Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: raving reyvens - ständige Werbung und Umleitung auf Werbeseiten. Bei neuem Öffnen eines Tabs lande ich auf websearcher

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 17.06.2014, 12:22   #1
Line-LAP
 
raving reyvens - ständige Werbung und Umleitung auf Werbeseiten. Bei neuem Öffnen eines Tabs lande ich auf websearcher - Standard

raving reyvens - ständige Werbung und Umleitung auf Werbeseiten. Bei neuem Öffnen eines Tabs lande ich auf websearcher



Hallo, vor knapp zwei Jahren habbt ihr mir schon mal toll geholfen. Jetzt habe ich mir wohl wieder einen Trojaner oder ähnliches eingefangen und bitte nochmal um Eure Hilfe.

Wie im Betreff schon beschrieben, habe ich ständig Werbung auf meinen Seiten, neben denen raving reyvens steht. Außerdem gehen auch immer zusätzlich Seiten auf, in denen ich aufgefordert werde, irgendetwas zur Sicherheit zu installieren.

Öffne ich einen neuen Tab im Firefox, landet dieser auf der Seite: istart.webssearches.com/newtab/?type=nt&ts=1402921480&from=tugs&uid=HitachiXHTS545025B9A300_100530PBN2003SKHZWTTX

Vielen Dank schonmal vorab
Gruß Jacqueline

Alt 17.06.2014, 12:37   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
raving reyvens - ständige Werbung und Umleitung auf Werbeseiten. Bei neuem Öffnen eines Tabs lande ich auf websearcher - Standard

raving reyvens - ständige Werbung und Umleitung auf Werbeseiten. Bei neuem Öffnen eines Tabs lande ich auf websearcher



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!




Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 18.06.2014, 08:17   #3
Line-LAP
 
raving reyvens - ständige Werbung und Umleitung auf Werbeseiten. Bei neuem Öffnen eines Tabs lande ich auf websearcher - Standard

raving reyvens - ständige Werbung und Umleitung auf Werbeseiten. Bei neuem Öffnen eines Tabs lande ich auf websearcher



Hallo Cosinus, hab Dank für die schnelle Antwort,

bei Microsoft Essential habe ich noch folgendes gefunden, im Verlauf:
"Trojan:win32/Webprefix.C vom 05.06.2014"

Hier also die Logfiles von FRST64, kommen in zwei Antworten, da sonst zu lang:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2014
Ran by Admin (administrator) on JACQUELINE-LAP on 18-06-2014 08:58:41
Running from C:\Users\Admin\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Fuyu LIMITED) C:\ProgramData\WindowsProtectManger\wprotectmanager.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
() C:\Program Files (x86)\Re_Markable\Re-markitfA173.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(Fujitsu Technology Solutions) C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
() C:\Program Files (x86)\raving reyven\updateravingreyven.exe
() C:\Program Files (x86)\raving reyven\bin\utilravingreyven.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
() C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieCtrl.exe
(Spotify Ltd) C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files (x86)\raving reyven\bin\ravingreyven.PurBrowse64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() C:\Program Files (x86)\Re_Markable\Re_Markabletc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
() C:\Program Files (x86)\raving reyven\bin\ravingreyven.BrowserAdapter.exe
(1&1 Mail & Media GmbH) C:\Users\Admin\AppData\Local\GMX Application {sync-000021}\gmx_mediacenter.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Mindjet) C:\Program Files (x86)\Mindjet\MindManager 10\MmReminderService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [188264 2009-07-30] (FUJITSU LIMITED)
HKLM\...\Run: [FDM7] => C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKLM\...\Run: [ConMgr] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [535440 2009-12-24] (CSR, plc)
HKLM\...\Run: [CSRSkype] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [431504 2009-12-24] (CSR, plc)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [LoadFUJ02E3] => C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED)
HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [162912 2009-07-08] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [MMReminderService] => C:\Program Files (x86)\Mindjet\MindManager 10\MMReminderService.exe [37728 2011-09-14] (Mindjet)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1801168 2014-03-19] (APN)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM-x32\...\Run: [Cobian Backup 11 interface] => C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [4407808 2013-03-07] (Luis Cobian, CobianSoft)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2951541265-1472267509-3421380212-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [694032 2012-06-17] (SANDBOXIE L.T.D)
HKU\S-1-5-21-2951541265-1472267509-3421380212-1001\...\Run: [Spotify Web Helper] => C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-02] (Spotify Ltd)
HKU\S-1-5-21-2951541265-1472267509-3421380212-1001\...\Run: [Spotify] => C:\Users\Admin\AppData\Roaming\Spotify\spotify.exe [5951488 2013-12-02] (Spotify Ltd)
HKU\S-1-5-21-2951541265-1472267509-3421380212-1001\...\Run: [GMX Application {sync-000021}] => C:\Users\Admin\AppData\Local\GMX Application {sync-000021}\gmx_mediacenter.exe [803840 2014-02-26] (1&1 Mail & Media GmbH)
HKU\S-1-5-21-2951541265-1472267509-3421380212-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2951541265-1472267509-3421380212-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2951541265-1472267509-3421380212-1001\...\MountPoints2: {05252b56-8934-11e1-8e30-0023269265e7} - E:\Startme.exe
HKU\S-1-5-21-2951541265-1472267509-3421380212-1001\...\MountPoints2: {ebe3da1f-0483-11e0-ad6b-806e6f6e6963} - F:\FSetup.exe
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\Program Files (x86)\SupTab\SearchProtect64.dll [102512 2014-05-08] (Skytech Co., Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => C:\Program Files (x86)\SupTab\SearchProtect32.dll [91248 2014-05-08] (Skytech Co., Ltd.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2951541265-1472267509-3421380212-1004\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:14243;https=127.0.0.1:14243
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1402921480&from=tugs&uid=HitachiXHTS545025B9A300_100530PBN2003SKHZWTTX
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1402921480&from=tugs&uid=HitachiXHTS545025B9A300_100530PBN2003SKHZWTTX
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSF&bmod=FTSF
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7704F9A53589CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE,es-ES;q=0.5
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1402921480&from=tugs&uid=HitachiXHTS545025B9A300_100530PBN2003SKHZWTTX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1402921480&from=tugs&uid=HitachiXHTS545025B9A300_100530PBN2003SKHZWTTX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1402921480&from=tugs&uid=HitachiXHTS545025B9A300_100530PBN2003SKHZWTTX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1402921480&from=tugs&uid=HitachiXHTS545025B9A300_100530PBN2003SKHZWTTX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1402921480&from=tugs&uid=HitachiXHTS545025B9A300_100530PBN2003SKHZWTTX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1402921480&from=tugs&uid=HitachiXHTS545025B9A300_100530PBN2003SKHZWTTX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1402921480&from=tugs&uid=HitachiXHTS545025B9A300_100530PBN2003SKHZWTTX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1402921480&from=tugs&uid=HitachiXHTS545025B9A300_100530PBN2003SKHZWTTX&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1402921480&from=tugs&uid=HitachiXHTS545025B9A300_100530PBN2003SKHZWTTX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1402921480&from=tugs&uid=HitachiXHTS545025B9A300_100530PBN2003SKHZWTTX&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1402921480&from=tugs&uid=HitachiXHTS545025B9A300_100530PBN2003SKHZWTTX&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1402921480&from=tugs&uid=HitachiXHTS545025B9A300_100530PBN2003SKHZWTTX&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1402921480&from=tugs&uid=HitachiXHTS545025B9A300_100530PBN2003SKHZWTTX&q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1402921480&from=tugs&uid=HitachiXHTS545025B9A300_100530PBN2003SKHZWTTX&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1402921480&from=tugs&uid=HitachiXHTS545025B9A300_100530PBN2003SKHZWTTX&q={searchTerms}
BHO: PSHD-9.9 - {11111111-1111-1111-1111-110511291116} - C:\Program Files (x86)\PSHD-9.9\PSHD-9.9-bho64.dll (PlusVHD)
BHO: Mediaa_Play_AIR_1.4 - {11111111-1111-1111-1111-110511841188} - C:\Program Files (x86)\Mediaa_Play_AIR_1.4\Mediaa_Play_AIR_1.4-bho64.dll (enter)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: PSHD-9.9 - {11111111-1111-1111-1111-110511291116} - C:\Program Files (x86)\PSHD-9.9\PSHD-9.9-bho.dll (PlusVHD)
BHO-x32: Mediaa_Play_AIR_1.4 - {11111111-1111-1111-1111-110511841188} - C:\Program Files (x86)\Mediaa_Play_AIR_1.4\Mediaa_Play_AIR_1.4-bho.dll (enter)
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Re-markit - {401EA098-5006-38D6-99CE-F46A89FC2D4F} - C:\Program Files (x86)\Re_Markable\173.dll ()
BHO-x32: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default
FF NewTab: hxxp://istart.webssearches.com/newtab/?type=nt&ts=1402921480&from=tugs&uid=HitachiXHTS545025B9A300_100530PBN2003SKHZWTTX
FF SelectedSearchEngine: webssearches
FF Homepage: https://www.google.de/?gfe_rd=cr&ei=jwmgU8PvGsuKOoShgNgH
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: sony.com/MediaGoDetector - C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\searchplugins\bildungsspender-websuche.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Plus-HD-9.1 - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\Extensions\a54e453c-130a-4769-9333-c5ec2aa914c5@9bd7cc89-9c7c-44e9-a03b-042b92d363f0.com [2014-06-16]
FF Extension: Mediaa_Play_AIR_1.4 - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\Extensions\faf73efe-d6aa-46eb-8014-e0b47ac07ead@a90d6ab4-be69-4e96-a979-1fd9c1ae6f92.com [2014-06-16]
FF Extension: Quick Start - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\Extensions\quick_start@gmail.com [2014-06-16]
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\Extensions\staged [2014-06-16]
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\Extensions\trash [2014-06-16]
FF Extension: Ghostery - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\Extensions\firefox@ghostery.com.xpi [2014-01-17]
FF Extension: GMX MailCheck - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\Extensions\toolbar@gmx.net.xpi [2013-10-24]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\extensions\quick_start@gmail.com
FF Extension: Quick Start - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\extensions\quick_start@gmail.com [2014-06-16]
FF HKCU\...\Firefox\Extensions: [{BF0B15F4-00DB-1A9D-C11F-A918802E51BC}] - C:\Program Files (x86)\Re_Markable\173.xpi
FF Extension: Re-markit - C:\Program Files (x86)\Re_Markable\173.xpi [2014-06-16]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.starwebsearch.com/index.php?from=3"
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\pdf.dll No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\gears.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\npSkypeChromePlugin.dll (Skype Technologies S.A.)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (PSHD-9.9) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaipilfmheplbcghignccoiiebekkdhe [2014-06-05]
CHR Extension: (Re-markit) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\himihejfgaadipiikddngnlglkhfifan [2014-06-16]
CHR Extension: (AVG Safe Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2011-06-22]
CHR Extension: (Skype Extension) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-04-24]
CHR Extension: (Mediaa_Play_AIR_1.4) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek [2014-06-16]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-03-19] (APN LLC.)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 CobianBackup11; C:\Program Files (x86)\Cobian Backup 11\cbService.exe [1131008 2013-03-07] (Luis Cobian, CobianSoft) [File not signed]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-06-16] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-06-16] (globalUpdate) [File not signed]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [704112 2014-05-08] (Cherished Technololgy LIMITED)
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-11-01] (Intel Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 NewPlayerUpdaterService; C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe [11776 2014-05-05] () [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED)
R2 Re-Markable; C:\Program Files (x86)\Re_Markable\Re-markitfA173.exe [178176 2014-06-16] () [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [98576 2012-06-17] (SANDBOXIE L.T.D)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1326176 2012-07-25] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [681056 2012-07-25] (Secunia)
R2 StarMoney 8.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [663184 2014-01-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 TestHandler; C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [341264 2009-02-19] (Fujitsu Technology Solutions)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-11-01] (Intel Corporation) [File not signed]
R2 Update raving reyven; C:\Program Files (x86)\raving reyven\updateravingreyven.exe [318248 2014-06-17] ()
R2 Util raving reyven; C:\Program Files (x86)\raving reyven\bin\utilravingreyven.exe [318248 2014-06-17] ()
R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc)
R2 WindowsProtectManger; C:\ProgramData\WindowsProtectManger\wprotectmanager.exe [591776 2014-06-12] (Fuyu LIMITED)
R2 WirelessSelectorService; C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe [62312 2009-07-21] ()

==================== Drivers (Whitelisted) ====================

R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 RtsUIR; No ImagePath
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [166576 2012-06-17] (SANDBOXIE L.T.D)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-08-13] (Anchorfree Inc.)
S3 USBCCID; No ImagePath
R1 {e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64; C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys [61120 2014-05-22] (StdLib)
R1 {e63d9559-e4c3-499e-867a-a3c9d0a21400}w64; C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}w64.sys [61120 2014-06-09] (StdLib)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-18 08:58 - 2014-06-18 08:59 - 00032539 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-06-18 08:58 - 2014-06-18 08:58 - 00000000 ____D () C:\FRST
2014-06-18 08:56 - 2014-06-18 08:56 - 02081280 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-06-16 22:38 - 2014-06-16 22:38 - 00000000 ____D () C:\Users\Admin\AppData\Local\com
2014-06-16 14:26 - 2014-06-18 08:34 - 00001588 _____ () C:\Windows\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-1.job
2014-06-16 14:26 - 2014-06-18 08:34 - 00001498 _____ () C:\Windows\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-5.job
2014-06-16 14:26 - 2014-06-18 08:33 - 00001420 _____ () C:\Windows\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-2.job
2014-06-16 14:26 - 2014-06-16 14:26 - 00004618 _____ () C:\Windows\System32\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-1
2014-06-16 14:26 - 2014-06-16 14:26 - 00004528 _____ () C:\Windows\System32\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-5
2014-06-16 14:26 - 2014-06-16 14:26 - 00004450 _____ () C:\Windows\System32\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-2
2014-06-16 14:25 - 2014-06-18 08:34 - 00003810 _____ () C:\Windows\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-11.job
2014-06-16 14:25 - 2014-06-18 08:34 - 00002270 _____ () C:\Windows\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-4.job
2014-06-16 14:25 - 2014-06-16 14:26 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-06-16 14:25 - 2014-06-16 14:26 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-06-16 14:25 - 2014-06-16 14:25 - 00006840 _____ () C:\Windows\System32\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-11
2014-06-16 14:25 - 2014-06-16 14:25 - 00005300 _____ () C:\Windows\System32\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-4
2014-06-16 14:25 - 2014-06-16 14:25 - 00001123 _____ () C:\Users\Public\Desktop\NewPlayer.lnk
2014-06-16 14:25 - 2014-06-16 14:25 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\SupTab
2014-06-16 14:25 - 2014-06-16 14:25 - 00000000 ____D () C:\Users\Admin\AppData\Local\newplayer
2014-06-16 14:25 - 2014-06-16 14:25 - 00000000 ____D () C:\ProgramData\WindowsProtectManger
2014-06-16 14:25 - 2014-06-16 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
2014-06-16 14:24 - 2014-06-18 08:34 - 00003128 _____ () C:\Windows\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-3.job
2014-06-16 14:24 - 2014-06-18 08:34 - 00000394 _____ () C:\Windows\Tasks\Re-markit Update.job
2014-06-16 14:24 - 2014-06-18 08:33 - 00000380 _____ () C:\Windows\Tasks\Re-markit_wd.job
2014-06-16 14:24 - 2014-06-16 14:26 - 00000000 ____D () C:\Program Files (x86)\Mediaa_Play_AIR_1.4
2014-06-16 14:24 - 2014-06-16 14:25 - 00000000 ____D () C:\Program Files (x86)\NewPlayer
2014-06-16 14:24 - 2014-06-16 14:24 - 00006158 _____ () C:\Windows\System32\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-3
2014-06-16 14:24 - 2014-06-16 14:24 - 00003042 _____ () C:\Windows\System32\Tasks\Re-markit Update
2014-06-16 14:24 - 2014-06-16 14:24 - 00002968 _____ () C:\Windows\System32\Tasks\Re-markit_wd
2014-06-16 14:24 - 2014-06-16 14:24 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-06-16 14:24 - 2014-06-16 14:24 - 00000000 ____D () C:\Program Files (x86)\Re_Markable
2014-06-16 14:22 - 2014-06-16 14:22 - 00003144 _____ () C:\Windows\System32\Tasks\{F443843E-E412-4892-8FC7-6576B1353BE5}
2014-06-16 14:22 - 2014-06-16 14:22 - 00000000 _____ () C:\END
2014-06-16 14:20 - 2014-06-16 14:20 - 01245608 _____ () C:\Users\Admin\Downloads\Player_Setup.exe
2014-06-12 18:33 - 2014-06-12 18:33 - 00000000 ____D () C:\Users\Admin\Desktop\Anton
2014-06-12 18:27 - 2014-06-12 18:27 - 00000256 _____ () C:\Users\Admin\Desktop\Frankenkletterertelefonliste.pdf - Dropbox.URL
2014-06-12 11:37 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-06-12 11:37 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-06-12 10:50 - 2014-06-12 10:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-12 10:34 - 2014-06-12 10:34 - 00002032 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-06-12 10:34 - 2014-06-12 10:34 - 00002020 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-06-12 10:34 - 2014-06-12 10:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-11 18:01 - 2014-06-17 13:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-11 18:01 - 2014-06-11 18:01 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-11 18:01 - 2014-06-11 18:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-11 18:01 - 2014-06-11 18:01 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-11 17:59 - 2014-06-12 10:34 - 00000798 _____ () C:\Windows\SecuniaPackage.log
2014-06-11 17:33 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-06-11 17:33 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-06-11 17:33 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-06-11 17:33 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-06-11 17:33 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-06-11 17:33 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-06-11 17:33 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-06-11 17:33 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-06-11 17:33 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-06-11 17:33 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-06-11 17:33 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-06-11 17:33 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-06-11 17:33 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-06-11 17:33 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-06-11 17:33 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-06-11 17:33 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-06-11 17:32 - 2014-06-13 03:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-06-11 17:24 - 2014-06-13 03:22 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-06-11 17:24 - 2014-06-13 03:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-06-11 17:21 - 2014-06-11 17:21 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-06-11 17:21 - 2014-06-11 17:21 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-06-11 17:21 - 2014-06-11 17:21 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-06-11 17:21 - 2014-06-11 17:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
2014-06-11 17:20 - 2014-06-11 17:20 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2014-06-11 17:10 - 2014-06-11 17:13 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-06-11 16:30 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-06-11 16:30 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-06-11 15:21 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 15:21 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 15:21 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 15:21 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 15:21 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 15:21 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 15:21 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 15:21 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 15:21 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 15:21 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 15:21 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 15:21 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 15:21 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 15:21 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 15:21 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 15:21 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 15:21 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 15:21 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 15:21 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 15:21 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 15:21 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 15:21 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 15:21 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 15:21 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 15:21 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 15:21 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 15:21 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 15:21 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 15:21 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 15:21 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 15:21 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 15:21 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 15:21 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 15:21 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 15:21 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 15:21 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 15:21 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 15:21 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 15:21 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 15:21 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 15:21 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 15:21 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 15:21 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 15:21 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 15:21 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 15:21 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 15:21 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 15:21 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 15:21 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 15:21 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 15:21 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 15:21 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 15:11 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 15:11 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 15:11 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 15:11 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 15:10 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 15:10 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 15:10 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 15:10 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 15:10 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 15:10 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 15:10 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 15:10 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 15:10 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 15:10 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 14:52 - 2014-06-09 12:10 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}w64.sys
2014-06-06 09:31 - 2014-06-06 09:31 - 01917800 _____ () C:\Users\Admin\Downloads\winrar-x64-51b4.exe
2014-06-06 09:17 - 2014-06-06 09:17 - 00495616 _____ (Simon Tatham) C:\Users\Admin\Downloads\putty_0.63.exe
2014-06-05 23:05 - 2014-05-22 18:20 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys
2014-06-05 22:58 - 2014-06-05 22:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-06-05 22:58 - 2014-06-05 22:58 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-06-05 22:54 - 2014-06-05 22:54 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Admin\Downloads\cbSetup.exe
2014-06-05 22:02 - 2014-06-05 22:02 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\dlg
2014-06-05 22:00 - 2014-06-18 08:34 - 00003444 _____ () C:\Windows\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-3.job
2014-06-05 22:00 - 2014-06-18 08:34 - 00002160 _____ () C:\Windows\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-4.job
2014-06-05 22:00 - 2014-06-18 08:34 - 00001392 _____ () C:\Windows\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-5.job
2014-06-05 22:00 - 2014-06-18 08:34 - 00001376 _____ () C:\Windows\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-1.job
2014-06-05 22:00 - 2014-06-18 08:34 - 00000898 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-06-05 22:00 - 2014-06-18 08:33 - 00001310 _____ () C:\Windows\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-2.job
2014-06-05 22:00 - 2014-06-16 20:29 - 00000902 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-06-05 22:00 - 2014-06-16 14:25 - 00003900 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-06-05 22:00 - 2014-06-16 14:24 - 00003646 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-06-05 22:00 - 2014-06-11 14:51 - 00000000 ____D () C:\Program Files (x86)\raving reyven
2014-06-05 22:00 - 2014-06-05 22:00 - 00006474 _____ () C:\Windows\System32\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-3
2014-06-05 22:00 - 2014-06-05 22:00 - 00005190 _____ () C:\Windows\System32\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-4
2014-06-05 22:00 - 2014-06-05 22:00 - 00004422 _____ () C:\Windows\System32\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-5
2014-06-05 22:00 - 2014-06-05 22:00 - 00004406 _____ () C:\Windows\System32\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-1
2014-06-05 22:00 - 2014-06-05 22:00 - 00004340 _____ () C:\Windows\System32\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-2
2014-06-05 22:00 - 2014-06-05 22:00 - 00000000 ____D () C:\Users\Admin\AppData\Local\globalUpdate
2014-06-05 22:00 - 2014-06-05 22:00 - 00000000 ____D () C:\Program Files (x86)\PSHD-9.9
2014-06-05 22:00 - 2014-06-05 22:00 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-06-05 21:59 - 2014-06-16 14:22 - 00000000 ____D () C:\Users\Admin\AppData\Local\SearchProtect
2014-06-05 21:58 - 2014-06-05 21:59 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-06-05 21:57 - 2014-06-05 21:57 - 00467712 _____ () C:\Users\Admin\Downloads\ccleaner.exe
2014-05-25 10:14 - 2014-05-25 10:14 - 00001789 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-25 10:14 - 2014-05-25 10:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-25 10:13 - 2014-05-25 10:14 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-25 10:13 - 2014-05-25 10:14 - 00000000 ____D () C:\Program Files\iTunes
2014-05-25 10:13 - 2014-05-25 10:14 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-25 10:13 - 2014-05-25 10:13 - 00000000 ____D () C:\Program Files\iPod
2014-05-24 15:27 - 2014-05-24 15:27 - 00001967 _____ () C:\Users\Admin\Desktop\Brother MFC-8890DW Printer W-Lan - Verknüpfung.lnk
2014-05-23 00:09 - 2014-05-23 00:09 - 00012499 _____ () C:\Users\Admin\Desktop\23.05.2014 00_15_54.201400_15_54
2014-05-22 13:31 - 2014-05-22 13:31 - 00000000 ____D () C:\Users\Admin\4.0
2014-05-22 13:31 - 2014-05-22 13:31 - 00000000 ____D () C:\Users\Admin\.tfo4
2014-05-21 09:58 - 2006-12-14 13:42 - 00069120 ____R (AVM Berlin) C:\Windows\SysWOW64\avmadd32.dll
2014-05-21 09:58 - 2006-05-29 02:00 - 00016384 ____R (AVM Berlin GmbH) C:\Windows\SysWOW64\avmprmon.dll
2014-05-19 17:06 - 2014-06-13 04:12 - 00000000 ____D () C:\Windows\rescache
2014-05-19 11:18 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-19 11:18 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-19 11:18 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-19 11:18 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-19 11:17 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-19 11:17 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-19 11:17 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-19 11:17 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-19 11:17 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-19 11:17 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-19 11:17 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-19 11:17 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-19 11:17 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-19 11:17 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-19 11:17 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-19 11:17 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-19 11:17 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-19 11:17 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-19 11:17 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-19 11:17 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-19 11:17 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-19 11:17 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-19 11:17 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-19 11:17 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-19 11:17 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-19 11:17 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-19 11:17 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-19 11:17 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-19 11:17 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-19 11:17 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-19 11:17 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-19 11:17 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-19 11:17 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-19 11:17 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-19 11:17 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-19 11:17 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-19 11:17 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-19 11:17 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-19 11:17 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-19 11:17 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-19 11:17 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-19 11:17 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-19 11:17 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-19 11:17 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-19 11:17 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

