| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Proxy Server Einstellung 127.0.0.1Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.06.2014, 08:58
| #1 |
 |  Proxy Server Einstellung 127.0.0.1 Hallo, benutze Win 7 und den Internet Explorer. Seit gestern werden die Proxy Einstellungen automatisch überschrieben und ich komme nicht mehr ins Internet. Neuer Proxy Eintrag: 127.0.0.1 Port 51988 Wenn ich die alten Einstellungen wieder eingebe, werden Sie nach ein paar Minuten wieder überschrieben. Gruß Heiko |
|
18.06.2014, 09:15
| #2 |
| /// the machine /// TB-Ausbilder    | Proxy Server Einstellung 127.0.0.1 hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
18.06.2014, 12:39
| #3 |
| | Proxy Server Einstellung 127.0.0.1 FRST Logfile:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2014
Ran by Kiefer (administrator) on SB-NB-KIEFER7 on 18-06-2014 10:50:27
Running from C:\Users\Kiefer\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
() C:\Program Files\003\vxlsnyaiet64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
() C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe
() C:\Program Files (x86)\Hardcopy\hcdll2_ex_x64.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Users\Kiefer\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(sw4you) C:\Program Files (x86)\Hardcopy\hardcopy.exe
(Novell, Inc.) C:\Program Files (x86)\Novell\GroupWise\notify.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
() C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\pnamain.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Novell, Inc.) C:\Program Files (x86)\Novell\GroupWise\grpwise.exe
(Novell, Inc.) C:\Program Files (x86)\Novell\GroupWise\gwsync.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfica32.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\EXCEL.EXE
(SolarWorld AG) C:\Program Files (x86)\SolarWorld AG\Suntool\Suntool.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13260944 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [tvncontrol] => C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [585376 2010-05-25] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [354464 2010-05-25] (Atheros Commnucations)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [358336 2011-08-11] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [676608 2013-06-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ccApp] => C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [115624 2011-03-30] (Symantec Corporation)
HKLM-x32\...\Run: [BrowserSafeguard] => C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe [348672 2014-05-08] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4206700253-882151942-3262977069-1300\...\Run: [Amazon Cloud Player] => C:\Users\Kiefer\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2014-05-08] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
ShortcutTarget: Hardcopy.LNK -> C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\info.cmd ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Notify.lnk
ShortcutTarget: Notify.lnk -> C:\Program Files (x86)\Novell\GroupWise\notify.exe (Novell, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Receiver.lnk
ShortcutTarget: Receiver.lnk -> C:\Windows\Installer\{C0B728CE-BF48-48C2-A19C-01563CCEDD9F}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe ()
Startup: C:\Users\Kiefer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:51988;https=127.0.0.1:51988
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0B662402EE74CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1403062960&from=obw&uid=HitachiXHTS545032B9A300_100904PBNL04B7JB0NPLX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1403062960&from=obw&uid=HitachiXHTS545032B9A300_100904PBNL04B7JB0NPLX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1403062960&from=obw&uid=HitachiXHTS545032B9A300_100904PBNL04B7JB0NPLX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1403062960&from=obw&uid=HitachiXHTS545032B9A300_100904PBNL04B7JB0NPLX&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1403062960&from=obw&uid=HitachiXHTS545032B9A300_100904PBNL04B7JB0NPLX
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=MFC4ED9F7-F5F6-4A2E-B0A5-ED4A9E568891&SearchSource=58&CUI=&UM=5&UP=SP2F89AE7D-C44E-475D-BEC7-8192823D52CA&q={searchTerms}&SSPV=SP215B_sp_ie
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: 2rs3 - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\SupraSavings\2rs3.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.66.41 192.168.76.146
FireFox:
========
FF ProfilePath: C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF SearchPlugin: C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: SupraSavings - C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\Extensions\SupraSavings@jetpack [2014-06-13]
==================== Services (Whitelisted) =================
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-06-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [47776 2010-05-25] (Atheros Commnucations) [File not signed]
R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108456 2011-03-30] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108456 2011-03-30] (Symantec Corporation)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093944 2011-02-07] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3250392 2011-04-27] (Symantec Corporation)
S4 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [428976 2011-04-21] (Symantec Corporation)
R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1846592 2011-05-11] (Symantec Corporation)
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
R2 vxlsnyaiet64; C:\Program Files\003\vxlsnyaiet64.exe [706560 2014-06-13] () [File not signed]
==================== Drivers (Whitelisted) ====================
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-11] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20140617.009\eng64.sys [126040 2014-03-20] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20140617.009\ex64.sys [2099288 2014-03-20] (Symantec Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [453240 2011-03-08] (Symantec Corporation)
R1 SRTSP; C:\Windows\SysWOW64\Drivers\SRTSP64.SYS [453240 2011-03-08] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [482424 2011-03-08] (Symantec Corporation)
S3 SRTSPL; C:\Windows\SysWOW64\Drivers\SRTSPL64.SYS [482424 2011-03-08] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32376 2011-03-08] (Symantec Corporation)
R1 SRTSPX; C:\Windows\SysWOW64\Drivers\SRTSPX64.SYS [32376 2011-03-08] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2014-04-15] (Symantec Corporation)
R1 Teefer3; C:\Windows\System32\DRIVERS\Teefer3.sys [53880 2011-04-09] (Symantec Corporation)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [54392 2011-04-27] (Symantec Corporation)
R3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [233120 2012-10-04] (Symantec Corporation)
S2 APXACC; system32\DRIVERS\appexDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-18 10:50 - 2014-06-18 10:51 - 00020849 _____ () C:\Users\Kiefer\Desktop\FRST.txt
2014-06-18 10:50 - 2014-06-18 10:50 - 00000000 ____D () C:\FRST
2014-06-18 10:48 - 2014-06-18 10:48 - 02081280 _____ (Farbar) C:\Users\Kiefer\Desktop\FRST64.exe
2014-06-18 07:18 - 2014-06-18 07:18 - 00002153 _____ () C:\Users\Kiefer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix Adobe Reader.lnk
2014-06-18 07:18 - 2014-06-18 07:18 - 00002147 _____ () C:\Users\Kiefer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SHC Prod.lnk
2014-06-18 07:18 - 2014-06-18 07:18 - 00002145 _____ () C:\Users\Kiefer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix Groupwise.lnk
2014-06-18 07:18 - 2014-06-18 07:18 - 00002123 _____ () C:\Users\Kiefer\Desktop\Citrix Adobe Reader.lnk
2014-06-18 07:18 - 2014-06-18 07:18 - 00002117 _____ () C:\Users\Kiefer\Desktop\SHC Prod.lnk
2014-06-18 05:44 - 2014-06-18 05:45 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\Advanced System Protector
2014-06-18 05:44 - 2014-06-18 05:44 - 00003324 _____ () C:\Windows\System32\Tasks\Advanced System Protector
2014-06-18 05:43 - 2014-06-18 05:43 - 00004390 _____ () C:\Windows\System32\Tasks\BrowserSafeguard Update Task
2014-06-18 05:43 - 2014-06-18 05:43 - 00000000 ____D () C:\ProgramData\WindowsProtectManger
2014-06-18 05:43 - 2014-06-18 05:43 - 00000000 ____D () C:\Program Files (x86)\Browsersafeguard
2014-06-18 05:40 - 2014-06-18 05:40 - 00998400 _____ () C:\Users\Kiefer\Downloads\setup(2).exe
2014-06-16 16:41 - 2014-06-17 16:36 - 00010014 _____ () C:\Users\Kiefer\Desktop\gme.xlsx
2014-06-16 05:33 - 2014-06-16 05:33 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain
2014-06-15 18:25 - 2014-06-18 05:56 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\Mp3tag
2014-06-15 15:33 - 2014-06-15 15:33 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\TuneUp Software
2014-06-15 15:33 - 2014-06-15 15:33 - 00000000 ____D () C:\Users\Kiefer\AppData\Local\TuneUp Software
2014-06-15 15:32 - 2014-06-15 15:34 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-06-15 15:32 - 2014-06-15 15:32 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-06-15 15:29 - 2014-06-15 15:48 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\DVDVideoSoft
2014-06-15 15:29 - 2014-06-15 15:29 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\OpenCandy
2014-06-15 15:26 - 2014-06-15 15:29 - 34314288 _____ (DVDVideoSoft Ltd. ) C:\Users\Kiefer\Downloads\FreeAudioConverter5.0.43.605.exe
2014-06-15 15:22 - 2014-06-15 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-06-15 15:21 - 2014-06-15 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
2014-06-15 15:20 - 2014-06-15 15:21 - 02638704 _____ () C:\Users\Kiefer\Downloads\mp3tagv259asetup.exe
2014-06-15 15:15 - 2014-06-15 15:15 - 00000000 ____D () C:\ProgramData\Licenses
2014-06-15 15:14 - 2014-06-15 15:14 - 01980509 _____ () C:\Users\Kiefer\Downloads\mp3gain-win-full-1_3_4.exe
2014-06-13 13:44 - 2014-06-13 13:44 - 00001157 _____ () C:\Users\Public\Desktop\Suntool.lnk
2014-06-13 13:43 - 2014-06-13 13:43 - 05923765 _____ (SolarWorld AG ) C:\Users\Kiefer\Downloads\SetupSuntool (1).exe
2014-06-13 13:27 - 2014-06-13 13:27 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\Engelmann Media
2014-06-13 09:10 - 2014-06-13 09:10 - 00001154 _____ () C:\Users\Public\Desktop\Formatwandler 4 SE.lnk
2014-06-13 09:10 - 2014-06-13 09:10 - 00000000 ____D () C:\ProgramData\Engelmann Media
2014-06-13 09:09 - 2014-06-13 09:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\S.A.D
2014-06-13 09:09 - 2014-06-13 09:09 - 00000000 ____D () C:\Program Files (x86)\S.A.D
2014-06-13 05:52 - 2014-06-18 05:57 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\systweak
2014-06-13 05:52 - 2013-08-22 18:36 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-06-13 05:51 - 2014-06-13 05:53 - 00000000 ____D () C:\temp
2014-06-13 05:51 - 2014-06-13 05:51 - 00000000 ____D () C:\Program Files (x86)\SupraSavings
2014-06-13 05:50 - 2014-06-13 05:50 - 00000000 ____D () C:\Program Files\003
2014-06-13 05:47 - 2014-06-13 05:47 - 00232240 _____ (Fusion Install ) C:\Users\Kiefer\Downloads\Setup(1).exe
2014-06-13 05:41 - 2014-06-13 05:45 - 31167936 _____ (S.A.D.) C:\Users\Kiefer\Downloads\formatconverter6.exe
2014-06-12 21:28 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 21:28 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 21:28 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 21:28 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 21:21 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 21:21 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 21:21 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 21:21 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 21:21 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 21:21 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 21:21 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 21:21 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-12 21:19 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-12 21:19 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-12 21:16 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 21:16 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 21:16 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 21:16 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 21:16 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 21:16 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-12 21:15 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 21:15 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 21:15 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 21:15 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 21:15 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 21:15 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 21:15 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 21:15 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 21:15 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 21:15 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 21:15 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 21:15 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 21:15 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 21:15 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 21:15 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 21:15 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 21:15 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 21:15 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-12 21:15 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 21:15 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 21:15 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-12 21:15 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 21:15 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 21:15 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 21:15 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 21:15 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 21:15 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-12 21:15 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 21:15 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 21:15 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 21:15 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-12 21:15 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 21:15 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 21:15 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 21:15 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 21:15 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 21:15 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 21:15 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-12 21:15 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 21:15 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 21:15 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 21:15 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 21:15 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 21:15 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 21:15 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 21:15 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-12 21:07 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-12 21:07 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-12 12:17 - 2014-06-12 12:17 - 00009413 _____ () C:\Users\Kiefer\Desktop\Mappe1.xlsx
