25] (G Data Software AG)
R3 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [22016 2014-05-25] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [135168 2014-05-25] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [68608 2014-05-25] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64000 2014-05-25] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-02-17] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [65024 2014-05-25] (G Data Software AG)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [249152 2011-10-15] (NVIDIA Corporation)
S3 NvStUSB; C:\Windows\system32\drivers\nvstusb.sys [121960 2010-12-12] ()
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
S3 NPF; system32\drivers\NPF.sys [X]
S3 NSNDIS5; \??\C:\Windows\system32\NSNDIS5.SYS [X]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-29 10:22 - 2014-05-29 10:22 - 00028870 _____ () C:\Users\Petro\Downloads\FRST.txt
2014-05-29 10:22 - 2014-05-29 10:22 - 00000000 ____D () C:\FRST
2014-05-29 10:21 - 2014-05-29 10:21 - 00000472 _____ () C:\Users\Petro\Downloads\defogger_disable.log
2014-05-28 12:59 - 2014-05-28 12:59 - 00380416 _____ () C:\Users\Petro\Downloads\32zm573i.exe
2014-05-28 12:58 - 2014-05-28 12:58 - 02066944 _____ (Farbar) C:\Users\Petro\Downloads\FRST64.exe
2014-05-28 12:57 - 2014-05-28 12:57 - 00050477 _____ () C:\Users\Petro\Downloads\Defogger.exe
2014-05-26 08:30 - 2014-05-26 08:30 - 00001168 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-26 08:30 - 2014-05-26 08:30 - 00001156 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-26 08:29 - 2014-05-26 08:29 - 28852416 _____ (Mozilla) C:\Users\Petro\Downloads\Firefox_Setup_de29.0.1.exe
2014-05-25 21:58 - 2014-05-25 21:58 - 00022016 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBFlt64.sys
2014-05-25 21:58 - 2014-05-25 21:58 - 00002058 _____ () C:\Windows\DPINST.LOG
2014-05-25 21:58 - 2014-05-25 21:58 - 00001987 _____ () C:\Users\Public\Desktop\G Data InternetSecurity.lnk
2014-05-25 21:58 - 2014-05-25 21:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_GDKBFlt64_01007.Wdf
2014-05-25 21:58 - 2014-05-25 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity
2014-05-25 21:47 - 2014-05-25 21:47 - 00001518 _____ () C:\Mailware.txt
2014-05-25 20:05 - 2014-05-26 23:11 - 00078600 _____ () C:\Windows\PFRO.log
2014-05-25 19:55 - 2014-05-25 21:38 - 00000000 ____D () C:\ProgramData\RoyalCoupOnu
2014-05-25 19:55 - 2014-05-25 19:55 - 00000000 ____D () C:\ProgramData\3a5077e0758623c6
2014-05-25 16:53 - 2014-05-25 16:53 - 00526323 _____ () C:\Users\Petro\Downloads\web_of_trust_wot-20131118-fx.zip
2014-05-25 16:41 - 2014-05-27 21:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-25 16:40 - 2014-05-25 16:40 - 00001111 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-25 16:40 - 2014-05-25 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-25 16:40 - 2014-05-25 16:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-25 16:40 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-25 16:40 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-25 16:36 - 2014-05-25 16:37 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Petro\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-25 16:29 - 2014-05-25 16:29 - 00000040 _____ () C:\Users\Petro\AppData\Roaming\WB.CFG
2014-05-25 15:35 - 2014-05-25 15:35 - 00000000 ____D () C:\Users\Petro\Documents\Optimizer Pro
2014-05-25 15:35 - 2014-05-25 15:35 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\Optimizer Pro
2014-05-25 15:30 - 2014-05-25 20:05 - 00000000 ____D () C:\ProgramData\WPM
2014-05-25 15:30 - 2014-05-25 15:31 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\DivX
2014-05-25 15:30 - 2014-05-25 15:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-05-25 15:30 - 2014-05-25 15:30 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2014-05-25 15:30 - 2014-05-25 15:30 - 00000000 ____D () C:\Program Files\DivX
2014-05-25 15:29 - 2014-05-29 09:29 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job
2014-05-25 15:29 - 2014-05-26 09:01 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-05-25 15:29 - 2014-05-25 15:31 - 00000000 ____D () C:\ProgramData\DivX
2014-05-25 15:29 - 2014-05-25 15:31 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-05-25 15:29 - 2014-05-25 15:30 - 00000000 ____D () C:\Program Files (x86)\Xvid
2014-05-25 15:29 - 2014-05-25 15:29 - 00715038 _____ () C:\Windows\unins000.exe
2014-05-25 15:29 - 2014-05-25 15:29 - 00003226 _____ () C:\Windows\System32\Tasks\Digital Sites
2014-05-25 15:29 - 2014-05-25 15:29 - 00001987 _____ () C:\Windows\unins000.dat
2014-05-25 15:29 - 2014-05-25 15:29 - 00001071 _____ () C:\Users\Petro\Desktop\Optimizer Pro.lnk
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\sweet-page
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\LavFilters
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\DigitalSites
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\CDXReader
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DirectVobSub
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\OpenSource Flash Video Splitter
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\ffdshow
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\DSP-worx
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\DirectVobSub
2014-05-25 15:29 - 2012-02-26 16:47 - 00079360 _____ () C:\Windows\SysWOW64\ff_vfw.dll
2014-05-25 15:29 - 2012-01-09 20:45 - 00178688 _____ () C:\Windows\SysWOW64\unrar.dll
2014-05-25 15:29 - 2011-12-07 19:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
2014-05-25 15:29 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2014-05-25 15:29 - 2011-05-30 15:42 - 00255488 _____ () C:\Windows\system32\xvidvfw.dll
2014-05-25 15:29 - 2011-05-30 15:42 - 00240640 _____ () C:\Windows\SysWOW64\xvidvfw.dll
2014-05-25 15:29 - 2011-05-23 11:52 - 00153088 _____ () C:\Windows\SysWOW64\xvid.ax
2014-05-25 15:29 - 2011-05-23 09:49 - 00173568 _____ () C:\Windows\system32\xvid.ax
2014-05-25 15:29 - 2011-05-23 09:46 - 00645632 _____ () C:\Windows\SysWOW64\xvidcore.dll
2014-05-25 15:29 - 2011-05-23 09:45 - 00696832 _____ () C:\Windows\system32\xvidcore.dll
2014-05-25 15:22 - 2014-05-25 15:22 - 00215920 _____ () C:\Users\Petro\Downloads\morefunctionsforAB-TB3-0.6.11.2.xpi
2014-05-25 15:21 - 2014-05-25 15:21 - 00150985 _____ () C:\Users\Petro\Downloads\morefunctionsforAB-0.5.9.2(2).xpi
2014-05-25 15:15 - 2014-05-25 15:15 - 00150985 _____ () C:\Users\Petro\Downloads\morefunctionsforAB-0.5.9.2(1).xpi
2014-05-25 15:09 - 2014-05-26 07:57 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-05-25 15:09 - 2014-05-25 15:09 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\ParetoLogic
2014-05-25 15:09 - 2014-05-25 15:09 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\DriverCure
2014-05-25 15:08 - 2014-05-25 15:08 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Petro\Downloads\ParetoLogic PC Health Advisor_de.exe
2014-05-25 15:06 - 2014-05-25 15:06 - 00000000 ____D () C:\Users\Petro\Downloads\outport
2014-05-25 15:03 - 2014-05-25 15:03 - 00417846 _____ () C:\Users\Petro\Downloads\outport-1.1.25.zip
2014-05-25 15:02 - 2014-05-25 15:02 - 00150985 _____ () C:\Users\Petro\Downloads\morefunctionsforAB-0.5.9.2.xpi
2014-05-25 13:28 - 2014-05-25 13:28 - 21987152 _____ (Mozilla) C:\Users\Petro\Downloads\Thunderbird_Setup_24.5.0.exe
2014-05-25 11:00 - 2014-05-25 11:00 - 00003134 _____ () C:\Windows\System32\Tasks\{05055B09-8873-456A-B081-A71D2D65866F}
2014-05-25 10:57 - 2014-05-25 10:57 - 04021568 _____ (Microsoft Corporation) C:\Users\Petro\Downloads\OutlookConnector.exe
2014-05-25 10:33 - 2014-05-25 10:33 - 00001805 _____ () C:\Users\Public\Desktop\MailStore Client auf weiteren Rechnern installieren.lnk
2014-05-25 10:33 - 2014-05-25 10:33 - 00001282 _____ () C:\Users\Public\Desktop\Konfiguration des MailStore Server-Dienstes.lnk
2014-05-25 10:33 - 2014-05-25 10:33 - 00001222 _____ () C:\Users\Public\Desktop\MailStore Client.lnk
2014-05-25 10:33 - 2014-05-25 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MailStore Server
2014-05-25 09:52 - 2014-05-25 13:37 - 00000000 ____D () C:\Users\Petro\Documents\MailStore Home
2014-05-25 09:51 - 2014-05-25 09:51 - 05813952 _____ (Igor Pavlov) C:\Users\Petro\Downloads\MailStoreHomeSetup-8.2.0.9316(1).exe
2014-05-25 09:51 - 2014-05-25 09:51 - 00001228 _____ () C:\Users\Public\Desktop\MailStore Home.lnk
2014-05-25 09:51 - 2014-05-25 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MailStore Home
2014-05-25 09:22 - 2014-05-25 09:22 - 05813952 _____ (Igor Pavlov) C:\Users\Petro\Downloads\MailStoreHomeSetup-8.2.0.9316.exe
2014-05-25 09:15 - 2014-05-26 21:59 - 00000000 ____D () C:\ProgramData\firebird
2014-05-25 09:15 - 2014-05-25 22:00 - 00000000 ____D () C:\MailArchive
2014-05-25 09:10 - 2014-05-25 09:51 - 00000000 ____D () C:\Program Files (x86)\deepinvent
2014-05-25 09:10 - 2014-05-25 09:10 - 00000000 ____D () C:\ProgramData\MailStore
2014-05-25 09:07 - 2014-05-25 09:08 - 38996392 _____ (MailStore Software GmbH ) C:\Users\Petro\Downloads\MailStoreServerSetup-8.1.2.9268.exe
2014-05-25 08:53 - 2014-05-25 14:52 - 00038576 _____ () C:\Users\Petro\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2014-05-25 08:37 - 2014-05-25 08:37 - 00000000 __SHD () C:\Users\Petro\AppData\Local\EmieUserList
2014-05-25 08:37 - 2014-05-25 08:37 - 00000000 __SHD () C:\Users\Petro\AppData\Local\EmieSiteList
2014-05-25 07:26 - 2014-05-25 07:57 - 00000000 ____D () C:\Users\Petro\AppData\Local\Windows Live
2014-05-25 07:26 - 2014-05-25 07:26 - 00000000 ____D () C:\Users\Petro\AppData\Local\{3E05F4D0-A734-441C-8BC6-75ACD713DA63}
2014-05-25 07:26 - 2014-05-25 07:26 - 00000000 ____D () C:\Users\Petro\AppData\Local\{0C30DAB9-B502-4846-9832-B1D72C83FA76}
2014-05-20 19:08 - 2014-05-20 19:08 - 00007249 _____ () C:\Users\Petro\AppData\Local\recently-used.xbel
2014-05-20 18:53 - 2014-05-20 18:53 - 00000000 ____D () C:\Users\Petro\AppData\Local\webkit
2014-05-20 18:49 - 2014-05-20 19:08 - 00000000 ____D () C:\Users\Petro\AppData\Local\gtk-2.0
2014-05-20 18:49 - 2014-05-20 18:49 - 00000000 ____D () C:\Users\Petro\.thumbnails
2014-05-20 18:47 - 2014-05-20 19:08 - 00000000 ____D () C:\Users\Petro\.gimp-2.8
2014-05-20 18:47 - 2014-05-20 18:47 - 00000000 ____D () C:\Users\Petro\AppData\Local\gegl-0.2
2014-05-20 17:46 - 2014-05-20 17:46 - 00000863 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-05-20 17:45 - 2014-05-20 17:46 - 00000000 ____D () C:\Program Files\GIMP 2
2014-05-20 17:41 - 2014-05-20 17:42 - 90396104 _____ (The GIMP Team ) C:\Users\Petro\Downloads\gimp-2.8.10-setup.exe
2014-05-17 09:32 - 2014-05-17 09:32 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\DropboxMaster
2014-05-15 03:05 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 03:05 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 03:05 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 03:05 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 03:05 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 03:05 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 06:58 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 06:58 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 06:58 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 06:58 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 06:58 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 06:58 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 06:58 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 06:58 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 06:58 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 06:58 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 06:58 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 06:58 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 06:58 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 06:58 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 06:58 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 06:58 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 06:58 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 06:58 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 06:58 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 06:58 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 06:58 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 06:58 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 06:58 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 06:58 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 06:58 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 06:58 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 06:58 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 06:58 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 06:58 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 06:58 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 06:58 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-11 14:29 - 2014-05-11 14:29 - 00128064 _____ () C:\Users\Petro\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-11 14:28 - 2014-05-26 23:16 - 00001387 _____ () C:\Windows\setupact.log
2014-05-11 14:28 - 2014-05-11 14:29 - 02104944 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-11 14:28 - 2014-05-11 14:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-09 22:34 - 2014-05-26 08:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-06 21:16 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-06 21:15 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-06 21:15 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-06 21:15 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-06 21:15 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-06 21:15 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-06 21:15 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-06 21:15 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-06 21:15 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-06 21:15 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-06 21:15 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-06 21:15 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-06 21:15 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-06 21:15 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-06 21:15 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-06 21:15 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-06 21:15 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-06 21:15 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-06 21:15 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-06 21:15 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-06 21:15 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-06 21:15 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-06 21:15 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-06 21:15 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-06 21:15 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-06 21:15 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-06 21:15 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-06 21:15 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-06 21:15 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-06 21:15 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-06 21:15 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-06 21:15 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-06 21:15 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-06 21:15 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-06 21:15 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-06 21:15 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-06 21:15 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-06 21:15 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-06 21:15 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-06 21:15 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-06 21:15 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-06 21:15 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-06 21:15 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-06 21:15 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-29 22:26 - 2014-05-25 15:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