==================== One Month Modified Files and Folders =======

2014-06-18 08:59 - 2014-06-18 08:58 - 00032539 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-06-18 08:59 - 2010-12-10 10:55 - 00000000 ____D () C:\Users\Admin\AppData\Local\Temp
2014-06-18 08:58 - 2014-06-18 08:58 - 00000000 ____D () C:\FRST
2014-06-18 08:56 - 2014-06-18 08:56 - 02081280 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-06-18 08:44 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-18 08:44 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-18 08:42 - 2010-12-10 19:38 - 01655401 _____ () C:\Windows\WindowsUpdate.log
2014-06-18 08:39 - 2010-12-11 16:35 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Dropbox
2014-06-18 08:38 - 2010-12-12 16:33 - 00000000 ___RD () C:\Users\Admin\Documents\My Dropbox
2014-06-18 08:37 - 2013-12-02 13:54 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Spotify
2014-06-18 08:36 - 2014-02-11 13:44 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DropboxMaster
2014-06-18 08:34 - 2014-06-16 14:26 - 00001588 _____ () C:\Windows\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-1.job
2014-06-18 08:34 - 2014-06-16 14:26 - 00001498 _____ () C:\Windows\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-5.job
2014-06-18 08:34 - 2014-06-16 14:25 - 00003810 _____ () C:\Windows\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-11.job
2014-06-18 08:34 - 2014-06-16 14:25 - 00002270 _____ () C:\Windows\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-4.job
2014-06-18 08:34 - 2014-06-16 14:24 - 00003128 _____ () C:\Windows\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-3.job
2014-06-18 08:34 - 2014-06-16 14:24 - 00000394 _____ () C:\Windows\Tasks\Re-markit Update.job
2014-06-18 08:34 - 2014-06-05 22:00 - 00003444 _____ () C:\Windows\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-3.job
2014-06-18 08:34 - 2014-06-05 22:00 - 00002160 _____ () C:\Windows\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-4.job
2014-06-18 08:34 - 2014-06-05 22:00 - 00001392 _____ () C:\Windows\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-5.job
2014-06-18 08:34 - 2014-06-05 22:00 - 00001376 _____ () C:\Windows\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-1.job
2014-06-18 08:34 - 2014-06-05 22:00 - 00000898 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-06-18 08:34 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini
2014-06-18 08:33 - 2014-06-16 14:26 - 00001420 _____ () C:\Windows\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-2.job
2014-06-18 08:33 - 2014-06-16 14:24 - 00000380 _____ () C:\Windows\Tasks\Re-markit_wd.job
2014-06-18 08:33 - 2014-06-05 22:00 - 00001310 _____ () C:\Windows\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-2.job
2014-06-18 08:33 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-18 08:32 - 2014-01-05 02:00 - 00006772 _____ () C:\Windows\setupact.log
2014-06-17 13:00 - 2014-06-11 18:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-17 11:24 - 2010-04-26 15:06 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-06-17 11:24 - 2010-04-26 15:06 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-06-17 11:24 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-17 11:00 - 2011-03-18 16:08 - 00000000 _____ () C:\Users\Admin\Documents\Nuance Image Printer Writer Port
2014-06-17 10:49 - 2013-07-01 17:17 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0
2014-06-17 10:28 - 2014-02-13 18:12 - 00214724 _____ () C:\Windows\PFRO.log
2014-06-16 22:38 - 2014-06-16 22:38 - 00000000 ____D () C:\Users\Admin\AppData\Local\com
2014-06-16 20:29 - 2014-06-05 22:00 - 00000902 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-06-16 14:26 - 2014-06-16 14:26 - 00004618 _____ () C:\Windows\System32\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-1
2014-06-16 14:26 - 2014-06-16 14:26 - 00004528 _____ () C:\Windows\System32\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-5
2014-06-16 14:26 - 2014-06-16 14:26 - 00004450 _____ () C:\Windows\System32\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-2
2014-06-16 14:26 - 2014-06-16 14:25 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-06-16 14:26 - 2014-06-16 14:25 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-06-16 14:26 - 2014-06-16 14:24 - 00000000 ____D () C:\Program Files (x86)\Mediaa_Play_AIR_1.4
2014-06-16 14:25 - 2014-06-16 14:25 - 00006840 _____ () C:\Windows\System32\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-11
2014-06-16 14:25 - 2014-06-16 14:25 - 00005300 _____ () C:\Windows\System32\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-4
2014-06-16 14:25 - 2014-06-16 14:25 - 00001123 _____ () C:\Users\Public\Desktop\NewPlayer.lnk
2014-06-16 14:25 - 2014-06-16 14:25 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\SupTab
2014-06-16 14:25 - 2014-06-16 14:25 - 00000000 ____D () C:\Users\Admin\AppData\Local\newplayer
2014-06-16 14:25 - 2014-06-16 14:25 - 00000000 ____D () C:\ProgramData\WindowsProtectManger
2014-06-16 14:25 - 2014-06-16 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
2014-06-16 14:25 - 2014-06-16 14:24 - 00000000 ____D () C:\Program Files (x86)\NewPlayer
2014-06-16 14:25 - 2014-06-05 22:00 - 00003900 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-06-16 14:25 - 2013-10-13 08:23 - 00000000 ____D () C:\ProgramData\Sonos,_Inc
2014-06-16 14:25 - 2013-01-18 11:54 - 00001309 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-16 14:24 - 2014-06-16 14:24 - 00006158 _____ () C:\Windows\System32\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-3
2014-06-16 14:24 - 2014-06-16 14:24 - 00003042 _____ () C:\Windows\System32\Tasks\Re-markit Update
2014-06-16 14:24 - 2014-06-16 14:24 - 00002968 _____ () C:\Windows\System32\Tasks\Re-markit_wd
2014-06-16 14:24 - 2014-06-16 14:24 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-06-16 14:24 - 2014-06-16 14:24 - 00000000 ____D () C:\Program Files (x86)\Re_Markable
2014-06-16 14:24 - 2014-06-05 22:00 - 00003646 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-06-16 14:24 - 2012-08-07 20:14 - 00001321 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-16 14:24 - 2010-12-10 11:02 - 00001671 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-16 14:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-06-16 14:22 - 2014-06-16 14:22 - 00003144 _____ () C:\Windows\System32\Tasks\{F443843E-E412-4892-8FC7-6576B1353BE5}
2014-06-16 14:22 - 2014-06-16 14:22 - 00000000 _____ () C:\END
2014-06-16 14:22 - 2014-06-05 21:59 - 00000000 ____D () C:\Users\Admin\AppData\Local\SearchProtect
2014-06-16 14:20 - 2014-06-16 14:20 - 01245608 _____ () C:\Users\Admin\Downloads\Player_Setup.exe
2014-06-13 16:27 - 2011-08-09 20:04 - 00000000 ____D () C:\Users\Public\Documents\BrFaxRx
2014-06-13 16:17 - 2011-03-02 18:39 - 00000000 ____D () C:\Users\Admin\Documents\00000-Eigene PaperPort-Dokumente
2014-06-13 16:08 - 2011-07-27 14:22 - 00000000 ____D () C:\Users\Admin\Documents\BETREUUNG AKTUELL
2014-06-13 12:29 - 2012-12-01 01:21 - 00000100 _____ () C:\Windows\Brfaxrx.ini
2014-06-13 04:12 - 2014-05-19 17:06 - 00000000 ____D () C:\Windows\rescache
2014-06-13 03:22 - 2014-06-11 17:24 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-06-13 03:22 - 2014-06-11 17:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-06-13 03:22 - 2012-08-07 20:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-13 03:03 - 2014-06-11 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-06-13 03:03 - 2010-12-23 11:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 18:33 - 2014-06-12 18:33 - 00000000 ____D () C:\Users\Admin\Desktop\Anton
2014-06-12 18:27 - 2014-06-12 18:27 - 00000256 _____ () C:\Users\Admin\Desktop\Frankenkletterertelefonliste.pdf - Dropbox.URL
2014-06-12 10:51 - 2014-06-12 10:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-12 10:34 - 2014-06-12 10:34 - 00002032 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-06-12 10:34 - 2014-06-12 10:34 - 00002020 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-06-12 10:34 - 2014-06-12 10:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-12 10:34 - 2014-06-11 17:59 - 00000798 _____ () C:\Windows\SecuniaPackage.log
2014-06-11 18:01 - 2014-06-11 18:01 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-11 18:01 - 2014-06-11 18:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-11 18:01 - 2014-06-11 18:01 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-11 17:41 - 2013-08-14 23:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 17:36 - 2010-12-10 15:19 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 17:21 - 2014-06-11 17:21 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-06-11 17:21 - 2014-06-11 17:21 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-06-11 17:21 - 2014-06-11 17:21 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-06-11 17:21 - 2014-06-11 17:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
2014-06-11 17:21 - 2011-03-21 15:09 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-06-11 17:21 - 2011-03-21 15:07 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-06-11 17:20 - 2014-06-11 17:20 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2014-06-11 17:13 - 2014-06-11 17:10 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-06-11 16:43 - 2012-09-18 15:07 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Thunderbird
2014-06-11 14:51 - 2014-06-05 22:00 - 00000000 ____D () C:\Program Files (x86)\raving reyven
2014-06-11 14:45 - 2010-12-12 16:28 - 00000000 ____D () C:\Program Files\WinRAR
2014-06-09 12:10 - 2014-06-11 14:52 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}w64.sys
2014-06-06 09:32 - 2010-12-12 16:28 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-06 09:32 - 2010-12-12 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-06 09:31 - 2014-06-06 09:31 - 01917800 _____ () C:\Users\Admin\Downloads\winrar-x64-51b4.exe
2014-06-06 09:17 - 2014-06-06 09:17 - 00495616 _____ (Simon Tatham) C:\Users\Admin\Downloads\putty_0.63.exe
2014-06-06 08:25 - 2010-12-11 16:58 - 00000000 ____D () C:\at work
2014-06-06 00:05 - 2010-12-12 19:32 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 10
2014-06-05 22:58 - 2014-06-05 22:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-06-05 22:58 - 2014-06-05 22:58 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-06-05 22:54 - 2014-06-05 22:54 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Admin\Downloads\cbSetup.exe
2014-06-05 22:07 - 2012-02-22 00:06 - 00007607 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2014-06-05 22:02 - 2014-06-05 22:02 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\dlg
2014-06-05 22:01 - 2012-08-10 19:28 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-05 22:01 - 2012-08-10 19:28 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-05 22:00 - 2014-06-05 22:00 - 00006474 _____ () C:\Windows\System32\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-3
2014-06-05 22:00 - 2014-06-05 22:00 - 00005190 _____ () C:\Windows\System32\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-4
2014-06-05 22:00 - 2014-06-05 22:00 - 00004422 _____ () C:\Windows\System32\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-5
2014-06-05 22:00 - 2014-06-05 22:00 - 00004406 _____ () C:\Windows\System32\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-1
2014-06-05 22:00 - 2014-06-05 22:00 - 00004340 _____ () C:\Windows\System32\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-2
2014-06-05 22:00 - 2014-06-05 22:00 - 00000000 ____D () C:\Users\Admin\AppData\Local\globalUpdate
2014-06-05 22:00 - 2014-06-05 22:00 - 00000000 ____D () C:\Program Files (x86)\PSHD-9.9
2014-06-05 22:00 - 2014-06-05 22:00 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-06-05 21:59 - 2014-06-05 21:58 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-06-05 21:57 - 2014-06-05 21:57 - 00467712 _____ () C:\Users\Admin\Downloads\ccleaner.exe
2014-06-05 21:45 - 2014-02-06 10:52 - 00000000 ____D () C:\Users\Admin\GMX MediaCenter
2014-06-05 13:37 - 2011-03-01 15:24 - 00000483 _____ () C:\Windows\BRWMARK.INI
2014-05-30 12:21 - 2014-06-11 15:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-11 15:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-11 15:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-11 15:21 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-11 15:21 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-11 15:21 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-11 15:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-11 15:21 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-11 15:21 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-11 15:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-11 15:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-11 15:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-11 15:21 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-11 15:21 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-11 15:21 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-11 15:21 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-11 15:21 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-11 15:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-11 15:21 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-11 15:21 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-11 15:21 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-11 15:21 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-11 15:21 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-11 15:21 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-11 15:21 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-11 15:21 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-11 15:21 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-11 15:21 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-11 15:21 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-11 15:21 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-11 15:21 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-11 15:21 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-11 15:21 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-11 15:21 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-11 15:21 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-11 15:21 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-11 15:21 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-11 15:21 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-11 15:21 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-11 15:21 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-11 15:21 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-11 15:21 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-11 15:21 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-11 15:21 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-11 15:21 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-11 15:21 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-11 15:21 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-11 15:21 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-11 15:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-11 15:21 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-11 15:21 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-11 15:21 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-28 17:22 - 2010-12-11 16:36 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-28 17:22 - 2010-12-10 10:55 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup
2014-05-25 17:25 - 2011-04-24 21:42 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2014-05-25 10:14 - 2014-05-25 10:14 - 00001789 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-25 10:14 - 2014-05-25 10:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-25 10:14 - 2014-05-25 10:13 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-25 10:14 - 2014-05-25 10:13 - 00000000 ____D () C:\Program Files\iTunes
2014-05-25 10:14 - 2014-05-25 10:13 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-25 10:13 - 2014-05-25 10:13 - 00000000 ____D () C:\Program Files\iPod
2014-05-24 15:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-24 15:27 - 2014-05-24 15:27 - 00001967 _____ () C:\Users\Admin\Desktop\Brother MFC-8890DW Printer W-Lan - Verknüpfung.lnk
2014-05-23 09:44 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-05-23 00:09 - 2014-05-23 00:09 - 00012499 _____ () C:\Users\Admin\Desktop\23.05.2014 00_15_54.201400_15_54
2014-05-22 18:20 - 2014-06-05 23:05 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys
2014-05-22 13:31 - 2014-05-22 13:31 - 00000000 ____D () C:\Users\Admin\4.0
2014-05-22 13:31 - 2014-05-22 13:31 - 00000000 ____D () C:\Users\Admin\.tfo4
2014-05-22 13:31 - 2010-12-10 10:55 - 00000000 ____D () C:\Users\Admin
2014-05-21 13:03 - 2013-10-13 08:24 - 00001953 _____ () C:\Users\Public\Desktop\Sonos.lnk
2014-05-21 13:03 - 2013-10-13 08:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonos
2014-05-21 13:03 - 2013-10-13 08:24 - 00000000 ____D () C:\Program Files (x86)\Sonos
2014-05-21 13:03 - 2013-09-26 07:40 - 00000000 ____D () C:\Users\Admin\AppData\Local\Downloaded Installations
2014-05-21 13:01 - 2013-10-13 08:23 - 00000000 ____D () C:\Users\Admin\Sonos
2014-05-21 09:58 - 2014-05-18 19:09 - 00002543 _____ () C:\Windows\avmadd321.log
2014-05-21 09:58 - 2014-05-18 19:09 - 00000000 ____D () C:\Program Files (x86)\FRITZ!BoxPrint
2014-05-21 09:58 - 2014-05-18 18:51 - 00002899 _____ () C:\Windows\avmadd32.log
2014-05-21 09:58 - 2014-05-18 18:51 - 00000000 ____D () C:\Program Files (x86)\FRITZ!Box
2014-05-21 08:57 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-19 12:30 - 2010-12-10 11:02 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-19 12:29 - 2012-08-11 15:47 - 00000680 __RSH () C:\Users\Admin\ntuser.pol
2014-05-19 12:22 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-19 12:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-19 11:45 - 2011-10-05 23:17 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

Files to move or delete:
====================
C:\Users\Admin\Sony_PC_Companion_2.10.165_Web.exe


Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpztdd4w.dll
C:\Users\Admin\AppData\Local\Temp\FileSystemView.dll
C:\Users\Admin\AppData\Local\Temp\lly_webssearches.exe
C:\Users\Admin\AppData\Local\Temp\media.exe
C:\Users\Admin\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
C:\Users\Admin\AppData\Local\Temp\newvideoplayersetup.exe
C:\Users\Admin\AppData\Local\Temp\nsf495D.exe
C:\Users\Admin\AppData\Local\Temp\nsk4E5D.exe
C:\Users\Admin\AppData\Local\Temp\nspABBC.exe
C:\Users\Admin\AppData\Local\Temp\nsvA797.exe
C:\Users\Admin\AppData\Local\Temp\re-markable_2040-2083.exe
C:\Users\Admin\AppData\Local\Temp\spidentifierimpl.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-11 15:40

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 18.06.2014, 08:20   #4
Line-LAP
 
raving reyvens - ständige Werbung und Umleitung auf Werbeseiten. Bei neuem Öffnen eines Tabs lande ich auf websearcher - Standard

raving reyvens - ständige Werbung und Umleitung auf Werbeseiten. Bei neuem Öffnen eines Tabs lande ich auf websearcher



Fortsetzung:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-06-2014
Ran by Admin at 2014-06-18 09:00:08
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Flash Player 14 Plugin (HKLM-x32\...\{C4B32291-F7B2-4BEC-BA4D-4195676A08CC}) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
AIS Connect (HKLM-x32\...\AIS Connect) (Version: 1.1.1.6 - Fujitsu Technology Solutions GmbH)
AIS Connect (x32 Version: 1.1.1.6 - Fujitsu Technology Solutions GmbH) Hidden
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{5347542D-5637-006A-76A7-A758B70C0A06}) (Version: 12.10.6.5030 - APN, LLC) <==== ATTENTION
Avery Wizard 4.0 (HKLM-x32\...\{F5D84887-8A6F-4993-8560-B3AA44CB620D}) (Version: 4.0.201 - Avery)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
BdB at work 2013 (HKLM-x32\...\BdB_at_Work_2005_is1) (Version: 2013 - LOGO Datensysteme GmbH)
BdB at work mobile Server (HKLM-x32\...\atwork_mobile_server_is1) (Version: 2013 - LOGO Datensysteme GmbH)
Bluetooth Feature Pack 5.0 (HKLM\...\{B2F4C332-2359-4ADE-AF0C-C631768BBB89}) (Version: 5.0.14 - CSR Plc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-8890DW (HKLM-x32\...\{004B8D14-7E3A-490A-ABB3-753535E169E3}) (Version: 1.0.6.0 - Brother Industries, Ltd.)
Canon MF Toolbox 4.9.1.1.mf11 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf11 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Colours Setup (HKLM-x32\...\Colours Setup) (Version:  - )
CrazyWords (HKLM-x32\...\CrazyWords) (Version:  - )
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.1908.7636 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.1908.7636 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version:  - Microsoft)
Deutsche Post E-Porto (HKLM-x32\...\{A51F5414-4A2B-45A0-8EF2-B4D29CFBCAE7}) (Version: 2.3.0 - Deutsche Post AG)
Doppelkopf XXL (HKCU\...\Doppelkopf XXL) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
ElsterFormular-Upgrade (HKLM-x32\...\ElsterFormular für Unternehmer 12.1.0.6164u) (Version: 14.4.12044 - Landesfinanzdirektion Thüringen)
Evernote v. 5.1.2 (HKLM-x32\...\{12FB6296-8840-11E3-86D7-00163E98E7D0}) (Version: 5.1.2.2387 - Evernote Corp.)
EZ Vinyl/Tape Converter 7.4 by MixMeister (HKLM-x32\...\EZ Vinyl/Tape Converter by MixMeister_is1) (Version:  - MixMeister Technology LLC)
Fujitsu Display Manager (HKLM-x32\...\InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}) (Version:  - )
Fujitsu Display Manager (Version: 7.01.00.210 - FUJITSU LIMITED) Hidden
Fujitsu Hotkey Utility (HKLM-x32\...\InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}) (Version: 3.60.1.0 - FUJITSU LIMITED)
Fujitsu Hotkey Utility (x32 Version: 3.60.1.0 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version:  - )
Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.000 - Ihr Firmenname) Hidden
Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version:  - )
Fujitsu System Extension Utility (Version: 3.1.1.0 - FUJITSU LIMITED) Hidden
Garmin City Navigator Europe NT 2011.40 Update (HKLM-x32\...\{2A87B210-5672-421E-AD15-B8DF44D78691}) (Version: 14.40.0.0 - Garmin Ltd or its subsidiaries)
GMX MediaCenter 1.6.2863.0 (HKCU\...\GMX Application {sync-000021}) (Version: 1.6.2863.0 - 1&1 Mail & Media GmbH)
GMX ProfiFax (HKLM-x32\...\GMX ProfiFax) (Version: 2.00.222 - GMX GmbH)
Google Update Helper (x32 Version: 1.3.25.0 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{D1D4D7EA-62B8-4665-9FF7-02A91B925CC9}) (Version: 1.0.18.74 - Google)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2025 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{1CF5754A-545B-4360-BFDE-2847BC728DFC}) (Version: 11.2.0.115 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
KeePass Password Safe 1.20 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.20 - Dominik Reichl)
LifeBook Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version:  - )
LifeBook Application Panel (Version: 8.1.0.0 - FUJITSU LIMITED) Hidden
LightsOn Setup (HKLM-x32\...\LightsOn Setup) (Version:  - )
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Media Go (HKLM-x32\...\{B55B7EAE-C58C-496E-A383-3A6ABDD83A62}) (Version: 2.5.290 - Sony)
Media Go Video Playback Engine 1.120.104.05010 (HKLM-x32\...\{8227BCD8-AA43-B935-7134-2732A298364A}) (Version: 1.120.104.05010 - Sony)
Mediaa_Play_AIR_1.4 (HKLM-x32\...\Mediaa_Play_AIR_1.4) (Version: 1.34.6.10 - enter) <==== ATTENTION
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden
Mindjet MindManager 2012 (HKLM-x32\...\{2005E0A6-ED25-4B8A-801C-F3A0B846A317}) (Version: 10.0.445 - Mindjet)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NewPlayer (HKLM-x32\...\NewPlayer) (Version: v2.1.1.9 - ) <==== ATTENTION
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
pdfforge Toolbar v4.4 (HKLM-x32\...\{BCB52F35-4C56-49F2-A3D6-FDED54B01847}) (Version: 4.4 - Spigot, Inc.) <==== ATTENTION
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.16.2.15545 - Sony Computer Entertainment Inc.)
Power Saving Utility (HKLM-x32\...\InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}) (Version:  - )
Power Saving Utility (Version: 31.01.11.013 - FUJITSU LIMITED) Hidden
PSHD-9.9 (HKLM-x32\...\PSHD-9.9) (Version: 1.34.5.29 - PlusVHD)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
raving reyven (HKLM\...\raving reyven) (Version: 2014.06.05.170104 - raving reyven)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30087 - Realtek Semiconductor Corp.)
Re-markit (HKLM-x32\...\28184F48-644B-A6E5-4B16-B684F94B3847) (Version:  - Re-markit-software) <==== ATTENTION
Sandboxie 3.72 (64-bit) (HKLM\...\Sandboxie) (Version: 3.72 - SANDBOXIE L.T.D)
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.13.3.38 - Client Connect LTD) <==== ATTENTION
Secunia PSI (3.0.0.3001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.3001 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 26.1.77080 - Sonos, Inc.)
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.10.201308300830 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.174 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.174 - Sony)
Spotify (HKCU\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
StarMoney (x32 Version: 2.0 - StarFinanz) Hidden
StarMoney (x32 Version: 3.0.0.124 - StarFinanz) Hidden
StarMoney (x32 Version: 4.0.0.203 - StarFinanz) Hidden
StarMoney 8.0 S-Edition (HKLM-x32\...\{FDB0ACA2-EB23-413A-BDED-2A238E31F61F}) (Version: 8.0 - Star Finanz GmbH)
StarMoney 9.0  (HKLM-x32\...\{8B8F4B63-6252-40BD-BD3F-477C0EB3EB8C}) (Version: 9.0 - Star Finanz GmbH)
sv.net (HKLM-x32\...\sv.net) (Version: 13.1 - ITSG GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated)
SystemDiagnostics (HKLM-x32\...\{EF59DB7F-7426-426E-B862-7031F83ED304}) (Version: 2.04.0006 - Fujitsu Technology Solutions)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
webssearches uninstaller (HKLM-x32\...\webssearches uninstaller) (Version:  - webssearches) <==== ATTENTION
WindowsProtectManger20.0.0.401 (HKLM-x32\...\WindowsProtectManger) (Version: 20.0.0.401 - Fuyu LIMITED) <==== ATTENTION
WinRAR 5.10 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
Wireless Selector (HKLM-x32\...\InstallShield_{51692C66-5505-41B8-92A7-548C69FB867C}) (Version:  - )
Wireless Selector (Version: 4.01.00.101 - FUJITSU LIMITED) Hidden
YTD Video Downloader 4.3 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.3 - GreenTree Applications SRL)