2014-06-12 05:58 - 2014-06-12 05:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-09 15:24 - 2014-06-09 15:24 - 00001175 _____ () C:\Users\Kiefer\Desktop\Amazon Cloud Player.lnk
2014-06-09 15:23 - 2014-06-09 15:24 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-06-09 15:23 - 2014-06-09 15:24 - 00000000 ____D () C:\Users\Kiefer\AppData\Local\Amazon Cloud Player
2014-06-09 14:22 - 2014-06-09 14:22 - 00000066 _____ () C:\Windows\wiso.ini
2014-06-09 14:22 - 2014-06-09 14:22 - 00000000 ____D () C:\Users\Kiefer\Documents\Steuer
2014-06-09 14:22 - 2014-06-09 14:22 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steuer 2013
2014-06-09 14:22 - 2014-06-09 14:22 - 00000000 ____D () C:\Users\Kiefer\AppData\Local\Buhl
2014-06-09 14:18 - 2014-06-09 14:18 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\InstallShield Installation Information
2014-06-09 14:16 - 2014-06-09 14:22 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-06-04 08:32 - 2014-06-04 08:49 - 00049289 _____ () C:\Users\Kiefer\Downloads\Siebenpfeiffer.suntool
2014-06-03 09:32 - 2014-06-03 09:32 - 00000545 _____ () C:\Users\Kiefer\Downloads\Anna_Fenninger_.vcf
2014-06-03 07:47 - 2014-06-03 07:47 - 00000000 ____D () C:\Users\Kiefer\AppData\Local\.elfohilfe
2014-06-01 17:56 - 2014-06-01 17:56 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\elsterformular
2014-06-01 17:54 - 2014-06-01 17:55 - 00000000 ____D () C:\ProgramData\elsterformular
2014-06-01 17:54 - 2014-06-01 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2014-06-01 17:53 - 2014-06-01 17:53 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-06-01 17:43 - 2014-06-01 17:52 - 118565328 _____ (Landesfinanzdirektion Thüringen) C:\Users\Kiefer\Downloads\ElsterFormular-15.2.20140326u.exe
2014-05-28 14:42 - 2014-05-28 14:42 - 00009665 _____ () C:\Users\Kiefer\Desktop\Termine Intersolar.xlsx
2014-05-28 09:05 - 2014-06-10 10:28 - 00980370 _____ () C:\Users\Kiefer\Desktop\MWSnap001.bmp
2014-05-27 15:52 - 2014-05-27 15:52 - 00000372 _____ () C:\Users\Kiefer\Desktop\Schletter Configurator.appref-ms
2014-05-27 07:42 - 2014-05-27 07:42 - 02016730 _____ () C:\Users\Kiefer\Desktop\Fehlermeldung.bmp
2014-05-26 15:54 - 2014-06-18 05:58 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-05-26 15:52 - 2002-07-06 15:45 - 00427008 _____ (Mirek Wojtowicz) C:\Users\Kiefer\Desktop\MWSnap.exe
2014-05-26 15:51 - 2014-05-26 15:51 - 00961360 _____ (Chip Digital GmbH) C:\Users\Kiefer\Downloads\VLC media player 32 Bit - CHIP-Installer.exe
2014-05-26 15:22 - 2014-05-26 15:22 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\Schletter
2014-05-26 08:28 - 2014-05-26 08:42 - 00000000 ____D () C:\Program Files (x86)\Stellar Phoenix Photo Recovery
2014-05-26 08:28 - 2014-05-26 08:29 - 00000000 ____D () C:\ProgramData\TEMP
2014-05-26 08:27 - 2014-05-26 08:27 - 10770432 _____ (Stellar Information Technology Pvt Ltd. ) C:\Users\Kiefer\Downloads\StellarPhoenixPhotoRecoveryWindows_DE.exe
2014-05-26 07:43 - 2014-05-26 07:43 - 06415389 _____ (InstallShield Software Corporation) C:\Users\Kiefer\Downloads\pci_de_smartrecovery45 (1).exe
2014-05-26 05:56 - 2000-10-02 12:27 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2014-05-26 05:56 - 1998-06-18 00:00 - 00089360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB5DB.DLL
2014-05-26 05:54 - 2014-05-26 05:55 - 06415389 _____ (InstallShield Software Corporation) C:\Users\Kiefer\Downloads\pci_de_smartrecovery45.exe
2014-05-26 05:43 - 2014-05-26 05:44 - 12175896 _____ (Rene.E Laboratory ) C:\Users\Kiefer\Downloads\ReneeUndeleter_2014.exe
2014-05-26 05:43 - 2014-05-26 05:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-05-26 05:24 - 2014-05-26 05:24 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-23 08:23 - 2014-05-23 08:23 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Schletter GmbH
2014-05-23 08:20 - 2014-06-18 07:20 - 00000000 ____D () C:\Users\Kiefer\AppData\Local\Deployment
2014-05-23 08:20 - 2014-05-23 08:20 - 00508008 _____ () C:\Users\Kiefer\Downloads\setup.exe
2014-05-23 08:20 - 2014-05-23 08:20 - 00000000 ____D () C:\Users\Kiefer\AppData\Local\Apps\2.0
2014-05-23 07:18 - 2014-05-23 07:26 - 00212280 _____ () C:\Windows\DPINST.LOG
2014-05-23 07:17 - 2014-05-23 07:17 - 00002098 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-05-23 07:17 - 2014-05-23 07:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-05-23 07:16 - 2014-05-23 07:16 - 00000000 ____D () C:\ProgramData\Sony
2014-05-23 07:16 - 2014-05-23 07:16 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-05-23 07:15 - 2014-05-23 07:16 - 27874312 _____ (Sony Mobile Communications ) C:\Users\Kiefer\Downloads\Sony PC Companion_Web.exe
2014-05-22 08:22 - 2014-05-22 08:23 - 00001574 _____ () C:\Users\Kiefer\Desktop\SMA Sunny Design Web.lnk
2014-05-22 08:21 - 2014-05-22 08:21 - 00000000 ____D () C:\ProgramData\SMA
2014-05-22 08:21 - 2014-05-22 08:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sunny Design 3
2014-05-22 08:21 - 2014-05-22 08:21 - 00000000 ____D () C:\Program Files (x86)\SMA
2014-05-22 08:14 - 2014-05-22 08:21 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-05-22 08:07 - 2014-05-22 08:07 - 07843758 _____ () C:\Users\Kiefer\Downloads\AutoCalculatorProSetupV1.2.2.1.exe
2014-05-22 08:07 - 2014-05-22 08:07 - 00001288 _____ () C:\Users\Public\Desktop\AutoCalculatorEasy.lnk
2014-05-22 08:07 - 2014-05-22 08:07 - 00000000 ____D () C:\Program Files (x86)\Schletter GmbH
2014-05-22 07:53 - 2014-05-22 07:53 - 00000000 ____D () C:\Users\Kiefer\Documents\KOSTAL
2014-05-22 07:40 - 2014-05-22 07:40 - 00000000 _____ () C:\Windows\HPMProp.INI
2014-05-22 05:58 - 2014-05-22 06:07 - 132878770 _____ () C:\Users\Kiefer\Desktop\Rocky.mp4
2014-05-21 14:50 - 2014-05-21 14:50 - 00000000 __SHD () C:\Users\Kiefer\AppData\Local\EmieUserList
2014-05-21 14:50 - 2014-05-21 14:50 - 00000000 __SHD () C:\Users\Kiefer\AppData\Local\EmieSiteList
2014-05-19 04:55 - 2014-05-19 04:55 - 02051934 _____ () C:\Users\Kiefer\Downloads\wkw.zip
==================== One Month Modified Files and Folders =======
2014-06-18 10:51 - 2014-06-18 10:50 - 00020849 _____ () C:\Users\Kiefer\Desktop\FRST.txt
2014-06-18 10:51 - 2014-04-16 11:41 - 00000000 ____D () C:\Users\Kiefer\AppData\Local\Temp
2014-06-18 10:50 - 2014-06-18 10:50 - 00000000 ____D () C:\FRST
2014-06-18 10:48 - 2014-06-18 10:48 - 02081280 _____ (Farbar) C:\Users\Kiefer\Desktop\FRST64.exe
2014-06-18 10:23 - 2013-10-01 07:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-18 10:09 - 2014-04-15 12:45 - 00000043 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-06-18 09:47 - 2014-04-28 11:14 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\.oit
2014-06-18 09:30 - 2014-04-15 13:39 - 00000160 _____ () C:\Windows\system32\config\netlogon.ftl
2014-06-18 08:54 - 2013-09-30 18:13 - 01855383 _____ () C:\Windows\WindowsUpdate.log
2014-06-18 07:59 - 2014-04-28 08:28 - 00005136 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for {b6104221-2e7c-48a2-9302-edf72d0ce1a8} SB-NB-Kiefer7.STREB-AD.friedrich-streb.de
2014-06-18 07:53 - 2009-07-14 06:45 - 00037792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-18 07:53 - 2009-07-14 06:45 - 00037792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-18 07:51 - 2014-04-22 05:35 - 00000000 ____D () C:\Users\Kiefer\AppData\Local\CrashDumps
2014-06-18 07:45 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-18 07:45 - 2009-07-14 06:51 - 00042389 _____ () C:\Windows\setupact.log
2014-06-18 07:20 - 2014-05-23 08:20 - 00000000 ____D () C:\Users\Kiefer\AppData\Local\Deployment
2014-06-18 07:18 - 2014-06-18 07:18 - 00002153 _____ () C:\Users\Kiefer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix Adobe Reader.lnk
2014-06-18 07:18 - 2014-06-18 07:18 - 00002147 _____ () C:\Users\Kiefer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SHC Prod.lnk
2014-06-18 07:18 - 2014-06-18 07:18 - 00002145 _____ () C:\Users\Kiefer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix Groupwise.lnk
2014-06-18 07:18 - 2014-06-18 07:18 - 00002123 _____ () C:\Users\Kiefer\Desktop\Citrix Adobe Reader.lnk
2014-06-18 07:18 - 2014-06-18 07:18 - 00002117 _____ () C:\Users\Kiefer\Desktop\SHC Prod.lnk
2014-06-18 07:15 - 2014-04-15 11:23 - 00017920 _____ () C:\Windows\SysWOW64\rpcnetp.dll
2014-06-18 07:15 - 2014-04-15 11:22 - 00017920 _____ () C:\Windows\SysWOW64\rpcnetp.exe
2014-06-18 07:15 - 2014-04-15 11:22 - 00017920 _____ () C:\Windows\system32\rpcnetp.exe
2014-06-18 07:15 - 2010-11-21 05:47 - 00061490 _____ () C:\Windows\PFRO.log
2014-06-18 05:58 - 2014-05-26 15:54 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-06-18 05:58 - 2014-04-16 11:43 - 00000000 ___RD () C:\Users\Kiefer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-18 05:57 - 2014-06-13 05:52 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\systweak
2014-06-18 05:56 - 2014-06-15 18:25 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\Mp3tag
2014-06-18 05:55 - 2014-04-16 11:43 - 00001421 _____ () C:\Users\Kiefer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-18 05:55 - 2013-10-01 06:25 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-18 05:55 - 2013-10-01 06:25 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-18 05:45 - 2014-06-18 05:44 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\Advanced System Protector
2014-06-18 05:44 - 2014-06-18 05:44 - 00003324 _____ () C:\Windows\System32\Tasks\Advanced System Protector
2014-06-18 05:43 - 2014-06-18 05:43 - 00004390 _____ () C:\Windows\System32\Tasks\BrowserSafeguard Update Task
2014-06-18 05:43 - 2014-06-18 05:43 - 00000000 ____D () C:\ProgramData\WindowsProtectManger
2014-06-18 05:43 - 2014-06-18 05:43 - 00000000 ____D () C:\Program Files (x86)\Browsersafeguard
2014-06-18 05:42 - 2014-04-30 05:28 - 00005136 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for STREB-AD-Kiefer SB-NB-Kiefer7.STREB-AD.friedrich-streb.de
2014-06-18 05:40 - 2014-06-18 05:40 - 00998400 _____ () C:\Users\Kiefer\Downloads\setup(2).exe
2014-06-17 16:36 - 2014-06-16 16:41 - 00010014 _____ () C:\Users\Kiefer\Desktop\gme.xlsx
2014-06-16 11:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-16 05:33 - 2014-06-16 05:33 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain
2014-06-15 17:12 - 2014-04-16 11:43 - 00000000 ____D () C:\Users\Kiefer\AppData\Local\VirtualStore
2014-06-15 15:48 - 2014-06-15 15:29 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\DVDVideoSoft
2014-06-15 15:48 - 2014-04-21 15:48 - 00000000 ____D () C:\Users\Kiefer\Desktop\Heiko Kiefer
2014-06-15 15:34 - 2014-06-15 15:32 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-06-15 15:33 - 2014-06-15 15:33 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\TuneUp Software
2014-06-15 15:33 - 2014-06-15 15:33 - 00000000 ____D () C:\Users\Kiefer\AppData\Local\TuneUp Software
2014-06-15 15:32 - 2014-06-15 15:32 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-06-15 15:29 - 2014-06-15 15:29 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\OpenCandy
2014-06-15 15:29 - 2014-06-15 15:26 - 34314288 _____ (DVDVideoSoft Ltd. ) C:\Users\Kiefer\Downloads\FreeAudioConverter5.0.43.605.exe
2014-06-15 15:22 - 2014-06-15 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-06-15 15:21 - 2014-06-15 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
2014-06-15 15:21 - 2014-06-15 15:20 - 02638704 _____ () C:\Users\Kiefer\Downloads\mp3tagv259asetup.exe
2014-06-15 15:15 - 2014-06-15 15:15 - 00000000 ____D () C:\ProgramData\Licenses
2014-06-15 15:14 - 2014-06-15 15:14 - 01980509 _____ () C:\Users\Kiefer\Downloads\mp3gain-win-full-1_3_4.exe
2014-06-13 13:44 - 2014-06-13 13:44 - 00001157 _____ () C:\Users\Public\Desktop\Suntool.lnk
2014-06-13 13:43 - 2014-06-13 13:43 - 05923765 _____ (SolarWorld AG ) C:\Users\Kiefer\Downloads\SetupSuntool (1).exe
2014-06-13 13:27 - 2014-06-13 13:27 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\Engelmann Media
2014-06-13 09:10 - 2014-06-13 09:10 - 00001154 _____ () C:\Users\Public\Desktop\Formatwandler 4 SE.lnk
2014-06-13 09:10 - 2014-06-13 09:10 - 00000000 ____D () C:\ProgramData\Engelmann Media
2014-06-13 09:09 - 2014-06-13 09:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\S.A.D
2014-06-13 09:09 - 2014-06-13 09:09 - 00000000 ____D () C:\Program Files (x86)\S.A.D
2014-06-13 05:53 - 2014-06-13 05:51 - 00000000 ____D () C:\temp
2014-06-13 05:51 - 2014-06-13 05:51 - 00000000 ____D () C:\Program Files (x86)\SupraSavings
2014-06-13 05:50 - 2014-06-13 05:50 - 00000000 ____D () C:\Program Files\003
2014-06-13 05:47 - 2014-06-13 05:47 - 00232240 _____ (Fusion Install ) C:\Users\Kiefer\Downloads\Setup(1).exe
2014-06-13 05:45 - 2014-06-13 05:41 - 31167936 _____ (S.A.D.) C:\Users\Kiefer\Downloads\formatconverter6.exe
2014-06-13 05:34 - 2011-04-12 09:43 - 00699342 _____ () C:\Windows\system32\perfh007.dat
2014-06-13 05:34 - 2011-04-12 09:43 - 00149450 _____ () C:\Windows\system32\perfc007.dat
2014-06-13 05:34 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-13 05:22 - 2013-10-01 06:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-12 21:32 - 2014-04-15 13:47 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-06-12 21:32 - 2014-04-15 13:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 21:08 - 2014-05-07 06:03 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-12 12:17 - 2014-06-12 12:17 - 00009413 _____ () C:\Users\Kiefer\Desktop\Mappe1.xlsx
2014-06-12 05:58 - 2014-06-12 05:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-10 10:28 - 2014-05-28 09:05 - 00980370 _____ () C:\Users\Kiefer\Desktop\MWSnap001.bmp
2014-06-09 15:24 - 2014-06-09 15:24 - 00001175 _____ () C:\Users\Kiefer\Desktop\Amazon Cloud Player.lnk
2014-06-09 15:24 - 2014-06-09 15:23 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-06-09 15:24 - 2014-06-09 15:23 - 00000000 ____D () C:\Users\Kiefer\AppData\Local\Amazon Cloud Player
2014-06-09 14:22 - 2014-06-09 14:22 - 00000066 _____ () C:\Windows\wiso.ini