2014-05-29 10:22 - 2014-05-29 10:22 - 00028870 _____ () C:\Users\Petro\Downloads\FRST.txt
2014-05-29 10:22 - 2014-05-29 10:22 - 00000000 ____D () C:\FRST
2014-05-29 10:21 - 2014-05-29 10:21 - 00000472 _____ () C:\Users\Petro\Downloads\defogger_disable.log
2014-05-29 10:20 - 2011-12-22 15:56 - 00000422 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-05-29 10:07 - 2012-03-11 17:07 - 00000000 ____D () C:\Users\Petro\Documents\Outlook-Dateien
2014-05-29 10:02 - 2013-10-06 20:37 - 00000000 ____D () C:\Users\Petro\AppData\Local\42F12FD7-AC63-4CF3-A877-21C804D57E47.aplzod
2014-05-29 09:37 - 2012-04-03 06:50 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-29 09:29 - 2014-05-25 15:29 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job
2014-05-29 03:00 - 2014-02-17 20:31 - 01072208 _____ () C:\Windows\WindowsUpdate.log
2014-05-28 13:03 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-28 13:03 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-28 12:59 - 2014-05-28 12:59 - 00380416 _____ () C:\Users\Petro\Downloads\32zm573i.exe
2014-05-28 12:58 - 2014-05-28 12:58 - 02066944 _____ (Farbar) C:\Users\Petro\Downloads\FRST64.exe
2014-05-28 12:57 - 2014-05-28 12:57 - 00050477 _____ () C:\Users\Petro\Downloads\Defogger.exe
2014-05-28 10:02 - 2013-02-28 13:59 - 00000000 ___RD () C:\Users\Petro\Mediencenter
2014-05-27 21:01 - 2014-05-25 16:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 23:22 - 2013-02-02 08:49 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\Dropbox
2014-05-26 23:21 - 2013-02-02 08:52 - 00000000 ___RD () C:\Users\Petro\Dropbox
2014-05-26 23:19 - 2010-11-21 08:50 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-05-26 23:19 - 2010-11-21 08:50 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-05-26 23:19 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-26 23:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-26 23:16 - 2014-05-11 14:28 - 00001387 _____ () C:\Windows\setupact.log
2014-05-26 23:13 - 2011-12-17 15:36 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-05-26 23:13 - 2011-12-17 15:36 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-05-26 23:13 - 2011-12-17 15:31 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-05-26 23:12 - 2011-12-17 07:50 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-26 23:12 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-26 23:11 - 2014-05-25 20:05 - 00078600 _____ () C:\Windows\PFRO.log
2014-05-26 23:11 - 2012-05-04 12:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-26 21:59 - 2014-05-25 09:15 - 00000000 ____D () C:\ProgramData\firebird
2014-05-26 09:01 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-05-26 08:30 - 2014-05-26 08:30 - 00001168 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-26 08:30 - 2014-05-26 08:30 - 00001156 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-26 08:30 - 2014-05-09 22:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-26 08:29 - 2014-05-26 08:29 - 28852416 _____ (Mozilla) C:\Users\Petro\Downloads\Firefox_Setup_de29.0.1.exe
2014-05-26 07:57 - 2014-05-25 15:09 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-05-25 22:58 - 2013-09-01 22:02 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\BabSolution
2014-05-25 22:00 - 2014-05-25 09:15 - 00000000 ____D () C:\MailArchive
2014-05-25 21:58 - 2014-05-25 21:58 - 00022016 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBFlt64.sys
2014-05-25 21:58 - 2014-05-25 21:58 - 00002058 _____ () C:\Windows\DPINST.LOG
2014-05-25 21:58 - 2014-05-25 21:58 - 00001987 _____ () C:\Users\Public\Desktop\G Data InternetSecurity.lnk
2014-05-25 21:58 - 2014-05-25 21:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_GDKBFlt64_01007.Wdf
2014-05-25 21:58 - 2014-05-25 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity
2014-05-25 21:58 - 2014-02-15 15:58 - 00068608 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2014-05-25 21:58 - 2014-02-15 15:57 - 00135168 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2014-05-25 21:58 - 2014-02-15 15:57 - 00065024 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2014-05-25 21:58 - 2014-02-15 15:57 - 00064000 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2014-05-25 21:58 - 2014-02-15 15:57 - 00057344 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2014-05-25 21:57 - 2014-02-15 15:56 - 00000000 ____D () C:\ProgramData\G Data
2014-05-25 21:47 - 2014-05-25 21:47 - 00001518 _____ () C:\Mailware.txt
2014-05-25 21:38 - 2014-05-25 19:55 - 00000000 ____D () C:\ProgramData\RoyalCoupOnu
2014-05-25 20:05 - 2014-05-25 15:30 - 00000000 ____D () C:\ProgramData\WPM
2014-05-25 19:55 - 2014-05-25 19:55 - 00000000 ____D () C:\ProgramData\3a5077e0758623c6
2014-05-25 17:47 - 2013-09-01 22:02 - 00000000 ____D () C:\ProgramData\DSearchLink
2014-05-25 16:53 - 2014-05-25 16:53 - 00526323 _____ () C:\Users\Petro\Downloads\web_of_trust_wot-20131118-fx.zip
2014-05-25 16:40 - 2014-05-25 16:40 - 00001111 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-25 16:40 - 2014-05-25 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-25 16:40 - 2014-05-25 16:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-25 16:40 - 2013-01-21 22:16 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\Malwarebytes
2014-05-25 16:40 - 2013-01-21 22:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-25 16:37 - 2014-05-25 16:36 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Petro\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-25 16:29 - 2014-05-25 16:29 - 00000040 _____ () C:\Users\Petro\AppData\Roaming\WB.CFG
2014-05-25 15:35 - 2014-05-25 15:35 - 00000000 ____D () C:\Users\Petro\Documents\Optimizer Pro
2014-05-25 15:35 - 2014-05-25 15:35 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\Optimizer Pro
2014-05-25 15:31 - 2014-05-25 15:30 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\DivX
2014-05-25 15:31 - 2014-05-25 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-05-25 15:31 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\DivX
2014-05-25 15:31 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-05-25 15:31 - 2014-04-29 22:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-25 15:30 - 2014-05-25 15:30 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2014-05-25 15:30 - 2014-05-25 15:30 - 00000000 ____D () C:\Program Files\DivX
2014-05-25 15:30 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\Xvid
2014-05-25 15:29 - 2014-05-25 15:29 - 00715038 _____ () C:\Windows\unins000.exe
2014-05-25 15:29 - 2014-05-25 15:29 - 00003226 _____ () C:\Windows\System32\Tasks\Digital Sites
2014-05-25 15:29 - 2014-05-25 15:29 - 00001987 _____ () C:\Windows\unins000.dat
2014-05-25 15:29 - 2014-05-25 15:29 - 00001071 _____ () C:\Users\Petro\Desktop\Optimizer Pro.lnk
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\sweet-page
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\LavFilters
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\DigitalSites
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\CDXReader
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DirectVobSub
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\OpenSource Flash Video Splitter
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\ffdshow
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\DSP-worx
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\DirectVobSub
2014-05-25 15:22 - 2014-05-25 15:22 - 00215920 _____ () C:\Users\Petro\Downloads\morefunctionsforAB-TB3-0.6.11.2.xpi
2014-05-25 15:21 - 2014-05-25 15:21 - 00150985 _____ () C:\Users\Petro\Downloads\morefunctionsforAB-0.5.9.2(2).xpi
2014-05-25 15:15 - 2014-05-25 15:15 - 00150985 _____ () C:\Users\Petro\Downloads\morefunctionsforAB-0.5.9.2(1).xpi
2014-05-25 15:09 - 2014-05-25 15:09 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\ParetoLogic
2014-05-25 15:09 - 2014-05-25 15:09 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\DriverCure
2014-05-25 15:08 - 2014-05-25 15:08 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Petro\Downloads\ParetoLogic PC Health Advisor_de.exe
2014-05-25 15:06 - 2014-05-25 15:06 - 00000000 ____D () C:\Users\Petro\Downloads\outport
2014-05-25 15:03 - 2014-05-25 15:03 - 00417846 _____ () C:\Users\Petro\Downloads\outport-1.1.25.zip
2014-05-25 15:02 - 2014-05-25 15:02 - 00150985 _____ () C:\Users\Petro\Downloads\morefunctionsforAB-0.5.9.2.xpi
2014-05-25 14:52 - 2014-05-25 08:53 - 00038576 _____ () C:\Users\Petro\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2014-05-25 14:15 - 2012-03-20 21:23 - 00000021 _____ () C:\Users\Petro\AppData\Local\mc.pixel.data
2014-05-25 13:37 - 2014-05-25 09:52 - 00000000 ____D () C:\Users\Petro\Documents\MailStore Home
2014-05-25 13:29 - 2012-12-20 17:12 - 00002107 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-05-25 13:29 - 2012-12-20 17:12 - 00002095 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-05-25 13:29 - 2012-12-20 17:12 - 00000000 ____D () C:\Users\Petro\AppData\Local\Thunderbird
2014-05-25 13:28 - 2014-05-25 13:28 - 21987152 _____ (Mozilla) C:\Users\Petro\Downloads\Thunderbird_Setup_24.5.0.exe
2014-05-25 11:58 - 2012-02-26 11:03 - 00000432 _____ () C:\Windows\BRWMARK.INI
2014-05-25 11:00 - 2014-05-25 11:00 - 00003134 _____ () C:\Windows\System32\Tasks\{05055B09-8873-456A-B081-A71D2D65866F}
2014-05-25 10:57 - 2014-05-25 10:57 - 04021568 _____ (Microsoft Corporation) C:\Users\Petro\Downloads\OutlookConnector.exe
2014-05-25 10:57 - 2013-04-19 14:20 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-05-25 10:33 - 2014-05-25 10:33 - 00001805 _____ () C:\Users\Public\Desktop\MailStore Client auf weiteren Rechnern installieren.lnk
2014-05-25 10:33 - 2014-05-25 10:33 - 00001282 _____ () C:\Users\Public\Desktop\Konfiguration des MailStore Server-Dienstes.lnk
2014-05-25 10:33 - 2014-05-25 10:33 - 00001222 _____ () C:\Users\Public\Desktop\MailStore Client.lnk
2014-05-25 10:33 - 2014-05-25 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MailStore Server
2014-05-25 09:51 - 2014-05-25 09:51 - 05813952 _____ (Igor Pavlov) C:\Users\Petro\Downloads\MailStoreHomeSetup-8.2.0.9316(1).exe
2014-05-25 09:51 - 2014-05-25 09:51 - 00001228 _____ () C:\Users\Public\Desktop\MailStore Home.lnk
2014-05-25 09:51 - 2014-05-25 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MailStore Home
2014-05-25 09:51 - 2014-05-25 09:10 - 00000000 ____D () C:\Program Files (x86)\deepinvent
2014-05-25 09:22 - 2014-05-25 09:22 - 05813952 _____ (Igor Pavlov) C:\Users\Petro\Downloads\MailStoreHomeSetup-8.2.0.9316.exe
2014-05-25 09:10 - 2014-05-25 09:10 - 00000000 ____D () C:\ProgramData\MailStore
2014-05-25 09:08 - 2014-05-25 09:07 - 38996392 _____ (MailStore Software GmbH ) C:\Users\Petro\Downloads\MailStoreServerSetup-8.1.2.9268.exe
2014-05-25 08:37 - 2014-05-25 08:37 - 00000000 __SHD () C:\Users\Petro\AppData\Local\EmieUserList
2014-05-25 08:37 - 2014-05-25 08:37 - 00000000 __SHD () C:\Users\Petro\AppData\Local\EmieSiteList
2014-05-25 07:57 - 2014-05-25 07:26 - 00000000 ____D () C:\Users\Petro\AppData\Local\Windows Live
2014-05-25 07:55 - 2013-09-06 10:10 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\Windows Live Writer
2014-05-25 07:26 - 2014-05-25 07:26 - 00000000 ____D () C:\Users\Petro\AppData\Local\{3E05F4D0-A734-441C-8BC6-75ACD713DA63}
2014-05-25 07:26 - 2014-05-25 07:26 - 00000000 ____D () C:\Users\Petro\AppData\Local\{0C30DAB9-B502-4846-9832-B1D72C83FA76}
2014-05-20 19:08 - 2014-05-20 19:08 - 00007249 _____ () C:\Users\Petro\AppData\Local\recently-used.xbel
2014-05-20 19:08 - 2014-05-20 18:49 - 00000000 ____D () C:\Users\Petro\AppData\Local\gtk-2.0
2014-05-20 19:08 - 2014-05-20 18:47 - 00000000 ____D () C:\Users\Petro\.gimp-2.8
2014-05-20 18:53 - 2014-05-20 18:53 - 00000000 ____D () C:\Users\Petro\AppData\Local\webkit
2014-05-20 18:49 - 2014-05-20 18:49 - 00000000 ____D () C:\Users\Petro\.thumbnails
2014-05-20 18:49 - 2012-02-16 19:34 - 00000000 ____D () C:\Users\Petro
2014-05-20 18:47 - 2014-05-20 18:47 - 00000000 ____D () C:\Users\Petro\AppData\Local\gegl-0.2
2014-05-20 17:46 - 2014-05-20 17:46 - 00000863 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-05-20 17:46 - 2014-05-20 17:45 - 00000000 ____D () C:\Program Files\GIMP 2
2014-05-20 17:42 - 2014-05-20 17:41 - 90396104 _____ (The GIMP Team ) C:\Users\Petro\Downloads\gimp-2.8.10-setup.exe
2014-05-18 10:42 - 2012-02-25 12:42 - 00856041 _____ () C:\Users\Petro\DesktopStCenter.txt
2014-05-17 17:25 - 2012-08-31 08:20 - 00095232 _____ () C:\Users\Petro\Desktop\Kopie von 110102 Nummern-1.xls
2014-05-17 09:32 - 2014-05-17 09:32 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\DropboxMaster
2014-05-17 09:32 - 2013-02-02 08:52 - 00001022 _____ () C:\Users\Petro\Desktop\Dropbox.lnk
2014-05-17 09:32 - 2013-02-02 08:50 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-17 09:32 - 2012-02-16 19:34 - 00000000 ___RD () C:\Users\Petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 07:37 - 2012-04-03 06:50 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 07:37 - 2012-04-03 06:50 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-15 07:37 - 2011-12-17 14:59 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 04:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 03:37 - 2012-10-12 23:38 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-15 03:27 - 2012-02-16 19:34 - 00000000 ___RD () C:\Users\Petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 03:04 - 2013-08-02 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 03:02 - 2012-02-12 17:03 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-12 07:26 - 2014-05-25 16:40 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-25 16:40 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2013-01-23 22:09 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 14:29 - 2014-05-11 14:29 - 00128064 _____ () C:\Users\Petro\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-11 14:29 - 2014-05-11 14:28 - 02104944 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-11 14:28 - 2014-05-11 14:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-07 18:12 - 2013-04-03 03:38 - 00000000 ____D () C:\Users\Petro\Documents\Mein Steuer-Sparbuch Heute
2014-05-07 18:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-06 06:40 - 2014-05-15 03:05 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-15 03:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-15 03:05 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-15 03:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-15 03:05 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 03:05 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 19:29 - 2013-03-31 12:13 - 00000750 _____ () C:\Windows\wiso.ini
2014-04-30 15:54 - 2011-12-17 15:52 - 00000000 ____D () C:\ProgramData\Sonic

Some content of TEMP:
====================
C:\Users\Petro\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3qahak.dll
C:\Users\Petro\AppData\Local\Temp\optprosetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 00:45

==================== End Of Log ===========================
         
Addition Text:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by Petro at 2014-05-29 10:23:32
Running from C:\Users\Petro\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: G Data InternetSecurity (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G Data InternetSecurity (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G Data Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ACDSee Foto-Manager 2009 (HKLM-x32\...\{300578F9-9EFF-4B93-9AB1-C0E5707EF463}) (Version: 11.0.85 - ACD Systems International)
Adobe Acrobat  9 Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat  9 Standard - English, Français, Deutsch (x32 Version: 9.5.5 - Adobe Systems) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Album Art Downloader XUI 0.45 (HKLM-x32\...\Album Art Downloader XUI) (Version: 0.45 - hxxp://sourceforge.net/projects/album-art)
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-7840W (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 3.15 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Codec Pack Packages (HKCU\...\Codec Pack Packages) (Version:  - ) <==== ATTENTION
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DC-Bass Source 1.3.0 (HKLM-x32\...\DC-Bass Source) (Version:  - )
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Mobile Broadband Manager (HKLM-x32\...\{23EEC842-57ED-4055-A056-9D4185DFB1AA}) (Version: 6.1.24.2 - Dell)
Dell MusicStage (HKLM-x32\...\{3255BC3F-32BA-41ED-93A0-B9AEB6CDD9E6}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{E9F59205-F128-49A7-9039-4BDFB60EE4A3}) (Version: 1.5.420.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5803.11 - Dell Inc.)
Dell Support Center (Version: 3.1.5803.11 - PC-Doctor, Inc.) Hidden
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
Delta Chrome Toolbar (HKLM-x32\...\Delta Chrome Toolbar) (Version:  - Visual Tools) <==== ATTENTION
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DirectVobSub 2.40.4209 (HKLM-x32\...\vsfilter_is1) (Version: 2.40.4209 - MPC-HC Team)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.33 - Dropbox, Inc.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Elements 11 Organizer (x32 Version: 11.0 - Ihr Firmenname) Hidden
ffdshow v1.1.4399 [2012-03-22] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.4399.0 - )
Free Video Flip and Rotate version 2.1.9.827 (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 2.1.9.827 - DVDVideoSoft Ltd.)
FRITZ!DSL64 (HKLM\...\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}) (Version: 2.04.03 - AVM Berlin)
G Data InternetSecurity (HKLM-x32\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.1.2 - G Data Software AG)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
High-Definition Video Playback (x32 Version: 7.3.10000.0.0 - Nero AG) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2455 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}) (Version: 1.2.1.0608 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.55.0 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kalenderdruck-Assistent für Microsoft Office Outlook 2007 (HKLM-x32\...\{90120000-00A7-0407-0000-0000000FF1CE}) (Version: 12.0.6520.3001 - Microsoft Corporation)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LingoPad 2.6 (Build 360) (HKLM-x32\...\LingoPad_is1) (Version: 2.6 - Lingo4you)
MailStore Home 8.2.0.9316 (HKLM-x32\...\MailStore Home_universal1) (Version: 8.2.0.9316 - MailStore Software GmbH)
MailStore Server 8.1.2.9268 (HKLM-x32\...\MailStore Server_is1) (Version: 8.1.2.9268 - MailStore Software GmbH)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Mediencenter 3.8.9799.6 (HKCU\...\Mediencenter) (Version: 3.8.9799.6 - Deutsche Telekom AG)
Mediencenter Assistent (HKLM\...\Mediencenter Software) (Version: 2.7.0.1451 - Telekom)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 10 Movie ThemePack Basic (x32 Version: 10.2.10200.0.0 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.12500.0.5 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20000.9.12 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11400.27.0 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Newshosting (HKLM\...\{FE76A200-134E-48EC-8E90-3C124F16BC7F}) (Version: 1.6.1 - Newshosting)
NVIDIA 3D Vision Treiber 285.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 285.62 - NVIDIA Corporation)
NVIDIA Grafiktreiber 285.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 285.62 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.24.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.24.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.46.235 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.5.20 (Version: 1.5.20 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.11.0621 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.11.0621 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.0621 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.8562 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 285.62 (Version: 285.62 - NVIDIA Corporation) Hidden
NVIDIA Update 1.5.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.5.20 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.5.20 - NVIDIA Corporation) Hidden
OpenSource Flash Video Splitter 1.0.0.5 (HKLM-x32\...\OpenSource Flash Video Splitter) (Version: 1.0.0.5 - )
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version:  - ) <==== ATTENTION
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
QNAP Finder (HKLM-x32\...\QNAP_FINDER) (Version: 3.4.1.1401 - QNAP Systems, Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.10 - Dell Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6312 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.27.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.27.0 - Renesas Electronics Corporation) Hidden
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
ScanSoft PaperPort 11 (HKLM-x32\...\{7A8FF745-BBC5-482B-88E4-18D3178249A9}) (Version: 11.1.0000 - Nuance Communications, Inc.)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.0 (HKLM-x32\...\{EA17F4FC-FDBF-4CF8-A529-2D983132D053}) (Version: 6.0.126 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SpamAssassin for Windows V1.2.1.15 (HKLM-x32\...\SpamAssassin for Windows_is1) (Version: 1.2.1.15 - JAM Software)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Sweet Page (HKLM-x32\...\sweet-page uninstaller) (Version:  - sweet-page) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.6.0 - Synaptics Incorporated)
SyncUP (HKLM-x32\...\{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}) (Version: 1.10.11100.8.106 - Nero AG)
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.15400 - Nero AG)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Update for Codec Pack (HKCU\...\Digital Sites) (Version:  - Update for Codec Pack) <==== ATTENTION
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{0AF37F62-3243-4416-8392-BD0E16874B90}) (Version: 21.00.8480 - Buhl Data Service GmbH)
XnView 1.99.6 (HKLM-x32\...\XnView_is1) (Version: 1.99.6 - Gougelet Pierre-e)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Restore Points  =========================

14-05-2014 04:49:50 Windows Update
15-05-2014 01:00:12 Windows Update
21-05-2014 19:12:56 Windows Update
25-05-2014 07:11:01 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-01-28 02:20 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {01127C8F-BB8F-4779-A853-6A175AF5D946} - System32\Tasks\Digital Sites => C:\Users\Petro\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {085A41EC-ED0E-4190-897C-80CEF4E216CA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15] (Adobe Systems Incorporated)
Task: {4D2C894F-7729-46FE-AFBC-7588A204E9B7} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\pcdrcui.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {5B5A6FCE-8A5A-4825-BAB0-C5C8975F32D9} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {B8A41010-1E52-49E0-B6D6-5F9A360477E9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BE30A8B5-FC74-4094-B763-6EAA57330AC4} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {C4CB036F-B113-4B21-8DDE-2CEAF8A3B5EE} - System32\Tasks\AdobeAAMUpdater-1.0-PETER-Petro => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: {E5601E53-B1EF-4AE2-A744-3855B557F594} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Petro\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\pcdrcui.exe