==================== Restore Points  =========================

16-06-2014 07:49:12 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1B1D67AB-510C-41F9-B536-680E1CF37E1B} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-06-16] (globalUpdate) <==== ATTENTION
Task: {1D1CB4EE-4E42-436C-A7C6-65AAEBC6B0C9} - System32\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-5 => C:\Program Files (x86)\PSHD-9.9\c0d67ced-ec8f-4468-962c-cb6d65463e12-5.exe [2014-06-05] (PlusVHD)
Task: {296D1126-A702-49D5-B7BB-313CF8B8BDB3} - System32\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-2 => C:\Program Files (x86)\PSHD-9.9\c0d67ced-ec8f-4468-962c-cb6d65463e12-2.exe [2014-06-05] (PlusVHD)
Task: {2E25E64E-FF16-4FA6-8DA5-B29B63EB0AE9} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-06-16] (globalUpdate) <==== ATTENTION
Task: {314660B2-777B-4154-B36B-55E18931DB50} - System32\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-2 => C:\Program Files (x86)\Mediaa_Play_AIR_1.4\108029eb-c499-4b8b-ab5a-f4be652635de-2.exe [2014-06-16] (enter) <==== ATTENTION
Task: {3E7FC18D-59EC-40AA-AAD2-81309DA3DCE6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-11] (Adobe Systems Incorporated)
Task: {52BB24DF-DC2A-49FC-8287-95CB30807EA1} - System32\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-4 => C:\Program Files (x86)\PSHD-9.9\c0d67ced-ec8f-4468-962c-cb6d65463e12-4.exe [2014-06-05] (PlusVHD)
Task: {57D3620E-3DE1-4C7B-975A-0FE5C1DF594C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5C28D529-526F-4107-AB5A-75B18561C50C} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {66EFA195-68D4-44EB-A30A-4E94F4A90969} - System32\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-3 => C:\Program Files (x86)\PSHD-9.9\c0d67ced-ec8f-4468-962c-cb6d65463e12-3.exe [2014-06-05] (PlusVHD)
Task: {696824F6-3CA9-43E9-8899-2EE1D26C9487} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {708F11F2-3614-448C-B2DD-3920E5B70BF7} - System32\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-1 => C:\Program Files (x86)\PSHD-9.9\PSHD-9.9-codedownloader.exe [2014-06-05] (PlusVHD)
Task: {76613EB2-0993-438B-A4F2-0F139BEF382F} - System32\Tasks\{EBB0B57B-5E8D-48A9-8F21-07029A57302F} => C:\Program Files (x86)\StarMoney 7.0\app\StartStarMoney.exe
Task: {7EF1D002-C313-4687-902F-72C4298C2C6E} - System32\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-4 => C:\Program Files (x86)\Mediaa_Play_AIR_1.4\108029eb-c499-4b8b-ab5a-f4be652635de-4.exe [2014-06-16] (enter) <==== ATTENTION
Task: {8AA10842-F3B4-49B3-8716-C219D90F92BE} - System32\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-5 => C:\Program Files (x86)\Mediaa_Play_AIR_1.4\108029eb-c499-4b8b-ab5a-f4be652635de-5.exe [2014-06-16] (enter) <==== ATTENTION
Task: {8BE6DC57-A594-4F24-9730-00DEF66E9212} - System32\Tasks\Re-markit_wd => C:\Program Files (x86)\Re_Markable\Re_Markabletc.exe [2014-06-16] ()
Task: {933622F8-E558-42ED-9C90-238D59EB1EE8} - System32\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-3 => C:\Program Files (x86)\Mediaa_Play_AIR_1.4\108029eb-c499-4b8b-ab5a-f4be652635de-3.exe [2014-06-16] (enter) <==== ATTENTION
Task: {A5EE3613-3B0F-4317-8102-FBC1614BB58E} - System32\Tasks\{F3FFC8B2-C2B6-4DB2-A4E8-8BCB1CE1E627} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.)
Task: {B1B221C2-DB1A-40C0-90F8-76DB8484C444} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {BAAA4E5B-98C3-4338-8018-5D440FCDBBEA} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {C0386090-8A57-44A8-80B1-40C8388E0832} - System32\Tasks\{A6252999-127D-4ECF-95F6-898EE93F49BC} => D:\PROGRAMME\STAR\smoney_m_18_0_3_.exe
Task: {C61107EE-C946-4ABE-AA19-AFECF31CF241} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {C6A013C7-33F3-44DB-A9AA-B0BD900FC21B} - System32\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-11 => C:\Program Files (x86)\Mediaa_Play_AIR_1.4\108029eb-c499-4b8b-ab5a-f4be652635de-11.exe [2014-06-16] (enter) <==== ATTENTION
Task: {CD987DCF-36FD-468D-ACCB-D158D9E9454D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {DD878446-AF1C-4F78-ADA4-7681346F9D84} - System32\Tasks\{F382690A-F6E3-4207-BC32-BF333FA28AFA} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/abandoninstall?source=lightinstaller&amp;page=tsMain
Task: {E80FD2C7-2E1A-489B-86F9-E9126F4BE7D6} - System32\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-1 => C:\Program Files (x86)\Mediaa_Play_AIR_1.4\Mediaa_Play_AIR_1.4-codedownloader.exe [2014-06-16] (enter) <==== ATTENTION
Task: {F0420892-B8F1-41B5-B293-C2497533B4C7} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {FC4A4906-5360-43DC-A61F-8474A0C34761} - System32\Tasks\{FC3080D7-86E8-4D13-8C5B-A2B49BACB874} => C:\Program Files (x86)\StarMoney 7.0\app\StartStarMoney.exe
Task: {FDC4A9D4-8084-4C95-99B5-6264131E0202} - System32\Tasks\Re-markit Update => C:\Program Files (x86)\Re_Markable\Re-markitX78.exe [2014-06-16] () <==== ATTENTION
Task: C:\Windows\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-1.job => C:\Program Files (x86)\Mediaa_Play_AIR_1.4\Mediaa_Play_AIR_1.4-codedownloader.exe
Task: C:\Windows\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-11.job => C:\Program Files (x86)\Mediaa_Play_AIR_1.4\108029eb-c499-4b8b-ab5a-f4be652635de-11.exe
Task: C:\Windows\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-2.job => C:\Program Files (x86)\Mediaa_Play_AIR_1.4\108029eb-c499-4b8b-ab5a-f4be652635de-2.exe
Task: C:\Windows\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-3.job => C:\Program Files (x86)\Mediaa_Play_AIR_1.4\108029eb-c499-4b8b-ab5a-f4be652635de-3.exe
Task: C:\Windows\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-4.job => C:\Program Files (x86)\Mediaa_Play_AIR_1.4\108029eb-c499-4b8b-ab5a-f4be652635de-4.exe
Task: C:\Windows\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-5.job => C:\Program Files (x86)\Mediaa_Play_AIR_1.4\108029eb-c499-4b8b-ab5a-f4be652635de-5.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-1.job => C:\Program Files (x86)\PSHD-9.9\PSHD-9.9-codedownloader.exe
Task: C:\Windows\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-2.job => C:\Program Files (x86)\PSHD-9.9\c0d67ced-ec8f-4468-962c-cb6d65463e12-2.exe
Task: C:\Windows\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-3.job => C:\Program Files (x86)\PSHD-9.9\c0d67ced-ec8f-4468-962c-cb6d65463e12-3.exe
Task: C:\Windows\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-4.job => C:\Program Files (x86)\PSHD-9.9\c0d67ced-ec8f-4468-962c-cb6d65463e12-4.exe
Task: C:\Windows\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-5.job => C:\Program Files (x86)\PSHD-9.9\c0d67ced-ec8f-4468-962c-cb6d65463e12-5.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\Re-markit Update.job => C:\Program Files (x86)\Re_Markable\Re-markitX78.exe <==== ATTENTION
Task: C:\Windows\Tasks\Re-markit_wd.job => C:\Program Files (x86)\Re_Markable\Re_Markabletc.exe

==================== Loaded Modules (whitelisted) =============

2008-10-24 17:35 - 2008-10-24 17:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2014-05-05 14:07 - 2014-05-05 14:07 - 00011776 _____ () C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe
2014-06-16 14:24 - 2014-06-16 14:24 - 00178176 _____ () C:\Program Files (x86)\Re_Markable\Re-markitfA173.exe
2011-03-02 17:43 - 2005-04-22 14:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2014-06-05 19:02 - 2014-06-17 10:39 - 00318248 _____ () C:\Program Files (x86)\raving reyven\updateravingreyven.exe
2014-06-05 23:04 - 2014-06-17 10:35 - 00318248 _____ () C:\Program Files (x86)\raving reyven\bin\utilravingreyven.exe
2009-07-21 20:31 - 2009-07-21 20:31 - 00062312 _____ () C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe
2014-06-05 23:05 - 2014-06-09 12:10 - 00287016 _____ () C:\Program Files (x86)\raving reyven\bin\ravingreyven.PurBrowse64.exe
2014-06-16 14:24 - 2014-06-16 14:24 - 00100864 _____ () C:\Program Files (x86)\Re_Markable\Re_Markabletc.exe
2014-06-11 14:51 - 2014-06-17 02:15 - 00096552 _____ () C:\Program Files (x86)\raving reyven\bin\ravingreyven.BrowserAdapter.exe
2014-02-06 10:52 - 2014-02-26 12:57 - 00050688 _____ () C:\Users\Admin\AppData\Local\GMX Application {sync-000021}\CoreBranding.dll
2014-04-02 16:58 - 2014-02-26 12:57 - 00102912 _____ () C:\Users\Admin\AppData\Local\GMX Application {sync-000021}\ConfigWizard.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-16 14:24 - 2014-06-16 14:24 - 00172544 _____ () C:\Program Files (x86)\Re_Markable\Re-markitfA173.dll
2013-02-15 10:09 - 2011-01-13 10:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\PATCHW32.dll
2014-02-07 11:48 - 2011-01-13 10:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 9.0\ouservice\PATCHW32.dll
2014-06-18 08:36 - 2014-06-18 08:36 - 00043008 _____ () c:\users\admin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpztdd4w.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\libcef.dll
2014-01-22 14:29 - 2014-01-22 14:29 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-01-22 14:29 - 2014-01-22 14:29 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2011-09-14 13:02 - 2011-09-14 13:02 - 00150856 _____ () C:\Program Files (x86)\Mindjet\MindManager 10\zlib.dll
2014-06-12 10:50 - 2014-06-12 10:50 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-06-11 14:51 - 2014-06-17 02:15 - 00183592 _____ () C:\Program Files (x86)\raving reyven\bin\ravingreyvenBAApp.dll
2012-12-01 01:21 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-06-11 18:01 - 2014-06-11 18:01 - 17024688 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:0B4227B4

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Microsoft-ISATAP-Adapter
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft-ISATAP-Adapter #2
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft-ISATAP-Adapter #3
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft-ISATAP-Adapter #4
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/17/2014 01:38:16 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMW BrtWDLMW: [2014/06/17 13:38:16.570]: [00003792]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/17/2014 01:38:15 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMW BrtWDLMW: [2014/06/17 13:38:15.025]: [00003792]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/17/2014 01:38:13 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMW BrtWDLMW: [2014/06/17 13:38:13.481]: [00003792]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/17/2014 01:38:11 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMW BrtWDLMW: [2014/06/17 13:38:11.936]: [00003792]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/17/2014 01:38:10 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMW BrtWDLMW: [2014/06/17 13:38:10.392]: [00003792]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/17/2014 01:38:08 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMW BrtWDLMW: [2014/06/17 13:38:08.848]: [00003792]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/17/2014 01:38:07 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMW BrtWDLMW: [2014/06/17 13:38:07.303]: [00003792]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/17/2014 01:38:05 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMW BrtWDLMW: [2014/06/17 13:38:05.759]: [00003792]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/17/2014 01:38:04 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMW BrtWDLMW: [2014/06/17 13:38:04.214]: [00003792]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/17/2014 01:38:02 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMW BrtWDLMW: [2014/06/17 13:38:02.670]: [00003792]: lperrcode->api = 1 , lperrcode->code = 2


System errors:
=============
Error: (06/18/2014 08:34:32 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (06/18/2014 08:34:23 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (06/17/2014 10:34:44 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst IPBusEnum erreicht.

Error: (06/17/2014 10:32:27 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (06/17/2014 10:32:19 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (06/16/2014 02:26:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Search Protect Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/16/2014 09:30:45 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (06/16/2014 09:30:23 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (06/13/2014 05:41:04 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR22 gefunden.

Error: (06/13/2014 05:31:54 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.


Microsoft Office Sessions:
=========================
Error: (06/17/2014 01:38:16 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMWBrtWDLMW: [2014/06/17 13:38:16.570]: [00003792]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/17/2014 01:38:15 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMWBrtWDLMW: [2014/06/17 13:38:15.025]: [00003792]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/17/2014 01:38:13 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMWBrtWDLMW: [2014/06/17 13:38:13.481]: [00003792]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/17/2014 01:38:11 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMWBrtWDLMW: [2014/06/17 13:38:11.936]: [00003792]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/17/2014 01:38:10 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMWBrtWDLMW: [2014/06/17 13:38:10.392]: [00003792]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/17/2014 01:38:08 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMWBrtWDLMW: [2014/06/17 13:38:08.848]: [00003792]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/17/2014 01:38:07 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMWBrtWDLMW: [2014/06/17 13:38:07.303]: [00003792]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/17/2014 01:38:05 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMWBrtWDLMW: [2014/06/17 13:38:05.759]: [00003792]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/17/2014 01:38:04 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMWBrtWDLMW: [2014/06/17 13:38:04.214]: [00003792]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/17/2014 01:38:02 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMWBrtWDLMW: [2014/06/17 13:38:02.670]: [00003792]: lperrcode->api = 1 , lperrcode->code = 2


==================== Memory info =========================== 

Percentage of memory in use: 70%
Total physical RAM: 3892.55 MB
Available physical RAM: 1160.53 MB
Total Pagefile: 7783.29 MB
Available Pagefile: 4460.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:80 GB) (Free:3.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:150.87 GB) (Free:18.23 GB) NTFS
Drive f: (Disk) (CDROM) (Total:0.11 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 8E760A6D)
Partition 1: (Active) - (Size=2 GB) - (Type=27)
Partition 2: (Not Active) - (Size=80 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=151 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Gruß Jacqueline

Alt 18.06.2014, 10:23   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
raving reyvens - ständige Werbung und Umleitung auf Werbeseiten. Bei neuem Öffnen eines Tabs lande ich auf websearcher - Standard

raving reyvens - ständige Werbung und Umleitung auf Werbeseiten. Bei neuem Öffnen eines Tabs lande ich auf websearcher



Adware/Junkware/Toolbars entfernen

1. Schritt: Malwarebytes

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




2. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



3. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




4. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.06.2014, 13:12   #6
Line-LAP
 
raving reyvens - ständige Werbung und Umleitung auf Werbeseiten. Bei neuem Öffnen eines Tabs lande ich auf websearcher - Standard

raving reyvens - ständige Werbung und Umleitung auf Werbeseiten. Bei neuem Öffnen eines Tabs lande ich auf websearcher



Hallo Cosinus,
hier die neuen Logs:AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.212 - Bericht erstellt am 18/06/2014 um 12:45:11
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Admin - JACQUELINE-LAP
# Gestartet von : C:\Users\Admin\Desktop\adwcleaner_3.212.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : APNMCP
[#] Dienst Gelöscht : globalUpdate
[#] Dienst Gelöscht : globalUpdatem
[#] Dienst Gelöscht : IePluginServices
[#] Dienst Gelöscht : NewPlayerUpdaterService
Dienst Gelöscht : Re-Markable
[#] Dienst Gelöscht : WindowsProtectManger

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\AskPartnerNetwork
Ordner Gelöscht : C:\ProgramData\IePluginServices
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\ProgramData\WindowsProtectManger
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
Ordner Gelöscht : C:\Program Files (x86)\AskPartnerNetwork
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\GreenTree Applications
Ordner Gelöscht : C:\Program Files (x86)\NewPlayer
Ordner Gelöscht : C:\Program Files (x86)\raving reyven
Ordner Gelöscht : C:\Program Files (x86)\SearchProtect
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\Users\Admin\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Admin\AppData\Local\NewPlayer
Ordner Gelöscht : C:\Users\Admin\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Admin\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\Admin\AppData\Local\Temp\apn
Ordner Gelöscht : C:\Users\Admin\AppData\Local\Temp\raving reyven
Ordner Gelöscht : C:\Users\Admin\AppData\LocalLow\AVG Security Toolbar
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\SupTab
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\webssearches
Ordner Gelöscht : C:\Users\Jacqueline\AppData\Local\Temp\apn
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\Extensions\quick_start@gmail.com
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\Extensions\a54e453c-130a-4769-9333-c5ec2aa914c5@9bd7cc89-9c7c-44e9-a03b-042b92d363f0.com
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\Extensions\faf73efe-d6aa-46eb-8014-e0b47ac07ead@a90d6ab4-be69-4e96-a979-1fd9c1ae6f92.com
Ordner Gelöscht : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaipilfmheplbcghignccoiiebekkdhe
Ordner Gelöscht : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Public\Desktop\NewPlayer.lnk
Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml
Datei Gelöscht : C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
Datei Gelöscht : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
Datei Gelöscht : C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
Datei Gelöscht : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
Datei Gelöscht : C:\Windows\Tasks\Re-markit Update.job
Datei Gelöscht : C:\Windows\System32\Tasks\Re-markit Update
Datei Gelöscht : C:\Windows\Tasks\Re-markit_wd.job
Datei Gelöscht : C:\Windows\System32\Tasks\Re-markit_wd
Datei Gelöscht : C:\Windows\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-1.job
Datei Gelöscht : C:\Windows\System32\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-1
Datei Gelöscht : C:\Windows\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-11.job
Datei Gelöscht : C:\Windows\System32\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-11
Datei Gelöscht : C:\Windows\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-2.job
Datei Gelöscht : C:\Windows\System32\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-2
Datei Gelöscht : C:\Windows\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-3.job
Datei Gelöscht : C:\Windows\System32\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-3
Datei Gelöscht : C:\Windows\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-4.job
Datei Gelöscht : C:\Windows\System32\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-4
Datei Gelöscht : C:\Windows\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-5.job
Datei Gelöscht : C:\Windows\System32\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-5
Datei Gelöscht : C:\Windows\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-1.job
Datei Gelöscht : C:\Windows\System32\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-1
Datei Gelöscht : C:\Windows\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-2.job
Datei Gelöscht : C:\Windows\System32\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-2
Datei Gelöscht : C:\Windows\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-3.job
Datei Gelöscht : C:\Windows\System32\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-3
Datei Gelöscht : C:\Windows\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-4.job
Datei Gelöscht : C:\Windows\System32\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-4
Datei Gelöscht : C:\Windows\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-5.job
Datei Gelöscht : C:\Windows\System32\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-5

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0052916.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0052916.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0052916.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0052916.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0058488.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0058488.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0058488.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0058488.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511291116}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511841188}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522292216}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522842288}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555295516}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555845588}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566296616}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566846688}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544294416}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544844488}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511291116}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511841188}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511291116}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511841188}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522292216}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522842288}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555295516}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555845588}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566296616}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566846688}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511291116}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511841188}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\anchorfree
Schlüssel Gelöscht : HKCU\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\Microsoft\Babylon
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Re_Markable
Schlüssel Gelöscht : HKLM\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\Software\installedbrowserextensions
Schlüssel Gelöscht : HKLM\Software\NewPlayer
Schlüssel Gelöscht : HKLM\Software\SearchProtect
Schlüssel Gelöscht : HKLM\Software\SupDp
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\webssearchesSoftware
Schlüssel Gelöscht : HKLM\Software\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NewPlayer
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstaller
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\installedbrowserextensions
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~1.DLL
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~2.DLL
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17126

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\prefs.js ]

Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://istart.webssearches.com/newtab/?type=nt&ts=1402921480&from=tugs&uid=HitachiXHTS545025B9A300_100530PBN2003SKHZWTTX");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "webssearches");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://istart.webssearches.com/?type=hppp&ts=1403085036&from=tugs&uid=HitachiXHTS545025B9A300_100530PBN2003SKHZWTTX");
Zeile gelöscht : user_pref("extensions.aa54e453c130a47699333c5ec2aa914c59bd7cc899c7c44e9a03b042b92d363f0com52916.52916.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Zeile gelöscht : user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Zeile gelöscht : user_pref("extensions.crossrider.bic", "1466dce1deecdbcd9ab176b62b1eaca8");