2014-06-09 14:22 - 2014-06-09 14:22 - 00000000 ____D () C:\Users\Kiefer\Documents\Steuer
2014-06-09 14:22 - 2014-06-09 14:22 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steuer 2013
2014-06-09 14:22 - 2014-06-09 14:22 - 00000000 ____D () C:\Users\Kiefer\AppData\Local\Buhl
2014-06-09 14:22 - 2014-06-09 14:16 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-06-09 14:18 - 2014-06-09 14:18 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\InstallShield Installation Information
2014-06-08 11:13 - 2014-06-12 21:07 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-12 21:07 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-04 08:49 - 2014-06-04 08:32 - 00049289 _____ () C:\Users\Kiefer\Downloads\Siebenpfeiffer.suntool
2014-06-03 09:32 - 2014-06-03 09:32 - 00000545 _____ () C:\Users\Kiefer\Downloads\Anna_Fenninger_.vcf
2014-06-03 07:47 - 2014-06-03 07:47 - 00000000 ____D () C:\Users\Kiefer\AppData\Local\.elfohilfe
2014-06-02 09:21 - 2014-04-17 13:29 - 00000000 ____D () C:\Heiko Kiefer
2014-06-02 07:27 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-01 17:56 - 2014-06-01 17:56 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\elsterformular
2014-06-01 17:55 - 2014-06-01 17:54 - 00000000 ____D () C:\ProgramData\elsterformular
2014-06-01 17:54 - 2014-06-01 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2014-06-01 17:53 - 2014-06-01 17:53 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2014-06-01 17:52 - 2014-06-01 17:43 - 118565328 _____ (Landesfinanzdirektion Thüringen) C:\Users\Kiefer\Downloads\ElsterFormular-15.2.20140326u.exe
2014-05-30 12:21 - 2014-06-12 21:15 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-12 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-12 21:15 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-12 21:15 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-12 21:15 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-12 21:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-12 21:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-12 21:15 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-12 21:15 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-12 21:16 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-12 21:15 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-12 21:15 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-12 21:16 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-12 21:15 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-12 21:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-12 21:15 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-12 21:15 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-12 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-12 21:15 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-12 21:15 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-12 21:15 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-12 21:15 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-12 21:15 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-12 21:15 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-12 21:15 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-12 21:15 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-12 21:15 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-12 21:15 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-12 21:15 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-12 21:16 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-12 21:15 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-12 21:15 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-12 21:16 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-12 21:15 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-12 21:15 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-12 21:15 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-12 21:15 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-12 21:15 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-12 21:15 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-12 21:15 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-12 21:15 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-12 21:15 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-12 21:15 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-12 21:15 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-12 21:15 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-12 21:15 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-12 21:15 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-12 21:15 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-12 21:15 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-12 21:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-12 21:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-12 21:15 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-28 14:42 - 2014-05-28 14:42 - 00009665 _____ () C:\Users\Kiefer\Desktop\Termine Intersolar.xlsx
2014-05-27 15:52 - 2014-05-27 15:52 - 00000372 _____ () C:\Users\Kiefer\Desktop\Schletter Configurator.appref-ms
2014-05-27 07:42 - 2014-05-27 07:42 - 02016730 _____ () C:\Users\Kiefer\Desktop\Fehlermeldung.bmp
2014-05-26 15:51 - 2014-05-26 15:51 - 00961360 _____ (Chip Digital GmbH) C:\Users\Kiefer\Downloads\VLC media player 32 Bit - CHIP-Installer.exe
2014-05-26 15:22 - 2014-05-26 15:22 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\Schletter
2014-05-26 08:42 - 2014-05-26 08:28 - 00000000 ____D () C:\Program Files (x86)\Stellar Phoenix Photo Recovery
2014-05-26 08:29 - 2014-05-26 08:28 - 00000000 ____D () C:\ProgramData\TEMP
2014-05-26 08:27 - 2014-05-26 08:27 - 10770432 _____ (Stellar Information Technology Pvt Ltd. ) C:\Users\Kiefer\Downloads\StellarPhoenixPhotoRecoveryWindows_DE.exe
2014-05-26 07:47 - 2013-09-30 22:25 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-26 07:43 - 2014-05-26 07:43 - 06415389 _____ (InstallShield Software Corporation) C:\Users\Kiefer\Downloads\pci_de_smartrecovery45 (1).exe
2014-05-26 05:55 - 2014-05-26 05:54 - 06415389 _____ (InstallShield Software Corporation) C:\Users\Kiefer\Downloads\pci_de_smartrecovery45.exe
2014-05-26 05:49 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-05-26 05:44 - 2014-05-26 05:43 - 12175896 _____ (Rene.E Laboratory ) C:\Users\Kiefer\Downloads\ReneeUndeleter_2014.exe
2014-05-26 05:43 - 2014-05-26 05:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-05-26 05:24 - 2014-05-26 05:24 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-26 05:24 - 2013-10-01 07:35 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-26 05:24 - 2013-10-01 07:35 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-26 05:24 - 2013-10-01 07:35 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-23 08:23 - 2014-05-23 08:23 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Schletter GmbH
2014-05-23 08:20 - 2014-05-23 08:20 - 00508008 _____ () C:\Users\Kiefer\Downloads\setup.exe
2014-05-23 08:20 - 2014-05-23 08:20 - 00000000 ____D () C:\Users\Kiefer\AppData\Local\Apps\2.0
2014-05-23 07:26 - 2014-05-23 07:18 - 00212280 _____ () C:\Windows\DPINST.LOG
2014-05-23 07:17 - 2014-05-23 07:17 - 00002098 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-05-23 07:17 - 2014-05-23 07:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-05-23 07:16 - 2014-05-23 07:16 - 00000000 ____D () C:\ProgramData\Sony
2014-05-23 07:16 - 2014-05-23 07:16 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-05-23 07:16 - 2014-05-23 07:15 - 27874312 _____ (Sony Mobile Communications ) C:\Users\Kiefer\Downloads\Sony PC Companion_Web.exe
2014-05-23 05:22 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-05-22 08:23 - 2014-05-22 08:22 - 00001574 _____ () C:\Users\Kiefer\Desktop\SMA Sunny Design Web.lnk
2014-05-22 08:21 - 2014-05-22 08:21 - 00000000 ____D () C:\ProgramData\SMA
2014-05-22 08:21 - 2014-05-22 08:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sunny Design 3
2014-05-22 08:21 - 2014-05-22 08:21 - 00000000 ____D () C:\Program Files (x86)\SMA
2014-05-22 08:21 - 2014-05-22 08:14 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-05-22 08:07 - 2014-05-22 08:07 - 07843758 _____ () C:\Users\Kiefer\Downloads\AutoCalculatorProSetupV1.2.2.1.exe
2014-05-22 08:07 - 2014-05-22 08:07 - 00001288 _____ () C:\Users\Public\Desktop\AutoCalculatorEasy.lnk
2014-05-22 08:07 - 2014-05-22 08:07 - 00000000 ____D () C:\Program Files (x86)\Schletter GmbH
2014-05-22 07:57 - 2014-04-21 15:49 - 00000000 ____D () C:\Users\Kiefer\Desktop\Stiebel Eltron
2014-05-22 07:53 - 2014-05-22 07:53 - 00000000 ____D () C:\Users\Kiefer\Documents\KOSTAL
2014-05-22 07:40 - 2014-05-22 07:40 - 00000000 _____ () C:\Windows\HPMProp.INI
2014-05-22 07:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\spool
2014-05-22 06:07 - 2014-05-22 05:58 - 132878770 _____ () C:\Users\Kiefer\Desktop\Rocky.mp4
2014-05-21 16:43 - 2013-10-01 07:34 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-21 14:50 - 2014-05-21 14:50 - 00000000 __SHD () C:\Users\Kiefer\AppData\Local\EmieUserList
2014-05-21 14:50 - 2014-05-21 14:50 - 00000000 __SHD () C:\Users\Kiefer\AppData\Local\EmieSiteList
2014-05-21 05:36 - 2014-04-16 11:43 - 00000000 ___RD () C:\Users\Kiefer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-20 08:46 - 2014-04-15 13:51 - 00011611 __RSH () C:\ProgramData\ntuser.pol
2014-05-19 04:55 - 2014-05-19 04:55 - 02051934 _____ () C:\Users\Kiefer\Downloads\wkw.zip
Some content of TEMP:
====================
C:\Users\Kiefer\AppData\Local\Temp\6_Offer_16.exe
C:\Users\Kiefer\AppData\Local\Temp\BackupSetup.exe
C:\Users\Kiefer\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Kiefer\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Kiefer\AppData\Local\Temp\f.exe
C:\Users\Kiefer\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Kiefer\AppData\Local\Temp\nsf1760.exe
C:\Users\Kiefer\AppData\Local\Temp\nskE44A.exe
C:\Users\Kiefer\AppData\Local\Temp\nskE7A5.exe
C:\Users\Kiefer\AppData\Local\Temp\nsnBD19.tmp.exe
C:\Users\Kiefer\AppData\Local\Temp\nsnC823.exe
C:\Users\Kiefer\AppData\Local\Temp\nsu13C6.exe
C:\Users\Kiefer\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Kiefer\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Kiefer\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Kiefer\AppData\Local\Temp\vcredist_x64.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-08 17:26
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-06-2014
Ran by Kiefer at 2014-06-18 10:51:41
Running from C:\Users\Kiefer\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.4.0.33 - Amazon Services LLC)
AMD Accelerated Video Transcoding (Version: 13.10.100.30604 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0604.1838.31590 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{7A28320F-8333-CF8F-7A34-D1ADF1C0622E}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2013.0604.1838.31590 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.80604.1838 - Advanced Micro Devices, Inc.) Hidden
AMD USB 3.0 Device Detector (Version: 2.1.29.0 - Advanced Micro Devices, Inc.) Hidden
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
AutoCalculatorPro (HKLM-x32\...\AutoCalculatorPro) (Version: - )
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.01.000.18 - Atheros Communications)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.18.8 - Broadcom Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 12.52.04 - Broadcom Corporation)
BrowserSafeguard with Rockettab (HKLM-x32\...\BrowserSafeguard) (Version: - BrowserSafeguard with Rockettab) <==== ATTENTION
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0604.1838.31590 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0604.1838.31590 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2013.0604.1838.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0604.1837.31590 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0604.1838.31590 - Advanced Micro Devices, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Receiver (DV) (x32 Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
Citrix Receiver (Enterprise) (HKLM-x32\...\CitrixOnlinePluginFull) (Version: 13.0.0.6685 - Citrix Systems, Inc.)
Citrix Receiver (HDX Flash-Umleitung) (x32 Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
Citrix Receiver (USB) (x32 Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
Citrix Receiver Inside (x32 Version: 3.0.0.56418 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (x32 Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
Citrix Receiver(PNA) (x32 Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
Citrix Receiver(SSON) (x32 Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
Das Fussball Studio 8.5.2 (Beta) (HKLM-x32\...\{F804CEB4-747E-46D5-B8AB-C56E3BAF27D9}_is1) (Version: 8.5.2 - vmLOGIC - Volker Mallmann)
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (HKLM-x32\...\{90150000-0012-0000-0000-0000000FF1CE}_Office15.STANDARD_{2BC398D2-11C8-43B1-AB84-675D33EB28C2}) (Version: - Microsoft)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
Evernote v. 5.3.1 (HKLM-x32\...\{28AAF752-C41B-11E3-8CB0-00163E98E7D6}) (Version: 5.3.1.3363 - Evernote Corp.)
Formatwandler 4 SE (HKLM-x32\...\{DC4071FC-A3FF-4F6B-0001-CCB79085A90A}) (Version: 4.0.11.1129 - S.A.D.)
GroupWise (HKLM-x32\...\{6BE2A534-B26E-4B00-8C05-8DBAF61A9095}) (Version: 8.0.3 - Novell)
GroupWise Client - VC Runtimes (release) (x32 Version: 1.00.0000 - Novell) Hidden
Hardcopy (HKLM-x32\...\Hardcopy) (Version: 2013.06.27 - www.hardcopy.de)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2057 - Intel Corporation)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LiveUpdate 3.3 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.3.0.102 - Symantec Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Excel MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 64-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Standard 2013 (HKLM-x32\...\Office15.STANDARD) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Standard 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 4.0 x64 DEU (HKLM\...\{CCBF4FD7-F4D2-4DB0-BC0E-F4EC42220EFF}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Word MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mp3tag v2.59a (HKLM-x32\...\Mp3tag) (Version: v2.59a - Florian Heidenreich)
MSXML 4.0 SP2 (KB941833) (HKLM-x32\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Online Plug-in (x32 Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
PIKO Plan 2.0 (HKLM-x32\...\KOSTAL PIKO Plan 2.0) (Version: 1.0.1416.7 - KOSTAL)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.80.218.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6782 - Realtek Semiconductor Corp.)
