Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7: websearch.de Virus? ständig poppen neue Seiten im Browser auf

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 24.06.2014, 22:43   #1
Lolle74
 
Windows 7: websearch.de Virus? ständig poppen neue Seiten im Browser auf - Standard

Windows 7: websearch.de Virus? ständig poppen neue Seiten im Browser auf



Liebes Trojaner-Board-Team!

Ich habe das Notebook eines Freundes zum "Viren-Bereinigen" erhalten und bin als Laie leider mit meinem Latein am Ende. Ständig poppen neue Seiten im Browser auf. Vor allem eine über WIndows 7 Update, Toolkit-Download usw...
Als Startseite im IE hatte sich websearch.de eingenistet, was sich nicht mehr rausnehmen ließ. Diese Seite wurde noch dazu monatelang genutzt, da man sich dieser Schadsoftware nicht bewusst war.. Eine Fireall/Antiviren-Software hatte man nicht!

Nach Installation und Suchlauf von Comodo Firewall, Malwarebyte, Spybot, Adwcleaner konnten einen Haufen infizierte Objekte beseitigt werden. Mit dabei war auch eine Exe-Datei, den Namen weiß ich nicht mehr, Spybot hat es gefunden und gelöscht (?). (EIne Logdatei, um diese hier einzufügen, finde ich außer unter Malwarebytes nicht...)

IE ist inzwischen deaktiviert, Firefox installiert. Hier allerdings seit heute das gleiche.. neue Seiten poppen auf...

Hoffe, ihr könnt helfen, das Notebook wieder clean zu bekommen und eine komplette Neuinstallation zu vermeiden..

Es folgen nun die ganzen Log-Dateien. Im voraus vielen herzlich Dank.

Lolle

Nachtrag: Wegen Länge als Zip

Alt 24.06.2014, 23:13   #2
Bootsektor
/// TB-Ausbilder
 
Windows 7: websearch.de Virus? ständig poppen neue Seiten im Browser auf - Standard

Windows 7: websearch.de Virus? ständig poppen neue Seiten im Browser auf





Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem
  • Führe bitte nur Scans durch zu denen Du von mir aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
  • Poste die Logfiles direkt in deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 2 Tagen nichts von mir hörst, dann schreibe mir bitte eine PM.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist.

Posten in Code Tags
Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke.
Dazu:
  • Klicke über dem Antwortfenster auf die Raute #, dann steht dort in eckigen Klammern [] CODE /CODE.
  • Zwischen den beiden code-Bausteinen fügst Du dann deine Logfiles ein. Also CODE Logfile /CODE
  • Wenn die Logs zu lang sein sollten, dann teile sie bitte auf und poste sie dann hier in Deinem Thread, notfalls in mehreren Antworten.

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 25.06.2014, 07:48   #3
Lolle74
 
Windows 7: websearch.de Virus? ständig poppen neue Seiten im Browser auf - Standard

Windows 7: websearch.de Virus? ständig poppen neue Seiten im Browser auf



guten Morgen,

vielen dAnk für die schnelle Antwort.

Hier nun die FRST:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014
Ran by Roland (administrator) on ROLAND-HP on 25-06-2014 07:40:15
Running from C:\Users\Roland\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Users\Roland\AppData\Local\atfseqk.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit_manager.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-01-07] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2011-01-07] (Atheros Commnucations)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [835072 2011-01-27] (IDT, Inc.)
HKLM\...\Run: [MfeEpePcMonitor] => C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704 2012-04-05] ()
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2996792 2011-07-15] (Hewlett-Packard Company)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2013-03-10] (Synaptics Incorporated)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12274688 2011-02-07] (Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HP HD Webcam [Fixed]_Monitor] => C:\Program Files (x86)\HP HD Webcam [Fixed]\monitor.exe [267128 2010-11-26] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.)
HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-04-05] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [HPQuickWebProxy] => c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-11-10] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-28] (ArcSoft Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [282624 2006-09-01] (Apple Computer, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [333728 2012-06-20] (Hewlett-Packard Company)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-11] (PDF Complete Inc)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-06-06] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3276168417-1710210912-3039652309-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-3276168417-1710210912-3039652309-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3276168417-1710210912-3039652309-1001\...\Run: [atfseqk] => c:\users\roland\appdata\local\atfseqk.exe [2908160 2014-06-19] ()
HKU\S-1-5-21-3276168417-1710210912-3039652309-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-3276168417-1710210912-3039652309-1001\...\MountPoints2: {f2544118-11ef-11e2-9dc7-9cb70d6545a6} - H:\SETUP.EXE
Lsa: [Notification Packages] EpePcNp64 DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HD Writer.lnk
ShortcutTarget: HD Writer.lnk -> C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare Software.lnk
ShortcutTarget: Kodak EasyShare Software.lnk -> C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\COMODO\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {959DCE3C-ED81-4300-AD37-3ED717C16017} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\c69wdafk.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2011-12-23]

Chrome: 
=======
CHR HomePage: 
CHR NewTab: "chrome-extension://iagcajndpnfncplednpbnkahadegklfa/content/newtab/newtab.html"
CHR DefaultSearchKeyword: webssearches
CHR DefaultSearchProvider: webssearches
CHR Extension: (Docs) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-17]
CHR Extension: (Google Drive) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-17]
CHR Extension: (YouTube) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-17]
CHR Extension: (Google-Suche) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-17]
CHR Extension: (No Name) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\ealchnonpofjocgofjpopjdoegbbkofj [2014-04-17]
CHR Extension: (Google Wallet) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-17]
CHR Extension: (Google Mail) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-17]

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-01-07] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [53920 2011-01-07] (Atheros Commnucations) [File not signed]
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70864 2014-06-10] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6817544 2014-04-16] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [481104 2011-02-12] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [476728 2011-09-05] (Hewlett-Packard Company)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-06-06] (Comodo Security Solutions, Inc.)
R3 HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2011-01-12] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company)
R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [320000 2011-02-07] (Hewlett-Packard) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [523680 2012-06-20] (Hewlett-Packard Company)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1323008 2012-04-05] () [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-11] (PDF Complete Inc)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
S2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-03-07] (Xobni Corporation)

==================== Drivers (Whitelisted) ====================

R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2013-05-07] (Windows (R) Win 7 DDK provider) [File not signed]
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2014-04-16] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-04-16] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2014-04-16] (COMODO)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64312 2011-05-10] (Hewlett-Packard Company)
R1 HMD; C:\Windows\System32\DRIVERS\hmd.sys [14888 2013-10-07] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105552 2014-04-16] (COMODO)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [100808 2012-04-05] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158920 2012-04-05] (McAfee, Inc.)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [2612728 2011-02-12] (Sunplus Technology)
R1 {b99c8534-7800-48fa-bd71-519a46cdc7e1}Gw64; C:\Windows\System32\drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}Gw64.sys [61120 2014-04-24] (StdLib)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-24 22:38 - 2014-06-24 22:38 - 00037532 _____ () C:\Users\Roland\Desktop\Logfiles.7z
2014-06-24 22:34 - 2014-06-24 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-24 22:34 - 2014-06-24 22:34 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-06-24 21:41 - 2014-06-24 21:41 - 00001290 _____ () C:\Users\Roland\Desktop\Malwarebytes 24.06..txt
2014-06-24 21:40 - 2014-06-24 21:40 - 00273681 _____ () C:\Users\Roland\Desktop\Malwarebytes 19.06..txt
2014-06-24 21:24 - 2014-06-24 21:24 - 00001678 _____ () C:\Users\Roland\Desktop\gmer.txt
2014-06-24 20:58 - 2014-06-24 20:58 - 00380416 _____ () C:\Users\Roland\Desktop\Gmer-19357.exe
2014-06-24 20:52 - 2014-06-24 20:54 - 00058508 _____ () C:\Users\Roland\Desktop\Addition.txt
2014-06-24 20:51 - 2014-06-25 07:40 - 00026752 _____ () C:\Users\Roland\Desktop\FRST.txt
2014-06-24 20:50 - 2014-06-25 07:40 - 00000000 ____D () C:\FRST
2014-06-24 20:49 - 2014-06-24 20:49 - 02082816 _____ (Farbar) C:\Users\Roland\Desktop\FRST64.exe
2014-06-24 20:46 - 2014-06-24 20:46 - 00000474 _____ () C:\Users\Roland\Desktop\defogger_disable.log
2014-06-24 20:46 - 2014-06-24 20:46 - 00000000 _____ () C:\Users\Roland\defogger_reenable
2014-06-24 20:44 - 2014-06-24 20:44 - 00050477 _____ () C:\Users\Roland\Desktop\Defogger.exe
2014-06-24 20:07 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-06-24 20:06 - 2014-06-24 20:21 - 00000000 ____D () C:\AdwCleaner
2014-06-24 20:01 - 2014-06-24 20:01 - 01342659 _____ () C:\Users\Roland\Desktop\adwcleaner_3.213.exe
2014-06-24 19:34 - 2014-06-24 19:34 - 00000000 ____D () C:\Users\Roland\AppData\Local\Macromedia
2014-06-24 19:26 - 2014-06-24 19:26 - 00001536 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-06-24 19:26 - 2014-06-24 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-06-24 19:25 - 2014-06-24 19:27 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\DVDVideoSoft
2014-06-24 19:25 - 2014-06-24 19:26 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-06-19 23:02 - 2014-06-19 23:03 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-19 23:02 - 2014-06-19 23:02 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-19 22:29 - 2014-06-19 22:29 - 00000000 ____D () C:\windows\System32\Tasks\COMODO
2014-06-19 22:28 - 2014-06-25 07:34 - 01065344 _____ () C:\windows\system32\Drivers\sfi.dat
2014-06-19 22:26 - 2014-06-19 22:29 - 00000000 ___SD () C:\ProgramData\Shared Space
2014-06-19 22:26 - 2014-06-19 22:26 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2014-06-19 21:20 - 2009-06-10 23:00 - 00000824 _____ () C:\windows\system32\Drivers\etc\hosts.20140619-212056.backup
2014-06-19 21:07 - 2014-06-19 21:08 - 00000452 _____ () C:\windows\wininit.ini
2014-06-19 20:27 - 2014-06-19 21:15 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-19 20:27 - 2014-06-19 20:28 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-19 20:27 - 2014-06-19 20:27 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-19 20:27 - 2014-06-19 20:27 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-19 20:27 - 2014-06-19 20:27 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2014-06-19 20:27 - 2014-06-19 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-19 20:27 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2014-06-19 18:12 - 2014-06-19 18:12 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\LavasoftStatistics
2014-06-19 18:08 - 2014-06-19 18:08 - 00000017 _____ () C:\ProgramData\adaware-installer-reboot-required.tmp
2014-06-19 18:07 - 2014-06-19 18:07 - 00000000 ____D () C:\Program Files\Lavasoft
2014-06-19 18:06 - 2014-06-19 18:06 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\Lavasoft
2014-06-19 18:06 - 2014-06-19 18:06 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-06-19 18:05 - 2014-06-19 18:05 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-06-19 17:58 - 2014-06-19 17:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\Roland\Desktop\HiJackThis204.exe
2014-06-19 17:44 - 2014-06-19 17:44 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-19 17:44 - 2014-06-19 17:44 - 00000000 ____D () C:\Users\Roland\AppData\Local\Mozilla
2014-06-19 17:44 - 2014-06-19 17:44 - 00000000 ____D () C:\ProgramData\Mozilla
2014-06-19 17:44 - 2014-06-19 17:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-19 17:43 - 2014-06-19 17:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-19 17:01 - 2014-06-24 22:34 - 00000000 ____D () C:\Users\Roland\Documents\Software
2014-06-19 17:01 - 2014-06-19 17:01 - 00000000 ____D () C:\Users\Roland\Documents\Neuer Ordner
2014-06-19 15:38 - 2014-06-24 21:37 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-19 15:38 - 2014-06-19 15:38 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-19 15:38 - 2014-06-19 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-19 15:38 - 2014-06-19 15:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-19 15:38 - 2014-06-19 15:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-19 15:38 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-06-19 15:38 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-06-19 15:38 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-06-19 14:48 - 2014-06-19 14:48 - 00000000 ____D () C:\Users\Roland\AppData\Local\AdTrustMedia
2014-06-19 14:46 - 2014-06-19 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2014-06-19 14:46 - 2014-06-19 22:26 - 00000000 ____D () C:\Program Files\COMODO
2014-06-19 14:46 - 2014-06-19 14:46 - 00000000 ____D () C:\ProgramData\Adtrustmedia
2014-06-19 14:46 - 2014-06-19 14:46 - 00000000 ____D () C:\Program Files (x86)\AdTrustMedia
2014-06-19 14:43 - 2014-06-19 22:28 - 00000000 ____D () C:\ProgramData\Comodo
2014-06-19 14:29 - 2014-06-25 07:41 - 01042201 _____ () C:\Users\Roland\AppData\Local\atfseqk.gss
2014-06-19 14:29 - 2014-06-24 22:43 - 00113664 _____ () C:\Users\Roland\AppData\Local\atfseqk.gdb
2014-06-19 14:29 - 2014-06-24 18:06 - 00000336 _____ () C:\windows\Tasks\HPCeeScheduleForRoland.job
2014-06-19 14:29 - 2014-06-24 17:24 - 00003192 _____ () C:\windows\System32\Tasks\HPCeeScheduleForRoland
2014-06-19 14:29 - 2014-06-19 14:29 - 02908160 _____ () C:\Users\Roland\AppData\Local\atfseqk.exe
2014-06-17 09:20 - 2014-06-17 09:20 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2014-06-17 09:19 - 2014-06-17 09:19 - 00002419 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
2014-06-17 09:19 - 2014-06-17 09:19 - 00000000 ____D () C:\windows\WindowsMobile
2014-06-14 09:51 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-14 09:51 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-14 09:51 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-14 09:51 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-14 09:51 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-14 09:51 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-14 09:51 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-14 09:51 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-14 09:51 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-06-14 09:51 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-14 09:51 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-14 09:51 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-14 09:51 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-14 09:51 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-14 09:51 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-06-14 09:51 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-14 09:51 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-14 09:51 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-14 09:51 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-14 09:51 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-14 09:51 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-14 09:51 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-14 09:51 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-14 09:51 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2014-06-14 09:51 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2014-06-14 09:51 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-06-14 09:51 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-06-14 09:51 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2014-06-14 09:51 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-06-14 09:51 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2014-06-14 09:51 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-06-14 09:51 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2014-06-14 09:51 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-06-14 09:51 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2014-06-14 09:51 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-06-14 09:50 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-14 09:50 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-14 09:50 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-14 09:50 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-14 09:50 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-14 09:50 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-14 09:50 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-14 09:50 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-14 09:50 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-14 09:50 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-14 09:50 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-14 09:50 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-14 09:50 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-14 09:50 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-14 09:50 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-14 09:50 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-14 09:50 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-14 09:50 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-14 09:50 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-14 09:50 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-14 09:50 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-14 09:50 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-14 09:50 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-14 09:50 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-06-14 09:50 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-14 09:50 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-14 09:50 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-14 09:50 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-14 09:50 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-06-11 20:23 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-11 20:23 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-27 11:00 - 2014-05-22 18:22 - 00061120 _____ (StdLib) C:\windows\system32\Drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}w64.sys