[ Datei : C:\Users\Jacqueline\AppData\Roaming\Mozilla\Firefox\Profiles\mvdomww5.default\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
Gelöscht [Search Provider] : hxxp://isearch.avg.com/search?cid={734EAC48-922D-4365-BEE1-9D59FBA581FD}&mid=1ab666b53b4e47d6b9fd397099ece0d0-fe121b27eb1ee9034a5cd29c760d73957dc4f699&lang=de&ds=AVG&pr=fr&d=2011-11-11 12:55:40&v=11.1.0.12&sap=dsp&q={searchTerms}
Gelöscht [Extension] : jmfkcklnlgedgbglfkkgedjfmejoahla

*************************

AdwCleaner[R0].txt - [20731 octets] - [18/06/2014 12:41:57]
AdwCleaner[S0].txt - [16276 octets] - [18/06/2014 12:45:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16337 octets] ##########
         
--- --- ---


Code:
ATTFilter
# AdwCleaner v3.212 - Bericht erstellt am 18/06/2014 um 12:45:11
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Admin - JACQUELINE-LAP
# Gestartet von : C:\Users\Admin\Desktop\adwcleaner_3.212.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : APNMCP
[#] Dienst Gelöscht : globalUpdate
[#] Dienst Gelöscht : globalUpdatem
[#] Dienst Gelöscht : IePluginServices
[#] Dienst Gelöscht : NewPlayerUpdaterService
Dienst Gelöscht : Re-Markable
[#] Dienst Gelöscht : WindowsProtectManger

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\AskPartnerNetwork
Ordner Gelöscht : C:\ProgramData\IePluginServices
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\ProgramData\WindowsProtectManger
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
Ordner Gelöscht : C:\Program Files (x86)\AskPartnerNetwork
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\GreenTree Applications
Ordner Gelöscht : C:\Program Files (x86)\NewPlayer
Ordner Gelöscht : C:\Program Files (x86)\raving reyven
Ordner Gelöscht : C:\Program Files (x86)\SearchProtect
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\Users\Admin\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Admin\AppData\Local\NewPlayer
Ordner Gelöscht : C:\Users\Admin\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Admin\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\Admin\AppData\Local\Temp\apn
Ordner Gelöscht : C:\Users\Admin\AppData\Local\Temp\raving reyven
Ordner Gelöscht : C:\Users\Admin\AppData\LocalLow\AVG Security Toolbar
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\SupTab
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\webssearches
Ordner Gelöscht : C:\Users\Jacqueline\AppData\Local\Temp\apn
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\Extensions\quick_start@gmail.com
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\Extensions\a54e453c-130a-4769-9333-c5ec2aa914c5@9bd7cc89-9c7c-44e9-a03b-042b92d363f0.com
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\Extensions\faf73efe-d6aa-46eb-8014-e0b47ac07ead@a90d6ab4-be69-4e96-a979-1fd9c1ae6f92.com
Ordner Gelöscht : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaipilfmheplbcghignccoiiebekkdhe
Ordner Gelöscht : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Public\Desktop\NewPlayer.lnk
Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml
Datei Gelöscht : C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
Datei Gelöscht : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
Datei Gelöscht : C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
Datei Gelöscht : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
Datei Gelöscht : C:\Windows\Tasks\Re-markit Update.job
Datei Gelöscht : C:\Windows\System32\Tasks\Re-markit Update
Datei Gelöscht : C:\Windows\Tasks\Re-markit_wd.job
Datei Gelöscht : C:\Windows\System32\Tasks\Re-markit_wd
Datei Gelöscht : C:\Windows\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-1.job
Datei Gelöscht : C:\Windows\System32\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-1
Datei Gelöscht : C:\Windows\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-11.job
Datei Gelöscht : C:\Windows\System32\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-11
Datei Gelöscht : C:\Windows\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-2.job
Datei Gelöscht : C:\Windows\System32\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-2
Datei Gelöscht : C:\Windows\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-3.job
Datei Gelöscht : C:\Windows\System32\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-3
Datei Gelöscht : C:\Windows\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-4.job
Datei Gelöscht : C:\Windows\System32\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-4
Datei Gelöscht : C:\Windows\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-5.job
Datei Gelöscht : C:\Windows\System32\Tasks\108029eb-c499-4b8b-ab5a-f4be652635de-5
Datei Gelöscht : C:\Windows\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-1.job
Datei Gelöscht : C:\Windows\System32\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-1
Datei Gelöscht : C:\Windows\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-2.job
Datei Gelöscht : C:\Windows\System32\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-2
Datei Gelöscht : C:\Windows\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-3.job
Datei Gelöscht : C:\Windows\System32\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-3
Datei Gelöscht : C:\Windows\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-4.job
Datei Gelöscht : C:\Windows\System32\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-4
Datei Gelöscht : C:\Windows\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-5.job
Datei Gelöscht : C:\Windows\System32\Tasks\c0d67ced-ec8f-4468-962c-cb6d65463e12-5

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0052916.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0052916.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0052916.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0052916.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0058488.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0058488.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0058488.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0058488.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511291116}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511841188}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522292216}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522842288}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555295516}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555845588}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566296616}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566846688}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544294416}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544844488}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511291116}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511841188}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511291116}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511841188}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522292216}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522842288}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555295516}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555845588}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566296616}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566846688}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511291116}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511841188}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\anchorfree
Schlüssel Gelöscht : HKCU\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\Microsoft\Babylon
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Re_Markable
Schlüssel Gelöscht : HKLM\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\Software\installedbrowserextensions
Schlüssel Gelöscht : HKLM\Software\NewPlayer
Schlüssel Gelöscht : HKLM\Software\SearchProtect
Schlüssel Gelöscht : HKLM\Software\SupDp
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\webssearchesSoftware
Schlüssel Gelöscht : HKLM\Software\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NewPlayer
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstaller
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\installedbrowserextensions
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~1.DLL
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~2.DLL
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17126

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\prefs.js ]

Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://istart.webssearches.com/newtab/?type=nt&ts=1402921480&from=tugs&uid=HitachiXHTS545025B9A300_100530PBN2003SKHZWTTX");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "webssearches");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://istart.webssearches.com/?type=hppp&ts=1403085036&from=tugs&uid=HitachiXHTS545025B9A300_100530PBN2003SKHZWTTX");
Zeile gelöscht : user_pref("extensions.aa54e453c130a47699333c5ec2aa914c59bd7cc899c7c44e9a03b042b92d363f0com52916.52916.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Zeile gelöscht : user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Zeile gelöscht : user_pref("extensions.crossrider.bic", "1466dce1deecdbcd9ab176b62b1eaca8");

[ Datei : C:\Users\Jacqueline\AppData\Roaming\Mozilla\Firefox\Profiles\mvdomww5.default\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
Gelöscht [Search Provider] : hxxp://isearch.avg.com/search?cid={734EAC48-922D-4365-BEE1-9D59FBA581FD}&mid=1ab666b53b4e47d6b9fd397099ece0d0-fe121b27eb1ee9034a5cd29c760d73957dc4f699&lang=de&ds=AVG&pr=fr&d=2011-11-11 12:55:40&v=11.1.0.12&sap=dsp&q={searchTerms}
Gelöscht [Extension] : jmfkcklnlgedgbglfkkgedjfmejoahla

*************************

AdwCleaner[R0].txt - [20731 octets] - [18/06/2014 12:41:57]
AdwCleaner[S0].txt - [16276 octets] - [18/06/2014 12:45:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16337 octets] ##########
         
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org


Update, 18.06.2014 11:58:57, SYSTEM, JACQUELINE-LAP, Manual, Rootkit Database, 2014.2.20.1, 2014.6.2.1, 
Update, 18.06.2014 11:59:21, SYSTEM, JACQUELINE-LAP, Manual, Malware Database, 2014.3.4.9, 2014.6.18.3, 

(end)
         

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Admin on 18.06.2014 at 13:01:22,48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2951541265-1472267509-3421380212-1001\Software\web assistant



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Program Files (x86)\musicfrost"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [Folder] C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\ymsiz8wf.default\extensions\staged
Emptied folder: C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\ymsiz8wf.default\minidumps [229 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.06.2014 at 13:14:55,47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2014
Ran by Admin (administrator) on JACQUELINE-LAP on 18-06-2014 13:56:26
Running from C:\Users\Admin\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(Fujitsu Technology Solutions) C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
() C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieCtrl.exe
(Spotify Ltd) C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(1&1 Mail & Media GmbH) C:\Users\Admin\AppData\Local\GMX Application {sync-000021}\gmx_mediacenter.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(Mindjet) C:\Program Files (x86)\Mindjet\MindManager 10\MmReminderService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [188264 2009-07-30] (FUJITSU LIMITED)
HKLM\...\Run: [FDM7] => C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKLM\...\Run: [ConMgr] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [535440 2009-12-24] (CSR, plc)
HKLM\...\Run: [CSRSkype] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [431504 2009-12-24] (CSR, plc)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [LoadFUJ02E3] => C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED)
HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [162912 2009-07-08] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [MMReminderService] => C:\Program Files (x86)\Mindjet\MindManager 10\MMReminderService.exe [37728 2011-09-14] (Mindjet)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM-x32\...\Run: [Cobian Backup 11 interface] => C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [4407808 2013-03-07] (Luis Cobian, CobianSoft)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2951541265-1472267509-3421380212-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [694032 2012-06-17] (SANDBOXIE L.T.D)
HKU\S-1-5-21-2951541265-1472267509-3421380212-1001\...\Run: [Spotify Web Helper] => C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-02] (Spotify Ltd)
HKU\S-1-5-21-2951541265-1472267509-3421380212-1001\...\Run: [Spotify] => C:\Users\Admin\AppData\Roaming\Spotify\spotify.exe [5951488 2013-12-02] (Spotify Ltd)
HKU\S-1-5-21-2951541265-1472267509-3421380212-1001\...\Run: [GMX Application {sync-000021}] => C:\Users\Admin\AppData\Local\GMX Application {sync-000021}\gmx_mediacenter.exe [803840 2014-02-26] (1&1 Mail & Media GmbH)
HKU\S-1-5-21-2951541265-1472267509-3421380212-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2951541265-1472267509-3421380212-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2951541265-1472267509-3421380212-1001\...\MountPoints2: {05252b56-8934-11e1-8e30-0023269265e7} - E:\Startme.exe
HKU\S-1-5-21-2951541265-1472267509-3421380212-1001\...\MountPoints2: {ebe3da1f-0483-11e0-ad6b-806e6f6e6963} - F:\FSetup.exe
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2951541265-1472267509-3421380212-1004\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSF&bmod=FTSF
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7704F9A53589CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE,es-ES;q=0.5
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Re-markit - {401EA098-5006-38D6-99CE-F46A89FC2D4F} - C:\Program Files (x86)\Re_Markable\173.dll ()
BHO-x32: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: sony.com/MediaGoDetector - C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\searchplugins\bildungsspender-websuche.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\Extensions\trash [2014-06-16]
FF Extension: Ghostery - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\Extensions\firefox@ghostery.com.xpi [2014-01-17]
FF Extension: GMX MailCheck - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\Extensions\toolbar@gmx.net.xpi [2013-10-24]
FF HKCU\...\Firefox\Extensions: [{BF0B15F4-00DB-1A9D-C11F-A918802E51BC}] - C:\Program Files (x86)\Re_Markable\173.xpi
FF Extension: No Name - C:\Program Files (x86)\Re_Markable\173.xpi [2014-06-16]

Chrome: 
=======
CHR HomePage: 
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Extension: (No Name) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaipilfmheplbcghignccoiiebekkdhe [2014-06-05]
CHR Extension: (Re-markit) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\himihejfgaadipiikddngnlglkhfifan [2014-06-16]
CHR Extension: (No Name) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2011-06-22]
CHR Extension: (Skype Extension) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-04-24]
CHR Extension: (Mediaa_Play_AIR_1.4) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek [2014-06-16]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 CobianBackup11; C:\Program Files (x86)\Cobian Backup 11\cbService.exe [1131008 2013-03-07] (Luis Cobian, CobianSoft) [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-11-01] (Intel Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [98576 2012-06-17] (SANDBOXIE L.T.D)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1326176 2012-07-25] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [681056 2012-07-25] (Secunia)
R2 StarMoney 8.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [663184 2014-01-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 TestHandler; C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [341264 2009-02-19] (Fujitsu Technology Solutions)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-11-01] (Intel Corporation) [File not signed]
R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc)
R2 WirelessSelectorService; C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe [62312 2009-07-21] ()
S2 Update raving reyven; "C:\Program Files (x86)\raving reyven\updateravingreyven.exe" [X]
S2 Util raving reyven; "C:\Program Files (x86)\raving reyven\bin\utilravingreyven.exe" [X]

==================== Drivers (Whitelisted) ====================

R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 RtsUIR; No ImagePath
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [166576 2012-06-17] (SANDBOXIE L.T.D)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-08-13] (Anchorfree Inc.)
S3 USBCCID; No ImagePath
R1 {e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64; C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys [61120 2014-05-22] (StdLib)
R1 {e63d9559-e4c3-499e-867a-a3c9d0a21400}w64; C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}w64.sys [61120 2014-06-09] (StdLib)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-18 13:44 - 2014-06-18 13:56 - 00022056 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-06-18 13:14 - 2014-06-18 13:14 - 00001366 _____ () C:\Users\Admin\Desktop\JRT.txt
2014-06-18 13:01 - 2014-06-18 13:01 - 00000000 ____D () C:\Windows\ERUNT
2014-06-18 13:00 - 2014-06-18 13:00 - 01016261 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe
2014-06-18 12:42 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-18 12:41 - 2014-06-18 12:45 - 00000000 ____D () C:\AdwCleaner
2014-06-18 12:40 - 2014-06-18 12:40 - 01333465 _____ () C:\Users\Admin\Desktop\adwcleaner_3.212.exe
2014-06-18 11:58 - 2014-06-18 11:59 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-18 11:58 - 2014-06-18 11:58 - 00001112 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-18 11:58 - 2014-06-18 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-18 11:58 - 2014-06-18 11:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-18 11:58 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-18 11:58 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-18 11:58 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-18 11:56 - 2014-06-18 11:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Admin\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-18 08:58 - 2014-06-18 13:56 - 00000000 ____D () C:\FRST
2014-06-18 08:56 - 2014-06-18 08:56 - 02081280 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-06-16 22:38 - 2014-06-16 22:38 - 00000000 ____D () C:\Users\Admin\AppData\Local\com
2014-06-16 14:24 - 2014-06-16 14:26 - 00000000 ____D () C:\Program Files (x86)\Mediaa_Play_AIR_1.4
2014-06-16 14:24 - 2014-06-16 14:24 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-06-16 14:24 - 2014-06-16 14:24 - 00000000 ____D () C:\Program Files (x86)\Re_Markable
2014-06-16 14:22 - 2014-06-16 14:22 - 00003144 _____ () C:\Windows\System32\Tasks\{F443843E-E412-4892-8FC7-6576B1353BE5}
2014-06-16 14:20 - 2014-06-16 14:20 - 01245608 _____ () C:\Users\Admin\Downloads\Player_Setup.exe
2014-06-12 18:33 - 2014-06-12 18:33 - 00000000 ____D () C:\Users\Admin\Desktop\Anton
2014-06-12 18:27 - 2014-06-12 18:27 - 00000256 _____ () C:\Users\Admin\Desktop\Frankenkletterertelefonliste.pdf - Dropbox.URL
2014-06-12 11:37 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-06-12 11:37 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-06-12 10:50 - 2014-06-12 10:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-12 10:34 - 2014-06-12 10:34 - 00002032 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-06-12 10:34 - 2014-06-12 10:34 - 00002020 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-06-12 10:34 - 2014-06-12 10:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-11 18:01 - 2014-06-18 13:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-11 18:01 - 2014-06-11 18:01 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-11 18:01 - 2014-06-11 18:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-11 18:01 - 2014-06-11 18:01 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-11 17:59 - 2014-06-12 10:34 - 00000798 _____ () C:\Windows\SecuniaPackage.log
2014-06-11 17:33 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-06-11 17:33 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-06-11 17:33 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-06-11 17:33 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-06-11 17:33 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-06-11 17:33 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-06-11 17:33 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-06-11 17:33 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-06-11 17:33 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-06-11 17:33 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-06-11 17:33 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-06-11 17:33 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-06-11 17:33 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-06-11 17:33 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-06-11 17:33 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-06-11 17:33 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-06-11 17:32 - 2014-06-13 03:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-06-11 17:24 - 2014-06-13 03:22 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-06-11 17:24 - 2014-06-13 03:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-06-11 17:21 - 2014-06-11 17:21 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-06-11 17:21 - 2014-06-11 17:21 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-06-11 17:21 - 2014-06-11 17:21 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-06-11 17:21 - 2014-06-11 17:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
2014-06-11 17:20 - 2014-06-11 17:20 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2014-06-11 17:10 - 2014-06-11 17:13 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-06-11 16:30 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-06-11 16:30 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-06-11 15:21 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 15:21 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 15:21 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 15:21 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 15:21 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 15:21 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 15:21 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 15:21 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 15:21 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 15:21 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 15:21 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 15:21 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 15:21 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 15:21 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 15:21 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 15:21 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 15:21 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 15:21 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 15:21 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 15:21 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 15:21 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 15:21 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 15:21 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 15:21 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 15:21 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 15:21 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 15:21 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 15:21 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 15:21 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 15:21 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 15:21 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 15:21 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 15:21 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 15:21 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 15:21 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 15:21 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 15:21 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 15:21 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 15:21 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 15:21 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 15:21 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 15:21 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 15:21 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 15:21 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 15:21 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 15:21 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 15:21 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 15:21 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 15:21 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 15:21 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 15:21 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 15:21 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 15:11 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 15:11 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 15:11 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 15:11 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 15:10 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 15:10 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 15:10 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 15:10 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 15:10 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 15:10 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 15:10 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 15:10 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 15:10 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 15:10 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 14:52 - 2014-06-09 12:10 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}w64.sys
2014-06-06 09:31 - 2014-06-06 09:31 - 01917800 _____ () C:\Users\Admin\Downloads\winrar-x64-51b4.exe
2014-06-06 09:17 - 2014-06-06 09:17 - 00495616 _____ (Simon Tatham) C:\Users\Admin\Downloads\putty_0.63.exe
2014-06-05 23:05 - 2014-05-22 18:20 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys
2014-06-05 22:58 - 2014-06-05 22:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-06-05 22:58 - 2014-06-05 22:58 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-06-05 22:54 - 2014-06-05 22:54 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Admin\Downloads\cbSetup.exe
2014-06-05 22:02 - 2014-06-05 22:02 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\dlg
2014-06-05 22:00 - 2014-06-05 22:00 - 00000000 ____D () C:\Program Files (x86)\PSHD-9.9
2014-06-05 21:57 - 2014-06-05 21:57 - 00467712 _____ () C:\Users\Admin\Downloads\ccleaner.exe
2014-05-25 10:14 - 2014-05-25 10:14 - 00001789 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-25 10:14 - 2014-05-25 10:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-25 10:13 - 2014-05-25 10:14 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-25 10:13 - 2014-05-25 10:14 - 00000000 ____D () C:\Program Files\iTunes
2014-05-25 10:13 - 2014-05-25 10:14 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-25 10:13 - 2014-05-25 10:13 - 00000000 ____D () C:\Program Files\iPod
2014-05-24 15:27 - 2014-05-24 15:27 - 00001967 _____ () C:\Users\Admin\Desktop\Brother MFC-8890DW Printer W-Lan - Verknüpfung.lnk
2014-05-23 00:09 - 2014-05-23 00:09 - 00012499 _____ () C:\Users\Admin\Desktop\23.05.2014 00_15_54.201400_15_54
2014-05-22 13:31 - 2014-05-22 13:31 - 00000000 ____D () C:\Users\Admin\4.0
2014-05-22 13:31 - 2014-05-22 13:31 - 00000000 ____D () C:\Users\Admin\.tfo4
2014-05-21 09:58 - 2006-12-14 13:42 - 00069120 ____R (AVM Berlin) C:\Windows\SysWOW64\avmadd32.dll
2014-05-21 09:58 - 2006-05-29 02:00 - 00016384 ____R (AVM Berlin GmbH) C:\Windows\SysWOW64\avmprmon.dll
2014-05-19 17:06 - 2014-06-13 04:12 - 00000000 ____D () C:\Windows\rescache
2014-05-19 11:18 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-19 11:18 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-19 11:18 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-19 11:18 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-19 11:17 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-19 11:17 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-19 11:17 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-19 11:17 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-19 11:17 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-19 11:17 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-19 11:17 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-19 11:17 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-19 11:17 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-19 11:17 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-19 11:17 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-19 11:17 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-19 11:17 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-19 11:17 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-19 11:17 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-19 11:17 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-19 11:17 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-19 11:17 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-19 11:17 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-19 11:17 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-19 11:17 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-19 11:17 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-19 11:17 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-19 11:17 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-19 11:17 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-19 11:17 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-19 11:17 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-19 11:17 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-19 11:17 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-19 11:17 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-19 11:17 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-19 11:17 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-19 11:17 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-19 11:17 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-19 11:17 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-19 11:17 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-19 11:17 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-19 11:17 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-19 11:17 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-19 11:17 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-19 11:17 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