Schletter Configurator (HKCU\...\1ee12b9c315055f6) (Version: 2.6.9.2 - Schletter GmbH)
Sony PC Companion 2.10.197 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.197 - Sony)
Steuer 2013 (HKCU\...\{05AEF487-8926-48A9-B5BA-9BED72BC6B1C}) (Version: 21.00.8480 - Buhl Data Service GmbH)
Sunny Design 3 (HKLM-x32\...\{B9002F3C-5AE1-4869-A304-B8415F666EEE}) (Version: 3.10.2.4 - SMA Solar Technology AG)
Suntool 2.6.4.1 (HKLM-x32\...\{96F6C130-2C1B-496C-8C11-0AFC223A0006}_is1) (Version: 2.6.4.1 - SolarWorld AG)
SupraSavings (x32 Version: 1.0.0.0 - SupraSavings) Hidden <==== ATTENTION
Symantec Endpoint Protection (HKLM\...\{5C75DA6D-F5E3-4D4B-A381-B52B8CA5B1CF}) (Version: 11.0.7000.975 - Symantec Corporation)
TightVNC (HKLM\...\{D2372F87-7DA2-47F7-A102-AF2181B8EAA2}) (Version: 2.7.10.0 - GlavSoft LLC.)
Toooor Fussball - Ligen- und Turnierverwaltung (HKCU\...\Toooor Fussball - Ligen- und Turnierverwaltung_is1) (Version: - Sportinformationsdienst Toooor24)
Toooor Fussball - Ligen- und Turnierverwaltung (HKLM-x32\...\Toooor Fussball - Ligen- und Turnierverwaltung_is1) (Version: - Sportinformationsdienst Toooor24)
Update for Microsoft Excel 2013 (KB2881014) 32-Bit Edition (HKLM-x32\...\{90150000-0012-0000-0000-0000000FF1CE}_Office15.STANDARD_{33BAD262-B737-4DFA-8527-02961A9CE7BB}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2881014) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.STANDARD_{33BAD262-B737-4DFA-8527-02961A9CE7BB}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2881014) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0407-0000-0000000FF1CE}_Office15.STANDARD_{33BAD262-B737-4DFA-8527-02961A9CE7BB}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2881014) 32-Bit Edition (HKLM-x32\...\{90150000-001B-0407-0000-0000000FF1CE}_Office15.STANDARD_{33BAD262-B737-4DFA-8527-02961A9CE7BB}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2881014) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.STANDARD_{33BAD262-B737-4DFA-8527-02961A9CE7BB}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition (HKLM-x32\...\{90150000-0012-0000-0000-0000000FF1CE}_Office15.STANDARD_{A7610F07-E844-4444-8E1D-D5BC8AD0B4C5}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition (HKLM-x32\...\{90150000-0012-0000-0000-0000000FF1CE}_Office15.STANDARD_{45B7D395-EB9B-414F-9E46-5849B42326E2}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition (HKLM-x32\...\{90150000-0012-0000-0000-0000000FF1CE}_Office15.STANDARD_{66421820-D3CA-450A-898C-78D7E40108E6}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM-x32\...\{90150000-0012-0000-0000-0000000FF1CE}_Office15.STANDARD_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.STANDARD_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2826040) 32-Bit Edition (HKLM-x32\...\{90150000-0012-0000-0000-0000000FF1CE}_Office15.STANDARD_{B7EA8070-C37F-4617-82F4-52CF3304595A}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 32-Bit Edition (HKLM-x32\...\{90150000-0012-0000-0000-0000000FF1CE}_Office15.STANDARD_{9BC5FF1D-9626-44D7-BC7F-EB44BD8BDB9F}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{90150000-0012-0000-0000-0000000FF1CE}_Office15.STANDARD_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.STANDARD_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2878313) 32-Bit Edition (HKLM-x32\...\{90150000-0012-0000-0000-0000000FF1CE}_Office15.STANDARD_{1FB43AFB-8112-41B9-B9A6-A43474F46123}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880457) 32-Bit Edition (HKLM-x32\...\{90150000-0012-0000-0000-0000000FF1CE}_Office15.STANDARD_{D27F6360-AE1E-4C8C-8ECD-C0375E20B923}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{90150000-0012-0000-0000-0000000FF1CE}_Office15.STANDARD_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.STANDARD_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880464) 32-Bit Edition (HKLM-x32\...\{90150000-0012-0000-0000-0000000FF1CE}_Office15.STANDARD_{06EF2BF7-7351-4D70-A0D5-588FCCF9808D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880476) 32-Bit Edition (HKLM-x32\...\{90150000-0012-0000-0000-0000000FF1CE}_Office15.STANDARD_{DDF64A37-8E32-406E-A94C-9F5B03661A21}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880476) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.STANDARD_{DDF64A37-8E32-406E-A94C-9F5B03661A21}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition (HKLM-x32\...\{90150000-0012-0000-0000-0000000FF1CE}_Office15.STANDARD_{7C5CEE0F-6823-4BB7-A28F-76FEC14EB6AC}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880991) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0407-0000-0000000FF1CE}_Office15.STANDARD_{071A9ED9-C72F-4CDA-9A88-F100C5EF9EE1}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880991) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0409-0000-0000000FF1CE}_Office15.STANDARD_{3365FE58-896F-45DE-8051-E48F6D8069FD}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880991) 32-Bit Edition (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}_Office15.STANDARD_{A2D4D766-14AE-46CA-BD99-801FB1523626}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880991) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0410-0000-0000000FF1CE}_Office15.STANDARD_{FE13BE31-2B5B-4D4E-8538-B3BB9B370C66}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.STANDARD_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2881018) 32-Bit Edition (HKLM-x32\...\{90150000-0012-0000-0000-0000000FF1CE}_Office15.STANDARD_{D3CFB57E-39C0-4D2F-96D2-EC8BB1DB369D}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2881018) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.STANDARD_{D3CFB57E-39C0-4D2F-96D2-EC8BB1DB369D}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2881018) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0407-1000-0000000FF1CE}_Office15.STANDARD_{D3CFB57E-39C0-4D2F-96D2-EC8BB1DB369D}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2881018) 32-Bit Edition (HKLM-x32\...\{90150000-00BA-0407-0000-0000000FF1CE}_Office15.STANDARD_{D3CFB57E-39C0-4D2F-96D2-EC8BB1DB369D}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2880458) 32-Bit Edition (HKLM-x32\...\{90150000-0012-0000-0000-0000000FF1CE}_Office15.STANDARD_{E102B907-56A0-476E-9D7F-D74C7C42527F}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2880458) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.STANDARD_{E102B907-56A0-476E-9D7F-D74C7C42527F}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2880458) 32-Bit Edition (HKLM-x32\...\{90150000-00A1-0407-0000-0000000FF1CE}_Office15.STANDARD_{E102B907-56A0-476E-9D7F-D74C7C42527F}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM-x32\...\{90150000-0012-0000-0000-0000000FF1CE}_Office15.STANDARD_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0407-0000-0000000FF1CE}_Office15.STANDARD_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2881000) 32-Bit Edition (HKLM-x32\...\{90150000-0012-0000-0000-0000000FF1CE}_Office15.STANDARD_{4F3B2C6F-B7F9-431F-84ED-C29F47B31DB7}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2881000) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0407-0000-0000000FF1CE}_Office15.STANDARD_{4F3B2C6F-B7F9-431F-84ED-C29F47B31DB7}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2726952) 32-Bit Edition (HKLM-x32\...\{90150000-0012-0000-0000-0000000FF1CE}_Office15.STANDARD_{173C8CEB-B73E-4C38-AF3A-05EA5BB860D4}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2726952) 32-Bit Edition (HKLM-x32\...\{90150000-0019-0407-0000-0000000FF1CE}_Office15.STANDARD_{173C8CEB-B73E-4C38-AF3A-05EA5BB860D4}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{90150000-0012-0000-0000-0000000FF1CE}_Office15.STANDARD_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.STANDARD_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 32-Bit Edition (HKLM-x32\...\{90150000-0012-0000-0000-0000000FF1CE}_Office15.STANDARD_{A7CD05CC-CA85-428C-91FD-74A908D126E1}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2881005) 32-Bit Edition (HKLM-x32\...\{90150000-0012-0000-0000-0000000FF1CE}_Office15.STANDARD_{F60958B9-F8A9-488F-99AD-8A6D95070CD8}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2881005) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0407-0000-0000000FF1CE}_Office15.STANDARD_{F60958B9-F8A9-488F-99AD-8A6D95070CD8}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2881005) 32-Bit Edition (HKLM-x32\...\{90150000-001B-0407-0000-0000000FF1CE}_Office15.STANDARD_{F60958B9-F8A9-488F-99AD-8A6D95070CD8}) (Version: - Microsoft)
Windows NT Messaging (HKLM-x32\...\WMS) (Version: - )
==================== Restore Points =========================
02-06-2014 14:18:32 Geplanter Prüfpunkt
09-06-2014 12:18:36 Installiert Steuer 2013
12-06-2014 10:18:27 Windows Update
12-06-2014 19:07:14 Windows Modules Installer
12-06-2014 19:08:25 Windows Modules Installer
12-06-2014 19:15:32 Windows Modules Installer
13-06-2014 07:09:00 Formatwandler 4 SE wird installiert
15-06-2014 13:43:45 TuneUp Utilities 2014 wird entfernt
15-06-2014 13:44:24 TuneUp Utilities 2014 (de-DE) wird entfernt
18-06-2014 03:51:11 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0244378B-3A79-44A3-9027-0B649E336017} - System32\Tasks\Microsoft Office 15 Sync Maintenance for STREB-AD-Kiefer SB-NB-Kiefer7.STREB-AD.friedrich-streb.de => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2014-04-08] (Microsoft Corporation)
Task: {118A2FDF-18E3-454D-B06C-C3D9891501EC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-26] (Adobe Systems Incorporated)
Task: {286CB36B-23E4-4954-83E5-A9B6754AD545} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {3AFC0D21-9069-4742-B7BF-12BC886BCCC1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {45A64FC5-2873-4EB7-A7BE-B8745FE67A05} - System32\Tasks\Microsoft Office 15 Sync Maintenance for {b6104221-2e7c-48a2-9302-edf72d0ce1a8} SB-NB-Kiefer7.STREB-AD.friedrich-streb.de => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2014-04-08] (Microsoft Corporation)
Task: {46386D15-CAE8-403F-91AC-033291843B65} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION
Task: {735C2CCF-D63D-4B5F-8E6E-D3B829D0E856} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe [2014-06-18] () <==== ATTENTION
Task: {BB60D2BF-465C-403F-A2B8-A019957EC20E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {D1F22E44-1C1F-428B-A567-67893B66C37E} - System32\Tasks\hcdll2_ex_Win32 => C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe [2012-11-08] ()
Task: {F2FCAD94-4419-4433-A846-103CF042A951} - System32\Tasks\hcdll2_ex_x64 => C:\Program Files (x86)\Hardcopy\hcdll2_ex_x64.exe [2012-11-08] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-06-13 05:50 - 2014-06-13 05:50 - 00706560 _____ () C:\Program Files\003\vxlsnyaiet64.exe
2013-10-01 07:28 - 2012-07-30 10:28 - 00125504 _____ () C:\Program Files (x86)\Hardcopy\HcDLL2_38_x64.dll
2013-10-01 07:28 - 2012-11-08 08:39 - 00037440 _____ () C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe
2013-10-01 07:28 - 2012-11-08 08:38 - 00044608 _____ () C:\Program Files (x86)\Hardcopy\hcdll2_ex_x64.exe
2014-06-09 15:23 - 2014-05-08 19:26 - 03145536 _____ () C:\Users\Kiefer\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2014-05-07 20:30 - 2014-05-08 01:28 - 00348672 _____ () C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
2013-10-01 07:28 - 2012-07-05 15:56 - 00052800 _____ () C:\Program Files (x86)\Hardcopy\hardcopy_05.dll
2013-10-01 07:28 - 2012-07-30 10:27 - 00116800 _____ () C:\Program Files (x86)\Hardcopy\HcDLL2_38_Win32.dll
2013-10-01 07:28 - 2013-06-26 09:51 - 02921976 _____ () C:\Program Files (x86)\Hardcopy\HcDllS.dll
2014-04-14 14:17 - 2014-04-14 14:17 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-04-14 14:17 - 2014-04-14 14:17 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2011-03-15 02:11 - 2011-03-15 02:11 - 01099790 _____ () C:\Program Files (x86)\Citrix\ICA Client\avcodec-52.dll
2011-03-15 02:11 - 2011-03-15 02:11 - 00079886 _____ () C:\Program Files (x86)\Citrix\ICA Client\avutil-50.dll
2011-03-15 02:11 - 2011-03-15 02:11 - 00121870 _____ () C:\Program Files (x86)\Citrix\ICA Client\swscale-0.dll
2011-03-15 02:11 - 2011-03-15 02:11 - 00117774 _____ () C:\Program Files (x86)\Citrix\ICA Client\avformat-52.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:F0D7EE30
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service"
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/18/2014 07:51:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17126, Zeitstempel: 0x53882e30
Name des fehlerhaften Moduls: 2rs3.dll, Version: 0.0.0.0, Zeitstempel: 0x532c6f79
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000148c
ID des fehlerhaften Prozesses: 0x1204
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (06/18/2014 07:46:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/18/2014 07:37:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17126, Zeitstempel: 0x53882e30
Name des fehlerhaften Moduls: 2rs3.dll, Version: 0.0.0.0, Zeitstempel: 0x532c6f79
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000148c
ID des fehlerhaften Prozesses: 0x129c
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (06/18/2014 07:23:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17126, Zeitstempel: 0x53882e30
Name des fehlerhaften Moduls: 2rs3.dll, Version: 0.0.0.0, Zeitstempel: 0x532c6f79
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001482
ID des fehlerhaften Prozesses: 0x79c
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (06/18/2014 07:16:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/18/2014 05:55:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x1430
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (06/18/2014 05:47:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x1770
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (06/18/2014 05:44:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x11e8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (06/18/2014 05:43:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x147c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (06/18/2014 05:42:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x11ac
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
System errors:
=============
Error: (06/18/2014 07:46:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AMD FUEL Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (06/18/2014 07:46:09 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst AMD FUEL Service erreicht.