==================== One Month Modified Files and Folders =======

2014-06-25 07:41 - 2014-06-19 14:29 - 01042201 _____ () C:\Users\Roland\AppData\Local\atfseqk.gss
2014-06-25 07:40 - 2014-06-24 20:51 - 00026752 _____ () C:\Users\Roland\Desktop\FRST.txt
2014-06-25 07:40 - 2014-06-24 20:50 - 00000000 ____D () C:\FRST
2014-06-25 07:39 - 2014-06-19 14:29 - 00113664 _____ () C:\Users\Roland\AppData\Local\atfseqk.gdb
2014-06-25 07:34 - 2014-06-19 22:28 - 01065344 _____ () C:\windows\system32\Drivers\sfi.dat
2014-06-25 07:26 - 2012-11-17 12:04 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-06-25 07:16 - 2014-04-15 16:30 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-25 07:16 - 2012-10-05 23:02 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\Skype
2014-06-25 07:16 - 2012-03-15 21:29 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-06-25 07:12 - 2009-07-14 06:45 - 00028352 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-25 07:12 - 2009-07-14 06:45 - 00028352 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-25 07:05 - 2011-12-23 02:04 - 00000000 ____D () C:\ProgramData\PDFC
2014-06-25 07:05 - 2011-12-23 02:00 - 00000000 ____D () C:\ProgramData\HPQLOG
2014-06-25 07:05 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-06-25 07:05 - 2009-07-14 06:51 - 00084930 _____ () C:\windows\setupact.log
2014-06-24 22:45 - 2012-03-15 21:14 - 01257906 _____ () C:\windows\WindowsUpdate.log
2014-06-24 22:38 - 2014-06-24 22:38 - 00037532 _____ () C:\Users\Roland\Desktop\Logfiles.7z
2014-06-24 22:34 - 2014-06-24 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-24 22:34 - 2014-06-24 22:34 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-06-24 22:34 - 2014-06-19 17:01 - 00000000 ____D () C:\Users\Roland\Documents\Software
2014-06-24 21:59 - 2014-04-15 16:30 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-24 21:41 - 2014-06-24 21:41 - 00001290 _____ () C:\Users\Roland\Desktop\Malwarebytes 24.06..txt
2014-06-24 21:40 - 2014-06-24 21:40 - 00273681 _____ () C:\Users\Roland\Desktop\Malwarebytes 19.06..txt
2014-06-24 21:37 - 2014-06-19 15:38 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-24 21:24 - 2014-06-24 21:24 - 00001678 _____ () C:\Users\Roland\Desktop\gmer.txt
2014-06-24 20:58 - 2014-06-24 20:58 - 00380416 _____ () C:\Users\Roland\Desktop\Gmer-19357.exe
2014-06-24 20:54 - 2014-06-24 20:52 - 00058508 _____ () C:\Users\Roland\Desktop\Addition.txt
2014-06-24 20:49 - 2014-06-24 20:49 - 02082816 _____ (Farbar) C:\Users\Roland\Desktop\FRST64.exe
2014-06-24 20:46 - 2014-06-24 20:46 - 00000474 _____ () C:\Users\Roland\Desktop\defogger_disable.log
2014-06-24 20:46 - 2014-06-24 20:46 - 00000000 _____ () C:\Users\Roland\defogger_reenable
2014-06-24 20:46 - 2012-10-05 19:31 - 00000000 ____D () C:\Users\Roland
2014-06-24 20:44 - 2014-06-24 20:44 - 00050477 _____ () C:\Users\Roland\Desktop\Defogger.exe
2014-06-24 20:21 - 2014-06-24 20:06 - 00000000 ____D () C:\AdwCleaner
2014-06-24 20:18 - 2010-11-21 05:47 - 00921036 _____ () C:\windows\PFRO.log
2014-06-24 20:01 - 2014-06-24 20:01 - 01342659 _____ () C:\Users\Roland\Desktop\adwcleaner_3.213.exe
2014-06-24 19:34 - 2014-06-24 19:34 - 00000000 ____D () C:\Users\Roland\AppData\Local\Macromedia
2014-06-24 19:34 - 2012-11-17 12:04 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-06-24 19:34 - 2012-11-17 12:04 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-24 19:34 - 2012-11-17 12:04 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-06-24 19:27 - 2014-06-24 19:25 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\DVDVideoSoft
2014-06-24 19:26 - 2014-06-24 19:26 - 00001536 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-06-24 19:26 - 2014-06-24 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-06-24 19:26 - 2014-06-24 19:25 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-06-24 18:12 - 2012-10-05 22:27 - 31726592 ____R () C:\Users\Public\Documents\ESBK.mbb
2014-06-24 18:12 - 2012-10-05 22:27 - 09665536 ____R () C:\Users\Public\Documents\ESBK.mb
2014-06-24 18:06 - 2014-06-19 14:29 - 00000336 _____ () C:\windows\Tasks\HPCeeScheduleForRoland.job
2014-06-24 17:24 - 2014-06-19 14:29 - 00003192 _____ () C:\windows\System32\Tasks\HPCeeScheduleForRoland
2014-06-24 07:20 - 2013-10-26 11:25 - 00003938 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{B625F410-820C-4B61-B025-64DD33DF11BC}
2014-06-19 23:03 - 2014-06-19 23:02 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-19 23:02 - 2014-06-19 23:02 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-19 23:02 - 2012-10-05 20:59 - 00000000 ____D () C:\ProgramData\Adobe
2014-06-19 23:01 - 2012-10-05 22:01 - 00000000 ____D () C:\Users\Roland\AppData\Local\Adobe
2014-06-19 22:29 - 2014-06-19 22:29 - 00000000 ____D () C:\windows\System32\Tasks\COMODO
2014-06-19 22:29 - 2014-06-19 22:26 - 00000000 ___SD () C:\ProgramData\Shared Space
2014-06-19 22:29 - 2014-06-19 14:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2014-06-19 22:28 - 2014-06-19 14:43 - 00000000 ____D () C:\ProgramData\Comodo
2014-06-19 22:26 - 2014-06-19 22:26 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2014-06-19 22:26 - 2014-06-19 14:46 - 00000000 ____D () C:\Program Files\COMODO
2014-06-19 21:15 - 2014-06-19 20:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-19 21:08 - 2014-06-19 21:07 - 00000452 _____ () C:\windows\wininit.ini
2014-06-19 20:28 - 2014-06-19 20:27 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-19 20:27 - 2014-06-19 20:27 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-19 20:27 - 2014-06-19 20:27 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-19 20:27 - 2014-06-19 20:27 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2014-06-19 20:27 - 2014-06-19 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-19 19:54 - 2014-04-15 16:30 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-19 19:54 - 2014-04-15 16:30 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-19 18:28 - 2011-02-11 06:47 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-19 18:27 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\registration
2014-06-19 18:12 - 2014-06-19 18:12 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\LavasoftStatistics
2014-06-19 18:08 - 2014-06-19 18:08 - 00000017 _____ () C:\ProgramData\adaware-installer-reboot-required.tmp
2014-06-19 18:07 - 2014-06-19 18:07 - 00000000 ____D () C:\Program Files\Lavasoft
2014-06-19 18:06 - 2014-06-19 18:06 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\Lavasoft
2014-06-19 18:06 - 2014-06-19 18:06 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-06-19 18:05 - 2014-06-19 18:05 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-06-19 17:58 - 2014-06-19 17:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\Roland\Desktop\HiJackThis204.exe
2014-06-19 17:44 - 2014-06-19 17:44 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-19 17:44 - 2014-06-19 17:44 - 00000000 ____D () C:\Users\Roland\AppData\Local\Mozilla
2014-06-19 17:44 - 2014-06-19 17:44 - 00000000 ____D () C:\ProgramData\Mozilla
2014-06-19 17:44 - 2014-06-19 17:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-19 17:43 - 2014-06-19 17:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-19 17:32 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\IME
2014-06-19 17:01 - 2014-06-19 17:01 - 00000000 ____D () C:\Users\Roland\Documents\Neuer Ordner
2014-06-19 16:46 - 2013-09-22 18:45 - 00039424 ___SH () C:\Users\Roland\Documents\Thumbs.db
2014-06-19 16:41 - 2009-07-14 04:34 - 00000580 _____ () C:\windows\win.ini
2014-06-19 16:14 - 2012-10-11 19:19 - 00000000 ____D () C:\Users\Roland\AppData\Local\CrashDumps
2014-06-19 15:38 - 2014-06-19 15:38 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-19 15:38 - 2014-06-19 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-19 15:38 - 2014-06-19 15:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-19 15:38 - 2014-06-19 15:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-19 14:50 - 2011-02-11 07:19 - 00000000 ____D () C:\Users\Administrator
2014-06-19 14:48 - 2014-06-19 14:48 - 00000000 ____D () C:\Users\Roland\AppData\Local\AdTrustMedia
2014-06-19 14:46 - 2014-06-19 14:46 - 00000000 ____D () C:\ProgramData\Adtrustmedia
2014-06-19 14:46 - 2014-06-19 14:46 - 00000000 ____D () C:\Program Files (x86)\AdTrustMedia
2014-06-19 14:29 - 2014-06-19 14:29 - 02908160 _____ () C:\Users\Roland\AppData\Local\atfseqk.exe
2014-06-19 13:41 - 2012-10-05 19:30 - 00000344 _____ () C:\windows\Tasks\HPCeeScheduleForROLAND-HP$.job
2014-06-19 13:40 - 2012-03-15 21:41 - 00000000 ____D () C:\ProgramData\Norton
2014-06-19 13:17 - 2012-11-22 09:32 - 00000000 ____D () C:\Firefox
2014-06-19 13:17 - 2012-10-05 19:48 - 00000000 ____D () C:\Users\Roland\Documents\Bluetooth Folder
2014-06-19 13:17 - 2012-10-05 19:30 - 00003220 _____ () C:\windows\System32\Tasks\HPCeeScheduleForROLAND-HP$
2014-06-19 13:00 - 2012-10-10 20:09 - 00000000 ____D () C:\Users\Roland\Documents\Outlook-Dateien
2014-06-17 09:52 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-06-17 09:20 - 2014-06-17 09:20 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2014-06-17 09:19 - 2014-06-17 09:19 - 00002419 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
2014-06-17 09:19 - 2014-06-17 09:19 - 00000000 ____D () C:\windows\WindowsMobile
2014-06-17 09:06 - 2011-12-23 00:48 - 00700118 _____ () C:\windows\system32\perfh007.dat
2014-06-17 09:06 - 2011-12-23 00:48 - 00149968 _____ () C:\windows\system32\perfc007.dat
2014-06-17 09:06 - 2009-07-14 07:13 - 01622228 _____ () C:\windows\system32\PerfStringBackup.INI
2014-06-14 09:58 - 2013-08-15 09:24 - 00000000 ____D () C:\windows\system32\MRT
2014-06-14 09:55 - 2012-12-09 17:08 - 95414520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-06-14 09:55 - 2012-10-09 11:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-14 09:54 - 2014-05-07 20:47 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-06-08 11:13 - 2014-06-11 20:23 - 00506368 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-11 20:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-30 12:21 - 2014-06-14 09:50 - 23414784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-14 09:51 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-14 09:51 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-05-30 11:46 - 2014-02-28 09:39 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-30 11:46 - 2012-03-15 21:40 - 00000000 ____D () C:\ProgramData\Skype
2014-05-30 11:45 - 2014-06-14 09:50 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-14 09:50 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-14 09:50 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-14 09:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-14 09:50 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-14 09:50 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-14 09:50 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-14 09:51 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-05-30 11:21 - 2014-06-14 09:50 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-05-30 11:20 - 2014-06-14 09:50 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-14 09:51 - 17271296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-14 09:50 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-14 09:50 - 05782528 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-14 09:51 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-14 09:50 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-14 09:51 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-14 09:50 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-14 09:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-14 09:50 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-14 09:50 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-14 09:51 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-14 09:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-14 09:51 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-14 09:50 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-14 09:51 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-14 09:51 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-14 09:51 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-14 09:51 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-14 09:50 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-14 09:51 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-14 09:50 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-14 09:50 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-14 09:51 - 00368128 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-14 09:51 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-14 09:50 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-14 09:51 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-14 09:51 - 00242688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-14 09:50 - 04244992 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-14 09:50 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-14 09:51 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-14 09:50 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-14 09:51 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-14 09:50 - 13522944 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-14 09:50 - 11725312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-14 09:51 - 01398272 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-14 09:50 - 01790976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-14 09:51 - 01143296 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-14 09:50 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-14 09:50 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-19 18:49

==================== End Of Log ============================
         
--- --- ---

--- --- ---


und die Addition (diese ist noch von gestern Abend. Hat sich heute morgen nach dem neuen FRST-Scan nicht erneuert )

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-06-2014
Ran by Roland at 2014-06-24 20:52:55
Running from C:\Users\Roland\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: COMODO Antivirus (Enabled - Up to date) {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: COMODO Antivirus (Enabled - Up to date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

==================== Installed Programs ======================

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD APP SDK Runtime (Version: 2.5.793.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{03520551-508E-EDCA-4A14-90C706A54A41}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)
AMD Media Foundation Decoders (Version: 1.0.61013.1636 - Advanced Micro Devices, Inc.) Hidden
ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version:  - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version:  - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version:  - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version:  - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft)
ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 2.0.39.12 - ArcSoft)
ArcSoft TotalMedia (x32 Version: 1.0.48.25 - ArcSoft) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.30 - ArcSoft)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.02.000.55 - Atheros Communications)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-Lot - The Elizabethan Era (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2011.1013.1702.28713 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.1013.1702.28713 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.1013.1702.28713 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.1013.1702.28713 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.1013.1702.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.1013.1702.28713 - Advanced Micro Devices, Inc.) Hidden
CCScore (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
COMODO Internet Security Premium (HKLM\...\{D32EF4F9-1506-434E-A813-3D4C0AA50300}) (Version: 7.0.53315.4132 - COMODO Security Solutions Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version:  - Microsoft)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 6.1.0.1 - Hewlett-Packard Company)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 5.1.2 - CEWE COLOR AG u Co. OHG)
Drive Encryption For HP ProtectTools (HKLM\...\{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}) (Version: 6.0.99.30652 - Hewlett-Packard Company)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 14.3.20130522 - Landesfinanzdirektion Thüringen)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESSBrwr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSCDBK (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (x32 Version: 8.03.0000.0001 - Ihr Firmenname) Hidden
ESSgui (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (x32 Version: 8.02.0000.0001 - Ihr Firmenname) Hidden
ESSPCD (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPDock (x32 Version: 6.03.0001.0004 - Ihr Firmenname) Hidden
ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Face Recognition for HP ProtectTools (HKLM\...\{D3A775F2-2674-4452-8D80-1FC1446052EE}) (Version: 6.00.4407 - Hewlett-Packard Company)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
fflink (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 6.0.0.8 - Hewlett-Packard Company)
Free YouTube to MP3 Converter version 3.12.39.604 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.39.604 - DVDVideoSoft Ltd.)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GeekBuddy (HKLM\...\{3FFD7EE1-7D2D-4F57-ADF7-914CE0CAC616}) (Version: 4.13.104 - Comodo Security Solutions Inc)
Genesis (HKCU\...\atfseqk) (Version:  - ) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Happy Lyrics (HKLM-x32\...\happylyrics@hpyproductions.net) (Version:  - Happy Productions) <==== ATTENTION
HD Writer LE 1.1 (HKLM-x32\...\{7337268E-47CC-469B-BBB3-353CE7107580}) (Version: 1.01.008.1031 - Panasonic Corporation)
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP 3D DriveGuard (HKLM\...\{65C1BEAD-B50B-498C-BB6B-CDE4F30584B1}) (Version: 4.1.14.1 - Hewlett-Packard Company)
HP Auto (Version: 1.0.12494.3472 - Hewlett-Packard Company) Hidden
HP Connection Manager (HKLM-x32\...\{4B21E4B2-89B8-499D-803A-34ABF929401E}) (Version: 4.1.10.1 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP DayStarter (HKLM\...\{483D5A49-A26B-4CB8-AA2D-0D1811322061}) (Version: 2.0.0.12 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{C6A49140-A2D9-4CA4-BB92-2E1C8CBB6E16}) (Version: 1.3.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{6357258D-2BF9-49E7-A9EF-0C609D52C46D}) (Version: 2.0.6.1 - Hewlett-Packard Company)
HP Game Console (x32 Version:  - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP HD Webcam [Fixed] (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.3.4.09 - SunplusIT)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.6.4.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{D9355D03-2C06-401B-8A16-F6500379AE21}) (Version: 2.1.0.6 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 6.00.888 - Hewlett-Packard Company)
HP ProtectTools Security Manager (Version: 6.00.888 - Hewlett-Packard Company) Hidden
HP QuickWeb (HKLM-x32\...\{3F437675-F102-4866-BDE1-FFFC7B45EC0B}) (Version: 3.1.2.10229 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{344A1AA2-AC8E-4741-BDB0-65B68FDA883C}) (Version: 3.2.0.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{B446137B-18A1-4FAE-B0E4-ABE8F09705F1}) (Version: 4.1.6.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{531000B3-DBEE-4115-BBF3-DA48B67C053F}) (Version: 8.2.1.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{D2A2E5CD-801A-4B8D-8119-F79449A09B67}) (Version: 2.3.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 2.00 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6325.0 - IDT)
Iminent (x32 Version: 6.20.11.0 - Iminent) Hidden <==== ATTENTION
Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Intel(R) Identity Protection Technology 1.0.71.0 (HKLM-x32\...\{2C43790E-8470-1027-82D3-DF319F3C410F}) (Version: 1.0.71.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Quest II (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.57.2 - JMicron Technology Corp.)
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
kgcbaby (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgchday (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgchlwn (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcinvt (x32 Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
kgckids (x32 Version: 6.03.0001.0001 - EASTMAN KODAK Company) Hidden
kgcmove (x32 Version: 6.03.0001.0001 - EASTMAN KODAK Company) Hidden
kgcvday (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
Kodak EasyShare Software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
netbrdg (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
OfotoXMI (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.64 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Privacy Manager for HP ProtectTools (HKLM\...\{ACA53F68-B003-4D0E-9C3D-0C4EE09D08A8}) (Version: 6.00.831 - Hewlett-Packard Company)
PrivDog (HKLM-x32\...\PrivDog) (Version: 2.2.0.14 - privdog.com)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickTime (HKLM-x32\...\{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}) (Version: 7.1.3.100 - Apple Computer, Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0016 - Realtek)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
SDK (x32 Version: 2.26.012 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SFR (x32 Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden
SHASTA (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
skin0001 (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
staticcr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.0.33 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 6.0.0.33 - Hewlett-Packard Company) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Validity Fingerprint Sensor Driver (HKLM\...\{FFC3E41D-2C2B-45B7-9AD9-5EA19572DD26}) (Version: 4.3.117.0 - Validity Sensors, Inc.)
VIP Access SDK x64(1.0.0.50)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.0.50 - Symantec Inc.)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
VPRINTOL (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinZip 14.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )
WIRELESS (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Xobni (HKLM-x32\...\XobniMain) (Version: 1.9.5.13282 - Xobni Corp.)
Xobni Core (x32 Version: 1.0.0 - Xobni, Inc.) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Restore Points  =========================

15-05-2014 06:47:16 Windows Update
15-05-2014 07:05:31 Windows Update
21-05-2014 18:45:34 Windows Update
31-05-2014 17:50:11 Windows Update
08-06-2014 16:56:10 Windows Update
14-06-2014 07:48:51 Windows Update
17-06-2014 07:07:22 Windows Update
19-06-2014 12:48:23 Gerätetreiber-Paketinstallation: COMODO Netzwerkdienst
19-06-2014 15:26:26 Wiederherstellungsvorgang
19-06-2014 16:05:11 AA11
19-06-2014 16:24:53 Wiederherstellungsvorgang
19-06-2014 17:56:13 Windows Modules Installer
19-06-2014 18:10:58 AA11
19-06-2014 18:20:44 AA11
19-06-2014 20:27:38 Gerätetreiber-Paketinstallation: COMODO Netzwerkdienst
24-06-2014 18:11:50 vor Dateienlöschen durch adwCleaner