==================== Loaded Modules (whitelisted) =============

2011-09-16 01:46 - 2011-09-16 01:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2010-01-30 03:40 - 2010-01-30 03:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-12-17 16:17 - 2011-07-20 15:04 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-09-16 01:46 - 2011-09-16 01:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-06-28 03:26 - 2011-06-28 03:26 - 02022976 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
2011-06-29 16:52 - 2011-06-29 16:52 - 00474176 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
2014-03-02 12:36 - 2014-04-23 15:03 - 01430320 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
2010-01-30 03:40 - 2010-01-30 03:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2010-02-28 04:08 - 2010-02-28 04:08 - 01549152 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2012-02-26 11:03 - 2005-04-22 14:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2011-12-17 15:31 - 2011-09-22 18:14 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2013-12-19 04:42 - 2013-12-19 04:42 - 00350840 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-17 04:28 - 2010-03-17 04:28 - 01926144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
2010-03-22 23:52 - 2010-03-22 23:52 - 06776832 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
2010-03-17 04:28 - 2010-03-17 04:28 - 00635904 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
2010-03-17 04:28 - 2010-03-17 04:28 - 00326144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
2011-06-25 07:20 - 2011-06-25 07:20 - 00565968 _____ () C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
2011-06-28 03:25 - 2011-06-28 03:25 - 00058944 _____ () C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
2011-06-25 07:32 - 2011-06-25 07:32 - 00323136 _____ () C:\Program Files (x86)\Dell\Stage Remote\de-DE\UI\ManagerUI.dll
2010-03-12 03:52 - 2010-03-12 03:52 - 00028160 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
2010-03-05 23:07 - 2010-03-05 23:07 - 00031744 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll
2010-03-05 23:07 - 2010-03-05 23:07 - 00125952 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
2010-03-12 03:52 - 2010-03-12 03:52 - 00225280 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 09787184 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wgui14.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 00035632 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsdcom48.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 00309040 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rscorewinapi48.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 00322864 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsguiwinapi48.dll
2014-03-02 12:34 - 2014-04-23 15:04 - 03807024 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wcore14.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 00136496 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsodbc48.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 02703152 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfvie14.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 02001200 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wsteu14.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 01929520 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wreli14.dll
2014-03-02 12:33 - 2014-04-23 15:03 - 04321072 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wauff14.dll
2014-03-02 12:34 - 2014-02-11 12:53 - 01043456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-core.dll
2014-03-02 12:34 - 2014-02-11 12:53 - 00094720 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-shared.dll
2014-03-02 12:34 - 2014-02-11 12:53 - 00250368 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-contribs-lib.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 01562928 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wmain14.dll
2014-03-02 12:33 - 2014-04-23 15:03 - 05154096 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae114.dll
2014-03-02 12:33 - 2014-04-23 15:03 - 01691440 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae214.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 01807152 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae314.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 01626416 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae414.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 01115440 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau114.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 01329456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau214.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 01257264 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wwerb14.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 07326512 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wkont14.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 01285936 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wimp14.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 01330480 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfabu14.dll
2010-01-30 03:41 - 2010-01-30 03:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-05-26 23:13 - 2014-05-26 23:13 - 00041984 _____ () c:\users\petro\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3qahak.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Petro\AppData\Roaming\Dropbox\bin\libcef.dll
2014-02-05 17:49 - 2009-02-27 17:39 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.deu
2014-02-05 17:49 - 2009-02-27 17:32 - 00020480 _____ () C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
2012-02-26 11:03 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-05-26 08:30 - 2014-05-07 04:27 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-10-15 01:54 - 2011-10-15 01:54 - 00265536 _____ () C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
2014-02-15 16:52 - 2014-02-15 16:52 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3e27ac2000641918e7215d97c63e957d\IsdiInterop.ni.dll
2011-12-22 17:52 - 2011-01-12 18:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-04-29 22:26 - 2014-04-24 19:51 - 03019888 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-04-29 22:26 - 2014-04-24 19:51 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-04-29 22:26 - 2014-04-24 19:51 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-05-15 07:37 - 2014-05-15 07:37 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Petro\Downloads\AlbumArtDownloaderXUI-0.45.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\AVM_FRITZ!WLAN_Repeater_310_Assistent(1).exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\AVM_FRITZ!WLAN_Repeater_310_Assistent.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\CalendarPrintAssistant.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\cdbxp_setup_4.5.2.4478_minimal.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\Dropbox 2.4.7(1).exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\Dropbox 2.4.7.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\FreeVideoFlipAndRotate(1).exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\FreeVideoFlipAndRotate.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\iTunes64Setup(1).exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\mp3tagv258setup.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\setupDE(1).exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\setupDE(2).exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\setupDE.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\setup_dm_Fotowelt.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\SpamAssassinforWindows-Setup.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\spampal1594.exe:BDU

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: BirdieSync => C:\Program Files (x86)\BirdieSync\BirdieSync.exe -minimized
MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: NeroLauncher => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900

==================== Faulty Device Manager Devices =============

Name: NetGroup Packet Filter Driver
Description: NetGroup Packet Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: npf
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/28/2014 02:02:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14419749

Error: (05/28/2014 02:02:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14419749

Error: (05/28/2014 02:02:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/28/2014 02:02:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14410904

Error: (05/28/2014 02:02:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14410904

Error: (05/28/2014 02:02:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/27/2014 09:04:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AVKProxy.exe, Version: 1.5.14043.574, Zeitstempel: 0x52fb3224
Name des fehlerhaften Moduls: avkhttp.dll, Version: 25.0.14079.176, Zeitstempel: 0x532a4adc
Ausnahmecode: 0xc0000417
Fehleroffset: 0x0008cf92
ID des fehlerhaften Prozesses: 0x808
Startzeit der fehlerhaften Anwendung: 0xAVKProxy.exe0
Pfad der fehlerhaften Anwendung: AVKProxy.exe1
Pfad des fehlerhaften Moduls: AVKProxy.exe2
Berichtskennung: AVKProxy.exe3

Error: (05/27/2014 08:55:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 68811822

Error: (05/27/2014 08:55:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 68811822

Error: (05/27/2014 08:55:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (05/27/2014 09:05:13 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "G Data AntiVirus Proxy" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (05/27/2014 09:04:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "G Data AntiVirus Proxy" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/26/2014 11:14:15 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {BCB3CC02-761B-4C74-8B04-891A31034D19}

Error: (05/26/2014 11:13:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/26/2014 11:13:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/26/2014 11:13:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/26/2014 11:13:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/26/2014 11:13:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/26/2014 11:13:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/26/2014 11:13:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (05/28/2014 02:02:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14419749

Error: (05/28/2014 02:02:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14419749

Error: (05/28/2014 02:02:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/28/2014 02:02:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14410904

Error: (05/28/2014 02:02:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14410904

Error: (05/28/2014 02:02:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/27/2014 09:04:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AVKProxy.exe1.5.14043.57452fb3224avkhttp.dll25.0.14079.176532a4adcc00004170008cf9280801cf79272cefbf70C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exeC:\Program Files (x86)\Common Files\G Data\AVKProxy\avkhttp.dlla9844007-e5d1-11e3-9a1d-848f69bcf115

Error: (05/27/2014 08:55:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 68811822

Error: (05/27/2014 08:55:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 68811822

Error: (05/27/2014 08:55:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info =========================== 

Percentage of memory in use: 52%
Total physical RAM: 8086.17 MB
Available physical RAM: 3829.88 MB
Total Pagefile: 16170.52 MB
Available Pagefile: 10572.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Programme) (Fixed) (Total:479 GB) (Free:304.22 GB) NTFS
Drive d: (Lokale Daten) (Fixed) (Total:200 GB) (Free:187.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 699 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=479 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=200 GB) - (Type=OF Extended)

==================== End Of Log ============================
         

Alt 29.05.2014, 10:16   #2
M-K-D-B
/// TB-Ausbilder
 
Win 7: Selbständige Internetseiten und Umleitung auf Werbung - Standard

Win 7: Selbständige Internetseiten und Umleitung auf Werbung






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!





Zitat:
Running from C:\Users\Petro\Downloads
Alle Tools bitte vom Desktop ausführen, nicht vom Downloadordner.





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________


Alt 30.05.2014, 12:35   #3
sushi0510
 
Win 7: Selbständige Internetseiten und Umleitung auf Werbung - Standard

Win 7: Selbständige Internetseiten und Umleitung auf Werbung



Hallo Matthias,

vielen Dank für Deine schnelle Hilfe! Habe soeben versucht ComboFix herunterzuladen. Leider kommt immer folgende Fehlermeldung:


"Webseite gesperrt!
G Data InternetSecurity hat den Zugriff auf diese Webseite verweigert.
Es handelt sich hierbei um eine bekannte Phishing-Seite."

Habe anschließend versucht vor Download den Wächter, die Firewall, Autopilot und Virenschutz von Gdata kurz auszuschlaten (hoffe das war sinnvoll) aber selbst dann funktioniert der Download nicht.

Kannst Du mir kurz einen Tipp geben? Danke!

sushi

Hallo,
hat jetzt doch anders funktioniert. Nach Durchführung von Combofix fühlt sich der Rechner bzw. der Browser schon wieder anders (weniger fremdgeleitet) an... :-) Aber hier das Log-File von Combofix. Dank Dir nochmals!

Code:
ATTFilter
ComboFix 14-05-29.01 - Petro 29.05.2014  22:20:29.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8086.5263 [GMT 2:00]
ausgeführt von:: c:\users\Petro\Desktop\ComboFix.exe
AV: G Data InternetSecurity *Disabled/Updated* {545C8713-0744-B079-87F8-349A6D5C8CF0}
FW: G Data Personal Firewall *Enabled* {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
SP: G Data InternetSecurity *Disabled/Updated* {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1360263279.bdinstall.bin
c:\programdata\1392471428.bdinstall.bin
c:\programdata\Roaming
c:\users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\extensions\tzfrrj34a@cgcao-.edu
c:\users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\extensions\tzfrrj34a@cgcao-.edu\bootstrap.js
c:\users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\extensions\tzfrrj34a@cgcao-.edu\chrome.manifest
c:\users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\extensions\tzfrrj34a@cgcao-.edu\content\bg.js
c:\users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\extensions\tzfrrj34a@cgcao-.edu\install.rdf
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-04-28 bis 2014-05-29  ))))))))))))))))))))))))))))))
.
.
2014-05-29 08:22 . 2014-05-29 08:24	--------	d-----w-	C:\FRST
2014-05-27 19:48 . 2014-05-27 19:48	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0376197B-E7D5-4D07-9D86-F2EBB88664DB}\offreg.dll
2014-05-25 19:58 . 2014-05-25 19:58	22016	----a-w-	c:\windows\system32\drivers\GDKBFlt64.sys
2014-05-25 17:55 . 2014-05-25 17:55	--------	d-----w-	c:\programdata\3a5077e0758623c6
2014-05-25 17:55 . 2014-05-25 19:38	--------	d-----w-	c:\programdata\RoyalCoupOnu
2014-05-25 14:41 . 2014-05-27 19:01	122584	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-25 14:40 . 2014-05-25 14:40	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-05-25 14:40 . 2014-05-12 05:26	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-05-25 14:40 . 2014-05-12 05:26	91352	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-05-25 13:35 . 2014-05-25 13:35	--------	d-----w-	c:\users\Petro\AppData\Roaming\Optimizer Pro
2014-05-25 13:30 . 2014-05-25 13:31	--------	d-----w-	c:\users\Petro\AppData\Roaming\DivX
2014-05-25 13:29 . 2014-05-25 13:31	--------	d-----w-	c:\program files (x86)\DivX
2014-05-25 13:09 . 2014-05-25 13:09	--------	d-----w-	c:\users\Petro\AppData\Roaming\ParetoLogic
2014-05-25 13:09 . 2014-05-25 13:09	--------	d-----w-	c:\users\Petro\AppData\Roaming\DriverCure
2014-05-25 13:09 . 2014-05-26 05:57	--------	d-----w-	c:\programdata\ParetoLogic
2014-05-25 07:21 . 2014-05-25 07:21	--------	d-----w-	c:\users\Petro\AppData\Local\MailStore Temp
2014-05-25 07:15 . 2014-05-29 20:30	--------	d-----w-	c:\programdata\firebird
2014-05-25 07:15 . 2014-05-29 20:30	--------	d-----w-	C:\MailArchive
2014-05-25 07:10 . 2014-05-25 07:10	--------	d-----w-	c:\programdata\MailStore
2014-05-25 07:10 . 2014-05-25 07:51	--------	d-----w-	c:\program files (x86)\deepinvent
2014-05-25 06:37 . 2014-05-25 06:37	--------	d-sh--w-	c:\users\Petro\AppData\Local\EmieUserList
2014-05-25 06:37 . 2014-05-25 06:37	--------	d-sh--w-	c:\users\Petro\AppData\Local\EmieSiteList
2014-05-25 05:26 . 2014-05-25 05:57	--------	d-----w-	c:\users\Petro\AppData\Local\Windows Live
2014-05-23 13:46 . 2014-04-30 23:20	10702536	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0376197B-E7D5-4D07-9D86-F2EBB88664DB}\mpengine.dll
2014-05-20 16:53 . 2014-05-20 16:53	--------	d-----w-	c:\users\Petro\AppData\Local\webkit
2014-05-20 16:49 . 2014-05-20 17:08	--------	d-----w-	c:\users\Petro\AppData\Local\gtk-2.0
2014-05-20 16:49 . 2014-05-20 16:49	--------	d-----w-	c:\users\Petro\.thumbnails
2014-05-20 16:47 . 2014-05-20 16:47	--------	d-----w-	c:\users\Petro\AppData\Local\fontconfig
2014-05-20 16:47 . 2014-05-20 17:08	--------	d-----w-	c:\users\Petro\.gimp-2.8
2014-05-20 16:47 . 2014-05-20 16:47	--------	d-----w-	c:\users\Petro\AppData\Local\gegl-0.2
2014-05-20 15:45 . 2014-05-20 15:46	--------	d-----w-	c:\program files\GIMP 2
2014-05-17 07:32 . 2014-05-17 07:32	--------	d-----w-	c:\users\Petro\AppData\Roaming\DropboxMaster
2014-05-15 01:05 . 2014-05-06 04:40	23544320	----a-w-	c:\windows\system32\mshtml.dll
2014-05-15 01:05 . 2014-05-06 03:00	84992	----a-w-	c:\windows\system32\mshtmled.dll
2014-05-15 01:05 . 2014-05-06 04:17	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-15 01:05 . 2014-05-06 03:07	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-05-08 11:21 . 2014-05-08 11:21	188272	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-05-06 19:16 . 2014-03-06 06:00	359936	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2014-05-06 19:16 . 2014-03-06 08:32	574976	----a-w-	c:\windows\system32\ieui.dll
2014-05-06 19:16 . 2014-03-06 05:50	257536	----a-w-	c:\program files (x86)\Internet Explorer\IEShims.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-25 19:58 . 2014-02-15 13:58	68608	----a-w-	c:\windows\system32\drivers\PktIcpt.sys
2014-05-25 19:58 . 2014-02-15 13:57	64000	----a-w-	c:\windows\system32\drivers\gdwfpcd64.sys
2014-05-25 19:58 . 2014-02-15 13:57	65024	----a-w-	c:\windows\system32\drivers\HookCentre.sys
2014-05-25 19:58 . 2014-02-15 13:57	135168	----a-w-	c:\windows\system32\drivers\MiniIcpt.sys
2014-05-25 19:58 . 2014-02-15 13:57	57344	----a-w-	c:\windows\system32\drivers\GDBehave.sys
2014-05-15 05:37 . 2012-04-03 04:50	692400	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-15 05:37 . 2011-12-17 12:59	70832	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-15 01:02 . 2012-02-12 15:03	93223848	----a-w-	c:\windows\system32\MRT.exe
2014-05-12 05:25 . 2013-01-23 20:09	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-04-16 03:02 . 2014-04-16 03:02	354656	----a-w-	c:\windows\SysWow64\DivXControlPanelApplet.cpl
2014-03-31 07:35 . 2010-11-21 03:27	270496	------w-	c:\windows\system32\MpSigStub.exe
2014-03-04 09:44 . 2014-04-09 11:14	362496	----a-w-	c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-09 11:14	243712	----a-w-	c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-09 11:14	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-09 11:14	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-09 11:14	1163264	----a-w-	c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-09 11:14	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-09 11:14	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-09 11:14	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-09 11:14	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-09 11:14	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-09 11:14	2048	----a-w-	c:\windows\SysWow64\user.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Petro\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Petro\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Petro\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Petro\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 908160]
"CAHeadless"="c:\program files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" [2012-09-17 840784]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2014-05-08 40312]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2013-05-08 44128]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-05 43848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2013-12-19 1724728]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-06 152392]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2014-04-03 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
.
c:\users\Petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Petro\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-8 32668056]
Mediencenter Assistent.lnk - c:\program files\Telekom\Mediencenter\MediencenterSoftware.exe collapsedtray [2012-3-20 2401152]
Mediencenter.lnk - c:\users\Petro\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe [2013-10-1 562496]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-16 329944]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe [2014-3-2 1430320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms;c:\program files\dell support center\pcdsrvc_x64.pkms [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys;c:\windows\SYSNATIVE\drivers\GDBehave.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys;c:\windows\SYSNATIVE\drivers\MiniIcpt.sys [x]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys;c:\windows\SYSNATIVE\drivers\gdwfpcd64.sys [x]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys;c:\windows\SYSNATIVE\drivers\GRD.sys [x]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys;c:\windows\SYSNATIVE\drivers\HookCentre.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [x]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [x]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE;c:\program files\FRITZ!DSL\IGDCTRL.EXE [x]
S2 MailStoreServer;MailStore Server;c:\program files (x86)\deepinvent\MailStore Server\MailStoreServer_x64.exe;c:\program files (x86)\deepinvent\MailStore Server\MailStoreServer_x64.exe [x]
S2 MCSWASVR;Mediencenter Service;c:\program files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe;c:\program files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [x]
S3 GDKBFlt;G Data GDKBFlt Driver;c:\windows\system32\drivers\GDKBFlt64.sys;c:\windows\SYSNATIVE\drivers\GDKBFlt64.sys [x]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys;c:\windows\SYSNATIVE\drivers\PktIcpt.sys [x]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys;c:\windows\SYSNATIVE\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 05:37]
.
2014-04-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-03-22 17:20]
.
2014-05-29 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2011-03-22 17:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Mediencenter_InSync]
@="{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}"
"ReferenceCount"=dword:00000001
[HKEY_CLASSES_ROOT\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}]
2013-02-12 14:30	558592	----a-w-	c:\users\Petro\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Mediencenter_ToSync]
@="{528EE335-5034-4EFC-834E-63E5F02D2BC2}"
"ReferenceCount"=dword:00000001
[HKEY_CLASSES_ROOT\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}]
2013-02-12 14:30	558592	----a-w-	c:\users\Petro\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Mediencenter_Failed]
@="{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}"
"ReferenceCount"=dword:00000001
[HKEY_CLASSES_ROOT\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}]
2013-02-12 14:30	558592	----a-w-	c:\users\Petro\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Petro\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Petro\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Petro\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Petro\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-05 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-05 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-05 416024]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-09-16 1935120]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-10-15 539456]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1401024587&from=cor&uid=ST9750420AS_6WS0FX3MXXXX6WS0FX3M&q={searchTerms}
mDefault_Page_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: An vorhandenes PDF anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\
FF - prefs.js: browser.search.selectedEngine - sweet-page
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.type - 0
user_pref(extensions.autoDisableScopes,14);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Digital Sites - c:\users\Petro\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (S-1-5-21-695438745-3103446122-1789299792-1005)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.v11o"
.
[HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (S-1-5-21-695438745-3103446122-1789299792-1005)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.v11p"
.
[HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (S-1-5-21-695438745-3103446122-1789299792-1005)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.v11pf"
.
[HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (S-1-5-21-695438745-3103446122-1789299792-1005)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.xmp"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-05-29  22:36:50 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-05-29 20:36
.
Vor Suchlauf: 17 Verzeichnis(se), 331.862.716.416 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 331.556.458.496 Bytes frei
.
- - End Of File - - 1786B4928D3B515D14A2B1965BDB945C
         
Hallo,
da ich mir nicht sicher bin, ob Du meinen letzten Eintrag gelesen hast (da am Ende meines vorherigen Beitrags integriert war), anbei nochmals das ComboFix Log file. Konnte ComboFix doch noch installieren.