Error: (06/18/2014 07:45:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AppEx Networks Accelerator LWF" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (06/18/2014 07:15:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AMD FUEL Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (06/18/2014 07:15:55 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst AMD FUEL Service erreicht.
Error: (06/18/2014 07:15:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AppEx Networks Accelerator LWF" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (06/18/2014 05:58:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Update ConstaSurf" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/18/2014 05:31:01 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: STREB-AD)
Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error: (06/18/2014 05:29:05 AM) (Source: TermService) (EventID: 1067) (User: )
Description: Der Terminalserver kann den Dienstprinzipalnamen "TERMSRV", der für die Serverauthentifizierung verwendet werden soll, nicht registrieren. Der folgende Fehler ist aufgetreten: Die angegebene Domäne ist nicht vorhanden, oder es konnte keine Verbindung hergestellt werden.
.
Error: (06/18/2014 05:26:45 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT-AUTORITÄT)
Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Microsoft Office Sessions:
=========================
Error: (06/18/2014 07:51:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1712653882e302rs3.dll0.0.0.0532c6f79c00000050000148c120401cf8ab91d1879d5C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\SupraSavings\2rs3.dlla6d3a6fa-f6ac-11e3-a4af-88ae1d8d071e
Error: (06/18/2014 07:46:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/18/2014 07:37:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1712653882e302rs3.dll0.0.0.0532c6f79c00000050000148c129c01cf8ab7301caf59C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\SupraSavings\2rs3.dlla0463c4b-f6aa-11e3-8d73-88ae1d8d071e
Error: (06/18/2014 07:23:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1712653882e302rs3.dll0.0.0.0532c6f79c00000050000148279c01cf8ab581670f61C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\SupraSavings\2rs3.dllc02029fb-f6a8-11e3-8d73-88ae1d8d071e
Error: (06/18/2014 07:16:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/18/2014 05:55:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141b143001cf8aa83771182cC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll60176bd0-f69c-11e3-b2f9-88ae1d8d071e
Error: (06/18/2014 05:47:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141b177001cf8aa7cbf4f888C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll3be8a438-f69b-11e3-b2f9-88ae1d8d071e
Error: (06/18/2014 05:44:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141b11e801cf8aa79b39f1b7C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlle16b9c7f-f69a-11e3-b2f9-88ae1d8d071e
Error: (06/18/2014 05:43:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141b147c01cf8aa767e9058dC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllb6fda675-f69a-11e3-b2f9-88ae1d8d071e
Error: (06/18/2014 05:42:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141b11ac01cf8aa6bcd07400C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll99c09597-f69a-11e3-b2f9-88ae1d8d071e
==================== Memory info ===========================
Percentage of memory in use: 62%
Total physical RAM: 3766.71 MB
Available physical RAM: 1403.6 MB
Total Pagefile: 7531.6 MB
Available Pagefile: 5008.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:297.99 GB) (Free:246.73 GB) NTFS
Drive m: () (Removable) (Total:29.88 GB) (Free:26.97 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 74C3D8CD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 30 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
19.06.2014, 12:50
| #4 |
| /// the machine /// TB-Ausbilder | Proxy Server Einstellung 127.0.0.1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:51988;https=127.0.0.1:51988 Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Adware & Co. deinstallieren
Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter: Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.06.2014, 05:56
| #5 |
| | Proxy Server Einstellung 127.0.0.1Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-06-2014 01
Ran by Kiefer at 2014-06-22 17:19:58 Run:1
Running from C:\Users\Kiefer\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:51988;https=127.0.0.1:51988
*****************
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
==== End of Fixlog ====
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 22.06.2014 Suchlauf-Zeit: 17:29:21 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.06.22.02 Rootkit Datenbank: v2014.06.20.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Kiefer Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 305321 Verstrichene Zeit: 12 Min, 55 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 3 Adware.Adpeak, C:\Program Files\003\vxlsnyaiet64.exe, 2168, Löschen bei Neustart, [2d4d2259a8d3f64072b173fad82cc23e] PUP.Optional.AdPeak.A, C:\Program Files\003\vxlsnyaiet64.exe, 2168, Löschen bei Neustart, [01797605c1bab284df9d05adfa08f50b] PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe, 3948, Löschen bei Neustart, [cfab0d6e99e237ff2ae6994d2ed537c9] Module: 0 (No malicious items detected) Registrierungsschlüssel: 14 Adware.Adpeak, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\vxlsnyaiet64, In Quarantäne, [2d4d2259a8d3f64072b173fad82cc23e], PUP.Optional.CouponDownloader.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}, In Quarantäne, [59216318a7d42214703649fa917128d8], PUP.Optional.CouponDownloader.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{10AD2C61-0898-4348-8600-14A342F22AC3}, In Quarantäne, [59216318a7d42214703649fa917128d8], PUP.Optional.CouponDownloader.A, HKU\S-1-5-21-4206700253-882151942-3262977069-1300-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10AD2C61-0898-4348-8600-14A342F22AC3}, In Quarantäne, [59216318a7d42214703649fa917128d8], PUP.Optional.CouponDownloader.A, HKU\S-1-5-21-4206700253-882151942-3262977069-1300-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{10AD2C61-0898-4348-8600-14A342F22AC3}, In Quarantäne, [59216318a7d42214703649fa917128d8], PUP.Optional.AdPeak.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\vxlsnyaiet64, In Quarantäne, [01797605c1bab284df9d05adfa08f50b], PUP.Optional.BrowserSafeGuard.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BrowserSafeguard, In Quarantäne, [cfab0d6e99e237ff2ae6994d2ed537c9], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\suprasavings, In Quarantäne, [205a99e292e9989eb5fb52691fe37b85], PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, In Quarantäne, [ec8ebbc096e5aa8c3406c9f4f70bfe02], PUP.Optional.BrowserSafeGuard.A, HKLM\SOFTWARE\WOW6432NODE\BROWSERSAFEGUARD, In Quarantäne, [91e9106bbdbe9c9a8c86786ed132fe02], PUP.Optional.AdPeak.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{E6B105B8-1F65-4428-9397-1DFD8A03B94D}, In Quarantäne, [3a40215aaecd072f97b0f4b654ae7888], PUP.Optional.SupraSavings.A, HKU\S-1-5-21-4206700253-882151942-3262977069-1300-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupraSavings, In Quarantäne, [5327d2a97b0080b6773a8c2fd32f659b], PUP.Optional.SupraSavings.A, HKU\S-1-5-21-4206700253-882151942-3262977069-1300-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Supra Savings, In Quarantäne, [abcf4b3081fa89adb1f4eeccbb478080], PUP.Optional.SupraSavings.A, HKU\S-1-5-21-4206700253-882151942-3262977069-1300-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\suprasavings, In Quarantäne, [f9810972c2b9fd39e9c94675ab570cf4], Registrierungswerte: 2 PUP.Optional.BrowserSafeGuard.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|BrowserSafeguard, "C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe", In Quarantäne, [cfab0d6e99e237ff2ae6994d2ed537c9] PUP.Optional.BrowserSafeGuard.A, HKLM\SOFTWARE\WOW6432NODE\BROWSERSAFEGUARD|sourceid, EAAAACTzsvhEK9uN+ZTvY5WdojZzLG+lbA40FnDpo/UKhJjFufG8HD64YuWSMqPCaf8MAoNZdQxrfcu+9RHyKI+xQu8=, In Quarantäne, [91e9106bbdbe9c9a8c86786ed132fe02] Registrierungsdaten: 4 PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1403062960&from=obw&uid=HitachiXHTS545032B9A300_100904PBNL04B7JB0NPLX, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1403062960&from=obw&uid=HitachiXHTS545032B9A300_100904PBNL04B7JB0NPLX),Ersetzt,[d7a3c4b77506aa8c2daa5b1cb450ef11] PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1403062960&from=obw&uid=HitachiXHTS545032B9A300_100904PBNL04B7JB0NPLX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1403062960&from=obw&uid=HitachiXHTS545032B9A300_100904PBNL04B7JB0NPLX&q={searchTerms}),Ersetzt,[b8c2215af586cc6ae7e7dd9a9074f808] PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1403062960&from=obw&uid=HitachiXHTS545032B9A300_100904PBNL04B7JB0NPLX, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1403062960&from=obw&uid=HitachiXHTS545032B9A300_100904PBNL04B7JB0NPLX),Ersetzt,[0773d7a43744d6600ec925525da7d62a] PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1403062960&from=obw&uid=HitachiXHTS545032B9A300_100904PBNL04B7JB0NPLX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1403062960&from=obw&uid=HitachiXHTS545032B9A300_100904PBNL04B7JB0NPLX&q={searchTerms}),Ersetzt,[a7d32358641778be537b294eb4508b75] Ordner: 37 PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard, Löschen bei Neustart, [cfab0d6e99e237ff2ae6994d2ed537c9], PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\Resources, In Quarantäne, [cfab0d6e99e237ff2ae6994d2ed537c9], PUP.Optional.OpenCandy, C:\Users\Kiefer\AppData\Roaming\OpenCandy, In Quarantäne, [1d5d3546b2c977bf5365038b738f936d], PUP.Optional.OpenCandy, C:\Users\Kiefer\AppData\Roaming\OpenCandy\30FB155110D443F8B3FF8296C2E512D5, In Quarantäne, [1d5d3546b2c977bf5365038b738f936d], PUP.Optional.OpenCandy, C:\Users\Kiefer\AppData\Roaming\OpenCandy\DE9DE579F6954D7291E1477C9C82C486, In Quarantäne, [1d5d3546b2c977bf5365038b738f936d], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings, In Quarantäne, [2e4cb4c7d0ab61d50548cdc9ea18d52b], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\defaults, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\defaults\preferences, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\locale, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\addon-kit, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\addon-kit\data, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\addon-kit\lib, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\data, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\event, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\addon, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\content, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\dom, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\events, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\l10n, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\private-browsing, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\system, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\tabs, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\traits, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\utils, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\window, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\windows, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\SupraSavings, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\SupraSavings\data, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\SupraSavings\lib, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\SupraSavings\tests, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger, In Quarantäne, [f9815724d9a22d09ed65396c778ba45c], PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger\log, In Quarantäne, [f9815724d9a22d09ed65396c778ba45c], PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger\update, In Quarantäne, [f9815724d9a22d09ed65396c778ba45c], Dateien: 135 Adware.Adpeak, C:\Program Files\003\vxlsnyaiet64.exe, Löschen bei Neustart, [2d4d2259a8d3f64072b173fad82cc23e], PUP.Optional.CouponDownloader.A, C:\Program Files (x86)\SupraSavings\2rs3.dll, In Quarantäne, [59216318a7d42214703649fa917128d8], PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger\wprotectmanager.exe, In Quarantäne, [0971e3989cdf1620db645d308978db25], PUP.Optional.AdPeak.A, C:\temp\InstallFilter64.msi, In Quarantäne, [3941fc7f96e5171fe4a283bae51bb749], PUP.Optional.SupraSavings.A, C:\temp\t.msi, In Quarantäne, [eb8fb2c97efdd561d701b4b71de7d030], PUP.Optional.Conduit.A, C:\Users\Kiefer\AppData\Local\Temp\nsf1760.exe, In Quarantäne, [6a104f2c4239979fd156671f9c65de22], PUP.Optional.Conduit.A, C:\Users\Kiefer\AppData\Local\Temp\nskE44A.exe, In Quarantäne, [e6944a31413ab2845bccfd89aa57e41c], PUP.Optional.Conduit.A, C:\Users\Kiefer\AppData\Local\Temp\nskE7A5.exe, In Quarantäne, [4a309cdf3b4056e0e6418bfb11f08b75], PUP.Optional.Conduit.A, C:\Users\Kiefer\AppData\Local\Temp\nsnC823.exe, In Quarantäne, [6d0de497b7c4d75f9295a0e60bf6d12f], PUP.Optional.Conduit.A, C:\Users\Kiefer\AppData\Local\Temp\nsu13C6.exe, In Quarantäne, [3f3b5a21bbc02412b176f49228d93fc1], PUP.Optional.Conduit.A, C:\Users\Kiefer\AppData\Local\Temp\nsz68A4\SpSetup.exe, In Quarantäne, [2258205b8deed95dfd2ae2a40100cf31], PUP.Optional.OptimumInstaller.A, C:\Users\Kiefer\Downloads\Setup(1).exe, In Quarantäne, [0c6ea0db7dfe989e3ea11938877aec14], PUP.Optional.OutBrowse, C:\Users\Kiefer\Downloads\setup(2).exe, In Quarantäne, [0971c7b4d3a89f97e82cd8b18c75c53b], PUP.Optional.SupraSavings.A, C:\Windows\Installer\1b0c44.msi, In Quarantäne, [7efcb9c2ccafed49cd0b35360202956b], PUP.Optional.BrowserSafeGuard.A, C:\Windows\System32\Tasks\BrowserSafeguard Update Task, In Quarantäne, [85f59be0601ba591a944782dbf43e61a], PUP.Optional.Trovi.