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-06-19 21:20 - 00450709 ____R C:\windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {032FFAA7-8FBC-40F7-BA50-6E9F06E0AE27} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {04C5C61F-777B-4AE0-A332-DAA5A43D364E} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {1EB9DB07-F7A1-4C3F-B2D7-53D8E90753D9} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {2727357D-8F72-4F7D-94F6-CC72A73E3D17} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {307CC9C7-5392-49E2-901B-CFF47C34A13C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2012-12-17] (Microsoft)
Task: {36C0BDF4-F54D-4D9C-AD9B-242203C6DB92} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {3AF6736B-416D-442A-8188-95C063DEF4A9} - \bf878d97-0287-421f-86a1-65974521fc40-5 No Task File <==== ATTENTION
Task: {420024C5-5B56-483B-A7B9-4FC5CF7E1E0D} - System32\Tasks\temp_bf878d97-0287-421f-86a1-65974521fc40-2 => C:\Program Files (x86)\MediaPlayerplus\bf878d97-0287-421f-86a1-65974521fc40-2.exe <==== ATTENTION
Task: {47110E08-9684-407C-A5CD-D4A166227259} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {4DA38C00-4ED2-480A-974F-9145132EB572} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {5BC04FA3-DC03-4559-AE0E-A4C123FD573D} - \LaunchApp No Task File <==== ATTENTION
Task: {6EF5C5F5-052D-4BD9-ACE2-B78241DC0969} - System32\Tasks\HPCeeScheduleForROLAND-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {7F8594F3-1A91-490F-BD0C-A5A12EC04B3C} - System32\Tasks\{5905FAAF-46D5-40ED-8EA3-929D60A95978} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.3.0.107/de/go/help.faq.installer?LastError=1618
Task: {835133D6-75BF-4202-B78D-71431E175DFB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-15] (Google Inc.)
Task: {8A5A36BC-698A-4826-AC80-8325E6F1F9EF} - System32\Tasks\EasyShare Registration Task => Rundll32.exe C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.20.1.sxt _RegistrationOffer@16
Task: {8ADE8DCE-ABE6-4775-A14F-8D935A852BA5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-15] (Google Inc.)
Task: {9EB252C2-4D45-4591-8807-483F28FEA2D3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {A14B4ABE-85EF-404E-815D-999E78FB658C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {B843490B-E2EA-407A-822E-43A738776849} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {BDA09C33-8A0F-4403-9EA4-BC94620BEBA3} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-24] (Adobe Systems Incorporated)
Task: {D2D5F852-BAC9-4582-B303-92D4DD87B155} - System32\Tasks\HPCeeScheduleForRoland => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {DEF8432D-75B9-4A86-B0B5-7127362B0FD9} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {E9D8BDAD-5B15-4A96-B58F-3DAE02770F1A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\EasyShare Registration Task.job => ³#"ê)‡‚GµÜËҖ¨rFa<
 sÀ$!!C:\windows\system32\rundll32.exeZC:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.20.1.sxt _RegistrationOffer@16Roland0Ü

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForROLAND-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\windows\Tasks\HPCeeScheduleForRoland.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2012-04-05 19:29 - 2012-04-05 19:29 - 01956864 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcNp64.DLL
2011-01-31 21:54 - 2011-01-31 21:54 - 00107008 _____ () c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2012-04-05 19:39 - 2012-04-05 19:39 - 03401216 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2010-09-06 14:18 - 2010-09-06 14:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll
2012-04-05 18:41 - 2012-04-05 18:41 - 01323008 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-03-15 13:39 - 2011-08-31 06:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-04-05 19:21 - 2012-04-05 19:21 - 00200704 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
2014-06-19 14:29 - 2014-06-19 14:29 - 02908160 _____ () C:\Users\Roland\AppData\Local\atfseqk.exe
2014-06-10 08:56 - 2014-06-10 08:56 - 01283792 _____ () C:\Program Files\COMODO\GeekBuddy\QtNetwork4.dll
2014-06-10 08:56 - 2014-06-10 08:56 - 02875600 _____ () C:\Program Files\COMODO\GeekBuddy\QtCore4.dll
2014-06-10 08:56 - 2014-06-10 08:56 - 10451664 _____ () C:\Program Files\COMODO\GeekBuddy\QtGui4.dll
2014-06-10 08:56 - 2014-06-10 08:56 - 00039120 _____ () C:\Program Files\COMODO\GeekBuddy\imageformats\qgif4.dll
2014-06-10 08:56 - 2014-06-10 08:56 - 01529040 _____ () C:\Program Files\COMODO\GeekBuddy\QtScript4.dll
2010-11-26 13:31 - 2010-11-26 13:31 - 00267128 _____ () C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe
2011-11-09 18:55 - 2011-11-09 18:55 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-11-02 23:03 - 2011-11-02 23:03 - 00024576 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResources.dll
2011-10-14 01:01 - 2011-10-14 01:01 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-12-23 02:06 - 2011-06-11 13:42 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2010-06-24 12:21 - 2010-06-24 12:21 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2013-04-15 18:39 - 2013-04-15 18:39 - 00073424 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2012-04-05 19:17 - 2012-04-05 19:17 - 02830336 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2012-04-05 18:40 - 2012-04-05 18:40 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2012-04-05 19:20 - 2012-04-05 19:20 - 02863104 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2012-04-05 19:18 - 2012-04-05 19:18 - 00053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll
2012-04-05 18:44 - 2012-04-05 18:44 - 02035712 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2012-04-05 18:45 - 2012-04-05 18:45 - 01945600 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2012-04-05 19:15 - 2012-04-05 19:15 - 03092480 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll
2014-06-19 20:27 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-06-19 20:27 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-06-19 20:27 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-06-19 20:27 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-06-19 20:27 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2011-02-23 17:24 - 2012-10-05 22:27 - 00406016 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Kfx.dll
2011-02-23 17:23 - 2012-10-05 22:27 - 00264192 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AppCore.dll
2011-02-23 17:21 - 2012-10-05 22:27 - 00356352 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Atlas.dll
2011-02-23 17:19 - 2012-10-05 22:27 - 00237568 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
2011-02-23 17:38 - 2012-10-05 22:27 - 00234496 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaControls.esx
2011-02-23 16:19 - 2012-10-05 22:27 - 00688128 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaControls.dll
2011-02-23 16:57 - 2012-10-05 22:27 - 00094208 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
2011-02-23 17:39 - 2012-10-05 22:27 - 00078848 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
2011-02-23 17:11 - 2012-10-05 22:27 - 00062464 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
2006-03-07 10:05 - 2012-10-05 22:27 - 01564672 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AreaIFDLL.dll
2011-02-23 17:37 - 2012-10-05 22:27 - 00761856 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
2011-02-23 17:17 - 2012-10-05 22:27 - 00152576 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
2011-02-23 18:00 - 2012-10-05 22:27 - 00684032 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESEmail.esx
2011-02-23 17:24 - 2012-10-05 22:27 - 00084480 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\keml40.dll
2011-02-23 17:00 - 2012-10-05 22:27 - 00167936 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESEmail.dll
2011-02-23 17:15 - 2012-10-05 22:27 - 00129536 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\kpries40.dll
2011-02-23 18:55 - 2012-10-05 22:27 - 11503616 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESSkin.esx
2009-09-28 21:19 - 2012-10-05 22:27 - 00782336 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
2009-09-28 21:19 - 2012-10-05 22:27 - 00868352 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
2009-09-28 21:20 - 2012-10-05 22:27 - 00462848 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
2009-09-28 21:19 - 2012-10-05 22:27 - 00155648 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
2009-09-28 21:21 - 2012-10-05 22:27 - 00528384 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
2009-09-28 21:20 - 2012-10-05 22:27 - 02236416 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
2009-09-28 21:21 - 2012-10-05 22:27 - 00847872 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
2009-09-28 21:21 - 2012-10-05 22:27 - 01396736 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
2011-02-23 16:20 - 2012-10-05 22:27 - 00217088 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESUpload.dll
2011-02-23 18:04 - 2012-10-05 22:27 - 00171520 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Pcd.esx
2011-02-23 17:38 - 2012-10-05 22:27 - 00052224 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
2011-02-23 17:36 - 2012-10-05 22:27 - 00143360 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
2011-02-23 16:34 - 2012-10-05 22:27 - 00009728 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocPCD.dll
2011-02-23 17:15 - 2012-10-05 22:27 - 00084480 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
2011-02-23 16:38 - 2012-10-05 22:27 - 00009728 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
2011-02-23 19:02 - 2012-10-05 22:27 - 00339968 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
2011-02-23 16:56 - 2012-10-05 22:27 - 00010752 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaAdapter.dll
2011-02-23 18:01 - 2012-10-05 22:27 - 00098304 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
2011-02-23 16:29 - 2012-10-05 22:27 - 00155648 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaCDBackup.dll
2011-02-23 18:05 - 2012-10-05 22:27 - 00315392 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
2011-02-23 17:55 - 2012-10-05 22:27 - 00688128 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
2011-02-23 16:52 - 2012-10-05 22:27 - 00094208 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaPrintOnLine.dll
2011-02-23 19:00 - 2012-10-05 22:27 - 00471040 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Escom.dll
2011-02-23 17:16 - 2012-10-05 22:27 - 00044544 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
2014-02-17 12:05 - 2014-02-17 12:05 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3e27ac2000641918e7215d97c63e957d\IsdiInterop.ni.dll
2012-03-15 21:18 - 2011-01-13 03:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2010-06-24 12:19 - 2010-06-24 12:19 - 00514570 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2014-06-19 17:43 - 2014-06-06 06:38 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-06-24 19:34 - 2014-06-24 19:34 - 17024688 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:AD022376

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/24/2014 08:18:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2014 07:33:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: HpHotkeyMonitor.exe, Version: 4.6.4.1, Zeitstempel: 0x4fe21c40
Name des fehlerhaften Moduls: HpHotkeyMonitor.exe, Version: 4.6.4.1, Zeitstempel: 0x4fe21c40
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000de0a
ID des fehlerhaften Prozesses: 0x968
Startzeit der fehlerhaften Anwendung: 0xHpHotkeyMonitor.exe0
Pfad der fehlerhaften Anwendung: HpHotkeyMonitor.exe1
Pfad des fehlerhaften Moduls: HpHotkeyMonitor.exe2
Berichtskennung: HpHotkeyMonitor.exe3

Error: (06/24/2014 06:06:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2014 05:11:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2014 07:12:40 AM) (Source: XobniService) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (06/24/2014 07:12:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2014 11:33:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm mbam.exe, Version 1.0.0.532 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 156c

Startzeit: 01cf8c05ffa13a59

Endzeit: 0

Anwendungspfad: C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe

Berichts-ID: 4cd16540-f7f9-11e3-9195-9cb70d6545a6

Error: (06/19/2014 11:29:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2014 10:40:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2014 10:22:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/24/2014 07:33:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "hpHotkeyMonitor" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/24/2014 06:04:38 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (06/24/2014 06:04:34 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (06/24/2014 07:46:10 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (06/19/2014 11:34:29 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (06/19/2014 11:27:04 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (06/19/2014 10:39:10 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (06/19/2014 10:20:42 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (06/19/2014 09:32:03 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {CC957078-B838-47C4-A7CF-626E7A82FC58}

Error: (06/19/2014 09:27:25 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}


Microsoft Office Sessions:
=========================
Error: (06/24/2014 08:18:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2014 07:33:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HpHotkeyMonitor.exe4.6.4.14fe21c40HpHotkeyMonitor.exe4.6.4.14fe21c40c00000050000de0a96801cf8fc6392e08e3C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exeC:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exeaf63ac4f-fbc5-11e3-a304-9cb70d6545a6

Error: (06/24/2014 06:06:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2014 05:11:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2014 07:12:40 AM) (Source: XobniService) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig

Error: (06/24/2014 07:12:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2014 11:33:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.0.532156c01cf8c05ffa13a590C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe4cd16540-f7f9-11e3-9195-9cb70d6545a6

Error: (06/19/2014 11:29:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2014 10:40:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2014 10:22:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 56%
Total physical RAM: 4030.36 MB
Available physical RAM: 1766.83 MB
Total Pagefile: 8058.9 MB
Available Pagefile: 4113.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:571.97 GB) (Free:482.87 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_RECOVERY) (Fixed) (Total:18.9 GB) (Free:2.87 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:4.98 GB) (Free:2.1 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 12DEB3A0)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=572 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5 GB) - (Type=0C)

==================== End Of Log ============================
         
__________________

Alt 25.06.2014, 10:29   #4
Bootsektor
/// TB-Ausbilder
 
Windows 7: websearch.de Virus? ständig poppen neue Seiten im Browser auf - Standard

Windows 7: websearch.de Virus? ständig poppen neue Seiten im Browser auf



Hallo

danke.
Schritt 1
Bitte deinstalliere folgende Programme (falls vorhanden) :

Genesis
Happy Lyrics
Iminent

Dazu gehe auf:
den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Programm auswählen --> entfernen

Falls du ein Programm nicht deinstallieren kannst, lade dir von hier den Revo-uninstaller herunter und deinstalliere es damit, wähle dabei den moderaten Modus.

Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 3
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.



Schritt 4
Starte noch einmal FRST.
  • Setze den Haken bei addition.txt und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop (oder in dem Verzeichnis in dem FRST liegt) gespeichert.
  • Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.

Alt 25.06.2014, 18:59   #5
Lolle74
 
Windows 7: websearch.de Virus? ständig poppen neue Seiten im Browser auf - Standard

Windows 7: websearch.de Virus? ständig poppen neue Seiten im Browser auf



Hallo Sandra,

hier das Ergebnis von AdwCleaner:

Code:
ATTFilter
# AdwCleaner v3.213 - Bericht erstellt am 25/06/2014 um 18:04:34
# Aktualisiert 23/06/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Roland - ROLAND-HP
# Gestartet von : C:\Users\Roland\Desktop\adwcleaner_3.213.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\ealchnonpofjocgofjpopjdoegbbkofj

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\genesis

***** [ Browser ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\c69wdafk.default\prefs.js ]


-\\ Google Chrome v35.0.1916.153

[ Datei : C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [21536 octets] - [24/06/2014 20:06:52]
AdwCleaner[R1].txt - [1275 octets] - [24/06/2014 20:21:19]
AdwCleaner[R2].txt - [1335 octets] - [25/06/2014 18:03:40]
AdwCleaner[S0].txt - [20514 octets] - [24/06/2014 20:15:58]
AdwCleaner[S1].txt - [1206 octets] - [25/06/2014 18:04:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1266 octets] ##########
         
nun habe ich ein Problem mit Combofix. Alle Programme geschlossen, auch die Firewall. Direkt beim Start kam Meldung:
Unable to create files:
c:\windows\erdnt\hiv-backup\erdnt.inf
Registry backup will continue, but no restore information bla bla bla.

habe auf ok geklickt, weiter... und stets kam bei allen Dateien eine Fehlermeldung. Habe dann den Run abgebrochen. WAr sicher ein Fehler? Wollte es nochmal neu versuchen, nun meldet das Programm, bei jeder Datei dass die Files nicht überschrieben/gelöscht (?) werden können...
Und nu? Hoffe, habe nun nichts am System zerstört...

Comodo findet nun auch 50 unbekannte Dateien... vermute die von Combofix umgeschriebenen? Hilfe...


Alt 25.06.2014, 21:46   #6
Bootsektor
/// TB-Ausbilder
 
Windows 7: websearch.de Virus? ständig poppen neue Seiten im Browser auf - Standard

Windows 7: websearch.de Virus? ständig poppen neue Seiten im Browser auf



Hallo Lolle74,

Combofix ist also nicht gelaufen?