==================== One Month Modified Files and Folders =======

2014-06-18 13:56 - 2014-06-18 13:44 - 00022056 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-06-18 13:56 - 2014-06-18 08:58 - 00000000 ____D () C:\FRST
2014-06-18 13:56 - 2010-12-10 10:55 - 00000000 ____D () C:\Users\Admin\AppData\Local\Temp
2014-06-18 13:14 - 2014-06-18 13:14 - 00001366 _____ () C:\Users\Admin\Desktop\JRT.txt
2014-06-18 13:07 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-18 13:07 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-18 13:03 - 2010-12-10 19:38 - 01737753 _____ () C:\Windows\WindowsUpdate.log
2014-06-18 13:02 - 2010-12-11 16:35 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Dropbox
2014-06-18 13:02 - 2010-04-26 15:06 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-06-18 13:02 - 2010-04-26 15:06 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-06-18 13:02 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-18 13:01 - 2014-06-18 13:01 - 00000000 ____D () C:\Windows\ERUNT
2014-06-18 13:00 - 2014-06-18 13:00 - 01016261 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe
2014-06-18 13:00 - 2014-06-11 18:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-18 13:00 - 2010-12-12 16:33 - 00000000 ___RD () C:\Users\Admin\Documents\My Dropbox
2014-06-18 12:58 - 2014-02-11 13:44 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DropboxMaster
2014-06-18 12:58 - 2013-12-02 13:54 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Spotify
2014-06-18 12:55 - 2014-01-05 02:00 - 00007052 _____ () C:\Windows\setupact.log
2014-06-18 12:55 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-18 12:47 - 2014-02-13 18:12 - 00215034 _____ () C:\Windows\PFRO.log
2014-06-18 12:45 - 2014-06-18 12:41 - 00000000 ____D () C:\AdwCleaner
2014-06-18 12:45 - 2013-01-18 11:54 - 00001059 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-18 12:45 - 2012-08-11 18:12 - 00000000 ____D () C:\Users\Jacqueline\AppData\Local\Temp
2014-06-18 12:45 - 2012-08-07 20:14 - 00001071 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-18 12:45 - 2010-12-10 11:02 - 00001001 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-18 12:40 - 2014-06-18 12:40 - 01333465 _____ () C:\Users\Admin\Desktop\adwcleaner_3.212.exe
2014-06-18 11:59 - 2014-06-18 11:58 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-18 11:58 - 2014-06-18 11:58 - 00001112 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-18 11:58 - 2014-06-18 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-18 11:58 - 2014-06-18 11:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-18 11:58 - 2012-08-06 21:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-18 11:56 - 2014-06-18 11:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Admin\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-18 10:59 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini
2014-06-18 10:54 - 2010-12-11 16:58 - 00000000 ____D () C:\at work
2014-06-18 08:56 - 2014-06-18 08:56 - 02081280 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-06-17 11:00 - 2011-03-18 16:08 - 00000000 _____ () C:\Users\Admin\Documents\Nuance Image Printer Writer Port
2014-06-17 10:49 - 2013-07-01 17:17 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0
2014-06-16 22:38 - 2014-06-16 22:38 - 00000000 ____D () C:\Users\Admin\AppData\Local\com
2014-06-16 14:26 - 2014-06-16 14:24 - 00000000 ____D () C:\Program Files (x86)\Mediaa_Play_AIR_1.4
2014-06-16 14:25 - 2013-10-13 08:23 - 00000000 ____D () C:\ProgramData\Sonos,_Inc
2014-06-16 14:24 - 2014-06-16 14:24 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-06-16 14:24 - 2014-06-16 14:24 - 00000000 ____D () C:\Program Files (x86)\Re_Markable
2014-06-16 14:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-06-16 14:22 - 2014-06-16 14:22 - 00003144 _____ () C:\Windows\System32\Tasks\{F443843E-E412-4892-8FC7-6576B1353BE5}
2014-06-16 14:20 - 2014-06-16 14:20 - 01245608 _____ () C:\Users\Admin\Downloads\Player_Setup.exe
2014-06-13 16:27 - 2011-08-09 20:04 - 00000000 ____D () C:\Users\Public\Documents\BrFaxRx
2014-06-13 16:17 - 2011-03-02 18:39 - 00000000 ____D () C:\Users\Admin\Documents\00000-Eigene PaperPort-Dokumente
2014-06-13 16:08 - 2011-07-27 14:22 - 00000000 ____D () C:\Users\Admin\Documents\BETREUUNG AKTUELL
2014-06-13 12:29 - 2012-12-01 01:21 - 00000100 _____ () C:\Windows\Brfaxrx.ini
2014-06-13 04:12 - 2014-05-19 17:06 - 00000000 ____D () C:\Windows\rescache
2014-06-13 03:22 - 2014-06-11 17:24 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-06-13 03:22 - 2014-06-11 17:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-06-13 03:22 - 2012-08-07 20:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-13 03:03 - 2014-06-11 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-06-13 03:03 - 2010-12-23 11:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 18:33 - 2014-06-12 18:33 - 00000000 ____D () C:\Users\Admin\Desktop\Anton
2014-06-12 18:27 - 2014-06-12 18:27 - 00000256 _____ () C:\Users\Admin\Desktop\Frankenkletterertelefonliste.pdf - Dropbox.URL
2014-06-12 10:51 - 2014-06-12 10:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-12 10:34 - 2014-06-12 10:34 - 00002032 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-06-12 10:34 - 2014-06-12 10:34 - 00002020 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-06-12 10:34 - 2014-06-12 10:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-12 10:34 - 2014-06-11 17:59 - 00000798 _____ () C:\Windows\SecuniaPackage.log
2014-06-11 18:01 - 2014-06-11 18:01 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-11 18:01 - 2014-06-11 18:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-11 18:01 - 2014-06-11 18:01 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-11 17:41 - 2013-08-14 23:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 17:36 - 2010-12-10 15:19 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 17:21 - 2014-06-11 17:21 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-06-11 17:21 - 2014-06-11 17:21 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-06-11 17:21 - 2014-06-11 17:21 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-06-11 17:21 - 2014-06-11 17:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
2014-06-11 17:21 - 2011-03-21 15:09 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-06-11 17:21 - 2011-03-21 15:07 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-06-11 17:20 - 2014-06-11 17:20 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2014-06-11 17:13 - 2014-06-11 17:10 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-06-11 16:43 - 2012-09-18 15:07 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Thunderbird
2014-06-11 14:45 - 2010-12-12 16:28 - 00000000 ____D () C:\Program Files\WinRAR
2014-06-09 12:10 - 2014-06-11 14:52 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}w64.sys
2014-06-06 09:32 - 2010-12-12 16:28 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-06 09:32 - 2010-12-12 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-06 09:31 - 2014-06-06 09:31 - 01917800 _____ () C:\Users\Admin\Downloads\winrar-x64-51b4.exe
2014-06-06 09:17 - 2014-06-06 09:17 - 00495616 _____ (Simon Tatham) C:\Users\Admin\Downloads\putty_0.63.exe
2014-06-06 00:05 - 2010-12-12 19:32 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 10
2014-06-05 22:58 - 2014-06-05 22:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-06-05 22:58 - 2014-06-05 22:58 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-06-05 22:54 - 2014-06-05 22:54 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Admin\Downloads\cbSetup.exe
2014-06-05 22:07 - 2012-02-22 00:06 - 00007607 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2014-06-05 22:02 - 2014-06-05 22:02 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\dlg
2014-06-05 22:00 - 2014-06-05 22:00 - 00000000 ____D () C:\Program Files (x86)\PSHD-9.9
2014-06-05 21:57 - 2014-06-05 21:57 - 00467712 _____ () C:\Users\Admin\Downloads\ccleaner.exe
2014-06-05 21:45 - 2014-02-06 10:52 - 00000000 ____D () C:\Users\Admin\GMX MediaCenter
2014-06-05 13:37 - 2011-03-01 15:24 - 00000483 _____ () C:\Windows\BRWMARK.INI
2014-05-30 12:21 - 2014-06-11 15:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-11 15:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-11 15:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-11 15:21 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-11 15:21 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-11 15:21 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-11 15:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-11 15:21 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-11 15:21 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-11 15:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-11 15:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-11 15:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-11 15:21 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-11 15:21 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-11 15:21 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-11 15:21 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-11 15:21 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-11 15:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-11 15:21 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-11 15:21 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-11 15:21 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-11 15:21 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-11 15:21 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-11 15:21 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-11 15:21 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-11 15:21 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-11 15:21 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-11 15:21 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-11 15:21 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-11 15:21 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-11 15:21 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-11 15:21 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-11 15:21 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-11 15:21 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-11 15:21 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-11 15:21 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-11 15:21 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-11 15:21 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-11 15:21 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-11 15:21 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-11 15:21 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-11 15:21 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-11 15:21 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-11 15:21 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-11 15:21 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-11 15:21 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-11 15:21 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-11 15:21 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-11 15:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-11 15:21 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-11 15:21 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-11 15:21 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-28 17:22 - 2010-12-11 16:36 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-28 17:22 - 2010-12-10 10:55 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup
2014-05-25 17:25 - 2011-04-24 21:42 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2014-05-25 10:14 - 2014-05-25 10:14 - 00001789 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-25 10:14 - 2014-05-25 10:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-25 10:14 - 2014-05-25 10:13 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-25 10:14 - 2014-05-25 10:13 - 00000000 ____D () C:\Program Files\iTunes
2014-05-25 10:14 - 2014-05-25 10:13 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-25 10:13 - 2014-05-25 10:13 - 00000000 ____D () C:\Program Files\iPod
2014-05-24 15:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-24 15:27 - 2014-05-24 15:27 - 00001967 _____ () C:\Users\Admin\Desktop\Brother MFC-8890DW Printer W-Lan - Verknüpfung.lnk
2014-05-23 09:44 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-05-23 00:09 - 2014-05-23 00:09 - 00012499 _____ () C:\Users\Admin\Desktop\23.05.2014 00_15_54.201400_15_54
2014-05-22 18:20 - 2014-06-05 23:05 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys
2014-05-22 13:31 - 2014-05-22 13:31 - 00000000 ____D () C:\Users\Admin\4.0
2014-05-22 13:31 - 2014-05-22 13:31 - 00000000 ____D () C:\Users\Admin\.tfo4
2014-05-22 13:31 - 2010-12-10 10:55 - 00000000 ____D () C:\Users\Admin
2014-05-21 13:03 - 2013-10-13 08:24 - 00001953 _____ () C:\Users\Public\Desktop\Sonos.lnk
2014-05-21 13:03 - 2013-10-13 08:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonos
2014-05-21 13:03 - 2013-10-13 08:24 - 00000000 ____D () C:\Program Files (x86)\Sonos
2014-05-21 13:03 - 2013-09-26 07:40 - 00000000 ____D () C:\Users\Admin\AppData\Local\Downloaded Installations
2014-05-21 13:01 - 2013-10-13 08:23 - 00000000 ____D () C:\Users\Admin\Sonos
2014-05-21 09:58 - 2014-05-18 19:09 - 00002543 _____ () C:\Windows\avmadd321.log
2014-05-21 09:58 - 2014-05-18 19:09 - 00000000 ____D () C:\Program Files (x86)\FRITZ!BoxPrint
2014-05-21 09:58 - 2014-05-18 18:51 - 00002899 _____ () C:\Windows\avmadd32.log
2014-05-21 09:58 - 2014-05-18 18:51 - 00000000 ____D () C:\Program Files (x86)\FRITZ!Box
2014-05-21 08:57 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-19 12:30 - 2010-12-10 11:02 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-19 12:29 - 2012-08-11 15:47 - 00000680 __RSH () C:\Users\Admin\ntuser.pol
2014-05-19 12:22 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-19 12:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-19 11:45 - 2011-10-05 23:17 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

Files to move or delete:
====================
C:\Users\Admin\Sony_PC_Companion_2.10.165_Web.exe


Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0vuqw6.dll
C:\Users\Admin\AppData\Local\Temp\FileSystemView.dll
C:\Users\Admin\AppData\Local\Temp\lly_webssearches.exe
C:\Users\Admin\AppData\Local\Temp\media.exe
C:\Users\Admin\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
C:\Users\Admin\AppData\Local\Temp\newvideoplayersetup.exe
C:\Users\Admin\AppData\Local\Temp\nsf495D.exe
C:\Users\Admin\AppData\Local\Temp\nsk4E5D.exe
C:\Users\Admin\AppData\Local\Temp\nspABBC.exe
C:\Users\Admin\AppData\Local\Temp\nsvA797.exe
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Admin\AppData\Local\Temp\re-markable_2040-2083.exe
C:\Users\Admin\AppData\Local\Temp\spidentifierimpl.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-18 10:04

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Hab Dank, Jacqueline

Alt 18.06.2014, 13:27   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
raving reyvens - ständige Werbung und Umleitung auf Werbeseiten. Bei neuem Öffnen eines Tabs lande ich auf websearcher - Standard

raving reyvens - ständige Werbung und Umleitung auf Werbeseiten. Bei neuem Öffnen eines Tabs lande ich auf websearcher



Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.06.2014, 13:36   #8
Line-LAP
 
raving reyvens - ständige Werbung und Umleitung auf Werbeseiten. Bei neuem Öffnen eines Tabs lande ich auf websearcher - Standard

raving reyvens - ständige Werbung und Umleitung auf Werbeseiten. Bei neuem Öffnen eines Tabs lande ich auf websearcher



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-06-2014
Ran by Admin at 2014-06-18 14:28:31
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Flash Player 14 Plugin (HKLM-x32\...\{C4B32291-F7B2-4BEC-BA4D-4195676A08CC}) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
AIS Connect (HKLM-x32\...\AIS Connect) (Version: 1.1.1.6 - Fujitsu Technology Solutions GmbH)
AIS Connect (x32 Version: 1.1.1.6 - Fujitsu Technology Solutions GmbH) Hidden
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{5347542D-5637-006A-76A7-A758B70C0A06}) (Version: 12.10.6.5030 - APN, LLC) <==== ATTENTION
Avery Wizard 4.0 (HKLM-x32\...\{F5D84887-8A6F-4993-8560-B3AA44CB620D}) (Version: 4.0.201 - Avery)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
BdB at work 2013 (HKLM-x32\...\BdB_at_Work_2005_is1) (Version: 2013 - LOGO Datensysteme GmbH)
BdB at work mobile Server (HKLM-x32\...\atwork_mobile_server_is1) (Version: 2013 - LOGO Datensysteme GmbH)
Bluetooth Feature Pack 5.0 (HKLM\...\{B2F4C332-2359-4ADE-AF0C-C631768BBB89}) (Version: 5.0.14 - CSR Plc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-8890DW (HKLM-x32\...\{004B8D14-7E3A-490A-ABB3-753535E169E3}) (Version: 1.0.6.0 - Brother Industries, Ltd.)
Canon MF Toolbox 4.9.1.1.mf11 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf11 - Canon Inc.)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Colours Setup (HKLM-x32\...\Colours Setup) (Version:  - )
CrazyWords (HKLM-x32\...\CrazyWords) (Version:  - )
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.1908.7636 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.1908.7636 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version:  - Microsoft)
Deutsche Post E-Porto (HKLM-x32\...\{A51F5414-4A2B-45A0-8EF2-B4D29CFBCAE7}) (Version: 2.3.0 - Deutsche Post AG)
Doppelkopf XXL (HKCU\...\Doppelkopf XXL) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
ElsterFormular-Upgrade (HKLM-x32\...\ElsterFormular für Unternehmer 12.1.0.6164u) (Version: 14.4.12044 - Landesfinanzdirektion Thüringen)
Evernote v. 5.1.2 (HKLM-x32\...\{12FB6296-8840-11E3-86D7-00163E98E7D0}) (Version: 5.1.2.2387 - Evernote Corp.)
EZ Vinyl/Tape Converter 7.4 by MixMeister (HKLM-x32\...\EZ Vinyl/Tape Converter by MixMeister_is1) (Version:  - MixMeister Technology LLC)
Fujitsu Display Manager (HKLM-x32\...\InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}) (Version:  - )
Fujitsu Display Manager (Version: 7.01.00.210 - FUJITSU LIMITED) Hidden
Fujitsu Hotkey Utility (HKLM-x32\...\InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}) (Version: 3.60.1.0 - FUJITSU LIMITED)
Fujitsu Hotkey Utility (x32 Version: 3.60.1.0 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version:  - )
Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.000 - Ihr Firmenname) Hidden
Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version:  - )
Fujitsu System Extension Utility (Version: 3.1.1.0 - FUJITSU LIMITED) Hidden
Garmin City Navigator Europe NT 2011.40 Update (HKLM-x32\...\{2A87B210-5672-421E-AD15-B8DF44D78691}) (Version: 14.40.0.0 - Garmin Ltd or its subsidiaries)
GMX MediaCenter 1.6.2863.0 (HKCU\...\GMX Application {sync-000021}) (Version: 1.6.2863.0 - 1&1 Mail & Media GmbH)
GMX ProfiFax (HKLM-x32\...\GMX ProfiFax) (Version: 2.00.222 - GMX GmbH)
Google Update Helper (x32 Version: 1.3.25.0 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{D1D4D7EA-62B8-4665-9FF7-02A91B925CC9}) (Version: 1.0.18.74 - Google)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2025 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{1CF5754A-545B-4360-BFDE-2847BC728DFC}) (Version: 11.2.0.115 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
KeePass Password Safe 1.20 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.20 - Dominik Reichl)
LifeBook Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version:  - )
LifeBook Application Panel (Version: 8.1.0.0 - FUJITSU LIMITED) Hidden
LightsOn Setup (HKLM-x32\...\LightsOn Setup) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Media Go (HKLM-x32\...\{B55B7EAE-C58C-496E-A383-3A6ABDD83A62}) (Version: 2.5.290 - Sony)
Media Go Video Playback Engine 1.120.104.05010 (HKLM-x32\...\{8227BCD8-AA43-B935-7134-2732A298364A}) (Version: 1.120.104.05010 - Sony)
Mediaa_Play_AIR_1.4 (HKLM-x32\...\Mediaa_Play_AIR_1.4) (Version: 1.34.6.10 - enter) <==== ATTENTION
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden
Mindjet MindManager 2012 (HKLM-x32\...\{2005E0A6-ED25-4B8A-801C-F3A0B846A317}) (Version: 10.0.445 - Mindjet)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
pdfforge Toolbar v4.4 (HKLM-x32\...\{BCB52F35-4C56-49F2-A3D6-FDED54B01847}) (Version: 4.4 - Spigot, Inc.) <==== ATTENTION
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.16.2.15545 - Sony Computer Entertainment Inc.)
Power Saving Utility (HKLM-x32\...\InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}) (Version:  - )
Power Saving Utility (Version: 31.01.11.013 - FUJITSU LIMITED) Hidden
PSHD-9.9 (HKLM-x32\...\PSHD-9.9) (Version: 1.34.5.29 - PlusVHD)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
raving reyven (HKLM\...\raving reyven) (Version: 2014.06.05.170104 - raving reyven)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30087 - Realtek Semiconductor Corp.)
Re-markit (HKLM-x32\...\28184F48-644B-A6E5-4B16-B684F94B3847) (Version:  - Re-markit-software) <==== ATTENTION
Sandboxie 3.72 (64-bit) (HKLM\...\Sandboxie) (Version: 3.72 - SANDBOXIE L.T.D)
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Secunia PSI (3.0.0.3001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.3001 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 26.1.77080 - Sonos, Inc.)
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.10.201308300830 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.174 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.174 - Sony)
Spotify (HKCU\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
StarMoney (x32 Version: 2.0 - StarFinanz) Hidden
StarMoney (x32 Version: 3.0.0.124 - StarFinanz) Hidden
StarMoney (x32 Version: 4.0.0.203 - StarFinanz) Hidden
StarMoney 8.0 S-Edition (HKLM-x32\...\{FDB0ACA2-EB23-413A-BDED-2A238E31F61F}) (Version: 8.0 - Star Finanz GmbH)
StarMoney 9.0  (HKLM-x32\...\{8B8F4B63-6252-40BD-BD3F-477C0EB3EB8C}) (Version: 9.0 - Star Finanz GmbH)
sv.net (HKLM-x32\...\sv.net) (Version: 13.1 - ITSG GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated)
SystemDiagnostics (HKLM-x32\...\{EF59DB7F-7426-426E-B862-7031F83ED304}) (Version: 2.04.0006 - Fujitsu Technology Solutions)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
WindowsProtectManger20.0.0.401 (HKLM-x32\...\WindowsProtectManger) (Version: 20.0.0.401 - Fuyu LIMITED) <==== ATTENTION
WinRAR 5.10 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
Wireless Selector (HKLM-x32\...\InstallShield_{51692C66-5505-41B8-92A7-548C69FB867C}) (Version:  - )
Wireless Selector (Version: 4.01.00.101 - FUJITSU LIMITED) Hidden
YTD Video Downloader 4.3 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.3 - GreenTree Applications SRL)

==================== Restore Points  =========================

16-06-2014 07:49:12 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1B1D67AB-510C-41F9-B536-680E1CF37E1B} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {1D1CB4EE-4E42-436C-A7C6-65AAEBC6B0C9} - \c0d67ced-ec8f-4468-962c-cb6d65463e12-5 No Task File <==== ATTENTION
Task: {296D1126-A702-49D5-B7BB-313CF8B8BDB3} - \c0d67ced-ec8f-4468-962c-cb6d65463e12-2 No Task File <==== ATTENTION
Task: {2E25E64E-FF16-4FA6-8DA5-B29B63EB0AE9} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {314660B2-777B-4154-B36B-55E18931DB50} - \108029eb-c499-4b8b-ab5a-f4be652635de-2 No Task File <==== ATTENTION
Task: {3E7FC18D-59EC-40AA-AAD2-81309DA3DCE6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-11] (Adobe Systems Incorporated)
Task: {52BB24DF-DC2A-49FC-8287-95CB30807EA1} - \c0d67ced-ec8f-4468-962c-cb6d65463e12-4 No Task File <==== ATTENTION
Task: {57D3620E-3DE1-4C7B-975A-0FE5C1DF594C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5C28D529-526F-4107-AB5A-75B18561C50C} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {66EFA195-68D4-44EB-A30A-4E94F4A90969} - \c0d67ced-ec8f-4468-962c-cb6d65463e12-3 No Task File <==== ATTENTION
Task: {708F11F2-3614-448C-B2DD-3920E5B70BF7} - \c0d67ced-ec8f-4468-962c-cb6d65463e12-1 No Task File <==== ATTENTION
Task: {76613EB2-0993-438B-A4F2-0F139BEF382F} - System32\Tasks\{EBB0B57B-5E8D-48A9-8F21-07029A57302F} => C:\Program Files (x86)\StarMoney 7.0\app\StartStarMoney.exe
Task: {7EF1D002-C313-4687-902F-72C4298C2C6E} - \108029eb-c499-4b8b-ab5a-f4be652635de-4 No Task File <==== ATTENTION
Task: {8AA10842-F3B4-49B3-8716-C219D90F92BE} - \108029eb-c499-4b8b-ab5a-f4be652635de-5 No Task File <==== ATTENTION
Task: {8BE6DC57-A594-4F24-9730-00DEF66E9212} - \Re-markit_wd No Task File <==== ATTENTION
Task: {933622F8-E558-42ED-9C90-238D59EB1EE8} - \108029eb-c499-4b8b-ab5a-f4be652635de-3 No Task File <==== ATTENTION
Task: {A5EE3613-3B0F-4317-8102-FBC1614BB58E} - System32\Tasks\{F3FFC8B2-C2B6-4DB2-A4E8-8BCB1CE1E627} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.)
Task: {B1B221C2-DB1A-40C0-90F8-76DB8484C444} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {BAAA4E5B-98C3-4338-8018-5D440FCDBBEA} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {C0386090-8A57-44A8-80B1-40C8388E0832} - System32\Tasks\{A6252999-127D-4ECF-95F6-898EE93F49BC} => D:\PROGRAMME\STAR\smoney_m_18_0_3_.exe
Task: {C61107EE-C946-4ABE-AA19-AFECF31CF241} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {C6A013C7-33F3-44DB-A9AA-B0BD900FC21B} - \108029eb-c499-4b8b-ab5a-f4be652635de-11 No Task File <==== ATTENTION
Task: {CD987DCF-36FD-468D-ACCB-D158D9E9454D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {DD878446-AF1C-4F78-ADA4-7681346F9D84} - System32\Tasks\{F382690A-F6E3-4207-BC32-BF333FA28AFA} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/abandoninstall?source=lightinstaller&amp;page=tsMain
Task: {E80FD2C7-2E1A-489B-86F9-E9126F4BE7D6} - \108029eb-c499-4b8b-ab5a-f4be652635de-1 No Task File <==== ATTENTION
Task: {F0420892-B8F1-41B5-B293-C2497533B4C7} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {FC4A4906-5360-43DC-A61F-8474A0C34761} - System32\Tasks\{FC3080D7-86E8-4D13-8C5B-A2B49BACB874} => C:\Program Files (x86)\StarMoney 7.0\app\StartStarMoney.exe
Task: {FDC4A9D4-8084-4C95-99B5-6264131E0202} - \Re-markit Update No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2008-10-24 17:35 - 2008-10-24 17:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2011-03-02 17:43 - 2005-04-22 14:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2009-07-21 20:31 - 2009-07-21 20:31 - 00062312 _____ () C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe
2014-02-06 10:52 - 2014-02-26 12:57 - 00050688 _____ () C:\Users\Admin\AppData\Local\GMX Application {sync-000021}\CoreBranding.dll
2014-04-02 16:58 - 2014-02-26 12:57 - 00102912 _____ () C:\Users\Admin\AppData\Local\GMX Application {sync-000021}\ConfigWizard.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-15 10:09 - 2011-01-13 10:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\PATCHW32.dll
2014-02-07 11:48 - 2011-01-13 10:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 9.0\ouservice\PATCHW32.dll
2014-06-18 12:57 - 2014-06-18 12:57 - 00043008 _____ () c:\users\admin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0vuqw6.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\libcef.dll
2014-01-22 14:29 - 2014-01-22 14:29 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-01-22 14:29 - 2014-01-22 14:29 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2011-09-14 13:02 - 2011-09-14 13:02 - 00150856 _____ () C:\Program Files (x86)\Mindjet\MindManager 10\zlib.dll
2012-12-01 01:21 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-06-12 10:50 - 2014-06-12 10:50 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:0B4227B4