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\searchplugins\trovi-search.xml, In Quarantäne, [700a3f3c6c0fb482e731456c55ad34cc], PUP.Optional.AdPeak.A, C:\Program Files\003\vxlsnyaiet64.exe, Löschen bei Neustart, [01797605c1bab284df9d05adfa08f50b], PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, In Quarantäne, [59210a71106b61d5aa270db68f731ce4], PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\ewebstorewrapper.dll, In Quarantäne, [cfab0d6e99e237ff2ae6994d2ed537c9], PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe, Löschen bei Neustart, [cfab0d6e99e237ff2ae6994d2ed537c9], PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\config.dat, In Quarantäne, [cfab0d6e99e237ff2ae6994d2ed537c9], PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\makecert.exe, In Quarantäne, [cfab0d6e99e237ff2ae6994d2ed537c9], PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\TrustedRoot.cer, In Quarantäne, [cfab0d6e99e237ff2ae6994d2ed537c9], PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe, In Quarantäne, [cfab0d6e99e237ff2ae6994d2ed537c9], PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\Resources\certutil.exe, In Quarantäne, [cfab0d6e99e237ff2ae6994d2ed537c9], PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\Resources\libnspr4.dll, In Quarantäne, [cfab0d6e99e237ff2ae6994d2ed537c9], PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\Resources\libplc4.dll, In Quarantäne, [cfab0d6e99e237ff2ae6994d2ed537c9], PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\Resources\libplds4.dll, In Quarantäne, [cfab0d6e99e237ff2ae6994d2ed537c9], PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\Resources\nss3.dll, In Quarantäne, [cfab0d6e99e237ff2ae6994d2ed537c9], PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\Resources\smime3.dll, In Quarantäne, [cfab0d6e99e237ff2ae6994d2ed537c9], PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\Resources\softokn3.dll, In Quarantäne, [cfab0d6e99e237ff2ae6994d2ed537c9], PUP.Optional.OpenCandy, C:\Users\Kiefer\AppData\Roaming\OpenCandy\30FB155110D443F8B3FF8296C2E512D5\TuneUpUtilities2014_de-DE.exe, In Quarantäne, [1d5d3546b2c977bf5365038b738f936d], PUP.Optional.OpenCandy, C:\Users\Kiefer\AppData\Roaming\OpenCandy\DE9DE579F6954D7291E1477C9C82C486\WEB.DE_MailCheck_IE_WebSetup_sps_dss_ki20101.exe, In Quarantäne, [1d5d3546b2c977bf5365038b738f936d], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\background.js, In Quarantäne, [2e4cb4c7d0ab61d50548cdc9ea18d52b], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\CustomActionInstall, In Quarantäne, [2e4cb4c7d0ab61d50548cdc9ea18d52b], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\CustomActionUninstall, In Quarantäne, [2e4cb4c7d0ab61d50548cdc9ea18d52b], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\icon128.png, In Quarantäne, [2e4cb4c7d0ab61d50548cdc9ea18d52b], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\icon16.png, In Quarantäne, [2e4cb4c7d0ab61d50548cdc9ea18d52b], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\icon32.png, In Quarantäne, [2e4cb4c7d0ab61d50548cdc9ea18d52b], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\icon48.png, In Quarantäne, [2e4cb4c7d0ab61d50548cdc9ea18d52b], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\icon64.png, In Quarantäne, [2e4cb4c7d0ab61d50548cdc9ea18d52b], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\icon8.png, In Quarantäne, [2e4cb4c7d0ab61d50548cdc9ea18d52b], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\iwalyk.js, In Quarantäne, [2e4cb4c7d0ab61d50548cdc9ea18d52b], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\manifest.json, In Quarantäne, [2e4cb4c7d0ab61d50548cdc9ea18d52b], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\marcopolo.js, In Quarantäne, [2e4cb4c7d0ab61d50548cdc9ea18d52b], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\Microsoft.Deployment.WindowsInstaller.dll, In Quarantäne, [2e4cb4c7d0ab61d50548cdc9ea18d52b], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\Microsoft.Deployment.WindowsInstaller.xml, In Quarantäne, [2e4cb4c7d0ab61d50548cdc9ea18d52b], PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\SendJson.dll, In Quarantäne, [2e4cb4c7d0ab61d50548cdc9ea18d52b], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\bootstrap.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\harness-options.json, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\icon.png, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\install.rdf, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\locales.json, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\defaults\preferences\prefs.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\addon-kit\lib\page-mod.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\addon-kit\lib\private-browsing.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\addon-kit\lib\request.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\addon-kit\lib\windows.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\observer-service.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\api-utils.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\base64.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\byte-streams.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\collection.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\content.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\cortex.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\cuddlefish.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\deprecate.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\environment.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\errors.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\events.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\file.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\functional.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\globals.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\heritage.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\hidden-frame.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\light-traits.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\list.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\loader.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\match-pattern.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\memory.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\namespace.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\plain-text-console.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\preferences-service.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\promise.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\querystring.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\runtime.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\sandbox.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\self.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\system.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\text-streams.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\timer.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\traceback.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\traits.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\unload.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\url.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\uuid.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\window-utils.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\xhr.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\xpcom.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\xul-app.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\event\core.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\event\target.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\addon\runner.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\content\content-proxy.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\content\content-worker.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\content\loader.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\content\symbiont.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\content\worker.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\dom\events.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\events\assembler.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\l10n\core.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\l10n\html.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\l10n\loader.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\l10n\locale.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\l10n\prefs.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\private-browsing\utils.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\system\events.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\tabs\events.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\tabs\observer.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\tabs\tab.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\tabs\utils.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\traits\core.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\utils\data.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\utils\object.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\utils\registry.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\utils\thumbnail.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\window\utils.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\windows\dom.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\windows\loader.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\windows\observer.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\api-utils\lib\windows\tabs.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\SupraSavings\data\icon64.png, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.SupraSavings.A, C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\extensions\SupraSavings@jetpack\resources\SupraSavings\lib\main.js, In Quarantäne, [5822b7c4e59688ae6c83910557ab1fe1], PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger\log\wprotectmanager_2014-06-18[05-43-12-054].log, In Quarantäne, [f9815724d9a22d09ed65396c778ba45c], PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger\update\conf, In Quarantäne, [f9815724d9a22d09ed65396c778ba45c], Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.212 - Bericht erstellt am 22/06/2014 um 18:01:26
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Kiefer - SB-NB-KIEFER7
# Gestartet von : C:\Users\Kiefer\Desktop\adwcleaner_3.212.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\user.js
Datei Gefunden : C:\Windows\System32\Tasks\Advanced System Protector
Ordner Gefunden : C:\Program Files\003
Ordner Gefunden : C:\Users\Brudergruppe\AppData\Roaming\pdfforge
Ordner Gefunden : C:\Users\Kiefer\AppData\Local\BrowserSafeguard
Ordner Gefunden : C:\Users\Kiefer\AppData\Local\Temp\ConstaSurf
Ordner Gefunden : C:\Users\Kiefer\AppData\Local\Temp\OCS
Ordner Gefunden : C:\Users\Kiefer\AppData\Roaming\Advanced System Protector
Ordner Gefunden : C:\Users\Kiefer\AppData\Roaming\Systweak
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\systweak
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\systweak
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gefunden : HKLM\Software\systweak
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17126
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://istart.webssearches.com/web/?type=ds&ts=1403062960&from=obw&uid=HitachiXHTS545032B9A300_100904PBNL04B7JB0NPLX&q={searchTerms}
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://istart.webssearches.com/web/?type=ds&ts=1403062960&from=obw&uid=HitachiXHTS545032B9A300_100904PBNL04B7JB0NPLX&q={searchTerms}
-\\ Mozilla Firefox v30.0 (de)
[ Datei : C:\Users\Brudergruppe\AppData\Roaming\Mozilla\Firefox\Profiles\jb9bwpxi.default\prefs.js ]
[ Datei : C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [2909 octets] - [22/06/2014 18:01:26]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2969 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Kiefer on 23.06.2014 at 5:47:44,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ FireFox
Emptied folder: C:\Users\Kiefer\AppData\Roaming\mozilla\firefox\profiles\p6rbb3n4.default\minidumps [7 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.06.2014 at 5:54:28,01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
23.06.2014, 19:44
| #6 |
| /// the machine /// TB-Ausbilder | Proxy Server Einstellung 127.0.0.1 AdwCleaner unbedingt die Löschfunktion benutzen!! ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Proxy Server Einstellung 127.0.0.1 |
|
27.06.2014, 05:57
| #7 |
| | Proxy Server Einstellung 127.0.0.1 ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7587 # api_version=3.0.2 # EOSSerial=e7c1fa5fe5551343b7cbde32ddcbbdf6 # engine=18885 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-06-26 04:05:40 # local_time=2014-06-26 06:05:40 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776638 100 94 6192945 155385390 0 0 # scanned=3636 # found=1 # cleaned=0 # scan_time=535 sh=99F97AD369E8621AB4D17DF53E80E60FEE99C727 ft=1 fh=42567613b862d846 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kiefer\AppData\Local\Temp\OCS\ocs_v71b.exe.vir" |
|
27.06.2014, 14:47
| #8 |
| /// the machine /// TB-Ausbilder | Proxy Server Einstellung 127.0.0.1 und weiter.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.06.2014, 17:23
| #9 |
| | Proxy Server Einstellung 127.0.0.1 Results of screen317's Security Check version 0.99.83 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Symantec Endpoint Protection WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 55 Adobe Flash Player 13.0.0.214 Adobe Reader XI Mozilla Firefox (30.0) ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
28.06.2014, 14:48
| #10 |
| /// the machine /// TB-Ausbilder | Proxy Server Einstellung 127.0.0.1 und der Rest?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.06.2014, 11:17
| #11 |
| | Proxy Server Einstellung 127.0.0.1FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-06-2014 01 (ATTENTION: ====> FRST version is 8 days old and could be outdated) Ran by Kiefer (administrator) on SB-NB-KIEFER7 on 29-06-2014 10:53:21 Running from C:\Users\Kiefer\Desktop Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Windows\System32\rpcnetp.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\Users\Kiefer\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe (sw4you) C:\Program Files (x86)\Hardcopy\hardcopy.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe () C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe () C:\Program Files (x86)\Hardcopy\hcdll2_ex_x64.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\MSOSYNC.EXE (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13260944 2012-11-19] (Realtek Semiconductor) HKLM\...\Run: [tvncontrol] => C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.) HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.) HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [585376 2010-05-25] (Atheros Commnucations) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [354464 2010-05-25] (Atheros Commnucations) HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [358336 2011-08-11] (Citrix Systems, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [676608 2013-06-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ccApp] => C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [115624 2011-03-30] (Symantec Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-4206700253-882151942-3262977069-1300\...\Run: [Amazon Cloud Player] => C:\Users\Kiefer\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2014-05-08] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK ShortcutTarget: Hardcopy.LNK -> C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\info.cmd () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Notify.lnk ShortcutTarget: Notify.lnk -> C:\Program Files (x86)\Novell\GroupWise\notify.exe (Novell, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Receiver.lnk ShortcutTarget: Receiver.lnk -> C:\Windows\Installer\{C0B728CE-BF48-48C2-A19C-01563CCEDD9F}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe () Startup: C:\Users\Kiefer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== ProxyServer: streb-fw.streb-ad.friedrich-streb.de:8080 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0B662402EE74CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM-x32 - DefaultScope value is missing. BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Kiefer\AppData\Roaming\Mozilla\Firefox\Profiles\p6rbb3n4.