Mach bitte nochmal ein neues FRST und poste mir die Logdatei von Comodo.
__________________
--> Windows 7: websearch.de Virus? ständig poppen neue Seiten im Browser auf

Alt 25.06.2014, 22:38   #7
Lolle74
 
Windows 7: websearch.de Virus? ständig poppen neue Seiten im Browser auf - Standard

Windows 7: websearch.de Virus? ständig poppen neue Seiten im Browser auf




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014
Ran by Roland (administrator) on ROLAND-HP on 25-06-2014 22:35:15
Running from C:\Users\Roland\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit_manager.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-01-07] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2011-01-07] (Atheros Commnucations)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [835072 2011-01-27] (IDT, Inc.)
HKLM\...\Run: [MfeEpePcMonitor] => C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704 2012-04-05] ()
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2996792 2011-07-15] (Hewlett-Packard Company)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2013-03-10] (Synaptics Incorporated)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12274688 2011-02-07] (Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HP HD Webcam [Fixed]_Monitor] => C:\Program Files (x86)\HP HD Webcam [Fixed]\monitor.exe [267128 2010-11-26] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.)
HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-04-05] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [HPQuickWebProxy] => c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-11-10] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-28] (ArcSoft Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [282624 2006-09-01] (Apple Computer, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [333728 2012-06-20] (Hewlett-Packard Company)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-11] (PDF Complete Inc)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-06-06] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3276168417-1710210912-3039652309-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-3276168417-1710210912-3039652309-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3276168417-1710210912-3039652309-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-3276168417-1710210912-3039652309-1001\...\MountPoints2: {f2544118-11ef-11e2-9dc7-9cb70d6545a6} - H:\SETUP.EXE
Lsa: [Notification Packages] EpePcNp64 DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HD Writer.lnk
ShortcutTarget: HD Writer.lnk -> C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare Software.lnk
ShortcutTarget: Kodak EasyShare Software.lnk -> C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\COMODO\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {959DCE3C-ED81-4300-AD37-3ED717C16017} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\c69wdafk.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2011-12-23]

Chrome: 
=======
CHR HomePage: 
CHR NewTab: "chrome-extension://iagcajndpnfncplednpbnkahadegklfa/content/newtab/newtab.html"
CHR DefaultSearchKeyword: webssearches
CHR DefaultSearchProvider: webssearches
CHR Extension: (Docs) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-17]
CHR Extension: (Google Drive) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-17]
CHR Extension: (YouTube) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-17]
CHR Extension: (Google-Suche) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-17]
CHR Extension: (Google Wallet) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-17]
CHR Extension: (Google Mail) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-17]

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-01-07] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [53920 2011-01-07] (Atheros Commnucations) [File not signed]
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70864 2014-06-10] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6817544 2014-04-16] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [481104 2011-02-12] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [476728 2011-09-05] (Hewlett-Packard Company)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-06-06] (Comodo Security Solutions, Inc.)
R3 HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2011-01-12] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company)
R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [320000 2011-02-07] (Hewlett-Packard) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [523680 2012-06-20] (Hewlett-Packard Company)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1323008 2012-04-05] () [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-11] (PDF Complete Inc)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
S2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-03-07] (Xobni Corporation)

==================== Drivers (Whitelisted) ====================

R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2013-05-07] (Windows (R) Win 7 DDK provider) [File not signed]
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2014-04-16] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-04-16] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2014-04-16] (COMODO)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64312 2011-05-10] (Hewlett-Packard Company)
R1 HMD; C:\Windows\System32\DRIVERS\hmd.sys [14888 2013-10-07] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105552 2014-04-16] (COMODO)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [100808 2012-04-05] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158920 2012-04-05] (McAfee, Inc.)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [2612728 2011-02-12] (Sunplus Technology)
R1 {b99c8534-7800-48fa-bd71-519a46cdc7e1}Gw64; C:\Windows\System32\drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}Gw64.sys [61120 2014-04-24] (StdLib)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-25 18:38 - 2014-06-25 18:38 - 00000332 _____ () C:\Start_.cmd
2014-06-25 18:38 - 2014-06-25 18:38 - 00000000 ____D () C:\ComboFix
2014-06-25 18:37 - 2014-06-25 18:37 - 00000000 ____D () C:\Qoobox
2014-06-25 18:35 - 2014-06-25 18:46 - 00000000 ___SD () C:\32788R22FWJFW
2014-06-25 18:35 - 2014-06-25 18:35 - 00000000 ____D () C:\windows\erdnt
2014-06-25 18:18 - 2014-06-25 18:34 - 05211571 ____R (Swearware) C:\Users\Roland\Desktop\ComboFix.exe
2014-06-25 18:10 - 2014-06-25 18:10 - 00001346 _____ () C:\Users\Roland\Desktop\AdwCleaner[S1].txt
2014-06-25 17:59 - 2014-06-25 17:59 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Roland\Downloads\revosetup95.exe
2014-06-25 17:59 - 2014-06-25 17:59 - 00001268 _____ () C:\Users\Roland\Desktop\Revo Uninstaller.lnk
2014-06-25 17:59 - 2014-06-25 17:59 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-24 22:38 - 2014-06-24 22:38 - 00037532 _____ () C:\Users\Roland\Desktop\Logfiles.7z
2014-06-24 22:34 - 2014-06-24 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-24 22:34 - 2014-06-24 22:34 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-06-24 21:41 - 2014-06-24 21:41 - 00001290 _____ () C:\Users\Roland\Desktop\Malwarebytes 24.06..txt
2014-06-24 21:40 - 2014-06-24 21:40 - 00273681 _____ () C:\Users\Roland\Desktop\Malwarebytes 19.06..txt
2014-06-24 21:24 - 2014-06-24 21:24 - 00001678 _____ () C:\Users\Roland\Desktop\gmer.txt
2014-06-24 20:58 - 2014-06-24 20:58 - 00380416 _____ () C:\Users\Roland\Desktop\Gmer-19357.exe
2014-06-24 20:52 - 2014-06-24 20:54 - 00058508 _____ () C:\Users\Roland\Desktop\Addition.txt
2014-06-24 20:51 - 2014-06-25 22:35 - 00026464 _____ () C:\Users\Roland\Desktop\FRST.txt
2014-06-24 20:50 - 2014-06-25 22:35 - 00000000 ____D () C:\FRST
2014-06-24 20:49 - 2014-06-24 20:49 - 02082816 _____ (Farbar) C:\Users\Roland\Desktop\FRST64.exe
2014-06-24 20:46 - 2014-06-24 20:46 - 00000474 _____ () C:\Users\Roland\Desktop\defogger_disable.log
2014-06-24 20:46 - 2014-06-24 20:46 - 00000000 _____ () C:\Users\Roland\defogger_reenable
2014-06-24 20:44 - 2014-06-24 20:44 - 00050477 _____ () C:\Users\Roland\Desktop\Defogger.exe
2014-06-24 20:07 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-06-24 20:06 - 2014-06-25 18:04 - 00000000 ____D () C:\AdwCleaner
2014-06-24 20:01 - 2014-06-24 20:01 - 01342659 _____ () C:\Users\Roland\Desktop\adwcleaner_3.213.exe
2014-06-24 19:34 - 2014-06-24 19:34 - 00000000 ____D () C:\Users\Roland\AppData\Local\Macromedia
2014-06-24 19:26 - 2014-06-24 19:26 - 00001536 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-06-24 19:26 - 2014-06-24 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-06-24 19:25 - 2014-06-24 19:27 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\DVDVideoSoft
2014-06-24 19:25 - 2014-06-24 19:26 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-06-19 23:02 - 2014-06-19 23:03 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-19 23:02 - 2014-06-19 23:02 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-19 22:29 - 2014-06-19 22:29 - 00000000 ____D () C:\windows\System32\Tasks\COMODO
2014-06-19 22:28 - 2014-06-25 22:35 - 01373936 _____ () C:\windows\system32\Drivers\sfi.dat
2014-06-19 22:26 - 2014-06-19 22:29 - 00000000 ___SD () C:\ProgramData\Shared Space
2014-06-19 22:26 - 2014-06-19 22:26 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2014-06-19 21:20 - 2009-06-10 23:00 - 00000824 _____ () C:\windows\system32\Drivers\etc\hosts.20140619-212056.backup
2014-06-19 21:07 - 2014-06-19 21:08 - 00000452 _____ () C:\windows\wininit.ini
2014-06-19 20:27 - 2014-06-19 21:15 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-19 20:27 - 2014-06-19 20:28 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-19 20:27 - 2014-06-19 20:27 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-19 20:27 - 2014-06-19 20:27 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-19 20:27 - 2014-06-19 20:27 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2014-06-19 20:27 - 2014-06-19 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-19 20:27 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2014-06-19 18:12 - 2014-06-19 18:12 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\LavasoftStatistics
2014-06-19 18:08 - 2014-06-19 18:08 - 00000017 _____ () C:\ProgramData\adaware-installer-reboot-required.tmp
2014-06-19 18:07 - 2014-06-19 18:07 - 00000000 ____D () C:\Program Files\Lavasoft
2014-06-19 18:06 - 2014-06-19 18:06 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\Lavasoft
2014-06-19 18:06 - 2014-06-19 18:06 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-06-19 18:05 - 2014-06-19 18:05 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-06-19 17:58 - 2014-06-19 17:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\Roland\Desktop\HiJackThis204.exe
2014-06-19 17:44 - 2014-06-19 17:44 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-19 17:44 - 2014-06-19 17:44 - 00000000 ____D () C:\Users\Roland\AppData\Local\Mozilla
2014-06-19 17:44 - 2014-06-19 17:44 - 00000000 ____D () C:\ProgramData\Mozilla
2014-06-19 17:44 - 2014-06-19 17:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-19 17:43 - 2014-06-19 17:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-19 17:01 - 2014-06-24 22:34 - 00000000 ____D () C:\Users\Roland\Documents\Software
2014-06-19 17:01 - 2014-06-19 17:01 - 00000000 ____D () C:\Users\Roland\Documents\Neuer Ordner
2014-06-19 15:38 - 2014-06-24 21:37 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-19 15:38 - 2014-06-19 15:38 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-19 15:38 - 2014-06-19 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-19 15:38 - 2014-06-19 15:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-19 15:38 - 2014-06-19 15:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-19 15:38 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-06-19 15:38 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-06-19 15:38 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-06-19 14:48 - 2014-06-19 14:48 - 00000000 ____D () C:\Users\Roland\AppData\Local\AdTrustMedia
2014-06-19 14:46 - 2014-06-19 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2014-06-19 14:46 - 2014-06-19 22:26 - 00000000 ____D () C:\Program Files\COMODO
2014-06-19 14:46 - 2014-06-19 14:46 - 00000000 ____D () C:\ProgramData\Adtrustmedia
2014-06-19 14:46 - 2014-06-19 14:46 - 00000000 ____D () C:\Program Files (x86)\AdTrustMedia
2014-06-19 14:43 - 2014-06-19 22:28 - 00000000 ____D () C:\ProgramData\Comodo
2014-06-19 14:29 - 2014-06-24 18:06 - 00000336 _____ () C:\windows\Tasks\HPCeeScheduleForRoland.job
2014-06-19 14:29 - 2014-06-24 17:24 - 00003192 _____ () C:\windows\System32\Tasks\HPCeeScheduleForRoland
2014-06-17 09:20 - 2014-06-17 09:20 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2014-06-17 09:19 - 2014-06-17 09:19 - 00002419 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
2014-06-17 09:19 - 2014-06-17 09:19 - 00000000 ____D () C:\windows\WindowsMobile
2014-06-14 09:51 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-14 09:51 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-14 09:51 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-14 09:51 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-14 09:51 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-14 09:51 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-14 09:51 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-14 09:51 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-14 09:51 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-06-14 09:51 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-14 09:51 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-14 09:51 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-14 09:51 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-14 09:51 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-14 09:51 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-06-14 09:51 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-14 09:51 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-14 09:51 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-14 09:51 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-14 09:51 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-14 09:51 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-14 09:51 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-14 09:51 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-14 09:51 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2014-06-14 09:51 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2014-06-14 09:51 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-06-14 09:51 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-06-14 09:51 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2014-06-14 09:51 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-06-14 09:51 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2014-06-14 09:51 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-06-14 09:51 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2014-06-14 09:51 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-06-14 09:51 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2014-06-14 09:51 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-06-14 09:50 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-14 09:50 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-14 09:50 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-14 09:50 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-14 09:50 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-14 09:50 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-14 09:50 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-14 09:50 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-14 09:50 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-14 09:50 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-14 09:50 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-14 09:50 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-14 09:50 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-14 09:50 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-14 09:50 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-14 09:50 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-14 09:50 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-14 09:50 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-14 09:50 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-14 09:50 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-14 09:50 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-14 09:50 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-14 09:50 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-14 09:50 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-06-14 09:50 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-14 09:50 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-14 09:50 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-14 09:50 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-14 09:50 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-06-11 20:23 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-11 20:23 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-27 11:00 - 2014-05-22 18:22 - 00061120 _____ (StdLib) C:\windows\system32\Drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}w64.sys