Habe seither keine "Übernahmeprobleme" mehr im Browser, weiß aber nicht ob jetzt alles okay ist?

Grüße
sushi


Code:
ATTFilter
ComboFix 14-05-29.01 - Petro 29.05.2014  22:20:29.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8086.5263 [GMT 2:00]
ausgeführt von:: c:\users\Petro\Desktop\ComboFix.exe
AV: G Data InternetSecurity *Disabled/Updated* {545C8713-0744-B079-87F8-349A6D5C8CF0}
FW: G Data Personal Firewall *Enabled* {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
SP: G Data InternetSecurity *Disabled/Updated* {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1360263279.bdinstall.bin
c:\programdata\1392471428.bdinstall.bin
c:\programdata\Roaming
c:\users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\extensions\tzfrrj34a@cgcao-.edu
c:\users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\extensions\tzfrrj34a@cgcao-.edu\bootstrap.js
c:\users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\extensions\tzfrrj34a@cgcao-.edu\chrome.manifest
c:\users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\extensions\tzfrrj34a@cgcao-.edu\content\bg.js
c:\users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\extensions\tzfrrj34a@cgcao-.edu\install.rdf
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-04-28 bis 2014-05-29  ))))))))))))))))))))))))))))))
.
.
2014-05-29 08:22 . 2014-05-29 08:24	--------	d-----w-	C:\FRST
2014-05-27 19:48 . 2014-05-27 19:48	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0376197B-E7D5-4D07-9D86-F2EBB88664DB}\offreg.dll
2014-05-25 19:58 . 2014-05-25 19:58	22016	----a-w-	c:\windows\system32\drivers\GDKBFlt64.sys
2014-05-25 17:55 . 2014-05-25 17:55	--------	d-----w-	c:\programdata\3a5077e0758623c6
2014-05-25 17:55 . 2014-05-25 19:38	--------	d-----w-	c:\programdata\RoyalCoupOnu
2014-05-25 14:41 . 2014-05-27 19:01	122584	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-25 14:40 . 2014-05-25 14:40	--------	d-----w-	c:\program files (x86)\  Malwarebytes Anti-Malware  
2014-05-25 14:40 . 2014-05-12 05:26	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-05-25 14:40 . 2014-05-12 05:26	91352	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-05-25 13:35 . 2014-05-25 13:35	--------	d-----w-	c:\users\Petro\AppData\Roaming\Optimizer Pro
2014-05-25 13:30 . 2014-05-25 13:31	--------	d-----w-	c:\users\Petro\AppData\Roaming\DivX
2014-05-25 13:29 . 2014-05-25 13:31	--------	d-----w-	c:\program files (x86)\DivX
2014-05-25 13:09 . 2014-05-25 13:09	--------	d-----w-	c:\users\Petro\AppData\Roaming\ParetoLogic
2014-05-25 13:09 . 2014-05-25 13:09	--------	d-----w-	c:\users\Petro\AppData\Roaming\DriverCure
2014-05-25 13:09 . 2014-05-26 05:57	--------	d-----w-	c:\programdata\ParetoLogic
2014-05-25 07:21 . 2014-05-25 07:21	--------	d-----w-	c:\users\Petro\AppData\Local\MailStore Temp
2014-05-25 07:15 . 2014-05-29 20:30	--------	d-----w-	c:\programdata\firebird
2014-05-25 07:15 . 2014-05-29 20:30	--------	d-----w-	C:\MailArchive
2014-05-25 07:10 . 2014-05-25 07:10	--------	d-----w-	c:\programdata\MailStore
2014-05-25 07:10 . 2014-05-25 07:51	--------	d-----w-	c:\program files (x86)\deepinvent
2014-05-25 06:37 . 2014-05-25 06:37	--------	d-sh--w-	c:\users\Petro\AppData\Local\EmieUserList
2014-05-25 06:37 . 2014-05-25 06:37	--------	d-sh--w-	c:\users\Petro\AppData\Local\EmieSiteList
2014-05-25 05:26 . 2014-05-25 05:57	--------	d-----w-	c:\users\Petro\AppData\Local\Windows Live
2014-05-23 13:46 . 2014-04-30 23:20	10702536	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0376197B-E7D5-4D07-9D86-F2EBB88664DB}\mpengine.dll
2014-05-20 16:53 . 2014-05-20 16:53	--------	d-----w-	c:\users\Petro\AppData\Local\webkit
2014-05-20 16:49 . 2014-05-20 17:08	--------	d-----w-	c:\users\Petro\AppData\Local\gtk-2.0
2014-05-20 16:49 . 2014-05-20 16:49	--------	d-----w-	c:\users\Petro\.thumbnails
2014-05-20 16:47 . 2014-05-20 16:47	--------	d-----w-	c:\users\Petro\AppData\Local\fontconfig
2014-05-20 16:47 . 2014-05-20 17:08	--------	d-----w-	c:\users\Petro\.gimp-2.8
2014-05-20 16:47 . 2014-05-20 16:47	--------	d-----w-	c:\users\Petro\AppData\Local\gegl-0.2
2014-05-20 15:45 . 2014-05-20 15:46	--------	d-----w-	c:\program files\GIMP 2
2014-05-17 07:32 . 2014-05-17 07:32	--------	d-----w-	c:\users\Petro\AppData\Roaming\DropboxMaster
2014-05-15 01:05 . 2014-05-06 04:40	23544320	----a-w-	c:\windows\system32\mshtml.dll
2014-05-15 01:05 . 2014-05-06 03:00	84992	----a-w-	c:\windows\system32\mshtmled.dll
2014-05-15 01:05 . 2014-05-06 04:17	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-15 01:05 . 2014-05-06 03:07	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-05-08 11:21 . 2014-05-08 11:21	188272	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-05-06 19:16 . 2014-03-06 06:00	359936	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2014-05-06 19:16 . 2014-03-06 08:32	574976	----a-w-	c:\windows\system32\ieui.dll
2014-05-06 19:16 . 2014-03-06 05:50	257536	----a-w-	c:\program files (x86)\Internet Explorer\IEShims.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-25 19:58 . 2014-02-15 13:58	68608	----a-w-	c:\windows\system32\drivers\PktIcpt.sys
2014-05-25 19:58 . 2014-02-15 13:57	64000	----a-w-	c:\windows\system32\drivers\gdwfpcd64.sys
2014-05-25 19:58 . 2014-02-15 13:57	65024	----a-w-	c:\windows\system32\drivers\HookCentre.sys
2014-05-25 19:58 . 2014-02-15 13:57	135168	----a-w-	c:\windows\system32\drivers\MiniIcpt.sys
2014-05-25 19:58 . 2014-02-15 13:57	57344	----a-w-	c:\windows\system32\drivers\GDBehave.sys
2014-05-15 05:37 . 2012-04-03 04:50	692400	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-15 05:37 . 2011-12-17 12:59	70832	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-15 01:02 . 2012-02-12 15:03	93223848	----a-w-	c:\windows\system32\MRT.exe
2014-05-12 05:25 . 2013-01-23 20:09	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-04-16 03:02 . 2014-04-16 03:02	354656	----a-w-	c:\windows\SysWow64\DivXControlPanelApplet.cpl
2014-03-31 07:35 . 2010-11-21 03:27	270496	------w-	c:\windows\system32\MpSigStub.exe
2014-03-04 09:44 . 2014-04-09 11:14	362496	----a-w-	c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-09 11:14	243712	----a-w-	c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-09 11:14	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-09 11:14	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-09 11:14	1163264	----a-w-	c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-09 11:14	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-09 11:14	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-09 11:14	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-09 11:14	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-09 11:14	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-09 11:14	2048	----a-w-	c:\windows\SysWow64\user.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Petro\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Petro\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Petro\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Petro\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 908160]
"CAHeadless"="c:\program files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" [2012-09-17 840784]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2014-05-08 40312]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2013-05-08 44128]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-05 43848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2013-12-19 1724728]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-06 152392]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2014-04-03 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
.
c:\users\Petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Petro\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-8 32668056]
Mediencenter Assistent.lnk - c:\program files\Telekom\Mediencenter\MediencenterSoftware.exe collapsedtray [2012-3-20 2401152]
Mediencenter.lnk - c:\users\Petro\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe [2013-10-1 562496]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-16 329944]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe [2014-3-2 1430320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms;c:\program files\dell support center\pcdsrvc_x64.pkms [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys;c:\windows\SYSNATIVE\drivers\GDBehave.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys;c:\windows\SYSNATIVE\drivers\MiniIcpt.sys [x]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys;c:\windows\SYSNATIVE\drivers\gdwfpcd64.sys [x]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys;c:\windows\SYSNATIVE\drivers\GRD.sys [x]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys;c:\windows\SYSNATIVE\drivers\HookCentre.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [x]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [x]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE;c:\program files\FRITZ!DSL\IGDCTRL.EXE [x]
S2 MailStoreServer;MailStore Server;c:\program files (x86)\deepinvent\MailStore Server\MailStoreServer_x64.exe;c:\program files (x86)\deepinvent\MailStore Server\MailStoreServer_x64.exe [x]
S2 MCSWASVR;Mediencenter Service;c:\program files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe;c:\program files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [x]
S3 GDKBFlt;G Data GDKBFlt Driver;c:\windows\system32\drivers\GDKBFlt64.sys;c:\windows\SYSNATIVE\drivers\GDKBFlt64.sys [x]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys;c:\windows\SYSNATIVE\drivers\PktIcpt.sys [x]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys;c:\windows\SYSNATIVE\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 05:37]
.
2014-04-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-03-22 17:20]
.
2014-05-29 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2011-03-22 17:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Mediencenter_InSync]
@="{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}"
"ReferenceCount"=dword:00000001
[HKEY_CLASSES_ROOT\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}]
2013-02-12 14:30	558592	----a-w-	c:\users\Petro\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Mediencenter_ToSync]
@="{528EE335-5034-4EFC-834E-63E5F02D2BC2}"
"ReferenceCount"=dword:00000001
[HKEY_CLASSES_ROOT\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}]
2013-02-12 14:30	558592	----a-w-	c:\users\Petro\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Mediencenter_Failed]
@="{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}"
"ReferenceCount"=dword:00000001
[HKEY_CLASSES_ROOT\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}]
2013-02-12 14:30	558592	----a-w-	c:\users\Petro\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Petro\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Petro\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Petro\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Petro\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-05 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-05 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-05 416024]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-09-16 1935120]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-10-15 539456]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1401024587&from=cor&uid=ST9750420AS_6WS0FX3MXXXX6WS0FX3M&q={searchTerms}
mDefault_Page_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: An vorhandenes PDF anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\
FF - prefs.js: browser.search.selectedEngine - sweet-page
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.type - 0
user_pref(extensions.autoDisableScopes,14);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Digital Sites - c:\users\Petro\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (S-1-5-21-695438745-3103446122-1789299792-1005)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.v11o"
.
[HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (S-1-5-21-695438745-3103446122-1789299792-1005)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.v11p"
.
[HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (S-1-5-21-695438745-3103446122-1789299792-1005)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.v11pf"
.
[HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (S-1-5-21-695438745-3103446122-1789299792-1005)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.xmp"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-05-29  22:36:50 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-05-29 20:36
.
Vor Suchlauf: 17 Verzeichnis(se), 331.862.716.416 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 331.556.458.496 Bytes frei
.
- - End Of File - - 1786B4928D3B515D14A2B1965BDB945C
         
__________________

Alt 30.05.2014, 15:10   #4
M-K-D-B
/// TB-Ausbilder
 
Win 7: Selbständige Internetseiten und Umleitung auf Werbung - Standard

Win 7: Selbständige Internetseiten und Umleitung auf Werbung



So geht es weiter:




Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.






Schritt 3
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 4
Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann.
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.
  • Starte Zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
  • Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
    Code:
    ATTFilter
    iedefaults;
    resetIEproxy;
    FFdefaults;
    CHRdefaults;
    emptyclsid;
    autoclean;
             
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich Notepad mit der Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:\ .
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken).





Schritt 5
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die Logdatei von MBAM,
  • die Logdatei von Zoek,
  • die beiden neuen Logdateien von FRST.

Alt 31.05.2014, 14:13   #5
sushi0510
 
Win 7: Selbständige Internetseiten und Umleitung auf Werbung - Standard

Win 7: Selbständige Internetseiten und Umleitung auf Werbung



Hier meine Log files von folgendem:
die Logdatei von AdwCleaner,
die Logdatei von JRT
der Rest folgt in Kürze

AdwCleaner:
Code:
ATTFilter
# AdwCleaner v3.211 - Bericht erstellt am 31/05/2014 um 00:12:01
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Petro - PETER
# Gestartet von : C:\Users\Petro\Desktop\adwcleaner_3.211.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\DSearchLink
Ordner Gelöscht : C:\ProgramData\ParetoLogic
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\RoyalCoupOnu
Ordner Gelöscht : C:\Program Files (x86)\Delta
Ordner Gelöscht : C:\Program Files (x86)\Optimizer Pro
Ordner Gelöscht : C:\Program Files (x86)\Red Sky
Ordner Gelöscht : C:\Users\Petro\AppData\Local\DownTango
Ordner Gelöscht : C:\Users\Petro\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Ordner Gelöscht : C:\Users\Petro\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\Petro\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Petro\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\Petro\AppData\Roaming\DriverCure
Ordner Gelöscht : C:\Users\Petro\AppData\Roaming\ParetoLogic
Ordner Gelöscht : C:\Users\Petro\AppData\Roaming\sweet-page
Ordner Gelöscht : C:\Users\Petro\Documents\Optimizer Pro
Ordner Gelöscht : C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\Extensions\firefoxdav@icloud.com
Datei Gelöscht : C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Petro\Desktop\Search.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\ParetoLogic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\ParetoLogic
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sweet-page uninstaller

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultenginename", "sweet-page");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "sweet-page");
Zeile gelöscht : user_pref("extensions.uo9.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net[...]