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Microsoft-ISATAP-Adapter
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft-ISATAP-Adapter #2
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft-ISATAP-Adapter #3
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft-ISATAP-Adapter #4
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (06/18/2014 01:43:45 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 53%
Total physical RAM: 3892.55 MB
Available physical RAM: 1827.91 MB
Total Pagefile: 7783.29 MB
Available Pagefile: 5613.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:80 GB) (Free:2.99 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:150.87 GB) (Free:18.23 GB) NTFS
Drive f: (Disk) (CDROM) (Total:0.11 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 8E760A6D)
Partition 1: (Active) - (Size=2 GB) - (Type=27)
Partition 2: (Not Active) - (Size=80 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=151 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 18.06.2014, 14:02   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
raving reyvens - ständige Werbung und Umleitung auf Werbeseiten. Bei neuem Öffnen eines Tabs lande ich auf websearcher - Standard

raving reyvens - ständige Werbung und Umleitung auf Werbeseiten. Bei neuem Öffnen eines Tabs lande ich auf websearcher



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2951541265-1472267509-3421380212-1004\User: Group Policy restriction detected <======= ATTENTION
FF Extension: No Name - C:\Program Files (x86)\Re_Markable\173.xpi [2014-06-16]
S2 Update raving reyven; "C:\Program Files (x86)\raving reyven\updateravingreyven.exe" [X]
S2 Util raving reyven; "C:\Program Files (x86)\raving reyven\bin\utilravingreyven.exe" [X]
R1 {e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64; C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys [61120 2014-05-22] (StdLib)
R1 {e63d9559-e4c3-499e-867a-a3c9d0a21400}w64; C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}w64.sys [61120 2014-06-09] (StdLib)
Task: {1B1D67AB-510C-41F9-B536-680E1CF37E1B} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {1D1CB4EE-4E42-436C-A7C6-65AAEBC6B0C9} - \c0d67ced-ec8f-4468-962c-cb6d65463e12-5 No Task File <==== ATTENTION
Task: {296D1126-A702-49D5-B7BB-313CF8B8BDB3} - \c0d67ced-ec8f-4468-962c-cb6d65463e12-2 No Task File <==== ATTENTION
Task: {2E25E64E-FF16-4FA6-8DA5-B29B63EB0AE9} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {314660B2-777B-4154-B36B-55E18931DB50} - \108029eb-c499-4b8b-ab5a-f4be652635de-2 No Task File <==== ATTENTION
Task: {52BB24DF-DC2A-49FC-8287-95CB30807EA1} - \c0d67ced-ec8f-4468-962c-cb6d65463e12-4 No Task File <==== ATTENTION
Task: {66EFA195-68D4-44EB-A30A-4E94F4A90969} - \c0d67ced-ec8f-4468-962c-cb6d65463e12-3 No Task File <==== ATTENTION
Task: {708F11F2-3614-448C-B2DD-3920E5B70BF7} - \c0d67ced-ec8f-4468-962c-cb6d65463e12-1 No Task File <==== ATTENTION
Task: {7EF1D002-C313-4687-902F-72C4298C2C6E} - \108029eb-c499-4b8b-ab5a-f4be652635de-4 No Task File <==== ATTENTION
Task: {8AA10842-F3B4-49B3-8716-C219D90F92BE} - \108029eb-c499-4b8b-ab5a-f4be652635de-5 No Task File <==== ATTENTION
Task: {8BE6DC57-A594-4F24-9730-00DEF66E9212} - \Re-markit_wd No Task File <==== ATTENTION
Task: {933622F8-E558-42ED-9C90-238D59EB1EE8} - \108029eb-c499-4b8b-ab5a-f4be652635de-3 No Task File <==== ATTENTION
Task: {C6A013C7-33F3-44DB-A9AA-B0BD900FC21B} - \108029eb-c499-4b8b-ab5a-f4be652635de-11 No Task File <==== ATTENTION
Task: {E80FD2C7-2E1A-489B-86F9-E9126F4BE7D6} - \108029eb-c499-4b8b-ab5a-f4be652635de-1 No Task File <==== ATTENTION
Task: {FDC4A9D4-8084-4C95-99B5-6264131E0202} - \Re-markit Update No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
C:\Program Files (x86)\Re_Markable
C:\Program Files (x86)\raving reyven
C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys
C:\Users\Admin\Sony_PC_Companion_2.10.165_Web.exe
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.06.2014, 20:47   #10
Line-LAP
 
raving reyvens - ständige Werbung und Umleitung auf Werbeseiten. Bei neuem Öffnen eines Tabs lande ich auf websearcher - Standard

raving reyvens - ständige Werbung und Umleitung auf Werbeseiten. Bei neuem Öffnen eines Tabs lande ich auf websearcher



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-06-2014
Ran by Admin at 2014-06-18 21:42:44 Run:1
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2951541265-1472267509-3421380212-1004\User: Group Policy restriction detected <======= ATTENTION
FF Extension: No Name - C:\Program Files (x86)\Re_Markable\173.xpi [2014-06-16]
S2 Update raving reyven; "C:\Program Files (x86)\raving reyven\updateravingreyven.exe" [X]
S2 Util raving reyven; "C:\Program Files (x86)\raving reyven\bin\utilravingreyven.exe" [X]
R1 {e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64; C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys [61120 2014-05-22] (StdLib)
R1 {e63d9559-e4c3-499e-867a-a3c9d0a21400}w64; C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}w64.sys [61120 2014-06-09] (StdLib)
Task: {1B1D67AB-510C-41F9-B536-680E1CF37E1B} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {1D1CB4EE-4E42-436C-A7C6-65AAEBC6B0C9} - \c0d67ced-ec8f-4468-962c-cb6d65463e12-5 No Task File <==== ATTENTION
Task: {296D1126-A702-49D5-B7BB-313CF8B8BDB3} - \c0d67ced-ec8f-4468-962c-cb6d65463e12-2 No Task File <==== ATTENTION
Task: {2E25E64E-FF16-4FA6-8DA5-B29B63EB0AE9} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {314660B2-777B-4154-B36B-55E18931DB50} - \108029eb-c499-4b8b-ab5a-f4be652635de-2 No Task File <==== ATTENTION
Task: {52BB24DF-DC2A-49FC-8287-95CB30807EA1} - \c0d67ced-ec8f-4468-962c-cb6d65463e12-4 No Task File <==== ATTENTION
Task: {66EFA195-68D4-44EB-A30A-4E94F4A90969} - \c0d67ced-ec8f-4468-962c-cb6d65463e12-3 No Task File <==== ATTENTION
Task: {708F11F2-3614-448C-B2DD-3920E5B70BF7} - \c0d67ced-ec8f-4468-962c-cb6d65463e12-1 No Task File <==== ATTENTION
Task: {7EF1D002-C313-4687-902F-72C4298C2C6E} - \108029eb-c499-4b8b-ab5a-f4be652635de-4 No Task File <==== ATTENTION
Task: {8AA10842-F3B4-49B3-8716-C219D90F92BE} - \108029eb-c499-4b8b-ab5a-f4be652635de-5 No Task File <==== ATTENTION
Task: {8BE6DC57-A594-4F24-9730-00DEF66E9212} - \Re-markit_wd No Task File <==== ATTENTION
Task: {933622F8-E558-42ED-9C90-238D59EB1EE8} - \108029eb-c499-4b8b-ab5a-f4be652635de-3 No Task File <==== ATTENTION
Task: {C6A013C7-33F3-44DB-A9AA-B0BD900FC21B} - \108029eb-c499-4b8b-ab5a-f4be652635de-11 No Task File <==== ATTENTION
Task: {E80FD2C7-2E1A-489B-86F9-E9126F4BE7D6} - \108029eb-c499-4b8b-ab5a-f4be652635de-1 No Task File <==== ATTENTION
Task: {FDC4A9D4-8084-4C95-99B5-6264131E0202} - \Re-markit Update No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
C:\Program Files (x86)\Re_Markable
C:\Program Files (x86)\raving reyven
C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys
C:\Users\Admin\Sony_PC_Companion_2.10.165_Web.exe
         
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2951541265-1472267509-3421380212-1004\User => Moved successfully.
C:\Program Files (x86)\Re_Markable\173.xpi => Moved successfully.
Update raving reyven => Service deleted successfully.
Util raving reyven => Service deleted successfully.
{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64 => Service stopped successfully.
{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64 => Service deleted successfully.
{e63d9559-e4c3-499e-867a-a3c9d0a21400}w64 => Service stopped successfully.
{e63d9559-e4c3-499e-867a-a3c9d0a21400}w64 => Service deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1B1D67AB-510C-41F9-B536-680E1CF37E1B}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B1D67AB-510C-41F9-B536-680E1CF37E1B}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1D1CB4EE-4E42-436C-A7C6-65AAEBC6B0C9}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D1CB4EE-4E42-436C-A7C6-65AAEBC6B0C9}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c0d67ced-ec8f-4468-962c-cb6d65463e12-5' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{296D1126-A702-49D5-B7BB-313CF8B8BDB3}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{296D1126-A702-49D5-B7BB-313CF8B8BDB3}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c0d67ced-ec8f-4468-962c-cb6d65463e12-2' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E25E64E-FF16-4FA6-8DA5-B29B63EB0AE9}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E25E64E-FF16-4FA6-8DA5-B29B63EB0AE9}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{314660B2-777B-4154-B36B-55E18931DB50}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{314660B2-777B-4154-B36B-55E18931DB50}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\108029eb-c499-4b8b-ab5a-f4be652635de-2' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{52BB24DF-DC2A-49FC-8287-95CB30807EA1}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52BB24DF-DC2A-49FC-8287-95CB30807EA1}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c0d67ced-ec8f-4468-962c-cb6d65463e12-4' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{66EFA195-68D4-44EB-A30A-4E94F4A90969}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66EFA195-68D4-44EB-A30A-4E94F4A90969}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c0d67ced-ec8f-4468-962c-cb6d65463e12-3' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{708F11F2-3614-448C-B2DD-3920E5B70BF7}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{708F11F2-3614-448C-B2DD-3920E5B70BF7}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c0d67ced-ec8f-4468-962c-cb6d65463e12-1' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7EF1D002-C313-4687-902F-72C4298C2C6E}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7EF1D002-C313-4687-902F-72C4298C2C6E}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\108029eb-c499-4b8b-ab5a-f4be652635de-4' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8AA10842-F3B4-49B3-8716-C219D90F92BE}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8AA10842-F3B4-49B3-8716-C219D90F92BE}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\108029eb-c499-4b8b-ab5a-f4be652635de-5' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8BE6DC57-A594-4F24-9730-00DEF66E9212}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BE6DC57-A594-4F24-9730-00DEF66E9212}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Re-markit_wd' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{933622F8-E558-42ED-9C90-238D59EB1EE8}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{933622F8-E558-42ED-9C90-238D59EB1EE8}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\108029eb-c499-4b8b-ab5a-f4be652635de-3' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C6A013C7-33F3-44DB-A9AA-B0BD900FC21B}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6A013C7-33F3-44DB-A9AA-B0BD900FC21B}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\108029eb-c499-4b8b-ab5a-f4be652635de-11' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E80FD2C7-2E1A-489B-86F9-E9126F4BE7D6}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E80FD2C7-2E1A-489B-86F9-E9126F4BE7D6}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\108029eb-c499-4b8b-ab5a-f4be652635de-1' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FDC4A9D4-8084-4C95-99B5-6264131E0202}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDC4A9D4-8084-4C95-99B5-6264131E0202}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Re-markit Update' => Key deleted successfully.
C:\ProgramData\Temp => ":0B4227B4" ADS removed successfully.
C:\Program Files (x86)\Re_Markable => Moved successfully.
"C:\Program Files (x86)\raving reyven" => File/Directory not found.
C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys => Moved successfully.
C:\Users\Admin\Sony_PC_Companion_2.10.165_Web.exe => Moved successfully.


The system needed a reboot. 

==== End of Fixlog ====
         

Alt 19.06.2014, 11:11   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
raving reyvens - ständige Werbung und Umleitung auf Werbeseiten. Bei neuem Öffnen eines Tabs lande ich auf websearcher - Standard

raving reyvens - ständige Werbung und Umleitung auf Werbeseiten. Bei neuem Öffnen eines Tabs lande ich auf websearcher



Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.06.2014, 11:20   #12
Line-LAP
 
raving reyvens - ständige Werbung und Umleitung auf Werbeseiten. Bei neuem Öffnen eines Tabs lande ich auf websearcher - Standard

raving reyvens - ständige Werbung und Umleitung auf Werbeseiten. Bei neuem Öffnen eines Tabs lande ich auf websearcher



Hab vielen Dank, Cosinus


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-06-2014
Ran by Admin (administrator) on JACQUELINE-LAP on 19-06-2014 12:16:30
Running from C:\Users\Admin\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieCtrl.exe
(Spotify Ltd) C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(1&1 Mail & Media GmbH) C:\Users\Admin\AppData\Local\GMX Application {sync-000021}\gmx_mediacenter.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(Mindjet) C:\Program Files (x86)\Mindjet\MindManager 10\MmReminderService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(Fujitsu Technology Solutions) C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
() C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [188264 2009-07-30] (FUJITSU LIMITED)
HKLM\...\Run: [FDM7] => C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKLM\...\Run: [ConMgr] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [535440 2009-12-24] (CSR, plc)
HKLM\...\Run: [CSRSkype] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [431504 2009-12-24] (CSR, plc)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [LoadFUJ02E3] => C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED)
HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [162912 2009-07-08] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [MMReminderService] => C:\Program Files (x86)\Mindjet\MindManager 10\MMReminderService.exe [37728 2011-09-14] (Mindjet)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM-x32\...\Run: [Cobian Backup 11 interface] => C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [4407808 2013-03-07] (Luis Cobian, CobianSoft)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2951541265-1472267509-3421380212-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [694032 2012-06-17] (SANDBOXIE L.T.D)
HKU\S-1-5-21-2951541265-1472267509-3421380212-1001\...\Run: [Spotify Web Helper] => C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-02] (Spotify Ltd)
HKU\S-1-5-21-2951541265-1472267509-3421380212-1001\...\Run: [Spotify] => C:\Users\Admin\AppData\Roaming\Spotify\spotify.exe [5951488 2013-12-02] (Spotify Ltd)
HKU\S-1-5-21-2951541265-1472267509-3421380212-1001\...\Run: [GMX Application {sync-000021}] => C:\Users\Admin\AppData\Local\GMX Application {sync-000021}\gmx_mediacenter.exe [803840 2014-02-26] (1&1 Mail & Media GmbH)
HKU\S-1-5-21-2951541265-1472267509-3421380212-1001\...\MountPoints2: {05252b56-8934-11e1-8e30-0023269265e7} - E:\Startme.exe
HKU\S-1-5-21-2951541265-1472267509-3421380212-1001\...\MountPoints2: {ebe3da1f-0483-11e0-ad6b-806e6f6e6963} - F:\FSetup.exe
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSF&bmod=FTSF
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7704F9A53589CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE,es-ES;q=0.5
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Re-markit - {401EA098-5006-38D6-99CE-F46A89FC2D4F} - C:\Program Files (x86)\Re_Markable\173.dll No File
BHO-x32: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: sony.com/MediaGoDetector - C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\searchplugins\bildungsspender-websuche.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\Extensions\trash [2014-06-16]
FF Extension: Ghostery - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\Extensions\firefox@ghostery.com.xpi [2014-01-17]
FF Extension: GMX MailCheck - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\Extensions\toolbar@gmx.net.xpi [2013-10-24]
FF HKCU\...\Firefox\Extensions: [{BF0B15F4-00DB-1A9D-C11F-A918802E51BC}] - C:\Program Files (x86)\Re_Markable\173.xpi

Chrome: 
=======
CHR HomePage: 
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Extension: (No Name) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaipilfmheplbcghignccoiiebekkdhe [2014-06-05]
CHR Extension: (Re-markit) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\himihejfgaadipiikddngnlglkhfifan [2014-06-16]
CHR Extension: (No Name) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2011-06-22]
CHR Extension: (Skype Extension) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-04-24]
CHR Extension: (Mediaa_Play_AIR_1.4) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek [2014-06-16]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]

==================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 CobianBackup11; C:\Program Files (x86)\Cobian Backup 11\cbService.exe [1131008 2013-03-07] (Luis Cobian, CobianSoft) [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-11-01] (Intel Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [98576 2012-06-17] (SANDBOXIE L.T.D)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1326176 2012-07-25] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [681056 2012-07-25] (Secunia)
R2 StarMoney 8.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [663184 2014-01-27] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 TestHandler; C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [341264 2009-02-19] (Fujitsu Technology Solutions)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-11-01] (Intel Corporation) [File not signed]
R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc)
R2 WirelessSelectorService; C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe [62312 2009-07-21] ()

==================== Drivers (Whitelisted) ====================

R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 RtsUIR; No ImagePath
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [166576 2012-06-17] (SANDBOXIE L.T.D)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-08-13] (Anchorfree Inc.)
S3 USBCCID; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-18 21:42 - 2014-06-18 21:42 - 00000000 ____D () C:\Users\Admin\Desktop\FRST-OlderVersion
2014-06-18 14:28 - 2014-06-18 14:29 - 00033161 _____ () C:\Users\Admin\Desktop\Addition.txt
2014-06-18 14:06 - 2014-06-18 14:09 - 00000272 _____ () C:\Users\Admin\Desktop\mbam.txt
2014-06-18 13:44 - 2014-06-19 12:17 - 00021284 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-06-18 13:14 - 2014-06-18 13:14 - 00001366 _____ () C:\Users\Admin\Desktop\JRT.txt
2014-06-18 13:01 - 2014-06-18 13:01 - 00000000 ____D () C:\Windows\ERUNT
2014-06-18 13:00 - 2014-06-18 13:00 - 01016261 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe
2014-06-18 12:42 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-18 12:41 - 2014-06-18 12:45 - 00000000 ____D () C:\AdwCleaner
2014-06-18 12:40 - 2014-06-18 12:40 - 01333465 _____ () C:\Users\Admin\Desktop\adwcleaner_3.212.exe
2014-06-18 11:58 - 2014-06-18 14:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-18 11:58 - 2014-06-18 11:58 - 00001112 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-18 11:58 - 2014-06-18 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-18 11:58 - 2014-06-18 11:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-18 11:58 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-18 11:58 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-18 11:58 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-18 11:56 - 2014-06-18 11:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Admin\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-18 08:58 - 2014-06-19 12:16 - 00000000 ____D () C:\FRST
2014-06-18 08:56 - 2014-06-18 21:42 - 02082304 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-06-16 22:38 - 2014-06-16 22:38 - 00000000 ____D () C:\Users\Admin\AppData\Local\com
2014-06-16 14:24 - 2014-06-18 21:46 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-06-16 14:24 - 2014-06-16 14:26 - 00000000 ____D () C:\Program Files (x86)\Mediaa_Play_AIR_1.4
2014-06-16 14:22 - 2014-06-16 14:22 - 00003144 _____ () C:\Windows\System32\Tasks\{F443843E-E412-4892-8FC7-6576B1353BE5}
2014-06-16 14:20 - 2014-06-16 14:20 - 01245608 _____ () C:\Users\Admin\Downloads\Player_Setup.exe
2014-06-12 18:33 - 2014-06-12 18:33 - 00000000 ____D () C:\Users\Admin\Desktop\Anton
2014-06-12 18:27 - 2014-06-12 18:27 - 00000256 _____ () C:\Users\Admin\Desktop\Frankenkletterertelefonliste.pdf - Dropbox.URL
2014-06-12 11:37 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-06-12 11:37 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-06-12 10:50 - 2014-06-12 10:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-12 10:34 - 2014-06-12 10:34 - 00002032 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-06-12 10:34 - 2014-06-12 10:34 - 00002020 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-06-12 10:34 - 2014-06-12 10:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-11 18:01 - 2014-06-19 12:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-11 18:01 - 2014-06-11 18:01 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-11 18:01 - 2014-06-11 18:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-11 18:01 - 2014-06-11 18:01 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-11 17:59 - 2014-06-12 10:34 - 00000798 _____ () C:\Windows\SecuniaPackage.log
2014-06-11 17:33 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-06-11 17:33 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-06-11 17:33 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-06-11 17:33 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-06-11 17:33 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-06-11 17:33 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-06-11 17:33 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-06-11 17:33 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-06-11 17:33 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-06-11 17:33 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-06-11 17:33 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-06-11 17:33 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-06-11 17:33 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-06-11 17:33 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-06-11 17:33 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-06-11 17:33 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-06-11 17:32 - 2014-06-13 03:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-06-11 17:24 - 2014-06-13 03:22 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-06-11 17:24 - 2014-06-13 03:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-06-11 17:21 - 2014-06-11 17:21 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-06-11 17:21 - 2014-06-11 17:21 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-06-11 17:21 - 2014-06-11 17:21 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-06-11 17:21 - 2014-06-11 17:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
2014-06-11 17:20 - 2014-06-11 17:20 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2014-06-11 17:10 - 2014-06-11 17:13 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-06-11 16:30 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-06-11 16:30 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-06-11 15:21 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 15:21 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 15:21 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 15:21 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 15:21 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 15:21 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 15:21 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 15:21 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 15:21 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 15:21 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 15:21 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 15:21 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 15:21 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 15:21 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 15:21 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 15:21 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 15:21 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 15:21 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 15:21 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 15:21 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 15:21 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 15:21 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 15:21 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 15:21 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 15:21 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 15:21 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 15:21 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 15:21 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 15:21 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 15:21 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 15:21 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 15:21 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 15:21 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 15:21 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 15:21 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 15:21 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 15:21 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 15:21 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 15:21 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 15:21 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 15:21 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 15:21 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 15:21 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 15:21 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 15:21 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 15:21 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 15:21 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 15:21 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 15:21 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 15:21 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 15:21 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 15:21 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 15:11 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 15:11 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 15:11 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 15:11 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 15:10 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 15:10 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 15:10 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 15:10 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 15:10 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 15:10 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 15:10 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 15:10 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 15:10 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 15:10 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 14:52 - 2014-06-09 12:10 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}w64.sys
2014-06-06 09:31 - 2014-06-06 09:31 - 01917800 _____ () C:\Users\Admin\Downloads\winrar-x64-51b4.exe
2014-06-06 09:17 - 2014-06-06 09:17 - 00495616 _____ (Simon Tatham) C:\Users\Admin\Downloads\putty_0.63.exe
2014-06-05 22:58 - 2014-06-05 22:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-06-05 22:58 - 2014-06-05 22:58 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-06-05 22:54 - 2014-06-05 22:54 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Admin\Downloads\cbSetup.exe
2014-06-05 22:02 - 2014-06-05 22:02 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\dlg
2014-06-05 22:00 - 2014-06-05 22:00 - 00000000 ____D () C:\Program Files (x86)\PSHD-9.9
2014-06-05 21:57 - 2014-06-05 21:57 - 00467712 _____ () C:\Users\Admin\Downloads\ccleaner.exe
2014-05-25 10:14 - 2014-05-25 10:14 - 00001789 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-25 10:14 - 2014-05-25 10:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-25 10:13 - 2014-05-25 10:14 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-25 10:13 - 2014-05-25 10:14 - 00000000 ____D () C:\Program Files\iTunes
2014-05-25 10:13 - 2014-05-25 10:14 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-25 10:13 - 2014-05-25 10:13 - 00000000 ____D () C:\Program Files\iPod
2014-05-24 15:27 - 2014-05-24 15:27 - 00001967 _____ () C:\Users\Admin\Desktop\Brother MFC-8890DW Printer W-Lan - Verknüpfung.lnk
2014-05-23 00:09 - 2014-05-23 00:09 - 00012499 _____ () C:\Users\Admin\Desktop\23.05.2014 00_15_54.201400_15_54
2014-05-22 13:31 - 2014-05-22 13:31 - 00000000 ____D () C:\Users\Admin\4.0
2014-05-22 13:31 - 2014-05-22 13:31 - 00000000 ____D () C:\Users\Admin\.tfo4
2014-05-21 09:58 - 2006-12-14 13:42 - 00069120 ____R (AVM Berlin) C:\Windows\SysWOW64\avmadd32.dll
2014-05-21 09:58 - 2006-05-29 02:00 - 00016384 ____R (AVM Berlin GmbH) C:\Windows\SysWOW64\avmprmon.dll