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Kiefer\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml ==================== Services (Whitelisted) ================= S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-06-04] (Advanced Micro Devices, Inc.) [File not signed] R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [47776 2010-05-25] (Atheros Commnucations) [File not signed] R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108456 2011-03-30] (Symantec Corporation) R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108456 2011-03-30] (Symantec Corporation) U3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093944 2011-02-07] (Symantec Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed] S4 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [428976 2011-04-21] (Symantec Corporation) R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1846592 2011-05-11] (Symantec Corporation) R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.) ==================== Drivers (Whitelisted) ==================== R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-11] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-29] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20140626.008\eng64.sys [126040 2014-03-20] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20140626.008\ex64.sys [2099288 2014-03-20] (Symantec Corporation) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited) R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [453240 2011-03-08] (Symantec Corporation) R1 SRTSP; C:\Windows\SysWOW64\Drivers\SRTSP64.SYS [453240 2011-03-08] (Symantec Corporation) S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [482424 2011-03-08] (Symantec Corporation) S3 SRTSPL; C:\Windows\SysWOW64\Drivers\SRTSPL64.SYS [482424 2011-03-08] (Symantec Corporation) R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32376 2011-03-08] (Symantec Corporation) R1 SRTSPX; C:\Windows\SysWOW64\Drivers\SRTSPX64.SYS [32376 2011-03-08] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2014-04-15] (Symantec Corporation) R1 Teefer3; C:\Windows\System32\DRIVERS\Teefer3.sys [53880 2011-04-09] (Symantec Corporation) R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [54392 2011-04-27] (Symantec Corporation) R3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [233120 2012-11-13] (Symantec Corporation) S2 APXACC; system32\DRIVERS\appexDrv.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-26 11:10 - 2014-06-26 11:15 - 00044591 _____ () C:\Users\Kiefer\Desktop\PREISE.xlsm 2014-06-26 05:50 - 2014-06-26 05:50 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-06-24 17:05 - 2014-06-24 17:05 - 00000000 ____D () C:\ProgramData\EPSON 2014-06-24 17:03 - 2014-06-24 17:05 - 14896640 _____ () C:\Users\Kiefer\Downloads\epson374991eu.exe 2014-06-24 17:02 - 2014-06-24 17:02 - 00000930 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk 2014-06-24 17:02 - 2014-06-24 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON 2014-06-24 17:02 - 2014-06-24 17:02 - 00000000 ____D () C:\Program Files (x86)\epson 2014-06-24 17:02 - 2007-07-13 00:00 - 00083968 _____ (SEIKO EPSON CORP.) C:\Windows\system32\esxcwiad.dll 2014-06-24 16:59 - 2014-06-24 17:01 - 12419072 _____ () C:\Users\Kiefer\Downloads\epson376742eu.exe 2014-06-24 14:00 - 2014-06-24 14:00 - 00002584 _____ () C:\Users\Kiefer\Desktop\GoToMeeting Quick Connect.lnk 2014-06-24 13:59 - 2014-06-29 10:50 - 00000568 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4206700253-882151942-3262977069-1300.job 2014-06-24 13:59 - 2014-06-24 13:59 - 00003596 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-4206700253-882151942-3262977069-1300 2014-06-24 05:46 - 2014-06-24 05:46 - 02347384 _____ (ESET) C:\Users\Kiefer\Downloads\esetsmartinstaller_deu.exe 2014-06-24 05:46 - 2014-06-24 05:46 - 00854367 _____ () C:\Users\Kiefer\Downloads\SecurityCheck.exe 2014-06-23 12:44 - 2014-06-23 12:44 - 00000000 ____D () C:\Users\Kiefer\AppData\Local\SolarWorld 2014-06-23 05:54 - 2014-06-23 05:54 - 00000828 _____ () C:\Users\Kiefer\Desktop\JRT.txt 2014-06-23 05:47 - 2014-06-23 05:47 - 00000000 ____D () C:\Windows\ERUNT 2014-06-23 05:43 - 2014-06-23 05:43 - 00039496 _____ () C:\Users\Kiefer\Desktop\mbam.txt 2014-06-22 18:08 - 2014-06-22 18:08 - 00002667 _____ () C:\Users\Kiefer\Desktop\AdwCleaner[S0].txt 2014-06-22 18:01 - 2014-06-24 05:42 - 00000000 ____D () C:\AdwCleaner 2014-06-22 17:46 - 2014-06-22 17:46 - 00000000 ____D () C:\Avenger 2014-06-22 17:28 - 2014-06-29 11:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-22 17:27 - 2014-06-22 17:27 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-22 17:27 - 2014-06-22 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-22 17:27 - 2014-06-22 17:27 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-22 17:27 - 2014-06-22 17:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-22 17:27 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-06-22 17:27 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-06-22 17:27 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-06-22 17:21 - 2014-06-22 17:21 - 00001264 _____ () C:\Users\Kiefer\Desktop\Revo Uninstaller.lnk 2014-06-22 17:21 - 2014-06-22 17:21 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-06-22 17:08 - 2014-06-22 17:08 - 00000000 ____D () C:\Users\Kiefer\Desktop\FRST-OlderVersion 2014-06-20 09:11 - 2014-06-20 05:42 - 17292760 ____N (Malwarebytes Corporation ) C:\Users\Kiefer\Desktop\mbam-setup-2.0.2.1012.exe 2014-06-20 09:11 - 2014-06-20 05:41 - 01333465 ____N () C:\Users\Kiefer\Desktop\adwcleaner_3.212.exe 2014-06-20 09:11 - 2014-06-20 05:41 - 01016261 ____N (Thisisu) C:\Users\Kiefer\Desktop\JRT.exe 2014-06-20 09:11 - 2014-06-20 05:40 - 02623656 ____N (VS Revo Group Ltd.) C:\Users\Kiefer\Desktop\revosetup95.exe 2014-06-18 10:51 - 2014-06-18 10:52 - 00041990 _____ () C:\Users\Kiefer\Desktop\Addition.txt 2014-06-18 10:50 - 2014-06-29 10:53 - 00019867 _____ () C:\Users\Kiefer\Desktop\FRST.txt 2014-06-18 10:50 - 2014-06-29 10:53 - 00000000 ____D () C:\FRST 2014-06-18 10:48 - 2014-06-22 17:08 - 02083328 _____ (Farbar) C:\Users\Kiefer\Desktop\FRST64.exe 2014-06-16 16:41 - 2014-06-17 16:36 - 00010014 _____ () C:\Users\Kiefer\Desktop\gme.xlsx 2014-06-16 05:33 - 2014-06-16 05:33 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain 2014-06-15 18:25 - 2014-06-22 21:41 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\Mp3tag 2014-06-15 15:33 - 2014-06-15 15:33 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\TuneUp Software 2014-06-15 15:33 - 2014-06-15 15:33 - 00000000 ____D () C:\Users\Kiefer\AppData\Local\TuneUp Software 2014-06-15 15:32 - 2014-06-15 15:34 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-06-15 15:32 - 2014-06-15 15:32 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-06-15 15:29 - 2014-06-15 15:48 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\DVDVideoSoft 2014-06-15 15:26 - 2014-06-15 15:29 - 34314288 _____ (DVDVideoSoft Ltd. ) C:\Users\Kiefer\Downloads\FreeAudioConverter5.0.43.605.exe 2014-06-15 15:22 - 2014-06-15 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag 2014-06-15 15:21 - 2014-06-15 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain 2014-06-15 15:20 - 2014-06-15 15:21 - 02638704 _____ () C:\Users\Kiefer\Downloads\mp3tagv259asetup.exe 2014-06-15 15:15 - 2014-06-15 15:15 - 00000000 ____D () C:\ProgramData\Licenses 2014-06-15 15:14 - 2014-06-15 15:14 - 01980509 _____ () C:\Users\Kiefer\Downloads\mp3gain-win-full-1_3_4.exe 2014-06-13 13:44 - 2014-06-13 13:44 - 00001157 _____ () C:\Users\Public\Desktop\Suntool.lnk 2014-06-13 13:43 - 2014-06-13 13:43 - 05923765 _____ (SolarWorld AG ) C:\Users\Kiefer\Downloads\SetupSuntool (1).exe 2014-06-13 13:27 - 2014-06-13 13:27 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\Engelmann Media 2014-06-13 09:10 - 2014-06-13 09:10 - 00001154 _____ () C:\Users\Public\Desktop\Formatwandler 4 SE.lnk 2014-06-13 09:10 - 2014-06-13 09:10 - 00000000 ____D () C:\ProgramData\Engelmann Media 2014-06-13 09:09 - 2014-06-13 09:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\S.A.D 2014-06-13 09:09 - 2014-06-13 09:09 - 00000000 ____D () C:\Program Files (x86)\S.A.D 2014-06-13 05:51 - 2014-06-22 17:44 - 00000000 ____D () C:\temp 2014-06-13 05:41 - 2014-06-13 05:45 - 31167936 _____ (S.A.D.) C:\Users\Kiefer\Downloads\formatconverter6.exe 2014-06-12 21:28 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-06-12 21:28 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2014-06-12 21:28 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-12 21:28 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-06-12 21:21 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-12 21:21 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-12 21:21 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2014-06-12 21:21 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-06-12 21:21 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2014-06-12 21:21 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-06-12 21:21 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2014-06-12 21:21 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-06-12 21:19 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-06-12 21:19 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2014-06-12 21:16 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-12 21:16 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-12 21:16 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-06-12 21:16 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-06-12 21:16 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-06-12 21:16 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-06-12 21:15 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-12 21:15 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-06-12 21:15 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-12 21:15 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-12 21:15 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-06-12 21:15 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-06-12 21:15 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-12 21:15 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-06-12 21:15 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-12 21:15 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-06-12 21:15 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-06-12 21:15 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-06-12 21:15 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-12 21:15 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-12 21:15 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-06-12 21:15 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-06-12 21:15 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-12 21:15 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-06-12 21:15 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-12 21:15 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-06-12 21:15 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-06-12 21:15 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-06-12 21:15 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-06-12 21:15 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-06-12 21:15 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-06-12 21:15 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-12 21:15 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-06-12 21:15 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-06-12 21:15 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-12 21:15 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-06-12 21:15 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-06-12 21:15 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-06-12 21:15 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-06-12 21:15 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-06-12 21:15 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-06-12 21:15 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-12 21:15 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-06-12 21:15 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-06-12 21:15 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-06-12 21:15 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-12 21:15 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-06-12 21:15 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-12 21:15 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-06-12 21:15 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-06-12 21:15 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-06-12 21:15 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-06-12 21:07 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-12 21:07 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-12 12:17 - 2014-06-12 12:17 - 00009413 _____ () C:\Users\Kiefer\Desktop\Mappe1.xlsx 2014-06-12 05:58 - 2014-06-12 05:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-09 15:24 - 2014-06-09 15:24 - 00001175 _____ () C:\Users\Kiefer\Desktop\Amazon Cloud Player.lnk 2014-06-09 15:23 - 2014-06-09 15:24 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player 2014-06-09 15:23 - 2014-06-09 15:24 - 00000000 ____D () C:\Users\Kiefer\AppData\Local\Amazon Cloud Player 2014-06-09 14:22 - 2014-06-09 14:22 - 00000066 _____ () C:\Windows\wiso.ini 2014-06-09 14:22 - 2014-06-09 14:22 - 00000000 ____D () C:\Users\Kiefer\Documents\Steuer 2014-06-09 14:22 - 2014-06-09 14:22 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steuer 2013 2014-06-09 14:22 - 2014-06-09 14:22 - 00000000 ____D () C:\Users\Kiefer\AppData\Local\Buhl 2014-06-09 14:18 - 2014-06-09 14:18 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\InstallShield Installation Information 2014-06-09 14:16 - 2014-06-09 14:22 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH 2014-06-04 08:32 - 2014-06-04 08:49 - 00049289 _____ () C:\Users\Kiefer\Downloads\Siebenpfeiffer.suntool 2014-06-03 09:32 - 2014-06-03 09:32 - 00000545 _____ () C:\Users\Kiefer\Downloads\Anna_Fenninger_.vcf 2014-06-03 07:47 - 2014-06-03 07:47 - 00000000 ____D () C:\Users\Kiefer\AppData\Local\.elfohilfe 2014-06-01 17:56 - 2014-06-01 17:56 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\elsterformular 2014-06-01 17:54 - 2014-06-01 17:55 - 00000000 ____D () C:\ProgramData\elsterformular 2014-06-01 17:54 - 2014-06-01 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2014-06-01 17:53 - 2014-06-01 17:53 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular 2014-06-01 17:43 - 2014-06-01 17:52 - 118565328 _____ (Landesfinanzdirektion Thüringen) C:\Users\Kiefer\Downloads\ElsterFormular-15.2.20140326u.exe ==================== One Month Modified Files and Folders ======= 2014-06-29 11:05 - 2014-06-22 17:28 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-29 11:05 - 2014-06-18 10:50 - 00019867 _____ () C:\Users\Kiefer\Desktop\FRST.txt 2014-06-29 11:04 - 2014-04-15 12:45 - 00000043 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini 2014-06-29 10:53 - 2014-06-18 10:50 - 00000000 ____D () C:\FRST 2014-06-29 10:50 - 2014-06-24 13:59 - 00000568 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4206700253-882151942-3262977069-1300.job 2014-06-29 10:50 - 2009-07-14 06:45 - 00037792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-29 10:50 - 2009-07-14 06:45 - 00037792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-29 10:49 - 2014-04-30 05:28 - 00005136 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for STREB-AD-Kiefer SB-NB-Kiefer7.STREB-AD.friedrich-streb.de 2014-06-29 10:47 - 2013-09-30 18:13 - 01214981 _____ () C:\Windows\WindowsUpdate.log 2014-06-29 10:43 - 2014-04-15 11:23 - 00017920 _____ () C:\Windows\SysWOW64\rpcnetp.dll 2014-06-29 10:43 - 2014-04-15 11:22 - 00017920 _____ () C:\Windows\SysWOW64\rpcnetp.exe 2014-06-29 10:43 - 2014-04-15 11:22 - 00017920 _____ () C:\Windows\system32\rpcnetp.exe 2014-06-29 10:43 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-29 10:43 - 2009-07-14 06:51 - 00043677 _____ () C:\Windows\setupact.log 2014-06-27 17:23 - 2013-10-01 07:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-27 13:58 - 2014-04-28 11:14 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\.oit 2014-06-27 12:54 - 2014-04-15 13:39 - 00000160 _____ () C:\Windows\system32\config\netlogon.ftl 2014-06-27 12:46 - 2014-04-28 08:28 - 00005134 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for {b6104221-2e7c-48a2-9302-edf72d0ce1a8} SB-NB-Kiefer7.STREB-AD.friedrich-streb.de 