*************************

AdwCleaner[R0].txt - [7082 octets] - [31/05/2014 00:08:26]
AdwCleaner[S0].txt - [6501 octets] - [31/05/2014 00:12:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6561 octets] ##########
         

JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Petro on 31.05.2014 at 10:34:46,89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Petro\appdata\local\{0C30DAB9-B502-4846-9832-B1D72C83FA76}
Successfully deleted: [Empty Folder] C:\Users\Petro\appdata\local\{26342882-BA78-4A09-92E2-20F68A6FE83E}
Successfully deleted: [Empty Folder] C:\Users\Petro\appdata\local\{3E05F4D0-A734-441C-8BC6-75ACD713DA63}



~~~ FireFox

Emptied folder: C:\Users\Petro\AppData\Roaming\mozilla\firefox\profiles\xdcit4i9.default\minidumps [142 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.05.2014 at 10:41:06,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         


Alt 31.05.2014, 14:28   #6
M-K-D-B
/// TB-Ausbilder
 
Win 7: Selbständige Internetseiten und Umleitung auf Werbung - Standard

Win 7: Selbständige Internetseiten und Umleitung auf Werbung



Ok, ich warte.

Alt 31.05.2014, 14:41   #7
sushi0510
 
Win 7: Selbständige Internetseiten und Umleitung auf Werbung - Standard

Win 7: Selbständige Internetseiten und Umleitung auf Werbung



Hallo,
ich habe nun doch ein Problem (vermutl. bin ich nur zu doof) mit dem MBAM: ich finde kein Pull-Down-Menue (wie in Deiner Beschreibung) mit dem ich TXT zum Exportieren der Log-Files auswählen kann. Dh. ich finde die Logfiles als txt nicht, sondern nur als xml Dateien

Also hier: C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \Logs
Liegt: mbam-log-2014-05-31 (11-25-20).xml

aber keine txt und ich finde nichts um das vorher umzustellen?

Was soll ich machen?
Danke!

Alt 31.05.2014, 15:35   #8
M-K-D-B
/// TB-Ausbilder
 
Win 7: Selbständige Internetseiten und Umleitung auf Werbung - Standard

Win 7: Selbständige Internetseiten und Umleitung auf Werbung



Guck dir nochmal unsere Anleitung an, evtl. ist das hilfreich.

Alt 31.05.2014, 20:34   #9
sushi0510
 
Win 7: Selbständige Internetseiten und Umleitung auf Werbung - Standard

Win 7: Selbständige Internetseiten und Umleitung auf Werbung



Hallo,
Du hattest natürlich recht :-) es geht, aber es ist in der 2.02 Version schon einen Ticken anders, als in Eurer Anleitung. Den Quick-Suchlauf gibt es in der Freeware so auch nicht mehr.... habe eben den Brohungssuchlauf gemacht... nunja, die Transferleistung auf die neue Version umzustellen, hat bei mir etwas gedauert ;-)

Hier die restlichen Protokolle:
die Logdatei von MBAM,
die Logdatei von Zoek,
die beiden neuen Logdateien von FRST.

Ich hoffe nun ist alles richtig. DAnke nochmals!!! (habe ich auch schon mit einer Spende bekundet)

MBAM
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 31.05.2014
Suchlauf-Zeit: 21:05:13
Logdatei: MBAM_log.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.05.31.09
Rootkit Datenbank: v2014.05.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Petro

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 338308
Verstrichene Zeit: 15 Min, 56 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
         
Zoek:
Code:
ATTFilter
Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Petro on 31.05.2014 at 14:36:21,29.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Petro\Desktop\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

31.05.2014 14:37:18 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\prefs.js:
user_pref("browser.startup.homepage", "www.google.de");
user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Petro\AppData\Roaming\Thunderbird\Profiles\xzggaqf3.default\prefs.js:

Added to C:\Users\Petro\AppData\Roaming\Thunderbird\Profiles\xzggaqf3.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default

user.js not found
---- Lines extensions.uo9 removed from prefs.js ----
user_pref("extensions.uo9.epoch", "1401438053");
user_pref("extensions.uo9.url", "hxxp://webdriiver.in/sync2/?q=hfZ9ojZSh75MCyVUojwMg708BNmGWj8wmihGheDUojw9rdkGqjw6qjwHrShIC7n0rjnEqjs4rdYGrdwHtNhVCT9
---- FireFox user.js and prefs.js backups ---- 

prefs__1444_.backup

ProfilePath: C:\Users\Petro\AppData\Roaming\Thunderbird\Profiles\xzggaqf3.default

user.js not found
---- FireFox user.js and prefs.js backups ---- 

prefs__1444_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~3\3a5077e0758623c6 deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\Program Files\Reimage deleted
C:\prefs.js deleted
C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\jetpack deleted
C:\Users\Petro\Desktop\Search.lnk deleted
"C:\Users\Petro\AppData\Roaming\GHISLER" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default
- Ciuvo Preisvergleich - %ProfilePath%\extensions\extension@ciuvo.com.xpi
- Shoptimate - %ProfilePath%\extensions\support@shoptimate.com.xpi
- Bid-O-Matic Firefox Extension - %ProfilePath%\extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}.xpi

ProfilePath: C:\Users\Petro\AppData\Roaming\Thunderbird\Profiles\xzggaqf3.default
- Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}
- Contact Tabs - %ProfilePath%\extensions\contacttabs@janek.org.xpi
- Extra Folder Columns - %ProfilePath%\extensions\extra-cols@jminta_gmail.com.xpi
- Lightning Calendar Tabs - %ProfilePath%\extensions\lightningcalendartabs@jlx.84.xpi
- Lightning Month Tabs - %ProfilePath%\extensions\lightningmonthtabs@jlx.84.xpi
- MoreFunctionsForAddressBook - %ProfilePath%\extensions\{3e17310d-82e8-4a43-bd2f-7c3055bfe589}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default
A58DE0A570148AF5FF3512B2A340D09F	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll -	Shockwave Flash
63EE2015B877A2E472CC59E05291AA39	- C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMSS.dll -	McAfee Security Scanner +
54FC590185D7D00D65E53B9A5990DC14	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll -	Shockwave Flash


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Default_Search_URL"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Default_Search_URL"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"SearchAssistant"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{87068D2F-8305-4BF8-9015-4471A124B3E8} Unknown  Url="Not_Found"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Internet Explorer\SearchScopes\{87068D2F-8305-4BF8-9015-4471A124B3E8} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyOverride"="*.local"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BirdieSync deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Petro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Petro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Petro\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Importierte f30\Microsoft\Windows\Temporary I 325\Content.IE5 emptied successfully
C:\Users\Petro\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Importierte f30\Microsoft\Windows\Temporary I 325\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Petro\AppData\Local\Mozilla\Firefox\Profiles\xdcit4i9.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=109 folders=27 15955489 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Petro\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Petro\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on 31.05.2014 at 14:50:04,74 ======================
         

FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Petro (administrator) on PETER on 31-05-2014 15:05:05
Running from C:\Users\Petro\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(MailStore Software GmbH) C:\Program Files (x86)\deepinvent\MailStore Server\MailStoreServer_x64.exe
(Deutsche Telekom AG) C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
() C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dropbox, Inc.) C:\Users\Petro\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Deutsche Telekom AG) C:\Program Files\Telekom\Mediencenter\MediencenterSoftware.exe
(Deutsche Telekom AG) C:\Users\Petro\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10357008 2011-10-18] (Intel Corporation)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-16] (Intel(R) Corporation)
HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-28] ()
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [NVHotkey] => C:\Windows\system32\nvHotkey.dll [539456 2011-10-15] (NVIDIA Corporation)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055816 2011-05-30] ()
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-05-30] ()
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2007-10-11] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2007-10-11] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1724728 2013-12-19] (G Data Software AG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-695438745-3103446122-1789299792-1000\...\Run: [WirelessManager] => C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe [194600 2010-07-28] (Ericsson AB)
HKU\S-1-5-21-695438745-3103446122-1789299792-1005\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [908160 2010-03-16] (Microsoft Corporation)
HKU\S-1-5-21-695438745-3103446122-1789299792-1005\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [840784 2012-09-17] (Adobe Systems Incorporated)
HKU\S-1-5-21-695438745-3103446122-1789299792-1005\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-695438745-3103446122-1789299792-1005\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\Petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Petro\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kopie von Kopie von Kopie von Kopie von 20110529__Numbers8.xls ()
Startup: C:\Users\Petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter Assistent.lnk
ShortcutTarget: Mediencenter Assistent.lnk -> C:\Program Files\Telekom\Mediencenter\MediencenterSoftware.exe (Deutsche Telekom AG)
Startup: C:\Users\Petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk
ShortcutTarget: Mediencenter.lnk -> C:\Users\Petro\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default
FF NewTab: hxxp://www.google.com/
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ciuvo - C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\Extensions\extension@ciuvo.com.xpi [2013-01-19]
FF Extension: Shoptimate - C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\Extensions\support@shoptimate.com.xpi [2013-01-19]
FF Extension: Biet-O-Matic Firefox Erweiterung - C:\Users\Petro\AppData\Roaming\Mozilla\Firefox\Profiles\xdcit4i9.default\Extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}.xpi [2013-01-07]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-05-09]

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2244728 2014-02-12] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2723400 2014-03-25] (G Data Software AG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [8704 2012-01-19] (Microsoft)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2992760 2014-01-30] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700024 2014-02-03] (G Data Software AG)
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin)
R2 MailStoreServer; C:\Program Files (x86)\deepinvent\MailStore Server\MailStoreServer_x64.exe [432240 2014-01-10] (MailStore Software GmbH)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 MCSWASVR; C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe [12800 2012-08-13] (Deutsche Telekom AG)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-16] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [57344 2014-05-25] (G Data Software AG)
R3 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [22016 2014-05-25] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [135168 2014-05-25] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [68608 2014-05-25] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64000 2014-05-25] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-02-17] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [65024 2014-05-25] (G Data Software AG)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [249152 2011-10-15] (NVIDIA Corporation)
S3 NvStUSB; C:\Windows\system32\drivers\nvstusb.sys [121960 2010-12-12] ()
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 NSNDIS5; \??\C:\Windows\system32\NSNDIS5.SYS [X]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-31 14:47 - 2014-05-31 14:36 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-31 14:37 - 2014-05-31 14:50 - 00011332 _____ () C:\zoek-results.log
2014-05-31 14:36 - 2014-05-31 14:48 - 00000000 ____D () C:\zoek_backup
2014-05-31 11:22 - 2014-05-31 11:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Petro\Desktop\mbam-setup-2.0.2.1012(1).exe
2014-05-31 10:41 - 2014-05-31 10:41 - 00001210 _____ () C:\Users\Petro\Desktop\JRT.txt
2014-05-31 10:34 - 2014-05-31 10:34 - 00000000 ____D () C:\Windows\ERUNT
2014-05-31 10:31 - 2014-05-31 10:31 - 04095664 _____ () C:\Users\Petro\Desktop\zoek.zip
2014-05-31 10:31 - 2014-05-31 10:31 - 01285120 _____ () C:\Users\Petro\Desktop\zoek.exe
2014-05-31 10:29 - 2014-05-31 10:29 - 01016261 _____ (Thisisu) C:\Users\Petro\Desktop\JRT.exe
2014-05-31 00:08 - 2014-05-31 09:41 - 00000000 ____D () C:\AdwCleaner
2014-05-31 00:05 - 2014-05-31 00:05 - 01327971 _____ () C:\Users\Petro\Desktop\adwcleaner_3.211.exe
2014-05-30 12:51 - 2014-05-30 12:51 - 00807131 _____ () C:\Users\Petro\Downloads\MyContacts-2014-05-30-124847-410.vcf
2014-05-29 22:36 - 2014-05-29 22:36 - 00036346 _____ () C:\ComboFix.txt
2014-05-29 22:18 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-29 22:18 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-29 22:18 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-29 22:18 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-29 22:18 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-29 22:18 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-29 22:18 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-29 22:18 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-29 22:17 - 2014-05-29 22:36 - 00000000 ____D () C:\Qoobox
2014-05-29 22:17 - 2014-05-29 22:34 - 00000000 ____D () C:\Windows\erdnt
2014-05-29 21:48 - 2014-05-29 21:49 - 05203398 ____R (Swearware) C:\Users\Petro\Desktop\ComboFix.exe
2014-05-29 10:23 - 2014-05-29 10:24 - 00042664 _____ () C:\Users\Petro\Desktop\Addition.txt
2014-05-29 10:22 - 2014-05-31 15:05 - 00027384 _____ () C:\Users\Petro\Desktop\FRST.txt
2014-05-29 10:22 - 2014-05-31 15:05 - 00000000 ____D () C:\FRST
2014-05-29 10:21 - 2014-05-29 10:21 - 00000472 _____ () C:\Users\Petro\Desktop\defogger_disable.log
2014-05-28 12:59 - 2014-05-28 12:59 - 00380416 _____ () C:\Users\Petro\Desktop\32zm573i.exe
2014-05-28 12:58 - 2014-05-28 12:58 - 02066944 _____ (Farbar) C:\Users\Petro\Desktop\FRST64.exe
2014-05-28 12:57 - 2014-05-28 12:57 - 00050477 _____ () C:\Users\Petro\Desktop\Defogger.exe
2014-05-26 08:30 - 2014-05-26 08:30 - 00001168 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-26 08:30 - 2014-05-26 08:30 - 00001156 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-26 08:29 - 2014-05-26 08:29 - 28852416 _____ (Mozilla) C:\Users\Petro\Downloads\Firefox_Setup_de29.0.1.exe
2014-05-25 21:58 - 2014-05-25 21:58 - 00022016 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBFlt64.sys
2014-05-25 21:58 - 2014-05-25 21:58 - 00002058 _____ () C:\Windows\DPINST.LOG
2014-05-25 21:58 - 2014-05-25 21:58 - 00001987 _____ () C:\Users\Public\Desktop\G Data InternetSecurity.lnk
2014-05-25 21:58 - 2014-05-25 21:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_GDKBFlt64_01007.Wdf
2014-05-25 21:58 - 2014-05-25 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity
2014-05-25 21:47 - 2014-05-25 21:47 - 00001518 _____ () C:\Mailware.txt
2014-05-25 20:05 - 2014-05-31 14:48 - 00080104 _____ () C:\Windows\PFRO.log
2014-05-25 16:53 - 2014-05-25 16:53 - 00526323 _____ () C:\Users\Petro\Downloads\web_of_trust_wot-20131118-fx.zip
2014-05-25 16:41 - 2014-05-31 11:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-25 16:40 - 2014-05-31 14:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-25 16:40 - 2014-05-31 11:23 - 00001111 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-25 16:40 - 2014-05-31 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-25 16:40 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-25 16:40 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-25 16:36 - 2014-05-25 16:37 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Petro\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-25 16:29 - 2014-05-25 16:29 - 00000040 _____ () C:\Users\Petro\AppData\Roaming\WB.CFG
2014-05-25 15:30 - 2014-05-25 15:31 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\DivX
2014-05-25 15:30 - 2014-05-25 15:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-05-25 15:30 - 2014-05-25 15:30 - 00000000 ____D () C:\Program Files\DivX
2014-05-25 15:29 - 2014-05-25 15:31 - 00000000 ____D () C:\ProgramData\DivX
2014-05-25 15:29 - 2014-05-25 15:31 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-05-25 15:29 - 2014-05-25 15:30 - 00000000 ____D () C:\Program Files (x86)\Xvid
2014-05-25 15:29 - 2014-05-25 15:29 - 00715038 _____ () C:\Windows\unins000.exe
2014-05-25 15:29 - 2014-05-25 15:29 - 00001987 _____ () C:\Windows\unins000.dat
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\LavFilters
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\CDXReader
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DirectVobSub
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\OpenSource Flash Video Splitter
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\ffdshow
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\DSP-worx
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\DirectVobSub
2014-05-25 15:29 - 2012-02-26 16:47 - 00079360 _____ () C:\Windows\SysWOW64\ff_vfw.dll
2014-05-25 15:29 - 2012-01-09 20:45 - 00178688 _____ () C:\Windows\SysWOW64\unrar.dll
2014-05-25 15:29 - 2011-12-07 19:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
2014-05-25 15:29 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2014-05-25 15:29 - 2011-05-30 15:42 - 00255488 _____ () C:\Windows\system32\xvidvfw.dll
2014-05-25 15:29 - 2011-05-30 15:42 - 00240640 _____ () C:\Windows\SysWOW64\xvidvfw.dll
2014-05-25 15:29 - 2011-05-23 11:52 - 00153088 _____ () C:\Windows\SysWOW64\xvid.ax
2014-05-25 15:29 - 2011-05-23 09:49 - 00173568 _____ () C:\Windows\system32\xvid.ax
2014-05-25 15:29 - 2011-05-23 09:46 - 00645632 _____ () C:\Windows\SysWOW64\xvidcore.dll
2014-05-25 15:29 - 2011-05-23 09:45 - 00696832 _____ () C:\Windows\system32\xvidcore.dll
2014-05-25 15:22 - 2014-05-25 15:22 - 00215920 _____ () C:\Users\Petro\Downloads\morefunctionsforAB-TB3-0.6.11.2.xpi
2014-05-25 15:21 - 2014-05-25 15:21 - 00150985 _____ () C:\Users\Petro\Downloads\morefunctionsforAB-0.5.9.2(2).xpi
2014-05-25 15:15 - 2014-05-25 15:15 - 00150985 _____ () C:\Users\Petro\Downloads\morefunctionsforAB-0.5.9.2(1).xpi
2014-05-25 15:06 - 2014-05-25 15:06 - 00000000 ____D () C:\Users\Petro\Downloads\outport
2014-05-25 15:03 - 2014-05-25 15:03 - 00417846 _____ () C:\Users\Petro\Downloads\outport-1.1.25.zip
2014-05-25 15:02 - 2014-05-25 15:02 - 00150985 _____ () C:\Users\Petro\Downloads\morefunctionsforAB-0.5.9.2.xpi
2014-05-25 13:28 - 2014-05-25 13:28 - 21987152 _____ (Mozilla) C:\Users\Petro\Downloads\Thunderbird_Setup_24.5.0.exe
2014-05-25 11:00 - 2014-05-25 11:00 - 00003134 _____ () C:\Windows\System32\Tasks\{05055B09-8873-456A-B081-A71D2D65866F}
2014-05-25 10:57 - 2014-05-25 10:57 - 04021568 _____ (Microsoft Corporation) C:\Users\Petro\Downloads\OutlookConnector.exe
2014-05-25 10:33 - 2014-05-25 10:33 - 00001805 _____ () C:\Users\Public\Desktop\MailStore Client auf weiteren Rechnern installieren.lnk
2014-05-25 10:33 - 2014-05-25 10:33 - 00001282 _____ () C:\Users\Public\Desktop\Konfiguration des MailStore Server-Dienstes.lnk
2014-05-25 10:33 - 2014-05-25 10:33 - 00001222 _____ () C:\Users\Public\Desktop\MailStore Client.lnk
2014-05-25 10:33 - 2014-05-25 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MailStore Server
2014-05-25 09:52 - 2014-05-25 13:37 - 00000000 ____D () C:\Users\Petro\Documents\MailStore Home
2014-05-25 09:51 - 2014-05-25 09:51 - 05813952 _____ (Igor Pavlov) C:\Users\Petro\Downloads\MailStoreHomeSetup-8.2.0.9316(1).exe
2014-05-25 09:51 - 2014-05-25 09:51 - 00001228 _____ () C:\Users\Public\Desktop\MailStore Home.lnk
2014-05-25 09:51 - 2014-05-25 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MailStore Home
2014-05-25 09:22 - 2014-05-25 09:22 - 05813952 _____ (Igor Pavlov) C:\Users\Petro\Downloads\MailStoreHomeSetup-8.2.0.9316.exe
2014-05-25 09:15 - 2014-05-31 14:50 - 00000000 ____D () C:\ProgramData\firebird
2014-05-25 09:15 - 2014-05-31 14:49 - 00000000 ____D () C:\MailArchive
2014-05-25 09:10 - 2014-05-25 09:51 - 00000000 ____D () C:\Program Files (x86)\deepinvent
2014-05-25 09:10 - 2014-05-25 09:10 - 00000000 ____D () C:\ProgramData\MailStore
2014-05-25 09:07 - 2014-05-25 09:08 - 38996392 _____ (MailStore Software GmbH ) C:\Users\Petro\Downloads\MailStoreServerSetup-8.1.2.9268.exe
2014-05-25 08:53 - 2014-05-25 14:52 - 00038576 _____ () C:\Users\Petro\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2014-05-25 08:37 - 2014-05-25 08:37 - 00000000 __SHD () C:\Users\Petro\AppData\Local\EmieUserList
2014-05-25 08:37 - 2014-05-25 08:37 - 00000000 __SHD () C:\Users\Petro\AppData\Local\EmieSiteList
2014-05-25 07:26 - 2014-05-25 07:57 - 00000000 ____D () C:\Users\Petro\AppData\Local\Windows Live
2014-05-20 19:08 - 2014-05-20 19:08 - 00007249 _____ () C:\Users\Petro\AppData\Local\recently-used.xbel
2014-05-20 18:53 - 2014-05-20 18:53 - 00000000 ____D () C:\Users\Petro\AppData\Local\webkit