==================== One Month Modified Files and Folders =======

2014-06-19 12:17 - 2014-06-18 13:44 - 00021284 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-06-19 12:16 - 2014-06-18 08:58 - 00000000 ____D () C:\FRST
2014-06-19 12:00 - 2014-06-11 18:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-19 10:37 - 2010-12-10 19:38 - 01753529 _____ () C:\Windows\WindowsUpdate.log
2014-06-19 02:17 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-19 02:17 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-19 01:00 - 2010-12-11 16:35 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Dropbox
2014-06-18 21:49 - 2010-12-12 16:33 - 00000000 ___RD () C:\Users\Admin\Documents\My Dropbox
2014-06-18 21:47 - 2014-02-11 13:44 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DropboxMaster
2014-06-18 21:46 - 2014-06-16 14:24 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-06-18 21:46 - 2012-08-11 15:47 - 00000008 __RSH () C:\Users\Admin\ntuser.pol
2014-06-18 21:46 - 2010-12-10 10:55 - 00000000 ____D () C:\Users\Admin
2014-06-18 21:45 - 2013-12-02 13:54 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Spotify
2014-06-18 21:44 - 2014-01-05 02:00 - 00007108 _____ () C:\Windows\setupact.log
2014-06-18 21:44 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-18 21:42 - 2014-06-18 21:42 - 00000000 ____D () C:\Users\Admin\Desktop\FRST-OlderVersion
2014-06-18 21:42 - 2014-06-18 08:56 - 02082304 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-06-18 21:42 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-18 14:29 - 2014-06-18 14:28 - 00033161 _____ () C:\Users\Admin\Desktop\Addition.txt
2014-06-18 14:09 - 2014-06-18 14:06 - 00000272 _____ () C:\Users\Admin\Desktop\mbam.txt
2014-06-18 14:08 - 2014-06-18 11:58 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-18 13:14 - 2014-06-18 13:14 - 00001366 _____ () C:\Users\Admin\Desktop\JRT.txt
2014-06-18 13:02 - 2010-04-26 15:06 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-06-18 13:02 - 2010-04-26 15:06 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-06-18 13:02 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-18 13:01 - 2014-06-18 13:01 - 00000000 ____D () C:\Windows\ERUNT
2014-06-18 13:00 - 2014-06-18 13:00 - 01016261 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe
2014-06-18 12:47 - 2014-02-13 18:12 - 00215034 _____ () C:\Windows\PFRO.log
2014-06-18 12:45 - 2014-06-18 12:41 - 00000000 ____D () C:\AdwCleaner
2014-06-18 12:45 - 2013-01-18 11:54 - 00001059 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-18 12:45 - 2012-08-07 20:14 - 00001071 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-18 12:45 - 2010-12-10 11:02 - 00001001 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-18 12:40 - 2014-06-18 12:40 - 01333465 _____ () C:\Users\Admin\Desktop\adwcleaner_3.212.exe
2014-06-18 11:58 - 2014-06-18 11:58 - 00001112 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-18 11:58 - 2014-06-18 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-18 11:58 - 2014-06-18 11:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-18 11:58 - 2012-08-06 21:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-18 11:56 - 2014-06-18 11:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Admin\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-18 10:59 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini
2014-06-18 10:54 - 2010-12-11 16:58 - 00000000 ____D () C:\at work
2014-06-17 11:00 - 2011-03-18 16:08 - 00000000 _____ () C:\Users\Admin\Documents\Nuance Image Printer Writer Port
2014-06-17 10:49 - 2013-07-01 17:17 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0
2014-06-16 22:38 - 2014-06-16 22:38 - 00000000 ____D () C:\Users\Admin\AppData\Local\com
2014-06-16 14:26 - 2014-06-16 14:24 - 00000000 ____D () C:\Program Files (x86)\Mediaa_Play_AIR_1.4
2014-06-16 14:25 - 2013-10-13 08:23 - 00000000 ____D () C:\ProgramData\Sonos,_Inc
2014-06-16 14:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-06-16 14:22 - 2014-06-16 14:22 - 00003144 _____ () C:\Windows\System32\Tasks\{F443843E-E412-4892-8FC7-6576B1353BE5}
2014-06-16 14:20 - 2014-06-16 14:20 - 01245608 _____ () C:\Users\Admin\Downloads\Player_Setup.exe
2014-06-13 16:27 - 2011-08-09 20:04 - 00000000 ____D () C:\Users\Public\Documents\BrFaxRx
2014-06-13 16:17 - 2011-03-02 18:39 - 00000000 ____D () C:\Users\Admin\Documents\00000-Eigene PaperPort-Dokumente
2014-06-13 16:08 - 2011-07-27 14:22 - 00000000 ____D () C:\Users\Admin\Documents\BETREUUNG AKTUELL
2014-06-13 12:29 - 2012-12-01 01:21 - 00000100 _____ () C:\Windows\Brfaxrx.ini
2014-06-13 04:12 - 2014-05-19 17:06 - 00000000 ____D () C:\Windows\rescache
2014-06-13 03:22 - 2014-06-11 17:24 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-06-13 03:22 - 2014-06-11 17:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-06-13 03:22 - 2012-08-07 20:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-13 03:03 - 2014-06-11 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-06-13 03:03 - 2010-12-23 11:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 18:33 - 2014-06-12 18:33 - 00000000 ____D () C:\Users\Admin\Desktop\Anton
2014-06-12 18:27 - 2014-06-12 18:27 - 00000256 _____ () C:\Users\Admin\Desktop\Frankenkletterertelefonliste.pdf - Dropbox.URL
2014-06-12 10:51 - 2014-06-12 10:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-12 10:34 - 2014-06-12 10:34 - 00002032 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-06-12 10:34 - 2014-06-12 10:34 - 00002020 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-06-12 10:34 - 2014-06-12 10:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-12 10:34 - 2014-06-11 17:59 - 00000798 _____ () C:\Windows\SecuniaPackage.log
2014-06-11 18:01 - 2014-06-11 18:01 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-11 18:01 - 2014-06-11 18:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-11 18:01 - 2014-06-11 18:01 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-11 17:41 - 2013-08-14 23:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 17:36 - 2010-12-10 15:19 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 17:21 - 2014-06-11 17:21 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-06-11 17:21 - 2014-06-11 17:21 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-06-11 17:21 - 2014-06-11 17:21 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-06-11 17:21 - 2014-06-11 17:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
2014-06-11 17:21 - 2011-03-21 15:09 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-06-11 17:21 - 2011-03-21 15:07 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-06-11 17:20 - 2014-06-11 17:20 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2014-06-11 17:13 - 2014-06-11 17:10 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-06-11 16:43 - 2012-09-18 15:07 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Thunderbird
2014-06-11 14:45 - 2010-12-12 16:28 - 00000000 ____D () C:\Program Files\WinRAR
2014-06-09 12:10 - 2014-06-11 14:52 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}w64.sys
2014-06-06 09:32 - 2010-12-12 16:28 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-06 09:32 - 2010-12-12 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-06 09:31 - 2014-06-06 09:31 - 01917800 _____ () C:\Users\Admin\Downloads\winrar-x64-51b4.exe
2014-06-06 09:17 - 2014-06-06 09:17 - 00495616 _____ (Simon Tatham) C:\Users\Admin\Downloads\putty_0.63.exe
2014-06-06 00:05 - 2010-12-12 19:32 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 10
2014-06-05 22:58 - 2014-06-05 22:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-06-05 22:58 - 2014-06-05 22:58 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-06-05 22:54 - 2014-06-05 22:54 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Admin\Downloads\cbSetup.exe
2014-06-05 22:07 - 2012-02-22 00:06 - 00007607 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2014-06-05 22:02 - 2014-06-05 22:02 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\dlg
2014-06-05 22:00 - 2014-06-05 22:00 - 00000000 ____D () C:\Program Files (x86)\PSHD-9.9
2014-06-05 21:57 - 2014-06-05 21:57 - 00467712 _____ () C:\Users\Admin\Downloads\ccleaner.exe
2014-06-05 21:45 - 2014-02-06 10:52 - 00000000 ____D () C:\Users\Admin\GMX MediaCenter
2014-06-05 13:37 - 2011-03-01 15:24 - 00000483 _____ () C:\Windows\BRWMARK.INI
2014-05-30 12:21 - 2014-06-11 15:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-11 15:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-11 15:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-11 15:21 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-11 15:21 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-11 15:21 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-11 15:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-11 15:21 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-11 15:21 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-11 15:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-11 15:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-11 15:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-11 15:21 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-11 15:21 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-11 15:21 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-11 15:21 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-11 15:21 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-11 15:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-11 15:21 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-11 15:21 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-11 15:21 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-11 15:21 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-11 15:21 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-11 15:21 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-11 15:21 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-11 15:21 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-11 15:21 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-11 15:21 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-11 15:21 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-11 15:21 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-11 15:21 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-11 15:21 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-11 15:21 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-11 15:21 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-11 15:21 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-11 15:21 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-11 15:21 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-11 15:21 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-11 15:21 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-11 15:21 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-11 15:21 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-11 15:21 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-11 15:21 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-11 15:21 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-11 15:21 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-11 15:21 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-11 15:21 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-11 15:21 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-11 15:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-11 15:21 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-11 15:21 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-11 15:21 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-28 17:22 - 2010-12-11 16:36 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-25 17:25 - 2011-04-24 21:42 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2014-05-25 10:14 - 2014-05-25 10:14 - 00001789 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-25 10:14 - 2014-05-25 10:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-25 10:14 - 2014-05-25 10:13 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-25 10:14 - 2014-05-25 10:13 - 00000000 ____D () C:\Program Files\iTunes
2014-05-25 10:14 - 2014-05-25 10:13 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-25 10:13 - 2014-05-25 10:13 - 00000000 ____D () C:\Program Files\iPod
2014-05-24 15:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-24 15:27 - 2014-05-24 15:27 - 00001967 _____ () C:\Users\Admin\Desktop\Brother MFC-8890DW Printer W-Lan - Verknüpfung.lnk
2014-05-23 09:44 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-05-23 00:09 - 2014-05-23 00:09 - 00012499 _____ () C:\Users\Admin\Desktop\23.05.2014 00_15_54.201400_15_54
2014-05-22 13:31 - 2014-05-22 13:31 - 00000000 ____D () C:\Users\Admin\4.0
2014-05-22 13:31 - 2014-05-22 13:31 - 00000000 ____D () C:\Users\Admin\.tfo4
2014-05-21 13:03 - 2013-10-13 08:24 - 00001953 _____ () C:\Users\Public\Desktop\Sonos.lnk
2014-05-21 13:03 - 2013-10-13 08:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonos
2014-05-21 13:03 - 2013-10-13 08:24 - 00000000 ____D () C:\Program Files (x86)\Sonos
2014-05-21 13:03 - 2013-09-26 07:40 - 00000000 ____D () C:\Users\Admin\AppData\Local\Downloaded Installations
2014-05-21 13:01 - 2013-10-13 08:23 - 00000000 ____D () C:\Users\Admin\Sonos
2014-05-21 09:58 - 2014-05-18 19:09 - 00002543 _____ () C:\Windows\avmadd321.log
2014-05-21 09:58 - 2014-05-18 19:09 - 00000000 ____D () C:\Program Files (x86)\FRITZ!BoxPrint
2014-05-21 09:58 - 2014-05-18 18:51 - 00002899 _____ () C:\Windows\avmadd32.log
2014-05-21 09:58 - 2014-05-18 18:51 - 00000000 ____D () C:\Program Files (x86)\FRITZ!Box
2014-05-21 08:57 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxhjwkn.dll
C:\Users\Admin\AppData\Local\Temp\FileSystemView.dll
C:\Users\Admin\AppData\Local\Temp\lly_webssearches.exe
C:\Users\Admin\AppData\Local\Temp\media.exe
C:\Users\Admin\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
C:\Users\Admin\AppData\Local\Temp\newvideoplayersetup.exe
C:\Users\Admin\AppData\Local\Temp\nsf495D.exe
C:\Users\Admin\AppData\Local\Temp\nsk4E5D.exe
C:\Users\Admin\AppData\Local\Temp\nspABBC.exe
C:\Users\Admin\AppData\Local\Temp\nsvA797.exe
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Admin\AppData\Local\Temp\re-markable_2040-2083.exe
C:\Users\Admin\AppData\Local\Temp\spidentifierimpl.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-18 10:04

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-06-2014
Ran by Admin at 2014-06-19 12:17:34
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Flash Player 14 Plugin (HKLM-x32\...\{C4B32291-F7B2-4BEC-BA4D-4195676A08CC}) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
AIS Connect (HKLM-x32\...\AIS Connect) (Version: 1.1.1.6 - Fujitsu Technology Solutions GmbH)
AIS Connect (x32 Version: 1.1.1.6 - Fujitsu Technology Solutions GmbH) Hidden
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{5347542D-5637-006A-76A7-A758B70C0A06}) (Version: 12.10.6.5030 - APN, LLC) <==== ATTENTION
Avery Wizard 4.0 (HKLM-x32\...\{F5D84887-8A6F-4993-8560-B3AA44CB620D}) (Version: 4.0.201 - Avery)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
BdB at work 2013 (HKLM-x32\...\BdB_at_Work_2005_is1) (Version: 2013 - LOGO Datensysteme GmbH)
BdB at work mobile Server (HKLM-x32\...\atwork_mobile_server_is1) (Version: 2013 - LOGO Datensysteme GmbH)
Bluetooth Feature Pack 5.0 (HKLM\...\{B2F4C332-2359-4ADE-AF0C-C631768BBB89}) (Version: 5.0.14 - CSR Plc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-8890DW (HKLM-x32\...\{004B8D14-7E3A-490A-ABB3-753535E169E3}) (Version: 1.0.6.0 - Brother Industries, Ltd.)
Canon MF Toolbox 4.9.1.1.mf11 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf11 - Canon Inc.)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Colours Setup (HKLM-x32\...\Colours Setup) (Version:  - )
CrazyWords (HKLM-x32\...\CrazyWords) (Version:  - )
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.1908.7636 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.1908.7636 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version:  - Microsoft)
Deutsche Post E-Porto (HKLM-x32\...\{A51F5414-4A2B-45A0-8EF2-B4D29CFBCAE7}) (Version: 2.3.0 - Deutsche Post AG)
Doppelkopf XXL (HKCU\...\Doppelkopf XXL) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
ElsterFormular-Upgrade (HKLM-x32\...\ElsterFormular für Unternehmer 12.1.0.6164u) (Version: 14.4.12044 - Landesfinanzdirektion Thüringen)
Evernote v. 5.1.2 (HKLM-x32\...\{12FB6296-8840-11E3-86D7-00163E98E7D0}) (Version: 5.1.2.2387 - Evernote Corp.)
EZ Vinyl/Tape Converter 7.4 by MixMeister (HKLM-x32\...\EZ Vinyl/Tape Converter by MixMeister_is1) (Version:  - MixMeister Technology LLC)
Fujitsu Display Manager (HKLM-x32\...\InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}) (Version:  - )
Fujitsu Display Manager (Version: 7.01.00.210 - FUJITSU LIMITED) Hidden
Fujitsu Hotkey Utility (HKLM-x32\...\InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}) (Version: 3.60.1.0 - FUJITSU LIMITED)
Fujitsu Hotkey Utility (x32 Version: 3.60.1.0 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version:  - )
Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.000 - Ihr Firmenname) Hidden
Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version:  - )
Fujitsu System Extension Utility (Version: 3.1.1.0 - FUJITSU LIMITED) Hidden
Garmin City Navigator Europe NT 2011.40 Update (HKLM-x32\...\{2A87B210-5672-421E-AD15-B8DF44D78691}) (Version: 14.40.0.0 - Garmin Ltd or its subsidiaries)
GMX MediaCenter 1.6.2863.0 (HKCU\...\GMX Application {sync-000021}) (Version: 1.6.2863.0 - 1&1 Mail & Media GmbH)
GMX ProfiFax (HKLM-x32\...\GMX ProfiFax) (Version: 2.00.222 - GMX GmbH)
Google Update Helper (x32 Version: 1.3.25.0 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{D1D4D7EA-62B8-4665-9FF7-02A91B925CC9}) (Version: 1.0.18.74 - Google)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2025 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{1CF5754A-545B-4360-BFDE-2847BC728DFC}) (Version: 11.2.0.115 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
KeePass Password Safe 1.20 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.20 - Dominik Reichl)
LifeBook Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version:  - )
LifeBook Application Panel (Version: 8.1.0.0 - FUJITSU LIMITED) Hidden
LightsOn Setup (HKLM-x32\...\LightsOn Setup) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Media Go (HKLM-x32\...\{B55B7EAE-C58C-496E-A383-3A6ABDD83A62}) (Version: 2.5.290 - Sony)
Media Go Video Playback Engine 1.120.104.05010 (HKLM-x32\...\{8227BCD8-AA43-B935-7134-2732A298364A}) (Version: 1.120.104.05010 - Sony)
Mediaa_Play_AIR_1.4 (HKLM-x32\...\Mediaa_Play_AIR_1.4) (Version: 1.34.6.10 - enter) <==== ATTENTION
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden
Mindjet MindManager 2012 (HKLM-x32\...\{2005E0A6-ED25-4B8A-801C-F3A0B846A317}) (Version: 10.0.445 - Mindjet)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
pdfforge Toolbar v4.4 (HKLM-x32\...\{BCB52F35-4C56-49F2-A3D6-FDED54B01847}) (Version: 4.4 - Spigot, Inc.) <==== ATTENTION
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.16.2.15545 - Sony Computer Entertainment Inc.)
Power Saving Utility (HKLM-x32\...\InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}) (Version:  - )
Power Saving Utility (Version: 31.01.11.013 - FUJITSU LIMITED) Hidden
PSHD-9.9 (HKLM-x32\...\PSHD-9.9) (Version: 1.34.5.29 - PlusVHD)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
raving reyven (HKLM\...\raving reyven) (Version: 2014.06.05.170104 - raving reyven)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30087 - Realtek Semiconductor Corp.)
Re-markit (HKLM-x32\...\28184F48-644B-A6E5-4B16-B684F94B3847) (Version:  - Re-markit-software) <==== ATTENTION
Sandboxie 3.72 (64-bit) (HKLM\...\Sandboxie) (Version: 3.72 - SANDBOXIE L.T.D)
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Secunia PSI (3.0.0.3001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.3001 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 26.1.77080 - Sonos, Inc.)
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.10.201308300830 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.174 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.174 - Sony)
Spotify (HKCU\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
StarMoney (x32 Version: 2.0 - StarFinanz) Hidden
StarMoney (x32 Version: 3.0.0.124 - StarFinanz) Hidden
StarMoney (x32 Version: 4.0.0.203 - StarFinanz) Hidden
StarMoney 8.0 S-Edition (HKLM-x32\...\{FDB0ACA2-EB23-413A-BDED-2A238E31F61F}) (Version: 8.0 - Star Finanz GmbH)
StarMoney 9.0  (HKLM-x32\...\{8B8F4B63-6252-40BD-BD3F-477C0EB3EB8C}) (Version: 9.0 - Star Finanz GmbH)
sv.net (HKLM-x32\...\sv.net) (Version: 13.1 - ITSG GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated)
SystemDiagnostics (HKLM-x32\...\{EF59DB7F-7426-426E-B862-7031F83ED304}) (Version: 2.04.0006 - Fujitsu Technology Solutions)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
WindowsProtectManger20.0.0.401 (HKLM-x32\...\WindowsProtectManger) (Version: 20.0.0.401 - Fuyu LIMITED) <==== ATTENTION
WinRAR 5.10 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
Wireless Selector (HKLM-x32\...\InstallShield_{51692C66-5505-41B8-92A7-548C69FB867C}) (Version:  - )
Wireless Selector (Version: 4.01.00.101 - FUJITSU LIMITED) Hidden
YTD Video Downloader 4.3 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.3 - GreenTree Applications SRL)

==================== Restore Points  =========================

18-06-2014 13:06:24 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {3E7FC18D-59EC-40AA-AAD2-81309DA3DCE6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-11] (Adobe Systems Incorporated)
Task: {57D3620E-3DE1-4C7B-975A-0FE5C1DF594C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5C28D529-526F-4107-AB5A-75B18561C50C} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {76613EB2-0993-438B-A4F2-0F139BEF382F} - System32\Tasks\{EBB0B57B-5E8D-48A9-8F21-07029A57302F} => C:\Program Files (x86)\StarMoney 7.0\app\StartStarMoney.exe
Task: {A5EE3613-3B0F-4317-8102-FBC1614BB58E} - System32\Tasks\{F3FFC8B2-C2B6-4DB2-A4E8-8BCB1CE1E627} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.)
Task: {B1B221C2-DB1A-40C0-90F8-76DB8484C444} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {BAAA4E5B-98C3-4338-8018-5D440FCDBBEA} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {C0386090-8A57-44A8-80B1-40C8388E0832} - System32\Tasks\{A6252999-127D-4ECF-95F6-898EE93F49BC} => D:\PROGRAMME\STAR\smoney_m_18_0_3_.exe
Task: {C61107EE-C946-4ABE-AA19-AFECF31CF241} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {CD987DCF-36FD-468D-ACCB-D158D9E9454D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {DD878446-AF1C-4F78-ADA4-7681346F9D84} - System32\Tasks\{F382690A-F6E3-4207-BC32-BF333FA28AFA} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/abandoninstall?source=lightinstaller&amp;page=tsMain
Task: {F0420892-B8F1-41B5-B293-C2497533B4C7} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {FC4A4906-5360-43DC-A61F-8474A0C34761} - System32\Tasks\{FC3080D7-86E8-4D13-8C5B-A2B49BACB874} => C:\Program Files (x86)\StarMoney 7.0\app\StartStarMoney.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2008-10-24 17:35 - 2008-10-24 17:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2014-02-06 10:52 - 2014-02-26 12:57 - 00050688 _____ () C:\Users\Admin\AppData\Local\GMX Application {sync-000021}\CoreBranding.dll
2014-04-02 16:58 - 2014-02-26 12:57 - 00102912 _____ () C:\Users\Admin\AppData\Local\GMX Application {sync-000021}\ConfigWizard.dll
2011-03-02 17:43 - 2005-04-22 14:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2009-07-21 20:31 - 2009-07-21 20:31 - 00062312 _____ () C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-18 21:46 - 2014-06-18 21:46 - 00043008 _____ () c:\users\admin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxhjwkn.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\libcef.dll
2014-01-22 14:29 - 2014-01-22 14:29 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-01-22 14:29 - 2014-01-22 14:29 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2014-06-12 10:50 - 2014-06-12 10:50 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-09-14 13:02 - 2011-09-14 13:02 - 00150856 _____ () C:\Program Files (x86)\Mindjet\MindManager 10\zlib.dll
2012-12-01 01:21 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-02-15 10:09 - 2011-01-13 10:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\PATCHW32.dll
2014-02-07 11:48 - 2011-01-13 10:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 9.0\ouservice\PATCHW32.dll
2014-06-11 18:01 - 2014-06-11 18:01 - 17024688 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Microsoft-ISATAP-Adapter
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft-ISATAP-Adapter #2
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft-ISATAP-Adapter #3
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft-ISATAP-Adapter #4
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/19/2014 00:42:29 AM) (Source: SideBySide) (EventID: 75) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error: (06/18/2014 09:42:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x125c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (06/18/2014 04:07:31 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {e47681e0-ef37-44c4-925d-69dcff1e9953}

Error: (06/18/2014 04:05:08 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {e47681e0-ef37-44c4-925d-69dcff1e9953}

Error: (06/18/2014 04:04:04 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {e47681e0-ef37-44c4-925d-69dcff1e9953}


System errors:
=============
Error: (06/18/2014 09:46:57 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (06/18/2014 09:45:38 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (06/18/2014 09:44:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Cobian Backup 11 Volume Shadow Copy Requester Dienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (06/18/2014 09:44:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Cobian Backup 11 Volume Shadow Copy Requester Dienst erreicht.