==================== One Month Modified Files and Folders =======

2014-06-25 22:35 - 2014-06-24 20:51 - 00026464 _____ () C:\Users\Roland\Desktop\FRST.txt
2014-06-25 22:35 - 2014-06-24 20:50 - 00000000 ____D () C:\FRST
2014-06-25 22:35 - 2014-06-19 22:28 - 01373936 _____ () C:\windows\system32\Drivers\sfi.dat
2014-06-25 22:26 - 2012-11-17 12:04 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-06-25 21:59 - 2014-04-15 16:30 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-25 19:59 - 2014-04-15 16:30 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-25 18:48 - 2012-03-15 21:14 - 01269701 _____ () C:\windows\WindowsUpdate.log
2014-06-25 18:46 - 2014-06-25 18:35 - 00000000 ___SD () C:\32788R22FWJFW
2014-06-25 18:38 - 2014-06-25 18:38 - 00000332 _____ () C:\Start_.cmd
2014-06-25 18:38 - 2014-06-25 18:38 - 00000000 ____D () C:\ComboFix
2014-06-25 18:37 - 2014-06-25 18:37 - 00000000 ____D () C:\Qoobox
2014-06-25 18:35 - 2014-06-25 18:35 - 00000000 ____D () C:\windows\erdnt
2014-06-25 18:34 - 2014-06-25 18:18 - 05211571 ____R (Swearware) C:\Users\Roland\Desktop\ComboFix.exe
2014-06-25 18:34 - 2012-10-05 23:02 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\Skype
2014-06-25 18:13 - 2009-07-14 06:45 - 00028352 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-25 18:13 - 2009-07-14 06:45 - 00028352 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-25 18:10 - 2014-06-25 18:10 - 00001346 _____ () C:\Users\Roland\Desktop\AdwCleaner[S1].txt
2014-06-25 18:06 - 2012-03-15 21:29 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-06-25 18:06 - 2011-12-23 02:04 - 00000000 ____D () C:\ProgramData\PDFC
2014-06-25 18:06 - 2011-12-23 02:00 - 00000000 ____D () C:\ProgramData\HPQLOG
2014-06-25 18:06 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-06-25 18:06 - 2009-07-14 06:51 - 00085042 _____ () C:\windows\setupact.log
2014-06-25 18:05 - 2010-11-21 05:47 - 00921346 _____ () C:\windows\PFRO.log
2014-06-25 18:04 - 2014-06-24 20:06 - 00000000 ____D () C:\AdwCleaner
2014-06-25 17:59 - 2014-06-25 17:59 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Roland\Downloads\revosetup95.exe
2014-06-25 17:59 - 2014-06-25 17:59 - 00001268 _____ () C:\Users\Roland\Desktop\Revo Uninstaller.lnk
2014-06-25 17:59 - 2014-06-25 17:59 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-25 17:52 - 2013-10-26 11:25 - 00003938 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{B625F410-820C-4B61-B025-64DD33DF11BC}
2014-06-24 22:38 - 2014-06-24 22:38 - 00037532 _____ () C:\Users\Roland\Desktop\Logfiles.7z
2014-06-24 22:34 - 2014-06-24 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-24 22:34 - 2014-06-24 22:34 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-06-24 22:34 - 2014-06-19 17:01 - 00000000 ____D () C:\Users\Roland\Documents\Software
2014-06-24 21:41 - 2014-06-24 21:41 - 00001290 _____ () C:\Users\Roland\Desktop\Malwarebytes 24.06..txt
2014-06-24 21:40 - 2014-06-24 21:40 - 00273681 _____ () C:\Users\Roland\Desktop\Malwarebytes 19.06..txt
2014-06-24 21:37 - 2014-06-19 15:38 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-24 21:24 - 2014-06-24 21:24 - 00001678 _____ () C:\Users\Roland\Desktop\gmer.txt
2014-06-24 20:58 - 2014-06-24 20:58 - 00380416 _____ () C:\Users\Roland\Desktop\Gmer-19357.exe
2014-06-24 20:54 - 2014-06-24 20:52 - 00058508 _____ () C:\Users\Roland\Desktop\Addition.txt
2014-06-24 20:49 - 2014-06-24 20:49 - 02082816 _____ (Farbar) C:\Users\Roland\Desktop\FRST64.exe
2014-06-24 20:46 - 2014-06-24 20:46 - 00000474 _____ () C:\Users\Roland\Desktop\defogger_disable.log
2014-06-24 20:46 - 2014-06-24 20:46 - 00000000 _____ () C:\Users\Roland\defogger_reenable
2014-06-24 20:46 - 2012-10-05 19:31 - 00000000 ____D () C:\Users\Roland
2014-06-24 20:44 - 2014-06-24 20:44 - 00050477 _____ () C:\Users\Roland\Desktop\Defogger.exe
2014-06-24 20:01 - 2014-06-24 20:01 - 01342659 _____ () C:\Users\Roland\Desktop\adwcleaner_3.213.exe
2014-06-24 19:34 - 2014-06-24 19:34 - 00000000 ____D () C:\Users\Roland\AppData\Local\Macromedia
2014-06-24 19:34 - 2012-11-17 12:04 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-06-24 19:34 - 2012-11-17 12:04 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-24 19:34 - 2012-11-17 12:04 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-06-24 19:27 - 2014-06-24 19:25 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\DVDVideoSoft
2014-06-24 19:26 - 2014-06-24 19:26 - 00001536 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-06-24 19:26 - 2014-06-24 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-06-24 19:26 - 2014-06-24 19:25 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-06-24 18:12 - 2012-10-05 22:27 - 31726592 ____R () C:\Users\Public\Documents\ESBK.mbb
2014-06-24 18:12 - 2012-10-05 22:27 - 09665536 ____R () C:\Users\Public\Documents\ESBK.mb
2014-06-24 18:06 - 2014-06-19 14:29 - 00000336 _____ () C:\windows\Tasks\HPCeeScheduleForRoland.job
2014-06-24 17:24 - 2014-06-19 14:29 - 00003192 _____ () C:\windows\System32\Tasks\HPCeeScheduleForRoland
2014-06-19 23:03 - 2014-06-19 23:02 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-19 23:02 - 2014-06-19 23:02 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-19 23:02 - 2012-10-05 20:59 - 00000000 ____D () C:\ProgramData\Adobe
2014-06-19 23:01 - 2012-10-05 22:01 - 00000000 ____D () C:\Users\Roland\AppData\Local\Adobe
2014-06-19 22:29 - 2014-06-19 22:29 - 00000000 ____D () C:\windows\System32\Tasks\COMODO
2014-06-19 22:29 - 2014-06-19 22:26 - 00000000 ___SD () C:\ProgramData\Shared Space
2014-06-19 22:29 - 2014-06-19 14:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2014-06-19 22:28 - 2014-06-19 14:43 - 00000000 ____D () C:\ProgramData\Comodo
2014-06-19 22:26 - 2014-06-19 22:26 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2014-06-19 22:26 - 2014-06-19 14:46 - 00000000 ____D () C:\Program Files\COMODO
2014-06-19 21:15 - 2014-06-19 20:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-19 21:08 - 2014-06-19 21:07 - 00000452 _____ () C:\windows\wininit.ini
2014-06-19 20:28 - 2014-06-19 20:27 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-19 20:27 - 2014-06-19 20:27 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-19 20:27 - 2014-06-19 20:27 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-19 20:27 - 2014-06-19 20:27 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2014-06-19 20:27 - 2014-06-19 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-19 19:54 - 2014-04-15 16:30 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-19 19:54 - 2014-04-15 16:30 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-19 18:28 - 2011-02-11 06:47 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-19 18:27 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\registration
2014-06-19 18:12 - 2014-06-19 18:12 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\LavasoftStatistics
2014-06-19 18:08 - 2014-06-19 18:08 - 00000017 _____ () C:\ProgramData\adaware-installer-reboot-required.tmp
2014-06-19 18:07 - 2014-06-19 18:07 - 00000000 ____D () C:\Program Files\Lavasoft
2014-06-19 18:06 - 2014-06-19 18:06 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\Lavasoft
2014-06-19 18:06 - 2014-06-19 18:06 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-06-19 18:05 - 2014-06-19 18:05 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-06-19 17:58 - 2014-06-19 17:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\Roland\Desktop\HiJackThis204.exe
2014-06-19 17:44 - 2014-06-19 17:44 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-19 17:44 - 2014-06-19 17:44 - 00000000 ____D () C:\Users\Roland\AppData\Local\Mozilla
2014-06-19 17:44 - 2014-06-19 17:44 - 00000000 ____D () C:\ProgramData\Mozilla
2014-06-19 17:44 - 2014-06-19 17:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-19 17:43 - 2014-06-19 17:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-19 17:32 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\IME
2014-06-19 17:01 - 2014-06-19 17:01 - 00000000 ____D () C:\Users\Roland\Documents\Neuer Ordner
2014-06-19 16:46 - 2013-09-22 18:45 - 00039424 ___SH () C:\Users\Roland\Documents\Thumbs.db
2014-06-19 16:41 - 2009-07-14 04:34 - 00000580 _____ () C:\windows\win.ini
2014-06-19 16:14 - 2012-10-11 19:19 - 00000000 ____D () C:\Users\Roland\AppData\Local\CrashDumps
2014-06-19 15:38 - 2014-06-19 15:38 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-19 15:38 - 2014-06-19 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-19 15:38 - 2014-06-19 15:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-19 15:38 - 2014-06-19 15:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-19 14:50 - 2011-02-11 07:19 - 00000000 ____D () C:\Users\Administrator
2014-06-19 14:48 - 2014-06-19 14:48 - 00000000 ____D () C:\Users\Roland\AppData\Local\AdTrustMedia
2014-06-19 14:46 - 2014-06-19 14:46 - 00000000 ____D () C:\ProgramData\Adtrustmedia
2014-06-19 14:46 - 2014-06-19 14:46 - 00000000 ____D () C:\Program Files (x86)\AdTrustMedia
2014-06-19 13:41 - 2012-10-05 19:30 - 00000344 _____ () C:\windows\Tasks\HPCeeScheduleForROLAND-HP$.job
2014-06-19 13:40 - 2012-03-15 21:41 - 00000000 ____D () C:\ProgramData\Norton
2014-06-19 13:17 - 2012-11-22 09:32 - 00000000 ____D () C:\Firefox
2014-06-19 13:17 - 2012-10-05 19:48 - 00000000 ____D () C:\Users\Roland\Documents\Bluetooth Folder
2014-06-19 13:17 - 2012-10-05 19:30 - 00003220 _____ () C:\windows\System32\Tasks\HPCeeScheduleForROLAND-HP$
2014-06-19 13:00 - 2012-10-10 20:09 - 00000000 ____D () C:\Users\Roland\Documents\Outlook-Dateien
2014-06-17 09:52 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-06-17 09:20 - 2014-06-17 09:20 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2014-06-17 09:19 - 2014-06-17 09:19 - 00002419 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
2014-06-17 09:19 - 2014-06-17 09:19 - 00000000 ____D () C:\windows\WindowsMobile
2014-06-17 09:06 - 2011-12-23 00:48 - 00700118 _____ () C:\windows\system32\perfh007.dat
2014-06-17 09:06 - 2011-12-23 00:48 - 00149968 _____ () C:\windows\system32\perfc007.dat
2014-06-17 09:06 - 2009-07-14 07:13 - 01622228 _____ () C:\windows\system32\PerfStringBackup.INI
2014-06-14 09:58 - 2013-08-15 09:24 - 00000000 ____D () C:\windows\system32\MRT
2014-06-14 09:55 - 2012-12-09 17:08 - 95414520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-06-14 09:55 - 2012-10-09 11:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-14 09:54 - 2014-05-07 20:47 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-06-08 11:13 - 2014-06-11 20:23 - 00506368 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-11 20:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-30 12:21 - 2014-06-14 09:50 - 23414784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-14 09:51 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-14 09:51 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-05-30 11:46 - 2014-02-28 09:39 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-30 11:46 - 2012-03-15 21:40 - 00000000 ____D () C:\ProgramData\Skype
2014-05-30 11:45 - 2014-06-14 09:50 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-14 09:50 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-14 09:50 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-14 09:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-14 09:50 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-14 09:50 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-14 09:50 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-14 09:51 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-05-30 11:21 - 2014-06-14 09:50 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-05-30 11:20 - 2014-06-14 09:50 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-14 09:51 - 17271296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-14 09:50 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-14 09:50 - 05782528 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-14 09:51 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-14 09:50 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-14 09:51 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-14 09:50 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-14 09:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-14 09:50 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-14 09:50 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-14 09:51 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-14 09:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-14 09:51 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-14 09:50 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-14 09:51 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-14 09:51 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-14 09:51 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-14 09:51 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-14 09:50 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-14 09:51 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-14 09:50 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-14 09:50 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-14 09:51 - 00368128 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-14 09:51 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-14 09:50 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-14 09:51 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-14 09:51 - 00242688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-14 09:50 - 04244992 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-14 09:50 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-14 09:51 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-14 09:50 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-14 09:51 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-14 09:50 - 13522944 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-14 09:50 - 11725312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-14 09:51 - 01398272 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-14 09:50 - 01790976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-14 09:51 - 01143296 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-14 09:50 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-14 09:50 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\Roland\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-19 18:49

==================== End Of Log ============================
         
--- --- ---

Alt 25.06.2014, 23:19   #8
Bootsektor
/// TB-Ausbilder
 
Windows 7: websearch.de Virus? ständig poppen neue Seiten im Browser auf - Standard

Windows 7: websearch.de Virus? ständig poppen neue Seiten im Browser auf



Hallo Lolle74,

ok, hast du das Log von Comodo gefunden?

Was machen die Popups?

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
SearchScopes: HKLM-x32 - DefaultScope value is missing.
R1 {b99c8534-7800-48fa-bd71-519a46cdc7e1}Gw64; C:\Windows\System32\drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}Gw64.sys [61120 2014-04-24] (StdLib)
C:\Windows\System32\drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}Gw64.sys
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Schritt 2
  • Gehe in deinem Chrome Browser auf Einstellungen (das ist das Symbol rechts neben der Adresszeile im Browser was aus drei horizontalen Linien besteht)
  • Klicke dort auf Einstellungen
  • Gehe zu dem Punkt Suche -> Suchmaschinen verwalten
  • Lösche dort websearch
  • Klicke auf Fertig

Schritt 3
  • Rechtsklicke in deinen Chromebrowser auf neuer Tab (das ist oben in der Leiste über dem Browserfenster linksseitig)
  • gehe auf Bearbeiten
  • gebe dort im Fenster unter url:
    Code:
    ATTFilter
    chrome://newtab
             
    ein (kannst du auch kopieren und einfügen )
  • speichere das

Alt 26.06.2014, 18:39   #9
Lolle74
 
Windows 7: websearch.de Virus? ständig poppen neue Seiten im Browser auf - Standard

Windows 7: websearch.de Virus? ständig poppen neue Seiten im Browser auf



Hallo Sandra

Comodo-Log ist nicht zu finden. Da gibt es zwar einen Link, um sich die Protokolle anzeigen zu lassen, aber der sich dann öffnende Pfad führt zu den eigenen Dokumenten. Da ist nix.. Und in der Datei von Comodo selbst finde ich diese Log-Datei nicht.

Bisher keine Popups mehr

Fixlist.txt:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-06-2014
Ran by Roland at 2014-06-26 17:45:12 Run:1
Running from C:\Users\Roland\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKLM-x32 - DefaultScope value is missing.
R1 {b99c8534-7800-48fa-bd71-519a46cdc7e1}Gw64; C:\Windows\System32\drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}Gw64.sys [61120 2014-04-24] (StdLib)
C:\Windows\System32\drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}Gw64.sys
*****************

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
{b99c8534-7800-48fa-bd71-519a46cdc7e1}Gw64 => Service stopped successfully.
{b99c8534-7800-48fa-bd71-519a46cdc7e1}Gw64 => Service deleted successfully.
C:\Windows\System32\drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}Gw64.sys => Moved successfully.

==== End of Fixlog ====
         
So, nun zum Chrome-Browser:

Ich wusste gar nicht, dass dieser hier benutzt wird bzw. installiert ist. Es wurde stets mit dem Internet Explorer gearbeitet, den ich als erste Maßnahme, nachdem ich websearch nach einem Virenscan aus der Startseite und als Suchmaschine löschen konnte, deaktiviert habe.

Anschließend Firefox installiert. Lief 1 Tag gut, dann poppten auch hier die ganzen Fenster wieder auf und ich habe mich bei euch gemeldet Von websearch ist allerdings nichts zu sehen.

Jedenfalls habe ich Chrome nun gefunden, aber da scheint zumindest augenscheinlich alles i. O. zu sein. Startseite neuer Tab, Suchmaschinen Google, Bing und Yahoo... merkwürdig.

ähm, und noch was:
seit meinem Scheitern mit Combofix traue ich mich nicht mehr, das Notebook runterzufahren aus Sorge, er fährt nicht mehr hoch
Meinst du, ich könnte damit was an Windows zerstört haben?

WM-Grüße (Deutschland spielt gerade )
Lolle

Alt 27.06.2014, 01:19   #10
Bootsektor
/// TB-Ausbilder
 
Windows 7: websearch.de Virus? ständig poppen neue Seiten im Browser auf - Standard

Windows 7: websearch.de Virus? ständig poppen neue Seiten im Browser auf



Hallo Lolle74,

Zitat:
seit meinem Scheitern mit Combofix traue ich mich nicht mehr, das Notebook runterzufahren aus Sorge, er fährt nicht mehr hoch
Oha. Aber ich denke nicht, dass du dir da Sorgen machen musst.
Zitat:
aber der sich dann öffnende Pfad führt zu den eigenen Dokumenten
Normalerweise sollte sich dort auch eine Protokolldatei von Comodo befinden


Zitat:
WM-Grüße (Deutschland spielt gerade )
und hat gewonnen (schönes Tor )

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Task: {3AF6736B-416D-442A-8188-95C063DEF4A9} - \bf878d97-0287-421f-86a1-65974521fc40-5 No Task File <==== ATTENTION
Task: {420024C5-5B56-483B-A7B9-4FC5CF7E1E0D} - System32\Tasks\temp_bf878d97-0287-421f-86a1-65974521fc40-2 => C:\Program Files (x86)\MediaPlayerplus\bf878d97-0287-421f-86a1-65974521fc40-2.exe <==== ATTENTION
Task: {5BC04FA3-DC03-4559-AE0E-A4C123FD573D} - \LaunchApp No Task File <==== ATTENTION
C:\Program Files (x86)\MediaPlayerplus
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
  • Klicke im Anschluss auf Suchlauf, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf jetzt starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Aktionen anwenden.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Wähle Exportieren auf Textdatei (.txt) und speichere die Datei als mbam.txt auf dem Desktop ab.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Schritt 3
Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Schritt 4
Starte noch einmal FRST.
  • Setze den Haken bei addition.txt und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop (oder in dem Verzeichnis in dem FRST liegt) gespeichert.
  • Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.

Alt 27.06.2014, 12:34   #11
Lolle74
 
Windows 7: websearch.de Virus? ständig poppen neue Seiten im Browser auf - Standard

Windows 7: websearch.de Virus? ständig poppen neue Seiten im Browser auf



Ok, Notebook neu gestartet, funktioniert sogar noch

Google chrome werde ich deinstallieren, wird ja nicht genutzt.

Comodo hat zwischenzeitlich 2 Viren erkannt, ließ ich säubern:

C:\ProgramData\Kodak\EasyShareSetup\QUICK\procheck.exe
C:\Users\Roland\AppData\LocalMicrosoft\Windows\Temporary Internet Files\Low\Content.IE5\18HQ01KF\Player Setup[1].exe

Befinden sich nun in Quarantäne.

Ansonsten habe ich noch nichts weiter unternommen. Deine Vorschläge arbeite ich Sonntag ab und melde mich dann wieder.
Schönes Wochenende,
Lolle

Wenn man es eilig hat...

In ProgramData steckt: Troj.Ware.Win32.TrojanDownloader.Swizzor.Gen@87251472
In Users: Application.Win32.DomalQ.URT@314491919

Alt 27.06.2014, 21:48   #12
Bootsektor
/// TB-Ausbilder
 
Windows 7: websearch.de Virus? ständig poppen neue Seiten im Browser auf - Standard

Windows 7: websearch.de Virus? ständig poppen neue Seiten im Browser auf



Hallo Lolle,

Den ersten Fund würde ich als Fehlalarm einstufen

Ich wünsch dir auch ein schönes Wochenende, poste die Logs dann einfach hier rein. Ich seh das dann

Alt 30.06.2014, 20:43   #13
Lolle74
 
Windows 7: websearch.de Virus? ständig poppen neue Seiten im Browser auf - Standard

Windows 7: websearch.de Virus? ständig poppen neue Seiten im Browser auf



Hallo Sandra,
hoffe hattest ein schönes Wochenende. Heute spielt schon wieder Deutschland

so, hier die Fixlog
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-06-2014 02
Ran by Roland at 2014-06-29 18:13:36 Run:3
Running from C:\Users\Roland\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {3AF6736B-416D-442A-8188-95C063DEF4A9} - \bf878d97-0287-421f-86a1-65974521fc40-5 No Task File <==== ATTENTION
Task: {420024C5-5B56-483B-A7B9-4FC5CF7E1E0D} - System32\Tasks\temp_bf878d97-0287-421f-86a1-65974521fc40-2 => C:\Program Files (x86)\MediaPlayerplus\bf878d97-0287-421f-86a1-65974521fc40-2.exe <==== ATTENTION
Task: {5BC04FA3-DC03-4559-AE0E-A4C123FD573D} - \LaunchApp No Task File <==== ATTENTION
C:\Program Files (x86)\MediaPlayerplus
*****************

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3AF6736B-416D-442A-8188-95C063DEF4A9}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3AF6736B-416D-442A-8188-95C063DEF4A9}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bf878d97-0287-421f-86a1-65974521fc40-5' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{420024C5-5B56-483B-A7B9-4FC5CF7E1E0D}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{420024C5-5B56-483B-A7B9-4FC5CF7E1E0D}' => Key deleted successfully.
C:\Windows\System32\Tasks\temp_bf878d97-0287-421f-86a1-65974521fc40-2 not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\temp_bf878d97-0287-421f-86a1-65974521fc40-2' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5BC04FA3-DC03-4559-AE0E-A4C123FD573D}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BC04FA3-DC03-4559-AE0E-A4C123FD573D}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp' => Key deleted successfully.
"C:\Program Files (x86)\MediaPlayerplus" => File/Directory not found.