2014-05-20 18:49 - 2014-05-20 19:08 - 00000000 ____D () C:\Users\Petro\AppData\Local\gtk-2.0
2014-05-20 18:49 - 2014-05-20 18:49 - 00000000 ____D () C:\Users\Petro\.thumbnails
2014-05-20 18:47 - 2014-05-20 19:08 - 00000000 ____D () C:\Users\Petro\.gimp-2.8
2014-05-20 18:47 - 2014-05-20 18:47 - 00000000 ____D () C:\Users\Petro\AppData\Local\gegl-0.2
2014-05-20 17:46 - 2014-05-20 17:46 - 00000863 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-05-20 17:45 - 2014-05-20 17:46 - 00000000 ____D () C:\Program Files\GIMP 2
2014-05-20 17:41 - 2014-05-20 17:42 - 90396104 _____ (The GIMP Team ) C:\Users\Petro\Downloads\gimp-2.8.10-setup.exe
2014-05-17 09:32 - 2014-05-31 14:51 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\DropboxMaster
2014-05-15 03:05 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 03:05 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 03:05 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 03:05 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 03:05 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 03:05 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 06:58 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 06:58 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 06:58 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 06:58 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 06:58 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 06:58 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 06:58 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 06:58 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 06:58 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 06:58 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 06:58 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 06:58 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 06:58 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 06:58 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 06:58 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 06:58 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 06:58 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 06:58 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 06:58 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 06:58 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 06:58 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 06:58 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 06:58 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 06:58 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 06:58 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 06:58 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 06:58 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 06:58 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 06:58 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 06:58 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 06:58 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 06:58 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-11 14:29 - 2014-05-11 14:29 - 00128064 _____ () C:\Users\Petro\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-11 14:28 - 2014-05-31 14:48 - 00001723 _____ () C:\Windows\setupact.log
2014-05-11 14:28 - 2014-05-11 14:29 - 02104944 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-11 14:28 - 2014-05-11 14:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-09 22:34 - 2014-05-26 08:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-06 21:16 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-06 21:15 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-06 21:15 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-06 21:15 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-06 21:15 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-06 21:15 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-06 21:15 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-06 21:15 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-06 21:15 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-06 21:15 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-06 21:15 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-06 21:15 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-06 21:15 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-06 21:15 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-06 21:15 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-06 21:15 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-06 21:15 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-06 21:15 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-06 21:15 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-06 21:15 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-06 21:15 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-06 21:15 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-06 21:15 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-06 21:15 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-06 21:15 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-06 21:15 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-06 21:15 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-06 21:15 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-06 21:15 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-06 21:15 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-06 21:15 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-06 21:15 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-06 21:15 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-06 21:15 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-06 21:15 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-06 21:15 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-06 21:15 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-06 21:15 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-06 21:15 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-06 21:15 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-06 21:15 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-06 21:15 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-06 21:15 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-06 21:15 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

==================== One Month Modified Files and Folders =======

2014-05-31 15:05 - 2014-05-29 10:22 - 00027384 _____ () C:\Users\Petro\Desktop\FRST.txt
2014-05-31 15:05 - 2014-05-29 10:22 - 00000000 ____D () C:\FRST
2014-05-31 15:03 - 2011-12-22 15:56 - 00000422 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-05-31 14:57 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-31 14:57 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-31 14:55 - 2014-02-17 20:31 - 01159082 _____ () C:\Windows\WindowsUpdate.log
2014-05-31 14:53 - 2013-02-28 13:59 - 00000000 ___RD () C:\Users\Petro\Mediencenter
2014-05-31 14:51 - 2014-05-17 09:32 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\DropboxMaster
2014-05-31 14:51 - 2013-02-02 08:52 - 00000000 ___RD () C:\Users\Petro\Dropbox
2014-05-31 14:51 - 2013-02-02 08:49 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\Dropbox
2014-05-31 14:50 - 2014-05-31 14:37 - 00011332 _____ () C:\zoek-results.log
2014-05-31 14:50 - 2014-05-25 09:15 - 00000000 ____D () C:\ProgramData\firebird
2014-05-31 14:50 - 2011-12-17 15:31 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-05-31 14:49 - 2014-05-25 09:15 - 00000000 ____D () C:\MailArchive
2014-05-31 14:49 - 2011-12-17 15:36 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-05-31 14:49 - 2011-12-17 15:36 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-05-31 14:49 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-31 14:48 - 2014-05-31 14:36 - 00000000 ____D () C:\zoek_backup
2014-05-31 14:48 - 2014-05-25 20:05 - 00080104 _____ () C:\Windows\PFRO.log
2014-05-31 14:48 - 2014-05-11 14:28 - 00001723 _____ () C:\Windows\setupact.log
2014-05-31 14:48 - 2011-12-17 07:50 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-31 14:37 - 2012-04-03 06:50 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-31 14:36 - 2014-05-31 14:47 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-31 14:32 - 2014-05-25 16:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-31 11:25 - 2014-05-25 16:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-31 11:23 - 2014-05-31 11:22 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Petro\Desktop\mbam-setup-2.0.2.1012(1).exe
2014-05-31 11:23 - 2014-05-25 16:40 - 00001111 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-31 11:23 - 2014-05-25 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-31 10:41 - 2014-05-31 10:41 - 00001210 _____ () C:\Users\Petro\Desktop\JRT.txt
2014-05-31 10:34 - 2014-05-31 10:34 - 00000000 ____D () C:\Windows\ERUNT
2014-05-31 10:31 - 2014-05-31 10:31 - 04095664 _____ () C:\Users\Petro\Desktop\zoek.zip
2014-05-31 10:31 - 2014-05-31 10:31 - 01285120 _____ () C:\Users\Petro\Desktop\zoek.exe
2014-05-31 10:29 - 2014-05-31 10:29 - 01016261 _____ (Thisisu) C:\Users\Petro\Desktop\JRT.exe
2014-05-31 09:41 - 2014-05-31 00:08 - 00000000 ____D () C:\AdwCleaner
2014-05-31 00:17 - 2012-02-16 19:34 - 00000000 ___RD () C:\Users\Petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-31 00:16 - 2013-02-02 08:52 - 00001022 _____ () C:\Users\Petro\Desktop\Dropbox.lnk
2014-05-31 00:16 - 2013-02-02 08:50 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-31 00:15 - 2011-12-17 15:52 - 00000000 ____D () C:\ProgramData\Sonic
2014-05-31 00:05 - 2014-05-31 00:05 - 01327971 _____ () C:\Users\Petro\Desktop\adwcleaner_3.211.exe
2014-05-30 13:01 - 2013-10-06 20:37 - 00000000 ____D () C:\Users\Petro\AppData\Local\42F12FD7-AC63-4CF3-A877-21C804D57E47.aplzod
2014-05-30 13:01 - 2012-03-11 17:07 - 00000000 ____D () C:\Users\Petro\Documents\Outlook-Dateien
2014-05-30 12:51 - 2014-05-30 12:51 - 00807131 _____ () C:\Users\Petro\Downloads\MyContacts-2014-05-30-124847-410.vcf
2014-05-30 11:35 - 2010-11-21 08:50 - 00703214 _____ () C:\Windows\system32\perfh007.dat
2014-05-30 11:35 - 2010-11-21 08:50 - 00150822 _____ () C:\Windows\system32\perfc007.dat
2014-05-30 11:35 - 2009-07-14 07:13 - 01649782 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-29 22:36 - 2014-05-29 22:36 - 00036346 _____ () C:\ComboFix.txt
2014-05-29 22:36 - 2014-05-29 22:17 - 00000000 ____D () C:\Qoobox
2014-05-29 22:36 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-05-29 22:34 - 2014-05-29 22:17 - 00000000 ____D () C:\Windows\erdnt
2014-05-29 22:31 - 2009-07-14 04:34 - 00000248 _____ () C:\Windows\system.ini
2014-05-29 22:29 - 2009-07-14 04:34 - 88604672 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-05-29 22:29 - 2009-07-14 04:34 - 21233664 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-05-29 22:29 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-05-29 22:29 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-05-29 22:29 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-05-29 21:49 - 2014-05-29 21:48 - 05203398 ____R (Swearware) C:\Users\Petro\Desktop\ComboFix.exe
2014-05-29 20:16 - 2012-02-26 11:03 - 00000432 _____ () C:\Windows\BRWMARK.INI
2014-05-29 10:24 - 2014-05-29 10:23 - 00042664 _____ () C:\Users\Petro\Desktop\Addition.txt
2014-05-29 10:21 - 2014-05-29 10:21 - 00000472 _____ () C:\Users\Petro\Desktop\defogger_disable.log
2014-05-28 12:59 - 2014-05-28 12:59 - 00380416 _____ () C:\Users\Petro\Desktop\32zm573i.exe
2014-05-28 12:58 - 2014-05-28 12:58 - 02066944 _____ (Farbar) C:\Users\Petro\Desktop\FRST64.exe
2014-05-28 12:57 - 2014-05-28 12:57 - 00050477 _____ () C:\Users\Petro\Desktop\Defogger.exe
2014-05-26 23:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-26 23:11 - 2012-05-04 12:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-26 08:30 - 2014-05-26 08:30 - 00001168 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-26 08:30 - 2014-05-26 08:30 - 00001156 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-26 08:30 - 2014-05-09 22:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-26 08:29 - 2014-05-26 08:29 - 28852416 _____ (Mozilla) C:\Users\Petro\Downloads\Firefox_Setup_de29.0.1.exe
2014-05-25 21:58 - 2014-05-25 21:58 - 00022016 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBFlt64.sys
2014-05-25 21:58 - 2014-05-25 21:58 - 00002058 _____ () C:\Windows\DPINST.LOG
2014-05-25 21:58 - 2014-05-25 21:58 - 00001987 _____ () C:\Users\Public\Desktop\G Data InternetSecurity.lnk
2014-05-25 21:58 - 2014-05-25 21:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_GDKBFlt64_01007.Wdf
2014-05-25 21:58 - 2014-05-25 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity
2014-05-25 21:58 - 2014-02-15 15:58 - 00068608 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2014-05-25 21:58 - 2014-02-15 15:57 - 00135168 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2014-05-25 21:58 - 2014-02-15 15:57 - 00065024 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2014-05-25 21:58 - 2014-02-15 15:57 - 00064000 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2014-05-25 21:58 - 2014-02-15 15:57 - 00057344 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2014-05-25 21:57 - 2014-02-15 15:56 - 00000000 ____D () C:\ProgramData\G Data
2014-05-25 21:47 - 2014-05-25 21:47 - 00001518 _____ () C:\Mailware.txt
2014-05-25 16:53 - 2014-05-25 16:53 - 00526323 _____ () C:\Users\Petro\Downloads\web_of_trust_wot-20131118-fx.zip
2014-05-25 16:40 - 2013-01-21 22:16 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\Malwarebytes
2014-05-25 16:40 - 2013-01-21 22:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-25 16:37 - 2014-05-25 16:36 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Petro\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-25 16:29 - 2014-05-25 16:29 - 00000040 _____ () C:\Users\Petro\AppData\Roaming\WB.CFG
2014-05-25 15:31 - 2014-05-25 15:30 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\DivX
2014-05-25 15:31 - 2014-05-25 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-05-25 15:31 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\DivX
2014-05-25 15:31 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-05-25 15:31 - 2014-04-29 22:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-25 15:30 - 2014-05-25 15:30 - 00000000 ____D () C:\Program Files\DivX
2014-05-25 15:30 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\Xvid
2014-05-25 15:29 - 2014-05-25 15:29 - 00715038 _____ () C:\Windows\unins000.exe
2014-05-25 15:29 - 2014-05-25 15:29 - 00001987 _____ () C:\Windows\unins000.dat
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\LavFilters
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\CDXReader
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DirectVobSub
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\OpenSource Flash Video Splitter
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\ffdshow
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\DSP-worx
2014-05-25 15:29 - 2014-05-25 15:29 - 00000000 ____D () C:\Program Files (x86)\DirectVobSub
2014-05-25 15:22 - 2014-05-25 15:22 - 00215920 _____ () C:\Users\Petro\Downloads\morefunctionsforAB-TB3-0.6.11.2.xpi
2014-05-25 15:21 - 2014-05-25 15:21 - 00150985 _____ () C:\Users\Petro\Downloads\morefunctionsforAB-0.5.9.2(2).xpi
2014-05-25 15:15 - 2014-05-25 15:15 - 00150985 _____ () C:\Users\Petro\Downloads\morefunctionsforAB-0.5.9.2(1).xpi
2014-05-25 15:06 - 2014-05-25 15:06 - 00000000 ____D () C:\Users\Petro\Downloads\outport
2014-05-25 15:03 - 2014-05-25 15:03 - 00417846 _____ () C:\Users\Petro\Downloads\outport-1.1.25.zip
2014-05-25 15:02 - 2014-05-25 15:02 - 00150985 _____ () C:\Users\Petro\Downloads\morefunctionsforAB-0.5.9.2.xpi
2014-05-25 14:52 - 2014-05-25 08:53 - 00038576 _____ () C:\Users\Petro\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2014-05-25 14:15 - 2012-03-20 21:23 - 00000021 _____ () C:\Users\Petro\AppData\Local\mc.pixel.data
2014-05-25 13:37 - 2014-05-25 09:52 - 00000000 ____D () C:\Users\Petro\Documents\MailStore Home
2014-05-25 13:29 - 2012-12-20 17:12 - 00002107 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-05-25 13:29 - 2012-12-20 17:12 - 00002095 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-05-25 13:29 - 2012-12-20 17:12 - 00000000 ____D () C:\Users\Petro\AppData\Local\Thunderbird
2014-05-25 13:28 - 2014-05-25 13:28 - 21987152 _____ (Mozilla) C:\Users\Petro\Downloads\Thunderbird_Setup_24.5.0.exe
2014-05-25 11:00 - 2014-05-25 11:00 - 00003134 _____ () C:\Windows\System32\Tasks\{05055B09-8873-456A-B081-A71D2D65866F}
2014-05-25 10:57 - 2014-05-25 10:57 - 04021568 _____ (Microsoft Corporation) C:\Users\Petro\Downloads\OutlookConnector.exe
2014-05-25 10:57 - 2013-04-19 14:20 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-05-25 10:33 - 2014-05-25 10:33 - 00001805 _____ () C:\Users\Public\Desktop\MailStore Client auf weiteren Rechnern installieren.lnk
2014-05-25 10:33 - 2014-05-25 10:33 - 00001282 _____ () C:\Users\Public\Desktop\Konfiguration des MailStore Server-Dienstes.lnk
2014-05-25 10:33 - 2014-05-25 10:33 - 00001222 _____ () C:\Users\Public\Desktop\MailStore Client.lnk
2014-05-25 10:33 - 2014-05-25 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MailStore Server
2014-05-25 09:51 - 2014-05-25 09:51 - 05813952 _____ (Igor Pavlov) C:\Users\Petro\Downloads\MailStoreHomeSetup-8.2.0.9316(1).exe
2014-05-25 09:51 - 2014-05-25 09:51 - 00001228 _____ () C:\Users\Public\Desktop\MailStore Home.lnk
2014-05-25 09:51 - 2014-05-25 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MailStore Home
2014-05-25 09:51 - 2014-05-25 09:10 - 00000000 ____D () C:\Program Files (x86)\deepinvent
2014-05-25 09:22 - 2014-05-25 09:22 - 05813952 _____ (Igor Pavlov) C:\Users\Petro\Downloads\MailStoreHomeSetup-8.2.0.9316.exe
2014-05-25 09:10 - 2014-05-25 09:10 - 00000000 ____D () C:\ProgramData\MailStore
2014-05-25 09:08 - 2014-05-25 09:07 - 38996392 _____ (MailStore Software GmbH ) C:\Users\Petro\Downloads\MailStoreServerSetup-8.1.2.9268.exe
2014-05-25 08:37 - 2014-05-25 08:37 - 00000000 __SHD () C:\Users\Petro\AppData\Local\EmieUserList
2014-05-25 08:37 - 2014-05-25 08:37 - 00000000 __SHD () C:\Users\Petro\AppData\Local\EmieSiteList
2014-05-25 07:57 - 2014-05-25 07:26 - 00000000 ____D () C:\Users\Petro\AppData\Local\Windows Live
2014-05-25 07:55 - 2013-09-06 10:10 - 00000000 ____D () C:\Users\Petro\AppData\Roaming\Windows Live Writer
2014-05-20 19:08 - 2014-05-20 19:08 - 00007249 _____ () C:\Users\Petro\AppData\Local\recently-used.xbel
2014-05-20 19:08 - 2014-05-20 18:49 - 00000000 ____D () C:\Users\Petro\AppData\Local\gtk-2.0
2014-05-20 19:08 - 2014-05-20 18:47 - 00000000 ____D () C:\Users\Petro\.gimp-2.8
2014-05-20 18:53 - 2014-05-20 18:53 - 00000000 ____D () C:\Users\Petro\AppData\Local\webkit
2014-05-20 18:49 - 2014-05-20 18:49 - 00000000 ____D () C:\Users\Petro\.thumbnails
2014-05-20 18:49 - 2012-02-16 19:34 - 00000000 ____D () C:\Users\Petro
2014-05-20 18:47 - 2014-05-20 18:47 - 00000000 ____D () C:\Users\Petro\AppData\Local\gegl-0.2
2014-05-20 17:46 - 2014-05-20 17:46 - 00000863 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-05-20 17:46 - 2014-05-20 17:45 - 00000000 ____D () C:\Program Files\GIMP 2
2014-05-20 17:42 - 2014-05-20 17:41 - 90396104 _____ (The GIMP Team ) C:\Users\Petro\Downloads\gimp-2.8.10-setup.exe
2014-05-18 10:42 - 2012-02-25 12:42 - 00856041 _____ () C:\Users\Petro\DesktopStCenter.txt
2014-05-17 17:25 - 2012-08-31 08:20 - 00095232 _____ () C:\Users\Petro\Desktop\Kopie von 110102 Nummern-1.xls
2014-05-15 07:37 - 2012-04-03 06:50 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 07:37 - 2012-04-03 06:50 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-15 07:37 - 2011-12-17 14:59 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 04:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 03:37 - 2012-10-12 23:38 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-15 03:27 - 2012-02-16 19:34 - 00000000 ___RD () C:\Users\Petro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 03:04 - 2013-08-02 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 03:02 - 2012-02-12 17:03 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-12 07:26 - 2014-05-25 16:40 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-25 16:40 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2013-01-23 22:09 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 14:29 - 2014-05-11 14:29 - 00128064 _____ () C:\Users\Petro\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-11 14:29 - 2014-05-11 14:28 - 02104944 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-11 14:28 - 2014-05-11 14:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-07 18:12 - 2013-04-03 03:38 - 00000000 ____D () C:\Users\Petro\Documents\Mein Steuer-Sparbuch Heute
2014-05-07 18:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-06 06:40 - 2014-05-15 03:05 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-15 03:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-15 03:05 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-15 03:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-15 03:05 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 03:05 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 19:29 - 2013-03-31 12:13 - 00000750 _____ () C:\Windows\wiso.ini

Some content of TEMP:
====================
C:\Users\Petro\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwvzfqd.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 00:45

==================== End Of Log ============================
         
--- --- ---



Addition:FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by Petro at 2014-05-31 15:06:20