Error: (06/18/2014 01:43:45 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (06/19/2014 00:42:29 AM) (Source: SideBySide) (EventID: 75) (User: )
Description: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe2

Error: (06/18/2014 09:42:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141b125c01cf8afb6a2f642cC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllb7b2cd7c-f720-11e3-aad4-e839df080923

Error: (06/18/2014 04:07:31 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {e47681e0-ef37-44c4-925d-69dcff1e9953}

Error: (06/18/2014 04:05:08 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {e47681e0-ef37-44c4-925d-69dcff1e9953}

Error: (06/18/2014 04:04:04 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {e47681e0-ef37-44c4-925d-69dcff1e9953}


==================== Memory info =========================== 

Percentage of memory in use: 53%
Total physical RAM: 3892.55 MB
Available physical RAM: 1804.2 MB
Total Pagefile: 7783.29 MB
Available Pagefile: 5555.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:80 GB) (Free:2.72 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:150.87 GB) (Free:18.23 GB) NTFS
Drive f: (Disk) (CDROM) (Total:0.11 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 8E760A6D)
Partition 1: (Active) - (Size=2 GB) - (Type=27)
Partition 2: (Not Active) - (Size=80 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=151 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 19.06.2014, 11:52   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
raving reyvens - ständige Werbung und Umleitung auf Werbeseiten. Bei neuem Öffnen eines Tabs lande ich auf websearcher - Standard

raving reyvens - ständige Werbung und Umleitung auf Werbeseiten. Bei neuem Öffnen eines Tabs lande ich auf websearcher



Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.06.2014, 22:41   #14
Line-LAP
 
raving reyvens - ständige Werbung und Umleitung auf Werbeseiten. Bei neuem Öffnen eines Tabs lande ich auf websearcher - Standard

raving reyvens - ständige Werbung und Umleitung auf Werbeseiten. Bei neuem Öffnen eines Tabs lande ich auf websearcher



Jacqueline an den "König der Sterne" :-)

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 19.06.2014
Suchlauf-Zeit: 15:45:27
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.06.19.06
Rootkit Datenbank: v2014.06.02.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Admin

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 350396
Verstrichene Zeit: 17 Min, 48 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 15
PUP.Optional.MediaPlayer.A, HKLM\SOFTWARE\WOW6432NODE\Mediaa_Play_AIR_1.4, In Quarantäne, [3d153446700b2a0ce162c3e2748e35cb], 
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\PSHD-9.9, In Quarantäne, [ed65d4a6c5b666d0a08fb7f826dc9a66], 
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WindowsProtectManger, In Quarantäne, [f75bf486c6b537ff9a3e6d3613efe11f], 
PUP.Optional.MediaPlayer.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Mediaa_Play_AIR_1.4, In Quarantäne, [bc963b3f2754ff37a69fecb9c53df40c], 
PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PSHD-9.9, In Quarantäne, [331f2159f18aaa8c49e4b5fa4ab8d52b], 
PUP.Optional.ReMarkable.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Re_Markable, In Quarantäne, [0d45c8b2f18a4beb0d2e8237e81ac23e], 
PUP.Optional.MediaPlayer.A, HKU\S-1-5-21-2951541265-1472267509-3421380212-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Mediaa_Play_AIR_1.4, In Quarantäne, [62f07505e19aee480f36386d33cf7090], 
PUP.Optional.PlusHD.A, HKU\S-1-5-21-2951541265-1472267509-3421380212-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PSHD-9.9, In Quarantäne, [044eaecc82f9e0565dd002ad5aa8bf41], 
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PSHD-9.9, In Quarantäne, [aea42f4b4932ec4a30866e2cd32f5ca4], 
PUP.Optional.MediaPlayer.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Mediaa_Play_AIR_1.4, In Quarantäne, [5ff38befa8d32214252442606c96847c], 
PUP.Optional.ReMarkIt.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{401EA098-5006-38D6-99CE-F46A89FC2D4F}, In Quarantäne, [6ce6cdadf18acf67c2bec7b8966e659b], 
PUP.Optional.ReMarkIt.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{401EA098-5006-38D6-99CE-F46A89FC2D4F}, In Quarantäne, [6ce6cdadf18acf67c2bec7b8966e659b], 
PUP.Optional.ReMarkIt.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{98708BE4-1238-9246-BE45-4F991CD7A1B9}, In Quarantäne, [6ce6cdadf18acf67c2bec7b8966e659b], 
PUP.Optional.ReMarkIt.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{CFC79DF6-08BE-9484-2A1D-09CF57D8FD17}, In Quarantäne, [6ce6cdadf18acf67c2bec7b8966e659b], 
PUP.Optional.ReMarkIt.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{98708BE4-1238-9246-BE45-4F991CD7A1B9}, In Quarantäne, [6ce6cdadf18acf67c2bec7b8966e659b], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 1
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[183a75050378290d4d9a007d22e227d9]

Ordner: 14
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaipilfmheplbcghignccoiiebekkdhe, In Quarantäne, [440eaccef88360d6c14ac2d1d62cc43c], 
PUP.Optional.PlusHD.A, C:\Program Files (x86)\PSHD-9.9, In Quarantäne, [aea42f4b4932ec4a30866e2cd32f5ca4], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\userCode, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\icons, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\icons\actions, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\js\api, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\js\lib, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\js\lib\popupResource, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4, In Quarantäne, [5ff38befa8d32214252442606c96847c], 

Dateien: 115
PUP.Optional.PlusHD.A, C:\Program Files (x86)\PSHD-9.9\1293297481.mxaddon, In Quarantäne, [aea42f4b4932ec4a30866e2cd32f5ca4], 
PUP.Optional.PlusHD.A, C:\Program Files (x86)\PSHD-9.9\360-52916.crx, In Quarantäne, [aea42f4b4932ec4a30866e2cd32f5ca4], 
PUP.Optional.PlusHD.A, C:\Program Files (x86)\PSHD-9.9\52916.crx, In Quarantäne, [aea42f4b4932ec4a30866e2cd32f5ca4], 
PUP.Optional.PlusHD.A, C:\Program Files (x86)\PSHD-9.9\52916.xpi, In Quarantäne, [aea42f4b4932ec4a30866e2cd32f5ca4], 
PUP.Optional.PlusHD.A, C:\Program Files (x86)\PSHD-9.9\background.html, In Quarantäne, [aea42f4b4932ec4a30866e2cd32f5ca4], 
PUP.Optional.PlusHD.A, C:\Program Files (x86)\PSHD-9.9\c0d67ced-ec8f-4468-962c-cb6d65463e12-2.exe, In Quarantäne, [aea42f4b4932ec4a30866e2cd32f5ca4], 
PUP.Optional.PlusHD.A, C:\Program Files (x86)\PSHD-9.9\c0d67ced-ec8f-4468-962c-cb6d65463e12-3.exe, In Quarantäne, [aea42f4b4932ec4a30866e2cd32f5ca4], 
PUP.Optional.PlusHD.A, C:\Program Files (x86)\PSHD-9.9\c0d67ced-ec8f-4468-962c-cb6d65463e12-4.exe, In Quarantäne, [aea42f4b4932ec4a30866e2cd32f5ca4], 
PUP.Optional.PlusHD.A, C:\Program Files (x86)\PSHD-9.9\c0d67ced-ec8f-4468-962c-cb6d65463e12-5.exe, In Quarantäne, [aea42f4b4932ec4a30866e2cd32f5ca4], 
PUP.Optional.PlusHD.A, C:\Program Files (x86)\PSHD-9.9\PSHD-9.9-bg.exe, In Quarantäne, [aea42f4b4932ec4a30866e2cd32f5ca4], 
PUP.Optional.PlusHD.A, C:\Program Files (x86)\PSHD-9.9\PSHD-9.9-bho.dll, In Quarantäne, [aea42f4b4932ec4a30866e2cd32f5ca4], 
PUP.Optional.PlusHD.A, C:\Program Files (x86)\PSHD-9.9\PSHD-9.9-bho64.dll, In Quarantäne, [aea42f4b4932ec4a30866e2cd32f5ca4], 
PUP.Optional.PlusHD.A, C:\Program Files (x86)\PSHD-9.9\PSHD-9.9-codedownloader.exe, In Quarantäne, [aea42f4b4932ec4a30866e2cd32f5ca4], 
PUP.Optional.PlusHD.A, C:\Program Files (x86)\PSHD-9.9\PSHD-9.9.ico, In Quarantäne, [aea42f4b4932ec4a30866e2cd32f5ca4], 
PUP.Optional.PlusHD.A, C:\Program Files (x86)\PSHD-9.9\Uninstall.exe, In Quarantäne, [aea42f4b4932ec4a30866e2cd32f5ca4], 
PUP.Optional.PlusHD.A, C:\Program Files (x86)\PSHD-9.9\utils.exe, In Quarantäne, [aea42f4b4932ec4a30866e2cd32f5ca4], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\background.html, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\chromeCoreFilesIndex.txt, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\crossriderManifest.json, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\manifest.json, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\popup.html, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\manifest.xml, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins.json, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\1.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\102.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\104.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\13.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\14.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\155.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\17.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\177.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\182.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\183.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\184.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\19.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\191.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\193.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\195.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\207.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\21.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\211.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\22.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\220.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\221.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\242.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\244.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\246.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\257.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\262.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\263.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\267.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\28.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\4.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\47.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\64.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\7.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\72.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\78.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\80.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\9.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\91.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\93.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\plugins\97.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\userCode\background.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\extensionData\userCode\extension.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\icons\icon128.png, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\icons\icon16.png, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\icons\icon48.png, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\icons\actions\1.png, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\js\background.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\js\main.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\js\platformVersion.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\js\api\chrome.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\js\api\cookie.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\js\api\message.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\js\api\monitor.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\js\api\pageAction.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\js\api\pageActionBG.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\js\lib\app_api.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\js\lib\bg_app_api.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\js\lib\consts.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\js\lib\cookie_store.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\js\lib\crossriderAPI.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\js\lib\delegate.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\js\lib\events.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\js\lib\extensionDataStore.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\js\lib\installer.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\js\lib\logFile.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\js\lib\logging.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\js\lib\onBGDocumentLoad.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\js\lib\reports.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\js\lib\storageWrapper.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\js\lib\updateManager.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\js\lib\util.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\js\lib\xhr.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\js\lib\popupResource\newPopup.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.14_0\js\lib\popupResource\popup.js, In Quarantäne, [d9793f3b03782d0923547a27976b847c], 
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\58488.xpi, In Quarantäne, [5ff38befa8d32214252442606c96847c], 
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\108029eb-c499-4b8b-ab5a-f4be652635de-11.exe, In Quarantäne, [5ff38befa8d32214252442606c96847c], 
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\108029eb-c499-4b8b-ab5a-f4be652635de-2.exe, In Quarantäne, [5ff38befa8d32214252442606c96847c], 
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\108029eb-c499-4b8b-ab5a-f4be652635de-3.exe, In Quarantäne, [5ff38befa8d32214252442606c96847c], 
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\108029eb-c499-4b8b-ab5a-f4be652635de-4.exe, In Quarantäne, [5ff38befa8d32214252442606c96847c], 
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\108029eb-c499-4b8b-ab5a-f4be652635de-5.exe, In Quarantäne, [5ff38befa8d32214252442606c96847c], 
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\108029eb-c499-4b8b-ab5a-f4be652635de.crx, In Quarantäne, [5ff38befa8d32214252442606c96847c], 
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\1293297481.mxaddon, In Quarantäne, [5ff38befa8d32214252442606c96847c], 
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\360-58488.crx, In Quarantäne, [5ff38befa8d32214252442606c96847c], 
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\58488.crx, In Quarantäne, [5ff38befa8d32214252442606c96847c], 
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\background.html, In Quarantäne, [5ff38befa8d32214252442606c96847c], 
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\Mediaa_Play_AIR_1.4-bg.exe, In Quarantäne, [5ff38befa8d32214252442606c96847c], 
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\Mediaa_Play_AIR_1.4-bho.dll, In Quarantäne, [5ff38befa8d32214252442606c96847c], 
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\Mediaa_Play_AIR_1.4-bho64.dll, In Quarantäne, [5ff38befa8d32214252442606c96847c], 
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\Mediaa_Play_AIR_1.4-codedownloader.exe, In Quarantäne, [5ff38befa8d32214252442606c96847c], 
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\Mediaa_Play_AIR_1.4.ico, In Quarantäne, [5ff38befa8d32214252442606c96847c], 
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\Uninstall.exe, In Quarantäne, [5ff38befa8d32214252442606c96847c], 
PUP.Optional.MediaPlayer.A, C:\Program Files (x86)\Mediaa_Play_AIR_1.4\utils.exe, In Quarantäne, [5ff38befa8d32214252442606c96847c], 

Physische Sektoren: 0
(No malicious items detected)


(end)
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=de48d5eaa8f44b4ca7dc2c30aec7dab2
# engine=18786
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-19 07:56:49
# local_time=2014-06-19 09:56:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 5799327 74501431 0 0
# scanned=236198
# found=14
# cleaned=0
# scan_time=15239
sh=410A648EB8392D7407D264CF6C1090D044D044D6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaipilfmheplbcghignccoiiebekkdhe\1.26.52_0\extensionData\plugins\266.js.vir"
sh=B563BEC7EC0608AB8EBC51C5E228C9270DAC0A09 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaipilfmheplbcghignccoiiebekkdhe\1.26.52_0\extensionData\plugins\91.js.vir"
sh=CE06CA96FAA53C145FDE8357DBF9433F07F508B5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\Extensions\a54e453c-130a-4769-9333-c5ec2aa914c5@9bd7cc89-9c7c-44e9-a03b-042b92d363f0.com\extensionData\plugins\266.js.vir"
sh=E082854FA3F7C89221E44406EA71086403E834E7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\Extensions\a54e453c-130a-4769-9333-c5ec2aa914c5@9bd7cc89-9c7c-44e9-a03b-042b92d363f0.com\extensionData\plugins\91.js.vir"
sh=E082854FA3F7C89221E44406EA71086403E834E7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ymsiz8wf.default\Extensions\faf73efe-d6aa-46eb-8014-e0b47ac07ead@a90d6ab4-be69-4e96-a979-1fd9c1ae6f92.com\extensionData\plugins\91.js.vir"
sh=39FAEEB0029579E762D3A372B3C0FB34D82B429E ft=1 fh=c71c00110b72f7bc vn="Variante von Win32/AdWare.AddLyrics.AP Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Re_Markable\Re_Markable\Re-markitfA173.exe"
sh=9B72604832B83A5508824184D19DF2E98B654EA4 ft=1 fh=29a0d2f607c0a043 vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SPYWABUX\spidentifierimpl[1].exe"
sh=24010E50CFDF1F290595ACD7EBCD794104B09E14 ft=1 fh=48005d301420b6bf vn="Variante von Win32/ELEX.AL evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TSUDTEVQ\lly_webssearches[1].exe"
sh=24010E50CFDF1F290595ACD7EBCD794104B09E14 ft=1 fh=48005d301420b6bf vn="Variante von Win32/ELEX.AL evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Admin\AppData\Local\Temp\lly_webssearches.exe"
sh=3D28125FE4A9EF0A22F82A184CF623D92AA2A67F ft=1 fh=0e35da7c707ed387 vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Admin\Downloads\ccleaner.exe"
sh=BB4D07B0CFF4C026C0AE7B203E5B54F931B491BB ft=1 fh=bcb15733e373c957 vn="Variante von Win32/SoftPulse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Admin\Downloads\Player_Setup.exe"
sh=DC935CCB0E757C9C719A73A1D67A70CF645516A6 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Babylon.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\165b9b9.msi"
sh=1F1B9A8E0442D06ECC816385B7EB5557B92C92A7 ft=1 fh=b11a9a0e0af94588 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt3E6.tmp"
sh=1F1B9A8E0442D06ECC816385B7EB5557B92C92A7 ft=1 fh=b11a9a0e0af94588 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt3E6.tmp"
         

Alt 20.06.2014, 08:47   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
raving reyvens - ständige Werbung und Umleitung auf Werbeseiten. Bei neuem Öffnen eines Tabs lande ich auf websearcher - Standard

raving reyvens - ständige Werbung und Umleitung auf Werbeseiten. Bei neuem Öffnen eines Tabs lande ich auf websearcher



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\Admin\Downloads\ccleaner.exe
C:\Users\Admin\Downloads\Player_Setup.exe
C:\Windows\Installer\165b9b9.msi
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt3E6.tmp
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu raving reyvens - ständige Werbung und Umleitung auf Werbeseiten. Bei neuem Öffnen eines Tabs lande ich auf websearcher
conduit.search, conduit.search entfernen, js/toolbar.crossrider.b, pup.optional.crossrider.a, pup.optional.mediaplayer.a, pup.optional.plushd.a, pup.optional.qone8, pup.optional.remarkable.a, pup.optional.remarkit.a, pup.optional.wpm.a, win32/adware.addlyrics.ap, win32/conduit.searchprotect.q, win32/downloadguide.a, win32/elex.al, win32/softpulse.d, win32/toolbar.babylon.q, win32/toolbar.widgi.b



Ähnliche Themen: raving reyvens - ständige Werbung und Umleitung auf Werbeseiten. Bei neuem Öffnen eines Tabs lande ich auf websearcher


  1. Tabs öffnen sich eigenständig(Werbung)
    Alles rund um Mac OSX & Linux - 05.10.2015 (10)
  2. IncrediBar-search erscheint immer beim Öffnen eines neuen Tabs
    Log-Analyse und Auswertung - 02.07.2015 (9)
  3. Windows 7 ständige Werbung und neue Tabs
    Log-Analyse und Auswertung - 13.02.2015 (14)
  4. Werbung und nervige Tabs die sich bei klick auf eine Seite öffnen sowie Blaue schricht im Brwoser mit Werbung
    Plagegeister aller Art und deren Bekämpfung - 06.01.2015 (6)
  5. Unerwünschtes Öffnen von Werbung in Firefox-Tabs
    Log-Analyse und Auswertung - 29.11.2014 (17)
  6. Win7 64bit: Firefox neue Tabs mit Werbung, Umleitung von Seitenaurufen, Popup Fenster
    Log-Analyse und Auswertung - 21.11.2014 (10)
  7. Ständige Werbung / Tabs beim Surfen
    Plagegeister aller Art und deren Bekämpfung - 18.11.2014 (3)
  8. Öffnen von Tabs und Werbung
    Alles rund um Windows - 28.09.2014 (1)
  9. Tabs mit Werbung öffnen sich selbstständig
    Plagegeister aller Art und deren Bekämpfung - 11.03.2014 (10)
  10. Windows 8.1 Firefox: Problem mit Werbeseiten, Werbung beim Öffnen eines neuen Tabs
    Log-Analyse und Auswertung - 24.02.2014 (9)
  11. Windows 7: Ständiges öffnen von Werbung in neuem Fenster
    Log-Analyse und Auswertung - 13.02.2014 (7)
  12. Windows 7 - Beim Öffnen von Websites öffnen sich Popups und Tabs mit Werbung
    Log-Analyse und Auswertung - 27.01.2014 (3)
  13. Bei Browsernutzung lande ich ständig auf Werbeseiten und auf http://s.mgkaxjfwfc.com/s73bc5wskpmgwwcowokg0w0os4
    Plagegeister aller Art und deren Bekämpfung - 04.09.2013 (25)
  14. Merkwürdiger Grafikbug: öffnen eines neuen Tabs IE10
    Alles rund um Windows - 23.05.2013 (37)
  15. Beim Öffnen eines neuen Tabs in Firefox erscheint permanent Claro Search
    Plagegeister aller Art und deren Bekämpfung - 09.02.2013 (26)
  16. http://mystart.incredibar.com/MB131?a=6PQHUto8HL erscheint beim öffnen eines neuen Tabs - ich möchte es entfernen
    Plagegeister aller Art und deren Bekämpfung - 01.09.2012 (12)
  17. Öffnen von Werbung in neuem Fenster
    Log-Analyse und Auswertung - 27.07.2008 (1)

Zum Thema raving reyvens - ständige Werbung und Umleitung auf Werbeseiten. Bei neuem Öffnen eines Tabs lande ich auf websearcher - Hallo, vor knapp zwei Jahren habbt ihr mir schon mal toll geholfen. Jetzt habe ich mir wohl wieder einen Trojaner oder ähnliches eingefangen und bitte nochmal um Eure Hilfe. Wie - raving reyvens - ständige Werbung und Umleitung auf Werbeseiten. Bei neuem Öffnen eines Tabs lande ich auf websearcher...
Archiv
Du betrachtest: raving reyvens - ständige Werbung und Umleitung auf Werbeseiten. Bei neuem Öffnen eines Tabs lande ich auf websearcher auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.