==== End of Fixlog ====
         
die Auswertung Malwarebytes

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 29.06.2014
Suchlauf-Zeit: 18:24:19
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.06.29.07
Rootkit Datenbank: v2014.06.23.02
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Roland

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 300778
Verstrichene Zeit: 15 Min, 55 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 2
PUP.Optional.Ciuvo.A, HKU\S-1-5-21-3276168417-1710210912-3039652309-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\ciuvo.com, In Quarantäne, [a992c1bd9cdfdc5a214d1e8f27db36ca], 
PUP.Optional.SuperFish.A, HKU\S-1-5-21-3276168417-1710210912-3039652309-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, In Quarantäne, [023955290e6dbf77d29b307d53afd32d], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
         
Logfile Eset

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=0dcb5887209ffe42b205041809f5aa59
# engine=18938
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-29 07:23:38
# local_time=2014-06-29 09:23:38 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 1080397 155699668 0 0
# scanned=228241
# found=16
# cleaned=0
# scan_time=8880
sh=8598114F9AD4C09722D2B355EC0F12734DCF5162 ft=1 fh=4e137d0fcf7317b9 vn="MSIL/Solimba.O evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3276168417-1710210912-3039652309-1001\$R4VVEO1.exe"
sh=D6660BECBDE4F334057CE2D0183CE5198720D5A7 ft=1 fh=b96591795db3368d vn="Win32/Systweak.B evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3276168417-1710210912-3039652309-1001\$RB4M68A.exe"
sh=8598114F9AD4C09722D2B355EC0F12734DCF5162 ft=1 fh=4e137d0fcf7317b9 vn="MSIL/Solimba.O evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3276168417-1710210912-3039652309-1001\$RJJHMVO.exe"
sh=E68D3C2C56EAC1668518E14FBEEB51CB8CF0A4CA ft=1 fh=ba62444eb39b91af vn="Variante von Win32/LoadTubes.A evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3276168417-1710210912-3039652309-1001\$RMYAC2J.exe"
sh=621D1DE4C084B87CCF068CC399A3A73716F1BF21 ft=1 fh=40edcf10c100959a vn="MSIL/Solimba.O evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3276168417-1710210912-3039652309-1001\$RN5QAQP.exe"
sh=FECADF6149E9ABF6B3E62429F95A492CDD79595A ft=1 fh=7ea345299883cac1 vn="Win64/Riskware.NetFilter.A Anwendung" ac=I fn="C:\FRST\Quarantine\C\Windows\System32\drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}Gw64.sys.xBAD"
sh=5B7E2A85907E01B214E998AB6BA01CDCA146D38A ft=1 fh=0449d3a621fc9ef5 vn="Variante von Win32/DomaIQ.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{73839D4F-4B65-48FC-A899-7715F9581AFC}"
sh=5B7E2A85907E01B214E998AB6BA01CDCA146D38A ft=1 fh=0449d3a621fc9ef5 vn="Variante von Win32/DomaIQ.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{73839D4F-4B65-48FC-A899-7715F9581AFC}"
sh=2337A9C1B17E72F4C4B5807C1F7098661E49B980 ft=1 fh=abbd31e3ba80409a vn="Win32/AnyProtect.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Roland\AppData\Local\nsr501E.tmp"
sh=90CD7BDECBDED324A198047014E4DF70ADC30820 ft=1 fh=713c59d1706994cf vn="Win32/OutBrowse.V evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Roland\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFYFDMCM\setup[1].exe"
sh=DC287D9AF69775BBB2DB89A00A3DF4E9DB35C46F ft=1 fh=298a8d7888b4be83 vn="Variante von Win32/Wajam.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\wajam_update[1].004"
sh=36B7B96EB53DA16D1FF11B7E9FF7F5CB50B32611 ft=1 fh=c25161fd9a01116d vn="Variante von Win32/Wajam.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4D0L60RY\wajam_update[1].004"
sh=368CF1D82743DEA9535487984406DD6C46D74826 ft=1 fh=1faa9e135822b4ec vn="Variante von Win32/Wajam.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PC47E67I\wajam_update[1].004"
sh=DC287D9AF69775BBB2DB89A00A3DF4E9DB35C46F ft=1 fh=298a8d7888b4be83 vn="Variante von Win32/Wajam.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\wajam_update[1].004"
sh=36B7B96EB53DA16D1FF11B7E9FF7F5CB50B32611 ft=1 fh=c25161fd9a01116d vn="Variante von Win32/Wajam.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4D0L60RY\wajam_update[1].004"
sh=368CF1D82743DEA9535487984406DD6C46D74826 ft=1 fh=1faa9e135822b4ec vn="Variante von Win32/Wajam.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PC47E67I\wajam_update[1].004"
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetesets_scanner_update returned -1 esets_gle=12
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=0dcb5887209ffe42b205041809f5aa59
# engine=18953
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-30 06:22:24
# local_time=2014-06-30 08:22:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 1163123 155782394 0 0
# scanned=228235
# found=16
# cleaned=0
# scan_time=9079
sh=8598114F9AD4C09722D2B355EC0F12734DCF5162 ft=1 fh=4e137d0fcf7317b9 vn="MSIL/Solimba.O evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3276168417-1710210912-3039652309-1001\$R4VVEO1.exe"
sh=D6660BECBDE4F334057CE2D0183CE5198720D5A7 ft=1 fh=b96591795db3368d vn="Win32/Systweak.B evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3276168417-1710210912-3039652309-1001\$RB4M68A.exe"
sh=8598114F9AD4C09722D2B355EC0F12734DCF5162 ft=1 fh=4e137d0fcf7317b9 vn="MSIL/Solimba.O evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3276168417-1710210912-3039652309-1001\$RJJHMVO.exe"
sh=E68D3C2C56EAC1668518E14FBEEB51CB8CF0A4CA ft=1 fh=ba62444eb39b91af vn="Variante von Win32/LoadTubes.A evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3276168417-1710210912-3039652309-1001\$RMYAC2J.exe"
sh=621D1DE4C084B87CCF068CC399A3A73716F1BF21 ft=1 fh=40edcf10c100959a vn="MSIL/Solimba.O evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3276168417-1710210912-3039652309-1001\$RN5QAQP.exe"
sh=FECADF6149E9ABF6B3E62429F95A492CDD79595A ft=1 fh=7ea345299883cac1 vn="Win64/Riskware.NetFilter.A Anwendung" ac=I fn="C:\FRST\Quarantine\C\Windows\System32\drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}Gw64.sys.xBAD"
sh=5B7E2A85907E01B214E998AB6BA01CDCA146D38A ft=1 fh=0449d3a621fc9ef5 vn="Variante von Win32/DomaIQ.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{73839D4F-4B65-48FC-A899-7715F9581AFC}"
sh=5B7E2A85907E01B214E998AB6BA01CDCA146D38A ft=1 fh=0449d3a621fc9ef5 vn="Variante von Win32/DomaIQ.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{73839D4F-4B65-48FC-A899-7715F9581AFC}"
sh=2337A9C1B17E72F4C4B5807C1F7098661E49B980 ft=1 fh=abbd31e3ba80409a vn="Win32/AnyProtect.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Roland\AppData\Local\nsr501E.tmp"
sh=90CD7BDECBDED324A198047014E4DF70ADC30820 ft=1 fh=713c59d1706994cf vn="Win32/OutBrowse.V evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Roland\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFYFDMCM\setup[1].exe"
sh=DC287D9AF69775BBB2DB89A00A3DF4E9DB35C46F ft=1 fh=298a8d7888b4be83 vn="Variante von Win32/Wajam.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\wajam_update[1].004"
sh=36B7B96EB53DA16D1FF11B7E9FF7F5CB50B32611 ft=1 fh=c25161fd9a01116d vn="Variante von Win32/Wajam.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4D0L60RY\wajam_update[1].004"
sh=368CF1D82743DEA9535487984406DD6C46D74826 ft=1 fh=1faa9e135822b4ec vn="Variante von Win32/Wajam.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PC47E67I\wajam_update[1].004"
sh=DC287D9AF69775BBB2DB89A00A3DF4E9DB35C46F ft=1 fh=298a8d7888b4be83 vn="Variante von Win32/Wajam.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\wajam_update[1].004"
sh=36B7B96EB53DA16D1FF11B7E9FF7F5CB50B32611 ft=1 fh=c25161fd9a01116d vn="Variante von Win32/Wajam.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4D0L60RY\wajam_update[1].004"
sh=368CF1D82743DEA9535487984406DD6C46D74826 ft=1 fh=1faa9e135822b4ec vn="Variante von Win32/Wajam.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PC47E67I\wajam_update[1].004"
         
so, und zu guter letzt die beiden FRST und Addition:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-06-2014 02
Ran by Roland (administrator) on ROLAND-HP on 30-06-2014 20:36:56
Running from C:\Users\Roland\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit_manager.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-01-07] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2011-01-07] (Atheros Commnucations)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [835072 2011-01-27] (IDT, Inc.)
HKLM\...\Run: [MfeEpePcMonitor] => C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704 2012-04-05] ()
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2996792 2011-07-15] (Hewlett-Packard Company)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2013-03-10] (Synaptics Incorporated)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12274688 2011-02-07] (Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HP HD Webcam [Fixed]_Monitor] => C:\Program Files (x86)\HP HD Webcam [Fixed]\monitor.exe [267128 2010-11-26] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.)
HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-04-05] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [HPQuickWebProxy] => c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-11-10] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-28] (ArcSoft Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [282624 2006-09-01] (Apple Computer, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [333728 2012-06-20] (Hewlett-Packard Company)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-11] (PDF Complete Inc)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-06-23] (Comodo Security Solutions, Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3276168417-1710210912-3039652309-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-3276168417-1710210912-3039652309-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3276168417-1710210912-3039652309-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-3276168417-1710210912-3039652309-1001\...\MountPoints2: {f2544118-11ef-11e2-9dc7-9cb70d6545a6} - H:\SETUP.EXE
Lsa: [Notification Packages] EpePcNp64 DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HD Writer.lnk
ShortcutTarget: HD Writer.lnk -> C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare Software.lnk
ShortcutTarget: Kodak EasyShare Software.lnk -> C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\COMODO\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {959DCE3C-ED81-4300-AD37-3ED717C16017} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\c69wdafk.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2011-12-23]

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-01-07] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [53920 2011-01-07] (Atheros Commnucations) [File not signed]
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70864 2014-06-24] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6817544 2014-04-16] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [481104 2011-02-12] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [476728 2011-09-05] (Hewlett-Packard Company)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-06-23] (Comodo Security Solutions, Inc.)
R3 HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2011-01-12] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company)
R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [320000 2011-02-07] (Hewlett-Packard) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [523680 2012-06-20] (Hewlett-Packard Company)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1323008 2012-04-05] () [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-11] (PDF Complete Inc)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
S2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-03-07] (Xobni Corporation)

==================== Drivers (Whitelisted) ====================

R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2013-05-07] (Windows (R) Win 7 DDK provider) [File not signed]
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2014-04-16] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-04-16] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2014-04-16] (COMODO)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64312 2011-05-10] (Hewlett-Packard Company)
R1 HMD; C:\Windows\System32\DRIVERS\hmd.sys [14888 2013-10-07] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105552 2014-04-16] (COMODO)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [100808 2012-04-05] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158920 2012-04-05] (McAfee, Inc.)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [2612728 2011-02-12] (Sunplus Technology)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-30 20:25 - 2014-06-30 20:25 - 00000000 ____D () C:\Users\Roland\Documents\Neuer Ordner (2)
2014-06-29 21:39 - 2014-06-30 20:37 - 00023849 _____ () C:\Users\Roland\Desktop\FRST.txt
2014-06-29 18:44 - 2014-06-29 18:44 - 02347384 _____ (ESET) C:\Users\Roland\Desktop\esetsmartinstaller_deu.exe
2014-06-29 18:42 - 2014-06-29 18:42 - 00001589 _____ () C:\Users\Roland\Desktop\mbam.txt
2014-06-29 18:05 - 2014-06-29 18:05 - 00000000 ____D () C:\Users\Roland\Desktop\FRST-OlderVersion
2014-06-26 17:22 - 2014-06-26 17:22 - 00002013 _____ () C:\Users\Public\Desktop\GeekBuddy.lnk
2014-06-25 18:38 - 2014-06-25 18:38 - 00000332 _____ () C:\Start_.cmd
2014-06-25 18:38 - 2014-06-25 18:38 - 00000000 ____D () C:\ComboFix
2014-06-25 18:37 - 2014-06-25 18:37 - 00000000 ____D () C:\Qoobox
2014-06-25 18:35 - 2014-06-25 18:46 - 00000000 ___SD () C:\32788R22FWJFW
2014-06-25 18:35 - 2014-06-25 18:35 - 00000000 ____D () C:\windows\erdnt
2014-06-25 18:18 - 2014-06-25 18:34 - 05211571 ____R (Swearware) C:\Users\Roland\Desktop\ComboFix.exe
2014-06-25 18:10 - 2014-06-25 18:10 - 00001346 _____ () C:\Users\Roland\Desktop\AdwCleaner[S1].txt
2014-06-25 17:59 - 2014-06-25 17:59 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Roland\Downloads\revosetup95.exe
2014-06-25 17:59 - 2014-06-25 17:59 - 00001268 _____ () C:\Users\Roland\Desktop\Revo Uninstaller.lnk
2014-06-25 17:59 - 2014-06-25 17:59 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-24 22:38 - 2014-06-24 22:38 - 00037532 _____ () C:\Users\Roland\Desktop\Logfiles.7z
2014-06-24 22:34 - 2014-06-24 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-24 22:34 - 2014-06-24 22:34 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-06-24 21:41 - 2014-06-24 21:41 - 00001290 _____ () C:\Users\Roland\Desktop\Malwarebytes 24.06..txt
2014-06-24 21:40 - 2014-06-24 21:40 - 00273681 _____ () C:\Users\Roland\Desktop\Malwarebytes 19.06..txt
2014-06-24 21:24 - 2014-06-24 21:24 - 00001678 _____ () C:\Users\Roland\Desktop\gmer.txt
2014-06-24 20:58 - 2014-06-24 20:58 - 00380416 _____ () C:\Users\Roland\Desktop\Gmer-19357.exe
2014-06-24 20:52 - 2014-06-29 21:40 - 00055439 _____ () C:\Users\Roland\Desktop\Addition.txt
2014-06-24 20:50 - 2014-06-30 20:37 - 00000000 ____D () C:\FRST
2014-06-24 20:49 - 2014-06-29 18:05 - 02083328 _____ (Farbar) C:\Users\Roland\Desktop\FRST64.exe
2014-06-24 20:46 - 2014-06-24 20:46 - 00000474 _____ () C:\Users\Roland\Desktop\defogger_disable.log
2014-06-24 20:46 - 2014-06-24 20:46 - 00000000 _____ () C:\Users\Roland\defogger_reenable
2014-06-24 20:44 - 2014-06-24 20:44 - 00050477 _____ () C:\Users\Roland\Desktop\Defogger.exe
2014-06-24 20:07 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-06-24 20:06 - 2014-06-25 18:04 - 00000000 ____D () C:\AdwCleaner
2014-06-24 20:01 - 2014-06-24 20:01 - 01342659 _____ () C:\Users\Roland\Desktop\adwcleaner_3.213.exe
2014-06-24 19:34 - 2014-06-24 19:34 - 00000000 ____D () C:\Users\Roland\AppData\Local\Macromedia
2014-06-24 19:26 - 2014-06-24 19:26 - 00001536 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-06-24 19:26 - 2014-06-24 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-06-24 19:25 - 2014-06-24 19:27 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\DVDVideoSoft
2014-06-24 19:25 - 2014-06-24 19:26 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-06-19 23:02 - 2014-06-19 23:03 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-19 23:02 - 2014-06-19 23:02 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-19 22:29 - 2014-06-19 22:29 - 00000000 ____D () C:\windows\System32\Tasks\COMODO
2014-06-19 22:28 - 2014-06-30 20:30 - 01474832 _____ () C:\windows\system32\Drivers\sfi.dat
2014-06-19 22:26 - 2014-06-19 22:29 - 00000000 ___SD () C:\ProgramData\Shared Space
2014-06-19 22:26 - 2014-06-19 22:26 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2014-06-19 21:20 - 2009-06-10 23:00 - 00000824 _____ () C:\windows\system32\Drivers\etc\hosts.20140619-212056.backup
2014-06-19 21:07 - 2014-06-19 21:08 - 00000452 _____ () C:\windows\wininit.ini
2014-06-19 20:27 - 2014-06-19 21:15 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-19 20:27 - 2014-06-19 20:28 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-19 20:27 - 2014-06-19 20:27 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-19 20:27 - 2014-06-19 20:27 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-19 20:27 - 2014-06-19 20:27 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2014-06-19 20:27 - 2014-06-19 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-19 20:27 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2014-06-19 18:12 - 2014-06-19 18:12 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\LavasoftStatistics
2014-06-19 18:08 - 2014-06-19 18:08 - 00000017 _____ () C:\ProgramData\adaware-installer-reboot-required.tmp
2014-06-19 18:07 - 2014-06-19 18:07 - 00000000 ____D () C:\Program Files\Lavasoft
2014-06-19 18:06 - 2014-06-19 18:06 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\Lavasoft
2014-06-19 18:06 - 2014-06-19 18:06 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-06-19 18:05 - 2014-06-19 18:05 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-06-19 17:58 - 2014-06-19 17:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\Roland\Desktop\HiJackThis204.exe
2014-06-19 17:44 - 2014-06-19 17:44 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-19 17:44 - 2014-06-19 17:44 - 00000000 ____D () C:\Users\Roland\AppData\Local\Mozilla
2014-06-19 17:44 - 2014-06-19 17:44 - 00000000 ____D () C:\ProgramData\Mozilla
2014-06-19 17:44 - 2014-06-19 17:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-19 17:43 - 2014-06-19 17:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-19 17:01 - 2014-06-24 22:34 - 00000000 ____D () C:\Users\Roland\Documents\Software
2014-06-19 17:01 - 2014-06-19 17:01 - 00000000 ____D () C:\Users\Roland\Documents\Neuer Ordner
2014-06-19 15:38 - 2014-06-29 18:24 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-19 15:38 - 2014-06-19 15:38 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-19 15:38 - 2014-06-19 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-19 15:38 - 2014-06-19 15:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-19 15:38 - 2014-06-19 15:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-19 15:38 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-06-19 15:38 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-06-19 15:38 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-06-19 14:48 - 2014-06-19 14:48 - 00000000 ____D () C:\Users\Roland\AppData\Local\AdTrustMedia
2014-06-19 14:46 - 2014-06-26 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2014-06-19 14:46 - 2014-06-19 22:26 - 00000000 ____D () C:\Program Files\COMODO
2014-06-19 14:46 - 2014-06-19 14:46 - 00000000 ____D () C:\ProgramData\Adtrustmedia
2014-06-19 14:46 - 2014-06-19 14:46 - 00000000 ____D () C:\Program Files (x86)\AdTrustMedia
2014-06-19 14:43 - 2014-06-19 22:28 - 00000000 ____D () C:\ProgramData\Comodo
2014-06-19 14:29 - 2014-06-29 18:07 - 00000336 _____ () C:\windows\Tasks\HPCeeScheduleForRoland.job
2014-06-19 14:29 - 2014-06-29 18:05 - 00003192 _____ () C:\windows\System32\Tasks\HPCeeScheduleForRoland
2014-06-17 09:20 - 2014-06-17 09:20 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2014-06-17 09:19 - 2014-06-17 09:19 - 00002419 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
2014-06-17 09:19 - 2014-06-17 09:19 - 00000000 ____D () C:\windows\WindowsMobile
2014-06-14 09:51 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-14 09:51 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-14 09:51 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-14 09:51 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-14 09:51 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-14 09:51 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-14 09:51 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-14 09:51 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-14 09:51 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-06-14 09:51 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-14 09:51 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-14 09:51 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-14 09:51 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-14 09:51 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-14 09:51 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-06-14 09:51 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-14 09:51 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-14 09:51 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-14 09:51 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-14 09:51 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-14 09:51 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-14 09:51 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-14 09:51 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-14 09:51 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2014-06-14 09:51 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2014-06-14 09:51 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-06-14 09:51 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-06-14 09:51 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2014-06-14 09:51 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-06-14 09:51 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2014-06-14 09:51 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-06-14 09:51 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2014-06-14 09:51 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-06-14 09:51 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2014-06-14 09:51 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-06-14 09:50 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-14 09:50 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-14 09:50 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-14 09:50 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-14 09:50 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-14 09:50 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-14 09:50 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-14 09:50 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-14 09:50 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-14 09:50 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-14 09:50 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-14 09:50 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-14 09:50 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-14 09:50 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-14 09:50 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-14 09:50 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-14 09:50 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-14 09:50 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-14 09:50 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-14 09:50 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-14 09:50 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-14 09:50 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-14 09:50 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-14 09:50 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-06-14 09:50 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-14 09:50 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-14 09:50 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-14 09:50 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-14 09:50 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-06-11 20:23 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-11 20:23 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll

==================== One Month Modified Files and Folders =======

2014-06-30 20:37 - 2014-06-29 21:39 - 00023849 _____ () C:\Users\Roland\Desktop\FRST.txt
2014-06-30 20:37 - 2014-06-24 20:50 - 00000000 ____D () C:\FRST
2014-06-30 20:30 - 2014-06-19 22:28 - 01474832 _____ () C:\windows\system32\Drivers\sfi.dat
2014-06-30 20:26 - 2012-11-17 12:04 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-06-30 20:25 - 2014-06-30 20:25 - 00000000 ____D () C:\Users\Roland\Documents\Neuer Ordner (2)
2014-06-30 19:23 - 2013-10-26 11:25 - 00003938 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{B625F410-820C-4B61-B025-64DD33DF11BC}
2014-06-30 17:58 - 2012-03-15 21:14 - 01345896 _____ () C:\windows\WindowsUpdate.log
2014-06-30 17:52 - 2012-10-05 23:02 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\Skype
2014-06-30 17:47 - 2009-07-14 06:45 - 00028352 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-30 17:47 - 2009-07-14 06:45 - 00028352 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-30 17:41 - 2012-03-15 21:29 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-06-30 17:40 - 2011-12-23 02:04 - 00000000 ____D () C:\ProgramData\PDFC
2014-06-30 17:40 - 2011-12-23 02:00 - 00000000 ____D () C:\ProgramData\HPQLOG
2014-06-30 17:40 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-06-30 17:40 - 2009-07-14 06:51 - 00085322 _____ () C:\windows\setupact.log
2014-06-29 21:40 - 2014-06-24 20:52 - 00055439 _____ () C:\Users\Roland\Desktop\Addition.txt
2014-06-29 18:44 - 2014-06-29 18:44 - 02347384 _____ (ESET) C:\Users\Roland\Desktop\esetsmartinstaller_deu.exe
2014-06-29 18:42 - 2014-06-29 18:42 - 00001589 _____ () C:\Users\Roland\Desktop\mbam.txt
2014-06-29 18:24 - 2014-06-19 15:38 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-29 18:07 - 2014-06-19 14:29 - 00000336 _____ () C:\windows\Tasks\HPCeeScheduleForRoland.job
2014-06-29 18:07 - 2014-04-15 16:30 - 00000000 ____D () C:\Program Files\Google
2014-06-29 18:07 - 2014-04-15 16:30 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-29 18:07 - 2010-11-21 05:47 - 00922178 _____ () C:\windows\PFRO.log
2014-06-29 18:05 - 2014-06-29 18:05 - 00000000 ____D () C:\Users\Roland\Desktop\FRST-OlderVersion
2014-06-29 18:05 - 2014-06-24 20:49 - 02083328 _____ (Farbar) C:\Users\Roland\Desktop\FRST64.exe
2014-06-29 18:05 - 2014-06-19 14:29 - 00003192 _____ () C:\windows\System32\Tasks\HPCeeScheduleForRoland
2014-06-29 17:58 - 2014-04-15 16:30 - 00000000 ____D () C:\Users\Roland\AppData\Local\Google
2014-06-26 17:22 - 2014-06-26 17:22 - 00002013 _____ () C:\Users\Public\Desktop\GeekBuddy.lnk
2014-06-26 17:22 - 2014-06-19 14:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2014-06-25 18:46 - 2014-06-25 18:35 - 00000000 ___SD () C:\32788R22FWJFW
2014-06-25 18:38 - 2014-06-25 18:38 - 00000332 _____ () C:\Start_.cmd
2014-06-25 18:38 - 2014-06-25 18:38 - 00000000 ____D () C:\ComboFix
2014-06-25 18:37 - 2014-06-25 18:37 - 00000000 ____D () C:\Qoobox
2014-06-25 18:35 - 2014-06-25 18:35 - 00000000 ____D () C:\windows\erdnt
2014-06-25 18:34 - 2014-06-25 18:18 - 05211571 ____R (Swearware) C:\Users\Roland\Desktop\ComboFix.exe
2014-06-25 18:10 - 2014-06-25 18:10 - 00001346 _____ () C:\Users\Roland\Desktop\AdwCleaner[S1].txt
2014-06-25 18:04 - 2014-06-24 20:06 - 00000000 ____D () C:\AdwCleaner
2014-06-25 17:59 - 2014-06-25 17:59 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Roland\Downloads\revosetup95.exe
2014-06-25 17:59 - 2014-06-25 17:59 - 00001268 _____ () C:\Users\Roland\Desktop\Revo Uninstaller.lnk
2014-06-25 17:59 - 2014-06-25 17:59 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-24 22:38 - 2014-06-24 22:38 - 00037532 _____ () C:\Users\Roland\Desktop\Logfiles.7z
2014-06-24 22:34 - 2014-06-24 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-24 22:34 - 2014-06-24 22:34 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-06-24 22:34 - 2014-06-19 17:01 - 00000000 ____D () C:\Users\Roland\Documents\Software
2014-06-24 21:41 - 2014-06-24 21:41 - 00001290 _____ () C:\Users\Roland\Desktop\Malwarebytes 24.06..txt
2014-06-24 21:40 - 2014-06-24 21:40 - 00273681 _____ () C:\Users\Roland\Desktop\Malwarebytes 19.06..txt
2014-06-24 21:24 - 2014-06-24 21:24 - 00001678 _____ () C:\Users\Roland\Desktop\gmer.txt
2014-06-24 20:58 - 2014-06-24 20:58 - 00380416 _____ () C:\Users\Roland\Desktop\Gmer-19357.exe
2014-06-24 20:46 - 2014-06-24 20:46 - 00000474 _____ () C:\Users\Roland\Desktop\defogger_disable.log
2014-06-24 20:46 - 2014-06-24 20:46 - 00000000 _____ () C:\Users\Roland\defogger_reenable
2014-06-24 20:46 - 2012-10-05 19:31 - 00000000 ____D () C:\Users\Roland
2014-06-24 20:44 - 2014-06-24 20:44 - 00050477 _____ () C:\Users\Roland\Desktop\Defogger.exe
2014-06-24 20:01 - 2014-06-24 20:01 - 01342659 _____ () C:\Users\Roland\Desktop\adwcleaner_3.213.exe
2014-06-24 19:34 - 2014-06-24 19:34 - 00000000 ____D () C:\Users\Roland\AppData\Local\Macromedia
2014-06-24 19:34 - 2012-11-17 12:04 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-06-24 19:34 - 2012-11-17 12:04 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-24 19:34 - 2012-11-17 12:04 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-06-24 19:27 - 2014-06-24 19:25 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\DVDVideoSoft
2014-06-24 19:26 - 2014-06-24 19:26 - 00001536 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-06-24 19:26 - 2014-06-24 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-06-24 19:26 - 2014-06-24 19:25 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-06-24 18:12 - 2012-10-05 22:27 - 31726592 ____R () C:\Users\Public\Documents\ESBK.mbb
2014-06-24 18:12 - 2012-10-05 22:27 - 09665536 ____R () C:\Users\Public\Documents\ESBK.mb
2014-06-19 23:03 - 2014-06-19 23:02 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-19 23:02 - 2014-06-19 23:02 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-19 23:02 - 2012-10-05 20:59 - 00000000 ____D () C:\ProgramData\Adobe
2014-06-19 23:01 - 2012-10-05 22:01 - 00000000 ____D () C:\Users\Roland\AppData\Local\Adobe
2014-06-19 22:29 - 2014-06-19 22:29 - 00000000 ____D () C:\windows\System32\Tasks\COMODO
2014-06-19 22:29 - 2014-06-19 22:26 - 00000000 ___SD () C:\ProgramData\Shared Space
2014-06-19 22:28 - 2014-06-19 14:43 - 00000000 ____D () C:\ProgramData\Comodo
2014-06-19 22:26 - 2014-06-19 22:26 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2014-06-19 22:26 - 2014-06-19 14:46 - 00000000 ____D () C:\Program Files\COMODO
2014-06-19 21:15 - 2014-06-19 20:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-19 21:08 - 2014-06-19 21:07 - 00000452 _____ () C:\windows\wininit.ini
2014-06-19 20:28 - 2014-06-19 20:27 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-19 20:27 - 2014-06-19 20:27 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-19 20:27 - 2014-06-19 20:27 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-19 20:27 - 2014-06-19 20:27 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2014-06-19 20:27 - 2014-06-19 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-19 18:28 - 2011-02-11 06:47 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-19 18:27 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\registration
2014-06-19 18:12 - 2014-06-19 18:12 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\LavasoftStatistics
2014-06-19 18:08 - 2014-06-19 18:08 - 00000017 _____ () C:\ProgramData\adaware-installer-reboot-required.tmp
2014-06-19 18:07 - 2014-06-19 18:07 - 00000000 ____D () C:\Program Files\Lavasoft
2014-06-19 18:06 - 2014-06-19 18:06 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\Lavasoft
2014-06-19 18:06 - 2014-06-19 18:06 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-06-19 18:05 - 2014-06-19 18:05 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-06-19 17:58 - 2014-06-19 17:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\Roland\Desktop\HiJackThis204.exe
2014-06-19 17:44 - 2014-06-19 17:44 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-19 17:44 - 2014-06-19 17:44 - 00000000 ____D () C:\Users\Roland\AppData\Local\Mozilla
2014-06-19 17:44 - 2014-06-19 17:44 - 00000000 ____D () C:\ProgramData\Mozilla
2014-06-19 17:44 - 2014-06-19 17:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-19 17:43 - 2014-06-19 17:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-19 17:32 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\IME
2014-06-19 17:01 - 2014-06-19 17:01 - 00000000 ____D () C:\Users\Roland\Documents\Neuer Ordner
2014-06-19 16:46 - 2013-09-22 18:45 - 00039424 ___SH () C:\Users\Roland\Documents\Thumbs.db
2014-06-19 16:41 - 2009-07-14 04:34 - 00000580 _____ () C:\windows\win.ini
2014-06-19 16:14 - 2012-10-11 19:19 - 00000000 ____D () C:\Users\Roland\AppData\Local\CrashDumps
2014-06-19 15:38 - 2014-06-19 15:38 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-19 15:38 - 2014-06-19 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-19 15:38 - 2014-06-19 15:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-19 15:38 - 2014-06-19 15:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-19 14:50 - 2011-02-11 07:19 - 00000000 ____D () C:\Users\Administrator
2014-06-19 14:48 - 2014-06-19 14:48 - 00000000 ____D () C:\Users\Roland\AppData\Local\AdTrustMedia
2014-06-19 14:46 - 2014-06-19 14:46 - 00000000 ____D () C:\ProgramData\Adtrustmedia
2014-06-19 14:46 - 2014-06-19 14:46 - 00000000 ____D () C:\Program Files (x86)\AdTrustMedia
2014-06-19 13:41 - 2012-10-05 19:30 - 00000344 _____ () C:\windows\Tasks\HPCeeScheduleForROLAND-HP$.job
2014-06-19 13:40 - 2012-03-15 21:41 - 00000000 ____D () C:\ProgramData\Norton
2014-06-19 13:17 - 2012-11-22 09:32 - 00000000 ____D () C:\Firefox
2014-06-19 13:17 - 2012-10-05 19:48 - 00000000 ____D () C:\Users\Roland\Documents\Bluetooth Folder
2014-06-19 13:17 - 2012-10-05 19:30 - 00003220 _____ () C:\windows\System32\Tasks\HPCeeScheduleForROLAND-HP$
2014-06-19 13:00 - 2012-10-10 20:09 - 00000000 ____D () C:\Users\Roland\Documents\Outlook-Dateien
2014-06-17 09:52 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-06-17 09:20 - 2014-06-17 09:20 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2014-06-17 09:19 - 2014-06-17 09:19 - 00002419 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
2014-06-17 09:19 - 2014-06-17 09:19 - 00000000 ____D () C:\windows\WindowsMobile
2014-06-17 09:06 - 2011-12-23 00:48 - 00700118 _____ () C:\windows\system32\perfh007.dat
2014-06-17 09:06 - 2011-12-23 00:48 - 00149968 _____ () C:\windows\system32\perfc007.dat
2014-06-17 09:06 - 2009-07-14 07:13 - 01622228 _____ () C:\windows\system32\PerfStringBackup.INI
2014-06-14 09:58 - 2013-08-15 09:24 - 00000000 ____D () C:\windows\system32\MRT
2014-06-14 09:55 - 2012-12-09 17:08 - 95414520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-06-14 09:55 - 2012-10-09 11:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-14 09:54 - 2014-05-07 20:47 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-06-08 11:13 - 2014-06-11 20:23 - 00506368 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-11 20:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\Roland\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-19 18:49

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 30.06.2014, 20:55   #14
Lolle74
 
Windows 7: websearch.de Virus? ständig poppen neue Seiten im Browser auf - Standard