Running from C:\Users\Petro\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: G Data InternetSecurity (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G Data InternetSecurity (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G Data Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ACDSee Foto-Manager 2009 (HKLM-x32\...\{300578F9-9EFF-4B93-9AB1-C0E5707EF463}) (Version: 11.0.85 - ACD Systems International)
Adobe Acrobat  9 Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat  9 Standard - English, Français, Deutsch (x32 Version: 9.5.5 - Adobe Systems) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Album Art Downloader XUI 0.45 (HKLM-x32\...\Album Art Downloader XUI) (Version: 0.45 - hxxp://sourceforge.net/projects/album-art)
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-7840W (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 3.15 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Codec Pack Packages (HKCU\...\Codec Pack Packages) (Version:  - ) <==== ATTENTION
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DC-Bass Source 1.3.0 (HKLM-x32\...\DC-Bass Source) (Version:  - )
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Mobile Broadband Manager (HKLM-x32\...\{23EEC842-57ED-4055-A056-9D4185DFB1AA}) (Version: 6.1.24.2 - Dell)
Dell MusicStage (HKLM-x32\...\{3255BC3F-32BA-41ED-93A0-B9AEB6CDD9E6}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{E9F59205-F128-49A7-9039-4BDFB60EE4A3}) (Version: 1.5.420.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5803.11 - Dell Inc.)
Dell Support Center (Version: 3.1.5803.11 - PC-Doctor, Inc.) Hidden
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DirectVobSub 2.40.4209 (HKLM-x32\...\vsfilter_is1) (Version: 2.40.4209 - MPC-HC Team)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Elements 11 Organizer (x32 Version: 11.0 - Ihr Firmenname) Hidden
ffdshow v1.1.4399 [2012-03-22] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.4399.0 - )
Free Video Flip and Rotate version 2.1.9.827 (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 2.1.9.827 - DVDVideoSoft Ltd.)
FRITZ!DSL64 (HKLM\...\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}) (Version: 2.04.03 - AVM Berlin)
G Data InternetSecurity (HKLM-x32\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.1.2 - G Data Software AG)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
High-Definition Video Playback (x32 Version: 7.3.10000.0.0 - Nero AG) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2455 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}) (Version: 1.2.1.0608 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.55.0 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kalenderdruck-Assistent für Microsoft Office Outlook 2007 (HKLM-x32\...\{90120000-00A7-0407-0000-0000000FF1CE}) (Version: 12.0.6520.3001 - Microsoft Corporation)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LingoPad 2.6 (Build 360) (HKLM-x32\...\LingoPad_is1) (Version: 2.6 - Lingo4you)
MailStore Home 8.2.0.9316 (HKLM-x32\...\MailStore Home_universal1) (Version: 8.2.0.9316 - MailStore Software GmbH)
MailStore Server 8.1.2.9268 (HKLM-x32\...\MailStore Server_is1) (Version: 8.1.2.9268 - MailStore Software GmbH)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Mediencenter 3.8.9799.6 (HKCU\...\Mediencenter) (Version: 3.8.9799.6 - Deutsche Telekom AG)
Mediencenter Assistent (HKLM\...\Mediencenter Software) (Version: 2.7.0.1451 - Telekom)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 10 Movie ThemePack Basic (x32 Version: 10.2.10200.0.0 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.12500.0.5 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20000.9.12 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11400.27.0 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Newshosting (HKLM\...\{FE76A200-134E-48EC-8E90-3C124F16BC7F}) (Version: 1.6.1 - Newshosting)
NVIDIA 3D Vision Treiber 285.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 285.62 - NVIDIA Corporation)
NVIDIA Grafiktreiber 285.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 285.62 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.24.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.24.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.46.235 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.5.20 (Version: 1.5.20 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.11.0621 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.11.0621 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.0621 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.8562 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 285.62 (Version: 285.62 - NVIDIA Corporation) Hidden
NVIDIA Update 1.5.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.5.20 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.5.20 - NVIDIA Corporation) Hidden
OpenSource Flash Video Splitter 1.0.0.5 (HKLM-x32\...\OpenSource Flash Video Splitter) (Version: 1.0.0.5 - )
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
QNAP Finder (HKLM-x32\...\QNAP_FINDER) (Version: 3.4.1.1401 - QNAP Systems, Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.10 - Dell Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6312 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.27.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.27.0 - Renesas Electronics Corporation) Hidden
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
ScanSoft PaperPort 11 (HKLM-x32\...\{7A8FF745-BBC5-482B-88E4-18D3178249A9}) (Version: 11.1.0000 - Nuance Communications, Inc.)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.0 (HKLM-x32\...\{EA17F4FC-FDBF-4CF8-A529-2D983132D053}) (Version: 6.0.126 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SpamAssassin for Windows V1.2.1.15 (HKLM-x32\...\SpamAssassin for Windows_is1) (Version: 1.2.1.15 - JAM Software)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.6.0 - Synaptics Incorporated)
SyncUP (HKLM-x32\...\{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}) (Version: 1.10.11100.8.106 - Nero AG)
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.15400 - Nero AG)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{0AF37F62-3243-4416-8392-BD0E16874B90}) (Version: 21.00.8480 - Buhl Data Service GmbH)
XnView 1.99.6 (HKLM-x32\...\XnView_is1) (Version: 1.99.6 - Gougelet Pierre-e)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Restore Points  =========================

25-05-2014 07:11:01 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
29-05-2014 20:18:11 ComboFix created restore point
30-05-2014 09:35:42 Windows Update
31-05-2014 12:37:04 zoek.exe restore point

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-05-29 22:31 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {085A41EC-ED0E-4190-897C-80CEF4E216CA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15] (Adobe Systems Incorporated)
Task: {4D2C894F-7729-46FE-AFBC-7588A204E9B7} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\pcdrcui.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {5B5A6FCE-8A5A-4825-BAB0-C5C8975F32D9} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {B8A41010-1E52-49E0-B6D6-5F9A360477E9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BE30A8B5-FC74-4094-B763-6EAA57330AC4} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {C4CB036F-B113-4B21-8DDE-2CEAF8A3B5EE} - System32\Tasks\AdobeAAMUpdater-1.0-PETER-Petro => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: {E5601E53-B1EF-4AE2-A744-3855B557F594} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\pcdrcui.exe

==================== Loaded Modules (whitelisted) =============

2011-09-16 01:46 - 2011-09-16 01:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2010-01-30 03:40 - 2010-01-30 03:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-02-26 11:03 - 2005-04-22 14:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2011-12-17 15:31 - 2011-09-22 18:14 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2013-12-19 04:42 - 2013-12-19 04:42 - 00350840 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2011-12-17 16:17 - 2011-07-20 15:04 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-09-16 01:46 - 2011-09-16 01:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-06-28 03:26 - 2011-06-28 03:26 - 02022976 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
2014-03-02 12:36 - 2014-04-23 15:03 - 01430320 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
2011-06-29 16:52 - 2011-06-29 16:52 - 00474176 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-17 04:28 - 2010-03-17 04:28 - 01926144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
2010-03-22 23:52 - 2010-03-22 23:52 - 06776832 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
2010-03-17 04:28 - 2010-03-17 04:28 - 00635904 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
2010-03-17 04:28 - 2010-03-17 04:28 - 00326144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
2011-06-25 07:20 - 2011-06-25 07:20 - 00565968 _____ () C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
2011-06-28 03:25 - 2011-06-28 03:25 - 00058944 _____ () C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
2011-06-25 07:32 - 2011-06-25 07:32 - 00323136 _____ () C:\Program Files (x86)\Dell\Stage Remote\de-DE\UI\ManagerUI.dll
2010-03-12 03:52 - 2010-03-12 03:52 - 00028160 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
2010-03-05 23:07 - 2010-03-05 23:07 - 00031744 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll
2010-03-05 23:07 - 2010-03-05 23:07 - 00125952 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
2010-03-12 03:52 - 2010-03-12 03:52 - 00225280 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 09787184 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wgui14.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 00035632 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsdcom48.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 00309040 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rscorewinapi48.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 00322864 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsguiwinapi48.dll
2014-03-02 12:34 - 2014-04-23 15:04 - 03807024 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wcore14.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 00136496 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsodbc48.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 02703152 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfvie14.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 02001200 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wsteu14.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 01929520 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wreli14.dll
2014-03-02 12:33 - 2014-04-23 15:03 - 04321072 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wauff14.dll
2014-03-02 12:34 - 2014-02-11 12:53 - 01043456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-core.dll
2014-03-02 12:34 - 2014-02-11 12:53 - 00094720 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-shared.dll
2014-03-02 12:34 - 2014-02-11 12:53 - 00250368 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-contribs-lib.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 01562928 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wmain14.dll
2014-03-02 12:33 - 2014-04-23 15:03 - 05154096 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae114.dll
2014-03-02 12:33 - 2014-04-23 15:03 - 01691440 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae214.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 01807152 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae314.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 01626416 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae414.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 01115440 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau114.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 01329456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau214.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 01257264 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wwerb14.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 07326512 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wkont14.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 01285936 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wimp14.dll
2014-03-02 12:34 - 2014-04-23 15:03 - 01330480 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfabu14.dll
2010-01-30 03:41 - 2010-01-30 03:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-05-31 14:50 - 2014-05-31 14:50 - 00043008 _____ () c:\users\petro\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwvzfqd.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Petro\AppData\Roaming\Dropbox\bin\libcef.dll
2014-02-05 17:49 - 2009-02-27 17:39 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.deu
2014-02-05 17:49 - 2009-02-27 17:32 - 00020480 _____ () C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
2012-02-26 11:03 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-02-15 16:52 - 2014-02-15 16:52 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3e27ac2000641918e7215d97c63e957d\IsdiInterop.ni.dll
2011-12-22 17:52 - 2011-01-12 18:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-05-26 08:30 - 2014-05-07 04:27 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-10-15 01:54 - 2011-10-15 01:54 - 00265536 _____ () C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Petro\Downloads\AlbumArtDownloaderXUI-0.45.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\AVM_FRITZ!WLAN_Repeater_310_Assistent(1).exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\AVM_FRITZ!WLAN_Repeater_310_Assistent.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\CalendarPrintAssistant.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\cdbxp_setup_4.5.2.4478_minimal.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\Dropbox 2.4.7(1).exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\Dropbox 2.4.7.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\FreeVideoFlipAndRotate(1).exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\FreeVideoFlipAndRotate.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\iTunes64Setup(1).exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\mp3tagv258setup.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\setupDE(1).exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\setupDE(2).exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\setupDE.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\setup_dm_Fotowelt.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\SpamAssassinforWindows-Setup.exe:BDU
AlternateDataStreams: C:\Users\Petro\Downloads\spampal1594.exe:BDU

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: NeroLauncher => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/31/2014 02:49:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/31/2014 02:51:12 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {BCB3CC02-761B-4C74-8B04-891A31034D19}

Error: (05/31/2014 02:48:04 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst G Data Personal Firewall konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (05/31/2014 02:44:35 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (05/31/2014 02:44:35 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (05/31/2014 02:44:34 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (05/31/2014 02:44:34 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (05/31/2014 02:44:34 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (05/31/2014 11:18:52 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (05/31/2014 02:49:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-05-29 22:27:39.916
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-29 22:27:39.854
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 34%
Total physical RAM: 8086.17 MB
Available physical RAM: 5273.77 MB
Total Pagefile: 16170.52 MB
Available Pagefile: 12477.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Programme) (Fixed) (Total:479 GB) (Free:308 GB) NTFS
Drive d: (Lokale Daten) (Fixed) (Total:200 GB) (Free:190.51 GB) NTFS
Drive x: (RECOVERY) (Fixed) (Total:19.53 GB) (Free:10.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 699 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=479 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=200 GB) - (Type=OF Extended)

==================== End Of Log ============================
         
--- --- ---

Alt 31.05.2014, 20:55   #10
M-K-D-B
/// TB-Ausbilder
 
Win 7: Selbständige Internetseiten und Umleitung auf Werbung - Standard

Win 7: Selbständige Internetseiten und Umleitung auf Werbung



Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "type", 0
Task: {E5601E53-B1EF-4AE2-A744-3855B557F594} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Reboot:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    ATTFilter
    :regfind
    Codec Pack Packages
    RoyalCoupOnu
    ParetoLogic
    Red Sky
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.







Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 4
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von FRST,
  • die Logdatei von SystemLook,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

Alt 01.06.2014, 21:28   #11
sushi0510
 
Win 7: Selbständige Internetseiten und Umleitung auf Werbung - Standard

Win 7: Selbständige Internetseiten und Umleitung auf Werbung



Hallo,
hier folgende Logfiles:
die Logdatei von FRST,
die Logdatei von SystemLook,
die Logdatei von ESET,
die Logdatei von SecurityCheck.

Habe SecurityCheck ein zweites mal laufen lassen müssen, da ich ds log-file nach dem ersten mal nicht finden konnte.

Wegen der Deinstallation: ist es nicht sinnvoll einige Tools zu behalten und diese bei Gelegenheit laufen zu lassen z.B. adaware oder malewarebytes? (also nicht diejenigen mit denen ich/man (nicht umbedingt) Schaden anrichten kann?). Aber dazu ja später....

Danke + Grüße
sushi

FRST:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-06-2014
Ran by Petro at 2014-06-01 15:07:30 Run:1
Running from C:\Users\Petro\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "type", 0
Task: {E5601E53-B1EF-4AE2-A744-3855B557F594} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Reboot:
end
*****************

Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5601E53-B1EF-4AE2-A744-3855B557F594} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5601E53-B1EF-4AE2-A744-3855B557F594} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => Key deleted successfully.


The system needed a reboot. 

==== End of Fixlog ====
         
SystemLook:
Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 16:58 on 01/06/2014 by Petro
Administrator - Elevation successful

========== regfind ==========

Searching for "Codec Pack Packages"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
"DisplayIcon"="C:\Users\Petro\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Codec Pack Packages\uninstaller.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
"UninstallString"="C:\Users\Petro\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Codec Pack Packages\uninstaller.exe /Uninstall /NM="Codec Pack Packages" /AN="0D0S1L2Z1P1B0T1P1B2Z" /MBN="Codec Pack Packages""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
"DisplayName"="Codec Pack Packages"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
"UninstallerPath"="C:\Users\Petro\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Codec Pack Packages"
[HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
[HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
"DisplayIcon"="C:\Users\Petro\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Codec Pack Packages\uninstaller.exe"
[HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
"UninstallString"="C:\Users\Petro\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Codec Pack Packages\uninstaller.exe /Uninstall /NM="Codec Pack Packages" /AN="0D0S1L2Z1P1B0T1P1B2Z" /MBN="Codec Pack Packages""
[HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
"DisplayName"="Codec Pack Packages"
[HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
"UninstallerPath"="C:\Users\Petro\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Codec Pack Packages"

Searching for "RoyalCoupOnu"
No data found.

Searching for "ParetoLogic"
No data found.

Searching for "Red Sky"
No data found.

Searching for "         "
[HKEY_LOCAL_MACHINE\SOFTWARE\Dell Computer Corporation\SysInfo]
"System Manufacturer"="Dell Inc.         "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Converter]
"Description"="
          <p>Konvertiere Filmmaterial ganz einfach in DivX-Videos, um sie auf mehr als 1 Milliarde DivX-Geräten wiederzugeben.</p>
          <ul>
              <li>Erstelle DivX-Videos in hoher Qualität, z. B. DivX HEVC-Videos mit einer Auflösung von bis zu 4K</li>
              <li>Passe Deine Codierung mit AviSynth-Unterstützung individuell an</li>
              <li>Drehe, kombiniere und füge Untertitel und Audio zu Deinen Videos hinzu</li>
          </ul>
          <br/>
          <p><i>*DivX HEVC-Plugin erforderlich</i></p>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\HEVCCodec]
"Description"="
          <p>Hole Dir das kostenlose DivX HEVC-Plugin und erlebe den neuesten Videostandard für Qualität und Komprimierung</p>
          <ul>
              <li>In DivX Converter, Player und Web Player werden neue DivX HEVC-Profile unterstützt</li>
              <li>Erstelle DivX HEVC-Videos mit einer geringeren Dateigröße als bei H.264</li>