2014-06-26 11:15 - 2014-06-26 11:10 - 00044591 _____ () C:\Users\Kiefer\Desktop\PREISE.xlsm 2014-06-26 05:50 - 2014-06-26 05:50 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-06-25 13:39 - 2014-05-28 09:05 - 01775414 _____ () C:\Users\Kiefer\Desktop\MWSnap001.bmp 2014-06-25 09:39 - 2014-05-23 08:20 - 00000000 ____D () C:\Users\Kiefer\AppData\Local\Deployment 2014-06-24 17:05 - 2014-06-24 17:05 - 00000000 ____D () C:\ProgramData\EPSON 2014-06-24 17:05 - 2014-06-24 17:03 - 14896640 _____ () C:\Users\Kiefer\Downloads\epson374991eu.exe 2014-06-24 17:02 - 2014-06-24 17:02 - 00000930 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk 2014-06-24 17:02 - 2014-06-24 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON 2014-06-24 17:02 - 2014-06-24 17:02 - 00000000 ____D () C:\Program Files (x86)\epson 2014-06-24 17:01 - 2014-06-24 16:59 - 12419072 _____ () C:\Users\Kiefer\Downloads\epson376742eu.exe 2014-06-24 14:00 - 2014-06-24 14:00 - 00002584 _____ () C:\Users\Kiefer\Desktop\GoToMeeting Quick Connect.lnk 2014-06-24 13:59 - 2014-06-24 13:59 - 00003596 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-4206700253-882151942-3262977069-1300 2014-06-24 13:59 - 2014-04-16 11:43 - 00000000 ____D () C:\Users\Kiefer\AppData\Local\Citrix 2014-06-24 05:46 - 2014-06-24 05:46 - 02347384 _____ (ESET) C:\Users\Kiefer\Downloads\esetsmartinstaller_deu.exe 2014-06-24 05:46 - 2014-06-24 05:46 - 00854367 _____ () C:\Users\Kiefer\Downloads\SecurityCheck.exe 2014-06-24 05:42 - 2014-06-22 18:01 - 00000000 ____D () C:\AdwCleaner 2014-06-24 05:38 - 2010-11-21 05:47 - 00124510 _____ () C:\Windows\PFRO.log 2014-06-23 13:23 - 2014-04-21 15:49 - 00000000 ____D () C:\Users\Kiefer\Desktop\Stiebel Eltron 2014-06-23 12:44 - 2014-06-23 12:44 - 00000000 ____D () C:\Users\Kiefer\AppData\Local\SolarWorld 2014-06-23 05:54 - 2014-06-23 05:54 - 00000828 _____ () C:\Users\Kiefer\Desktop\JRT.txt 2014-06-23 05:47 - 2014-06-23 05:47 - 00000000 ____D () C:\Windows\ERUNT 2014-06-23 05:43 - 2014-06-23 05:43 - 00039496 _____ () C:\Users\Kiefer\Desktop\mbam.txt 2014-06-22 21:41 - 2014-06-15 18:25 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\Mp3tag 2014-06-22 18:08 - 2014-06-22 18:08 - 00002667 _____ () C:\Users\Kiefer\Desktop\AdwCleaner[S0].txt 2014-06-22 17:46 - 2014-06-22 17:46 - 00000000 ____D () C:\Avenger 2014-06-22 17:44 - 2014-06-13 05:51 - 00000000 ____D () C:\temp 2014-06-22 17:27 - 2014-06-22 17:27 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-22 17:27 - 2014-06-22 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-22 17:27 - 2014-06-22 17:27 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-22 17:27 - 2014-06-22 17:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-22 17:21 - 2014-06-22 17:21 - 00001264 _____ () C:\Users\Kiefer\Desktop\Revo Uninstaller.lnk 2014-06-22 17:21 - 2014-06-22 17:21 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-06-22 17:08 - 2014-06-22 17:08 - 00000000 ____D () C:\Users\Kiefer\Desktop\FRST-OlderVersion 2014-06-22 17:08 - 2014-06-18 10:48 - 02083328 _____ (Farbar) C:\Users\Kiefer\Desktop\FRST64.exe 2014-06-20 05:42 - 2014-06-20 09:11 - 17292760 ____N (Malwarebytes Corporation ) C:\Users\Kiefer\Desktop\mbam-setup-2.0.2.1012.exe 2014-06-20 05:41 - 2014-06-20 09:11 - 01333465 ____N () C:\Users\Kiefer\Desktop\adwcleaner_3.212.exe 2014-06-20 05:41 - 2014-06-20 09:11 - 01016261 ____N (Thisisu) C:\Users\Kiefer\Desktop\JRT.exe 2014-06-20 05:40 - 2014-06-20 09:11 - 02623656 ____N (VS Revo Group Ltd.) C:\Users\Kiefer\Desktop\revosetup95.exe 2014-06-19 12:20 - 2014-04-22 05:35 - 00000000 ____D () C:\Users\Kiefer\AppData\Local\CrashDumps 2014-06-18 10:52 - 2014-06-18 10:51 - 00041990 _____ () C:\Users\Kiefer\Desktop\Addition.txt 2014-06-18 05:58 - 2014-05-26 15:54 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2014-06-18 05:55 - 2014-04-16 11:43 - 00001421 _____ () C:\Users\Kiefer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-06-18 05:55 - 2013-10-01 06:25 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-06-18 05:55 - 2013-10-01 06:25 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-06-17 16:36 - 2014-06-16 16:41 - 00010014 _____ () C:\Users\Kiefer\Desktop\gme.xlsx 2014-06-16 11:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-06-16 05:33 - 2014-06-16 05:33 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain 2014-06-15 17:12 - 2014-04-16 11:43 - 00000000 ____D () C:\Users\Kiefer\AppData\Local\VirtualStore 2014-06-15 15:48 - 2014-06-15 15:29 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\DVDVideoSoft 2014-06-15 15:48 - 2014-04-21 15:48 - 00000000 ____D () C:\Users\Kiefer\Desktop\Heiko Kiefer 2014-06-15 15:34 - 2014-06-15 15:32 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-06-15 15:33 - 2014-06-15 15:33 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\TuneUp Software 2014-06-15 15:33 - 2014-06-15 15:33 - 00000000 ____D () C:\Users\Kiefer\AppData\Local\TuneUp Software 2014-06-15 15:32 - 2014-06-15 15:32 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-06-15 15:29 - 2014-06-15 15:26 - 34314288 _____ (DVDVideoSoft Ltd. ) C:\Users\Kiefer\Downloads\FreeAudioConverter5.0.43.605.exe 2014-06-15 15:22 - 2014-06-15 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag 2014-06-15 15:21 - 2014-06-15 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain 2014-06-15 15:21 - 2014-06-15 15:20 - 02638704 _____ () C:\Users\Kiefer\Downloads\mp3tagv259asetup.exe 2014-06-15 15:15 - 2014-06-15 15:15 - 00000000 ____D () C:\ProgramData\Licenses 2014-06-15 15:14 - 2014-06-15 15:14 - 01980509 _____ () C:\Users\Kiefer\Downloads\mp3gain-win-full-1_3_4.exe 2014-06-13 13:44 - 2014-06-13 13:44 - 00001157 _____ () C:\Users\Public\Desktop\Suntool.lnk 2014-06-13 13:43 - 2014-06-13 13:43 - 05923765 _____ (SolarWorld AG ) C:\Users\Kiefer\Downloads\SetupSuntool (1).exe 2014-06-13 13:27 - 2014-06-13 13:27 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\Engelmann Media 2014-06-13 09:10 - 2014-06-13 09:10 - 00001154 _____ () C:\Users\Public\Desktop\Formatwandler 4 SE.lnk 2014-06-13 09:10 - 2014-06-13 09:10 - 00000000 ____D () C:\ProgramData\Engelmann Media 2014-06-13 09:09 - 2014-06-13 09:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\S.A.D 2014-06-13 09:09 - 2014-06-13 09:09 - 00000000 ____D () C:\Program Files (x86)\S.A.D 2014-06-13 05:45 - 2014-06-13 05:41 - 31167936 _____ (S.A.D.) C:\Users\Kiefer\Downloads\formatconverter6.exe 2014-06-13 05:34 - 2011-04-12 09:43 - 00699342 _____ () C:\Windows\system32\perfh007.dat 2014-06-13 05:34 - 2011-04-12 09:43 - 00149450 _____ () C:\Windows\system32\perfc007.dat 2014-06-13 05:34 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-13 05:22 - 2013-10-01 06:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-12 21:32 - 2014-04-15 13:47 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2014-06-12 21:32 - 2014-04-15 13:45 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-06-12 21:08 - 2014-05-07 06:03 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-06-12 12:17 - 2014-06-12 12:17 - 00009413 _____ () C:\Users\Kiefer\Desktop\Mappe1.xlsx 2014-06-12 05:58 - 2014-06-12 05:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-09 15:24 - 2014-06-09 15:24 - 00001175 _____ () C:\Users\Kiefer\Desktop\Amazon Cloud Player.lnk 2014-06-09 15:24 - 2014-06-09 15:23 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player 2014-06-09 15:24 - 2014-06-09 15:23 - 00000000 ____D () C:\Users\Kiefer\AppData\Local\Amazon Cloud Player 2014-06-09 14:22 - 2014-06-09 14:22 - 00000066 _____ () C:\Windows\wiso.ini 2014-06-09 14:22 - 2014-06-09 14:22 - 00000000 ____D () C:\Users\Kiefer\Documents\Steuer 2014-06-09 14:22 - 2014-06-09 14:22 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steuer 2013 2014-06-09 14:22 - 2014-06-09 14:22 - 00000000 ____D () C:\Users\Kiefer\AppData\Local\Buhl 2014-06-09 14:22 - 2014-06-09 14:16 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH 2014-06-09 14:18 - 2014-06-09 14:18 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\InstallShield Installation Information 2014-06-08 11:13 - 2014-06-12 21:07 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-08 11:08 - 2014-06-12 21:07 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-04 08:49 - 2014-06-04 08:32 - 00049289 _____ () C:\Users\Kiefer\Downloads\Siebenpfeiffer.suntool 2014-06-03 09:32 - 2014-06-03 09:32 - 00000545 _____ () C:\Users\Kiefer\Downloads\Anna_Fenninger_.vcf 2014-06-03 07:47 - 2014-06-03 07:47 - 00000000 ____D () C:\Users\Kiefer\AppData\Local\.elfohilfe 2014-06-02 09:21 - 2014-04-17 13:29 - 00000000 ____D () C:\Heiko Kiefer 2014-06-02 07:27 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-06-01 17:56 - 2014-06-01 17:56 - 00000000 ____D () C:\Users\Kiefer\AppData\Roaming\elsterformular 2014-06-01 17:55 - 2014-06-01 17:54 - 00000000 ____D () C:\ProgramData\elsterformular 2014-06-01 17:54 - 2014-06-01 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2014-06-01 17:53 - 2014-06-01 17:53 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular 2014-06-01 17:52 - 2014-06-01 17:43 - 118565328 _____ (Landesfinanzdirektion Thüringen) C:\Users\Kiefer\Downloads\ElsterFormular-15.2.20140326u.exe 2014-05-30 12:21 - 2014-06-12 21:15 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-30 12:02 - 2014-06-12 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-30 12:02 - 2014-06-12 21:15 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-05-30 11:45 - 2014-06-12 21:15 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-05-30 11:39 - 2014-06-12 21:15 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-05-30 11:39 - 2014-06-12 21:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-05-30 11:38 - 2014-06-12 21:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-05-30 11:28 - 2014-06-12 21:15 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-05-30 11:27 - 2014-06-12 21:15 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-05-30 11:24 - 2014-06-12 21:16 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-05-30 11:21 - 2014-06-12 21:15 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-05-30 11:21 - 2014-06-12 21:15 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-05-30 11:20 - 2014-06-12 21:16 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-05-30 11:18 - 2014-06-12 21:15 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-30 11:11 - 2014-06-12 21:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-05-30 11:08 - 2014-06-12 21:15 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-05-30 11:06 - 2014-06-12 21:15 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-05-30 11:02 - 2014-06-12 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-30 10:55 - 2014-06-12 21:15 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-05-30 10:49 - 2014-06-12 21:15 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-05-30 10:46 - 2014-06-12 21:15 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-30 10:44 - 2014-06-12 21:15 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-05-30 10:44 - 2014-06-12 21:15 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-05-30 10:43 - 2014-06-12 21:15 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-05-30 10:42 - 2014-06-12 21:15 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-05-30 10:38 - 2014-06-12 21:15 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-05-30 10:35 - 2014-06-12 21:15 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-05-30 10:34 - 2014-06-12 21:15 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-05-30 10:33 - 2014-06-12 21:15 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-05-30 10:30 - 2014-06-12 21:16 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-05-30 10:29 - 2014-06-12 21:15 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-05-30 10:28 - 2014-06-12 21:15 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-05-30 10:27 - 2014-06-12 21:16 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-05-30 10:24 - 2014-06-12 21:15 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-05-30 10:23 - 2014-06-12 21:15 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-05-30 10:16 - 2014-06-12 21:15 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-05-30 10:10 - 2014-06-12 21:15 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-05-30 10:06 - 2014-06-12 21:15 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-05-30 10:04 - 2014-06-12 21:15 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-30 10:02 - 2014-06-12 21:15 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-05-30 09:56 - 2014-06-12 21:15 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-05-30 09:56 - 2014-06-12 21:15 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-05-30 09:54 - 2014-06-12 21:15 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-05-30 09:50 - 2014-06-12 21:15 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-05-30 09:49 - 2014-06-12 21:15 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-05-30 09:43 - 2014-06-12 21:15 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-05-30 09:40 - 2014-06-12 21:15 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-05-30 09:30 - 2014-06-12 21:15 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-05-30 09:21 - 2014-06-12 21:15 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-05-30 09:15 - 2014-06-12 21:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-05-30 09:13 - 2014-06-12 21:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-05-30 09:13 - 2014-06-12 21:15 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll Some content of TEMP: ==================== C:\Users\Kiefer\AppData\Local\Temp\6_Offer_16.exe C:\Users\Kiefer\AppData\Local\Temp\BackupSetup.exe C:\Users\Kiefer\AppData\Local\Temp\DseShExt-x64.dll C:\Users\Kiefer\AppData\Local\Temp\DseShExt-x86.dll C:\Users\Kiefer\AppData\Local\Temp\f.exe C:\Users\Kiefer\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Kiefer\AppData\Local\Temp\nsnBD19.tmp.exe C:\Users\Kiefer\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\Kiefer\AppData\Local\Temp\SDShelEx-x64.dll C:\Users\Kiefer\AppData\Local\Temp\System.Data.SQLite.dll C:\Users\Kiefer\AppData\Local\Temp\System.Data.SQLite27274.dll C:\Users\Kiefer\AppData\Local\Temp\System.Data.SQLite36683.dll C:\Users\Kiefer\AppData\Local\Temp\System.Data.SQLite45012.dll C:\Users\Kiefer\AppData\Local\Temp\System.Data.SQLite59074.dll C:\Users\Kiefer\AppData\Local\Temp\System.Data.SQLite73666.dll C:\Users\Kiefer\AppData\Local\Temp\System.Data.SQLite79917.dll C:\Users\Kiefer\AppData\Local\Temp\System.Data.SQLite80414.dll C:\Users\Kiefer\AppData\Local\Temp\System.Data.SQLite82237.dll C:\Users\Kiefer\AppData\Local\Temp\vcredist_x64.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-19 15:36 ==================== End Of Log ============================ |
|
29.06.2014, 13:35
| #12 |
| /// the machine /// TB-Ausbilder | Proxy Server Einstellung 127.0.0.1 muss man dir alles aus der Nase ziehen? Nicht möglich mal meine ANweisungen alle am Stück durch zu machen? Frage obes noch Probleme gibt wurde ignoriert, also bedeutet das für mich es gibt keine mehr. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.07.2014, 06:00
| #13 |
| | Proxy Server Einstellung 127.0.0.1 Hallo, sorry, hatte Deine Antwort nicht richtig bis zum Schluss durchgelesen... Zuerst aber, vielen Dank! Es funktioniert wieder alles...! Habe Deine Tipps zur Absicherung befolgt. Gruß Kief15 |
|
08.07.2014, 20:09
| #14 |
| /// the machine /// TB-Ausbilder | Proxy Server Einstellung 127.0.0.1 Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
Revo Uninstaller herunter.
dann auf 
und dann auf 
.