              <li>Schaue DivX HEVC-Videos an  - auf jedem Computer, in Deinem Lieblings-Browser</li>
          </ul>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Player]
"Description"="
          <p>Hochwertige Wiedergabe von DivX, DivX Plus HD und DivX HEVC-Video bis zu 4K</p>
          <ul>
              <li>Optimiert für die Wiedergabe der beliebtesten Videoformate im Internet</li>
              <li>DivX Media Server streamt MKV zur PS3, Xbox und anderen Geräten</li>
              <li>Experimenteller DLNA-Controller für die Wiedergabe von DivX-Videos auf lokalen Geräten</li>
          </ul>
          <br/>
          <p><i>*DivX HEVC-Plugin erforderlich</i></p>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\BundleGroups\divx.com]
"BundleGroupDescription"="
        <p>Spiele, erstelle und streame DivX-Videos in hoher Qualität, z. B. HEVC* mit einer Auflösung von bis zu 4K. Das beste DivX Video-Erlebnis erhältst Du, <i>wenn Du alle Komponenten installierst.</i></p>
		<!-- Leave the 1st <p> tag line, because it is used on other installer page. -->
		<p>Eine neue Version der DivX-Software (10.2) ist verfügbar. Vollständige Liste der <a href="hxxp://go.divx.com/WhatsNew/de" target="_blank">Neuheiten</a>:</p>
          <ul>
            <li>verbesserter DivX HEVC-Decoder</li>
            <li>neue Architektur zur Codec-Verteilung</li>
			<li>Problem durch zufällige Abstürze bei DivX Media Server behoben</li>
            <li>DivX Codec Pack-Option aus Hauptpaket entfernt</li>
			<li>weitere Fehlerbereinigungen</li>
          </ul>
        "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\InstallGroups\SharedLibraries]
"Description"="
          <ul>
              <li>Das DivX VOD-Plug-in sorgt für besseres Erlebnis für Kunden, die Filme von DivX VOD - Shops beziehen.</li>
          </ul>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\WebPlayer]
"Description"="
          <p>Effizientes, reibungsloses MKV-Streaming in Deinem Browser</p>
          <ul>
            <li>Adaptives Bitrate-Streaming mit experimenteller Unterstützung für DivX HEVC*-Streams</li>
            <li>Problemlose Wiedergabe des FF/RW-Formats, Abschnittsmarkierungen, Unterstützung mehrerer Untertitel und Tonspuren</li>
            <li>Weniger CPU- und Akkuverbrauch mit H.264-DXVA-Hardwarebeschleunigung</li>
          </ul>
          <br/>
          <p><i>*DivX HEVC-Plugin erforderlich</i></p>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="             <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" >                 <InitializationParameters>                     <Param Name="PSVersion" Value="2.0"/>                 </InitializationParameters>                 <Resources>                     <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                         <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                         <Capability Type="Shell"/>                     </Resource>                 </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" >                         <InitializationParameters>                             <Param Name="PSVersion" Value="2.0"/>                         </InitializationParameters>                         <Resources>                             <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true">                                 <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                                
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Live\Common]
"Manufacturer"="Dell Inc.         "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_SCSI#DISK&VEN_JMCR&PROD_SD#MMC&REV_#5&11367DE1&0&000000#]
"DeviceDesc"="SD/MMC          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#081211914EC428&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SAMSUNG&PROD_YP-U1&REV_0100#0002F769FF734886&0#]
"DeviceDesc"="YP-U1           "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_SCSI#DISK&VEN_JMCR&PROD_SD#MMC&REV_#5&11367DE1&0&000000#]
"DeviceDesc"="SD/MMC          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#081211914EC428&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SAMSUNG&PROD_YP-U1&REV_0100#0002F769FF734886&0#]
"DeviceDesc"="YP-U1           "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_SCSI#DISK&VEN_JMCR&PROD_SD#MMC&REV_#5&11367DE1&0&000000#]
"DeviceDesc"="SD/MMC          "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#081211914EC428&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SAMSUNG&PROD_YP-U1&REV_0100#0002F769FF734886&0#]
"DeviceDesc"="YP-U1           "

-= EOF =-
         
ESET:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=4325ea3c3eb24342b12d0ebf1a624ff4
# engine=18501
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-01 03:47:44
# local_time=2014-06-01 05:47:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 115651 153267514 0 0
# scanned=64953
# found=2
# cleaned=0
# scan_time=1885
sh=2DAAB83B0439BC76845E58F3F7DDB84EE8E210C4 ft=1 fh=855a37aa5dbeb36f vn="Win32/InstallCore.PC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petro\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Codec Pack Packages\uninstaller.exe.vir"
sh=1549CF4F9282F1B42A58B5E050E12EF0AD669798 ft=1 fh=ffe6693d8bc7d6c5 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petro\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"
         
SecurityCheck:
Code:
ATTFilter
en Results of screen317's Security Check version 0.99.83  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
G Data InternetSecurity   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Java 7 Update 51  
 Java version out of Date! 
 Adobe Flash Player 13.0.0.214  
 Adobe Reader 10.1.10 Adobe Reader out of Date!  
 Mozilla Firefox (29.0.1) 
 Mozilla Thunderbird (24.5.0) 
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
 G Data InternetSecurity Firewall GDFirewallTray.exe 
 G Data InternetSecurity Firewall GDFwSvcx64.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Hallo,
hier die fehlenden logfiles. Kann es sein, daß ich Dir soeben aus Versehen direkt geantwortet habe?...
Hier also nochmal die restlichen logfiles. Mußte Security check 2x laufen lassen, da ich das logfile nicht finden konnte.

die Logdatei von FRST,
die Logdatei von SystemLook,
die Logdatei von ESET,
die Logdatei von SecurityCheck.



FRST:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-06-2014
Ran by Petro at 2014-06-01 15:07:30 Run:1
Running from C:\Users\Petro\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "type", 0
Task: {E5601E53-B1EF-4AE2-A744-3855B557F594} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Reboot:
end
*****************

Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5601E53-B1EF-4AE2-A744-3855B557F594} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5601E53-B1EF-4AE2-A744-3855B557F594} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => Key deleted successfully.


The system needed a reboot. 

==== End of Fixlog ====
         
SystemLook:
Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 16:58 on 01/06/2014 by Petro
Administrator - Elevation successful

========== regfind ==========

Searching for "Codec Pack Packages"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
"DisplayIcon"="C:\Users\Petro\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Codec Pack Packages\uninstaller.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
"UninstallString"="C:\Users\Petro\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Codec Pack Packages\uninstaller.exe /Uninstall /NM="Codec Pack Packages" /AN="0D0S1L2Z1P1B0T1P1B2Z" /MBN="Codec Pack Packages""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
"DisplayName"="Codec Pack Packages"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
"UninstallerPath"="C:\Users\Petro\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Codec Pack Packages"
[HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
[HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
"DisplayIcon"="C:\Users\Petro\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Codec Pack Packages\uninstaller.exe"
[HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
"UninstallString"="C:\Users\Petro\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Codec Pack Packages\uninstaller.exe /Uninstall /NM="Codec Pack Packages" /AN="0D0S1L2Z1P1B0T1P1B2Z" /MBN="Codec Pack Packages""
[HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
"DisplayName"="Codec Pack Packages"
[HKEY_USERS\S-1-5-21-695438745-3103446122-1789299792-1005\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages]
"UninstallerPath"="C:\Users\Petro\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Codec Pack Packages"

Searching for "RoyalCoupOnu"
No data found.

Searching for "ParetoLogic"
No data found.

Searching for "Red Sky"
No data found.

Searching for "         "
[HKEY_LOCAL_MACHINE\SOFTWARE\Dell Computer Corporation\SysInfo]
"System Manufacturer"="Dell Inc.         "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Converter]
"Description"="
          <p>Konvertiere Filmmaterial ganz einfach in DivX-Videos, um sie auf mehr als 1 Milliarde DivX-Geräten wiederzugeben.</p>
          <ul>
              <li>Erstelle DivX-Videos in hoher Qualität, z. B. DivX HEVC-Videos mit einer Auflösung von bis zu 4K</li>
              <li>Passe Deine Codierung mit AviSynth-Unterstützung individuell an</li>
              <li>Drehe, kombiniere und füge Untertitel und Audio zu Deinen Videos hinzu</li>
          </ul>
          <br/>
          <p><i>*DivX HEVC-Plugin erforderlich</i></p>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\HEVCCodec]
"Description"="
          <p>Hole Dir das kostenlose DivX HEVC-Plugin und erlebe den neuesten Videostandard für Qualität und Komprimierung</p>
          <ul>
              <li>In DivX Converter, Player und Web Player werden neue DivX HEVC-Profile unterstützt</li>
              <li>Erstelle DivX HEVC-Videos mit einer geringeren Dateigröße als bei H.264</li>
              <li>Schaue DivX HEVC-Videos an  - auf jedem Computer, in Deinem Lieblings-Browser</li>
          </ul>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Player]
"Description"="
          <p>Hochwertige Wiedergabe von DivX, DivX Plus HD und DivX HEVC-Video bis zu 4K</p>
          <ul>
              <li>Optimiert für die Wiedergabe der beliebtesten Videoformate im Internet</li>
              <li>DivX Media Server streamt MKV zur PS3, Xbox und anderen Geräten</li>
              <li>Experimenteller DLNA-Controller für die Wiedergabe von DivX-Videos auf lokalen Geräten</li>
          </ul>
          <br/>
          <p><i>*DivX HEVC-Plugin erforderlich</i></p>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\BundleGroups\divx.com]
"BundleGroupDescription"="
        <p>Spiele, erstelle und streame DivX-Videos in hoher Qualität, z. B. HEVC* mit einer Auflösung von bis zu 4K. Das beste DivX Video-Erlebnis erhältst Du, <i>wenn Du alle Komponenten installierst.</i></p>
		<!-- Leave the 1st <p> tag line, because it is used on other installer page. -->
		<p>Eine neue Version der DivX-Software (10.2) ist verfügbar. Vollständige Liste der <a href="hxxp://go.divx.com/WhatsNew/de" target="_blank">Neuheiten</a>:</p>
          <ul>
            <li>verbesserter DivX HEVC-Decoder</li>
            <li>neue Architektur zur Codec-Verteilung</li>
			<li>Problem durch zufällige Abstürze bei DivX Media Server behoben</li>
            <li>DivX Codec Pack-Option aus Hauptpaket entfernt</li>
			<li>weitere Fehlerbereinigungen</li>
          </ul>
        "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\InstallGroups\SharedLibraries]
"Description"="
          <ul>
              <li>Das DivX VOD-Plug-in sorgt für besseres Erlebnis für Kunden, die Filme von DivX VOD - Shops beziehen.</li>
          </ul>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\WebPlayer]
"Description"="
          <p>Effizientes, reibungsloses MKV-Streaming in Deinem Browser</p>
          <ul>
            <li>Adaptives Bitrate-Streaming mit experimenteller Unterstützung für DivX HEVC*-Streams</li>
            <li>Problemlose Wiedergabe des FF/RW-Formats, Abschnittsmarkierungen, Unterstützung mehrerer Untertitel und Tonspuren</li>
            <li>Weniger CPU- und Akkuverbrauch mit H.264-DXVA-Hardwarebeschleunigung</li>
          </ul>
          <br/>
          <p><i>*DivX HEVC-Plugin erforderlich</i></p>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="             <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" >                 <InitializationParameters>                     <Param Name="PSVersion" Value="2.0"/>                 </InitializationParameters>                 <Resources>                     <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                         <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                         <Capability Type="Shell"/>                     </Resource>                 </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" >                         <InitializationParameters>                             <Param Name="PSVersion" Value="2.0"/>                         </InitializationParameters>                         <Resources>                             <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true">                                 <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                                
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Live\Common]
"Manufacturer"="Dell Inc.         "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_SCSI#DISK&VEN_JMCR&PROD_SD#MMC&REV_#5&11367DE1&0&000000#]
"DeviceDesc"="SD/MMC          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#081211914EC428&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SAMSUNG&PROD_YP-U1&REV_0100#0002F769FF734886&0#]
"DeviceDesc"="YP-U1           "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_SCSI#DISK&VEN_JMCR&PROD_SD#MMC&REV_#5&11367DE1&0&000000#]
"DeviceDesc"="SD/MMC          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#081211914EC428&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SAMSUNG&PROD_YP-U1&REV_0100#0002F769FF734886&0#]
"DeviceDesc"="YP-U1           "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_SCSI#DISK&VEN_JMCR&PROD_SD#MMC&REV_#5&11367DE1&0&000000#]
"DeviceDesc"="SD/MMC          "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#081211914EC428&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SAMSUNG&PROD_YP-U1&REV_0100#0002F769FF734886&0#]
"DeviceDesc"="YP-U1           "

-= EOF =-
         
ESET:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=4325ea3c3eb24342b12d0ebf1a624ff4
# engine=18501
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-01 03:47:44
# local_time=2014-06-01 05:47:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 115651 153267514 0 0
# scanned=64953
# found=2
# cleaned=0
# scan_time=1885
sh=2DAAB83B0439BC76845E58F3F7DDB84EE8E210C4 ft=1 fh=855a37aa5dbeb36f vn="Win32/InstallCore.PC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petro\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Codec Pack Packages\uninstaller.exe.vir"
sh=1549CF4F9282F1B42A58B5E050E12EF0AD669798 ft=1 fh=ffe6693d8bc7d6c5 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petro\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"
         
Security:
Code:
ATTFilter
en Results of screen317's Security Check version 0.99.83  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
G Data InternetSecurity   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Java 7 Update 51  
 Java version out of Date! 
 Adobe Flash Player 13.0.0.214  
 Adobe Reader 10.1.10 Adobe Reader out of Date!  
 Mozilla Firefox (29.0.1) 
 Mozilla Thunderbird (24.5.0) 
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
 G Data InternetSecurity Firewall GDFirewallTray.exe 
 G Data InternetSecurity Firewall GDFwSvcx64.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

Alt 02.06.2014, 14:28   #12
M-K-D-B
/// TB-Ausbilder
 
Win 7: Selbständige Internetseiten und Umleitung auf Werbung - Standard

Win 7: Selbständige Internetseiten und Umleitung auf Werbung



Reste entfernen
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages" /f
Reboot:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.









Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.




Schritt 1
Du verwendest veraltete Software auf deinem Rechner, was ein Sicherheitsrisiko darstellt. Daher solltest du veraltete Software deinstallieren und anschließend die aktuellste Version installieren.
Folge dem Pfad Start > Systemsteuerung > Sofware / Programme deinstallieren.
Deinstalliere die folgenden Programme von deinem Rechner:
  • Java 7 Update 51
  • Adobe Reader 10
Starte deinen Rechner nach der Deinstallation neu auf.
Downloade und installiere dir bitte nun:Starte deinen Rechner nach der Installation neu auf.





Schritt 2
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.







Schritt 3
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.


Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti-Viren-Programm und zusätzlicher Schutz
  • Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist! Ein kostenloses Anti-Viren Programm, das wir empfehlen, wäre z. B. Avast! Free Antivirus oder Microsoft Security Essentials.
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt. Du kannst es zusätzlich zu deinem Anti-Viren Programm verwenden.
    Update das Tool und lasse es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • AdwCleaner
    Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwümschten Programmen (PUPs).
    Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt von der Herstellerseite auf den Desktop herunterladen. Auch dieses Programm kann parallel zu deinem Anti-Viren Programm verwendet werden.
  • SpywareBlaster
    Eine kurze Einführung findest du Hier


Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzuzufügen reicht und dieser wird nicht mehr geladen.
    Es spart außerdem Downloadkapazität.


Performance
  • Halte dich fern von Registry Cleanern.
    Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
    Miekemoes Blogspot ( MVP )


Was du vermeiden solltest:
  • Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
  • Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..).
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
  • Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!



Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Alt 05.06.2014, 15:54   #13
M-K-D-B
/// TB-Ausbilder
 
Win 7: Selbständige Internetseiten und Umleitung auf Werbung - Standard

Win 7: Selbständige Internetseiten und Umleitung auf Werbung



Ich bin froh, dass wir helfen konnten

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

Antwort

Themen zu Win 7: Selbständige Internetseiten und Umleitung auf Werbung
antivirus, association, bonjour, browser, desktop, device driver, downloader, dsl, dvdvideosoft ltd., error, excel, firefox, flash player, home, homepage, mozilla, newtab, realtek, registry, safer networking, scan, security, software, svchost.exe, system, usb, vista, werbung, windows, wiso



Ähnliche Themen: Win 7: Selbständige Internetseiten und Umleitung auf Werbung


  1. Werbung auf Internetseiten
    Plagegeister aller Art und deren Bekämpfung - 08.10.2014 (3)
  2. Überall Werbung auf den Internetseiten
    Log-Analyse und Auswertung - 01.10.2014 (3)
  3. Internetseiten mit Werbung überfüllt
    Log-Analyse und Auswertung - 03.02.2014 (1)
  4. Internetseiten mit Werbung überfüllt
    Plagegeister aller Art und deren Bekämpfung - 01.02.2014 (3)
  5. Werbung auf Internetseiten
    Plagegeister aller Art und deren Bekämpfung - 31.12.2013 (17)
  6. Werbung bei Google und anderen Internetseiten
    Log-Analyse und Auswertung - 08.08.2013 (3)
  7. ihavenet / Umleitung falsche Internetseiten
    Plagegeister aller Art und deren Bekämpfung - 02.01.2013 (15)
  8. Umleitung auf falsche Internetseiten ...ich werd noch wahnsinnig
    Log-Analyse und Auswertung - 02.07.2012 (10)
  9. Dateien versteckt, angeblich Festplattenfehler, Umleitung Internetseiten, plötzlich Sound-Output
    Plagegeister aller Art und deren Bekämpfung - 30.05.2011 (11)
  10. Dateien versteckt, angeblich Festplattenfehler, Umleitung Internetseiten, plötzlich Sound-Output
    Mülltonne - 20.05.2011 (0)
  11. Dateien versteckt, angeblich Festplattenfehler, Umleitung Internetseiten, plötzlich Sound-Output
    Mülltonne - 20.05.2011 (0)
  12. Ungewollte Umleitung auf seltsame Internetseiten bei Google Suchtreffern
    Plagegeister aller Art und deren Bekämpfung - 02.10.2010 (25)
  13. Umleitung auf falsche Internetseiten
    Log-Analyse und Auswertung - 14.02.2009 (28)
  14. Umleitung auf andere Internetseiten
    Plagegeister aller Art und deren Bekämpfung - 09.08.2008 (9)
  15. Umleitung auf Seiten mit Werbung
    Log-Analyse und Auswertung - 11.03.2008 (1)
  16. Umleitung auf andere Internetseiten
    Log-Analyse und Auswertung - 10.10.2006 (3)
  17. selbständige einwahl
    Alles rund um Windows - 23.03.2005 (1)

Zum Thema Win 7: Selbständige Internetseiten und Umleitung auf Werbung - Hallo, habe mir leider (auch noch auf dem Rechner meines Mannes) etwas eingefangen. Wie im Betreff beschrieben werden Internetseiten selbständig geöffnet und Seiten verändern sich sowohl im Firefox 29.0 als - Win 7: Selbständige Internetseiten und Umleitung auf Werbung...
Archiv
Du betrachtest: Win 7: Selbständige Internetseiten und Umleitung auf Werbung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.