Windows 7: websearch.de Virus? ständig poppen neue Seiten im Browser auf



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-06-2014 02
Ran by Roland at 2014-06-30 20:38:18
Running from C:\Users\Roland\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: COMODO Antivirus (Enabled - Up to date) {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: COMODO Antivirus (Enabled - Up to date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD APP SDK Runtime (Version: 2.5.793.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{03520551-508E-EDCA-4A14-90C706A54A41}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)
AMD Media Foundation Decoders (Version: 1.0.61013.1636 - Advanced Micro Devices, Inc.) Hidden
ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version:  - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version:  - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version:  - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version:  - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft)
ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 2.0.39.12 - ArcSoft)
ArcSoft TotalMedia (x32 Version: 1.0.48.25 - ArcSoft) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.30 - ArcSoft)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.02.000.55 - Atheros Communications)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-Lot - The Elizabethan Era (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2011.1013.1702.28713 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.1013.1702.28713 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.1013.1702.28713 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.1013.1702.28713 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.1013.1702.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.1013.1702.28713 - Advanced Micro Devices, Inc.) Hidden
CCScore (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
COMODO Internet Security Premium (HKLM\...\{D32EF4F9-1506-434E-A813-3D4C0AA50300}) (Version: 7.0.53315.4132 - COMODO Security Solutions Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version:  - Microsoft)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 6.1.0.1 - Hewlett-Packard Company)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 5.1.2 - CEWE COLOR AG u Co. OHG)
Drive Encryption For HP ProtectTools (HKLM\...\{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}) (Version: 6.0.99.30652 - Hewlett-Packard Company)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 14.3.20130522 - Landesfinanzdirektion Thüringen)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESSBrwr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSCDBK (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (x32 Version: 8.03.0000.0001 - Ihr Firmenname) Hidden
ESSgui (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (x32 Version: 8.02.0000.0001 - Ihr Firmenname) Hidden
ESSPCD (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPDock (x32 Version: 6.03.0001.0004 - Ihr Firmenname) Hidden
ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Face Recognition for HP ProtectTools (HKLM\...\{D3A775F2-2674-4452-8D80-1FC1446052EE}) (Version: 6.00.4407 - Hewlett-Packard Company)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
fflink (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 6.0.0.8 - Hewlett-Packard Company)
Free YouTube to MP3 Converter version 3.12.39.604 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.39.604 - DVDVideoSoft Ltd.)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GeekBuddy (HKLM\...\{B1339E23-51C9-4025-A047-20C3A8DA2CCC}) (Version: 4.13.108 - Comodo Security Solutions Inc)
HD Writer LE 1.1 (HKLM-x32\...\{7337268E-47CC-469B-BBB3-353CE7107580}) (Version: 1.01.008.1031 - Panasonic Corporation)
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP 3D DriveGuard (HKLM\...\{65C1BEAD-B50B-498C-BB6B-CDE4F30584B1}) (Version: 4.1.14.1 - Hewlett-Packard Company)
HP Auto (Version: 1.0.12494.3472 - Hewlett-Packard Company) Hidden
HP Connection Manager (HKLM-x32\...\{4B21E4B2-89B8-499D-803A-34ABF929401E}) (Version: 4.1.10.1 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP DayStarter (HKLM\...\{483D5A49-A26B-4CB8-AA2D-0D1811322061}) (Version: 2.0.0.12 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{C6A49140-A2D9-4CA4-BB92-2E1C8CBB6E16}) (Version: 1.3.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{6357258D-2BF9-49E7-A9EF-0C609D52C46D}) (Version: 2.0.6.1 - Hewlett-Packard Company)
HP Game Console (x32 Version:  - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP HD Webcam [Fixed] (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.3.4.09 - SunplusIT)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.6.4.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{D9355D03-2C06-401B-8A16-F6500379AE21}) (Version: 2.1.0.6 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 6.00.888 - Hewlett-Packard Company)
HP ProtectTools Security Manager (Version: 6.00.888 - Hewlett-Packard Company) Hidden
HP QuickWeb (HKLM-x32\...\{3F437675-F102-4866-BDE1-FFFC7B45EC0B}) (Version: 3.1.2.10229 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{344A1AA2-AC8E-4741-BDB0-65B68FDA883C}) (Version: 3.2.0.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{B446137B-18A1-4FAE-B0E4-ABE8F09705F1}) (Version: 4.1.6.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{531000B3-DBEE-4115-BBF3-DA48B67C053F}) (Version: 8.2.1.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{D2A2E5CD-801A-4B8D-8119-F79449A09B67}) (Version: 2.3.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 2.00 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6325.0 - IDT)
Iminent (x32 Version: 6.20.11.0 - Iminent) Hidden <==== ATTENTION
Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Intel(R) Identity Protection Technology 1.0.71.0 (HKLM-x32\...\{2C43790E-8470-1027-82D3-DF319F3C410F}) (Version: 1.0.71.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Quest II (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.57.2 - JMicron Technology Corp.)
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
kgcbaby (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgchday (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgchlwn (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcinvt (x32 Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
kgckids (x32 Version: 6.03.0001.0001 - EASTMAN KODAK Company) Hidden
kgcmove (x32 Version: 6.03.0001.0001 - EASTMAN KODAK Company) Hidden
kgcvday (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
Kodak EasyShare Software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
netbrdg (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
OfotoXMI (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.64 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Privacy Manager for HP ProtectTools (HKLM\...\{ACA53F68-B003-4D0E-9C3D-0C4EE09D08A8}) (Version: 6.00.831 - Hewlett-Packard Company)
PrivDog (HKLM-x32\...\PrivDog) (Version: 2.2.0.14 - privdog.com)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickTime (HKLM-x32\...\{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}) (Version: 7.1.3.100 - Apple Computer, Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0016 - Realtek)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SDK (x32 Version: 2.26.012 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SFR (x32 Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden
SHASTA (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
skin0001 (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
staticcr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.0.33 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 6.0.0.33 - Hewlett-Packard Company) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Validity Fingerprint Sensor Driver (HKLM\...\{FFC3E41D-2C2B-45B7-9AD9-5EA19572DD26}) (Version: 4.3.117.0 - Validity Sensors, Inc.)
VIP Access SDK x64(1.0.0.50)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.0.50 - Symantec Inc.)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
VPRINTOL (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinZip 14.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )
WIRELESS (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Xobni (HKLM-x32\...\XobniMain) (Version: 1.9.5.13282 - Xobni Corp.)
Xobni Core (x32 Version: 1.0.0 - Xobni, Inc.) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Restore Points  =========================

17-06-2014 07:07:22 Windows Update
19-06-2014 12:48:23 Gerätetreiber-Paketinstallation: COMODO Netzwerkdienst
19-06-2014 15:26:26 Wiederherstellungsvorgang
19-06-2014 16:05:11 AA11
19-06-2014 16:24:53 Wiederherstellungsvorgang
19-06-2014 17:56:13 Windows Modules Installer
19-06-2014 18:10:58 AA11
19-06-2014 18:20:44 AA11
19-06-2014 20:27:38 Gerätetreiber-Paketinstallation: COMODO Netzwerkdienst
24-06-2014 18:11:50 vor Dateienlöschen durch adwCleaner

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-06-19 21:20 - 00450709 ____R C:\windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {032FFAA7-8FBC-40F7-BA50-6E9F06E0AE27} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {04C5C61F-777B-4AE0-A332-DAA5A43D364E} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {1EB9DB07-F7A1-4C3F-B2D7-53D8E90753D9} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {2727357D-8F72-4F7D-94F6-CC72A73E3D17} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {2B4934F5-11C1-4AEC-A062-17A588AEE768} - System32\Tasks\HPCeeScheduleForRoland => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {307CC9C7-5392-49E2-901B-CFF47C34A13C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2012-12-17] (Microsoft)
Task: {36C0BDF4-F54D-4D9C-AD9B-242203C6DB92} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {47110E08-9684-407C-A5CD-D4A166227259} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {4DA38C00-4ED2-480A-974F-9145132EB572} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {6EF5C5F5-052D-4BD9-ACE2-B78241DC0969} - System32\Tasks\HPCeeScheduleForROLAND-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {7F8594F3-1A91-490F-BD0C-A5A12EC04B3C} - System32\Tasks\{5905FAAF-46D5-40ED-8EA3-929D60A95978} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.3.0.107/de/go/help.faq.installer?LastError=1618
Task: {8A5A36BC-698A-4826-AC80-8325E6F1F9EF} - System32\Tasks\EasyShare Registration Task => Rundll32.exe C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.20.1.sxt _RegistrationOffer@16
Task: {9EB252C2-4D45-4591-8807-483F28FEA2D3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {A14B4ABE-85EF-404E-815D-999E78FB658C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {B843490B-E2EA-407A-822E-43A738776849} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {BDA09C33-8A0F-4403-9EA4-BC94620BEBA3} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-24] (Adobe Systems Incorporated)
Task: {DEF8432D-75B9-4A86-B0B5-7127362B0FD9} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {E9D8BDAD-5B15-4A96-B58F-3DAE02770F1A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\EasyShare Registration Task.job => ³#"ê)‡‚GµÜËҖ¨rFa<
 sÀ$!!C:\windows\system32\rundll32.exeZC:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.20.1.sxt _RegistrationOffer@16Roland0Ü

Task: C:\windows\Tasks\HPCeeScheduleForROLAND-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\windows\Tasks\HPCeeScheduleForRoland.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2011-01-31 21:54 - 2011-01-31 21:54 - 00107008 _____ () c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2012-04-05 19:39 - 2012-04-05 19:39 - 03401216 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2010-09-06 14:18 - 2010-09-06 14:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll
2012-04-05 19:29 - 2012-04-05 19:29 - 01956864 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcNp64.DLL
2012-04-05 18:41 - 2012-04-05 18:41 - 01323008 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-03-15 13:39 - 2011-08-31 06:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-04-05 19:21 - 2012-04-05 19:21 - 00200704 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
2014-06-24 09:43 - 2014-06-24 09:43 - 01283792 _____ () C:\Program Files\COMODO\GeekBuddy\QtNetwork4.dll
2014-06-24 09:43 - 2014-06-24 09:43 - 02875600 _____ () C:\Program Files\COMODO\GeekBuddy\QtCore4.dll
2014-06-24 09:43 - 2014-06-24 09:43 - 10451664 _____ () C:\Program Files\COMODO\GeekBuddy\QtGui4.dll
2014-06-24 09:43 - 2014-06-24 09:43 - 00039120 _____ () C:\Program Files\COMODO\GeekBuddy\imageformats\qgif4.dll
2014-06-24 09:43 - 2014-06-24 09:43 - 01529040 _____ () C:\Program Files\COMODO\GeekBuddy\QtScript4.dll
2010-11-26 13:31 - 2010-11-26 13:31 - 00267128 _____ () C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe
2011-12-23 02:06 - 2011-06-11 13:42 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2011-11-09 18:55 - 2011-11-09 18:55 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-11-02 23:03 - 2011-11-02 23:03 - 00024576 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResources.dll
2011-10-14 01:01 - 2011-10-14 01:01 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-06-24 12:21 - 2010-06-24 12:21 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2013-04-15 18:39 - 2013-04-15 18:39 - 00073424 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2012-04-05 19:17 - 2012-04-05 19:17 - 02830336 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2012-04-05 18:40 - 2012-04-05 18:40 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2012-04-05 19:20 - 2012-04-05 19:20 - 02863104 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2012-04-05 19:18 - 2012-04-05 19:18 - 00053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll
2012-04-05 18:44 - 2012-04-05 18:44 - 02035712 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2012-04-05 18:45 - 2012-04-05 18:45 - 01945600 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2012-04-05 19:15 - 2012-04-05 19:15 - 03092480 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll
2014-06-19 20:27 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-06-19 20:27 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-06-19 20:27 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-06-19 20:27 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-06-19 20:27 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-02-17 12:05 - 2014-02-17 12:05 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3e27ac2000641918e7215d97c63e957d\IsdiInterop.ni.dll
2012-03-15 21:18 - 2011-01-13 03:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2010-06-24 12:19 - 2010-06-24 12:19 - 00514570 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2014-06-19 17:43 - 2014-06-06 06:38 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:AD022376

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/30/2014 05:47:13 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/30/2014 05:46:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/30/2014 05:46:31 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/30/2014 05:40:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2014 09:36:55 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/29/2014 06:52:57 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/29/2014 06:52:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/29/2014 06:52:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/29/2014 06:44:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/29/2014 06:08:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/29/2014 09:46:23 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (06/29/2014 06:06:17 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (06/27/2014 00:27:35 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (06/27/2014 07:40:53 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (06/25/2014 07:49:49 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (06/24/2014 10:44:53 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (06/24/2014 07:33:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "hpHotkeyMonitor" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/24/2014 06:04:38 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (06/24/2014 06:04:34 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (06/24/2014 07:46:10 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}


Microsoft Office Sessions:
=========================
Error: (06/30/2014 05:47:13 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Roland\Desktop\esetsmartinstaller_deu.exe

Error: (06/30/2014 05:46:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Roland\Desktop\esetsmartinstaller_deu.exe

Error: (06/30/2014 05:46:31 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Roland\Desktop\esetsmartinstaller_deu.exe

Error: (06/30/2014 05:40:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2014 09:36:55 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (06/29/2014 06:52:57 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Roland\Desktop\esetsmartinstaller_deu.exe

Error: (06/29/2014 06:52:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Roland\Desktop\esetsmartinstaller_deu.exe

Error: (06/29/2014 06:52:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Roland\Desktop\esetsmartinstaller_deu.exe

Error: (06/29/2014 06:44:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Roland\Desktop\esetsmartinstaller_deu.exe

Error: (06/29/2014 06:08:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 68%
Total physical RAM: 4030.36 MB
Available physical RAM: 1276.83 MB
Total Pagefile: 8058.9 MB
Available Pagefile: 4271.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:571.97 GB) (Free:483.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_RECOVERY) (Fixed) (Total:18.9 GB) (Free:2.87 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:4.98 GB) (Free:2.1 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 12DEB3A0)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=572 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5 GB) - (Type=0C)

==================== End Of Log ============================
         
hoffe, habe alles richtig gemacht..
was bedeuten denn diese errors im letzten log?

Alt 01.07.2014, 21:39   #15
Bootsektor
/// TB-Ausbilder
 
Windows 7: websearch.de Virus? ständig poppen neue Seiten im Browser auf - Standard

Windows 7: websearch.de Virus? ständig poppen neue Seiten im Browser auf



Hallo Lolle

Zitat:
Hallo Sandra,
hoffe hattest ein schönes Wochenende. Heute spielt schon wieder Deutschland
Ja, war sehr spannend, abgesehen von der ersten Halbzeit... und ich bin froh, dass wir Manuel Neuer haben

Schritt 1
Bitte deinstalliere folgende Programme (falls vorhanden) :
Iminent
PrivDog

Dazu gehe auf:
den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Programm auswählen --> entfernen

Falls du ein Programm nicht deinstallieren kannst, lade dir von hier den Revo-uninstaller herunter und deinstalliere es damit, wähle dabei den moderaten Modus.

Schritt 2
Lösche bitte den Inhalt deines Papierkorbs

Schritt 3
Datenträgerbereinigung
  • Gehe auf das Windowsstartsymbol
  • Gebe im Suchfeld Datenträgerrereinigung ein
  • Setze den Haken zusätzlich bei Temporäre Dateien
  • Bestätige mit OK
  • Bestätige dass du die Dateien unwiderruflich löschen möchtest

OK
So wie ich es sehe, haben wir damit alles Schadhafte entfernt. Deine Logs sind sauber.
Abschließend räumen wir noch etwas auf, führen Updates durch und dann bekommst du noch etwas Lesestoff von mir.

Schritt 1

Falls Du Malwarebytes-Antimalware und den ESET-Onlinescan nicht mehr benötigst, kannst Du beide Programme einfach über die Programmdeinstallation deinstallieren.
Ich empfehle Dir aber zumindest Malwarebytes zu behalten, und damit einmal die Woche einen Kontrollscan zu machen.

Schritt 2

Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.
Code:
ATTFilter
Combofix /Uninstall
         


Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.

Schritt 3
Downloade dir bitte delfix auf deinen Desktop.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.
  • DelFix entfernt u. a. alle verwendeten Programme und löscht sich abschließend selbst.
Falls nach Delfix noch Programme aus unserer Bereinigung vorhanden sein sollten, kannst du diese nun bedenkenlos löschen.

Updates / Programme aktualisieren
  • FlashPlayer
Dein FlashPlayer für den InternetExplorer (ActiveX) ist nicht mehr aktuell.
  • deinstalliere die alten Versionen.
  • Öffne mit dem InternetExplorer folgenden Link Adobe - Adobe Flash Player installieren
  • Falls sich dort etwas anderes als der FlashPlayer noch zusätzlich mitinstallieren möchte, entferne den Haken dort
Aktualisierung einstellen
Stelle sicher, dass dein FlashPlayer nach Updates sucht. Den FlashPlayer kann man direkt bei der Installation so konfigurieren, dass er nach Updates automatisch sucht, nachträglich kann man das über folgenden Link machen:
Adobe - Flash Player: Einstellungsmanager - Globale Benachrichtigungseinstellungen
  • Adobe Reader
Dein Adobe Reader ist veraltet.
Deinstalliere Deinen Reader und lade Dir die neueste Version von hier herunter. Schaue, ob sich noch etwas mit installieren möchte und entferne den Haken gegebenenfalls.
  • Java
Dein Java ist nicht mehr aktuell.
Java ist eine große Sicherheitslücke auf deinem System, es werden immer wieder neue Schwachstellen entdeckt, die ausgenutzt werden um Rechner zu infizieren.
Sofern du Java nicht zwingend benötigst, solltest du es komplett deinstallieren.

Windows XP
Gehe auf:
Start --> Systemsteuerung --> Software --> Javaversionen auswählen --> entfernen
Windows Vista
Gehe auf:
Start --> Systemsteuerung -- > Programme --> Programme deinstallieren --> Javaversionen suchen --> entfernen
Windows 7
Dazu gehe auf:
den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Javaversionen auswählen --> entfernen
Windows 8
Dazu drücke auf:
Windowstaste und X
dann:
Programme und Funktionen -->Javaversionen auswählen --> entfernen

Falls du Java doch unbedingt benötigst, dann
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 60 ) herunter laden.
  • Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Haken gesetzt ist und klicke OK.
  • Klicke erneut OK.

und sorge dafür, dass Java automatisch updated.
Dazu:
  • öffne Java
  • klicke auf den Reiter Update
  • klicke auf: Benachrichtung ausgeben: Vor dem Download setze den Haken bei Automatisch nach Updates suchen
  • klicke auf Erweitert
  • ändere das Intervall mindestens auf wöchentlich
und schalte das Browser-Plugin aus.
Hier findest du eine Anleitung dazu.

Nun zum Schluss noch ein paar Tipps zur Absicherung deines Systems.

Aktualität des Systems
Es ist extrem wichtig, dass sowohl dein System als auch die darauf installierte sicherheitsrelevante Software (Flash Player, PDF-Reader und besonders Java, sofern vorhanden) aktuell sind.
  • Bitte überprüfe, ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.

Antivirensoftware
  • Gehe sicher immer eine Antiviren Software installiert zu haben und halte diese unbedingt aktuell.

Zusätzlicher Schutz
  • MalwareBytes Anti-Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On-Demand Scantool welches viele aktuelle Malware erkennt und auch entfernt.
    Aktualisiere das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der Internet Explorer, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf einen Banner um diesen zu AdBlockPlus hinzuzufügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.


Systemleistung
Lösche regelmäßig deine temporären Dateien. Ich empfehle hierzu die Datenträgerbereinigung von Windows.
Windows Vista
  • Klicke unten links auf das Vistasymbol
  • Gehe auf Programme -> Zubehör -> Systemprogramme -> Datenträgerbereinigung
  • Wähle nun Dateien von allen Benutzern des Computers aus und bestätige mit OK
  • Setze den Haken bei den zu löschenden Dateien zusätzlich bei Temporäre Dateien
  • Bestätige mit OK
  • Bestätige dass du die Dateien unwiderruflich löschen möchtest

Windows 7
  • Gehe auf das Windowsstartsymbol
  • Gebe im Suchfeld Datenträgerrereinigung ein
  • Setze den Haken zusätzlich bei Temporäre Dateien
  • Bestätige mit OK

Windows 8
  • Rechtsklicke in die untere linke Ecke deines Bildschirms
  • Klicke auf Suchen
  • Klicke auf Einstellungen
  • Gebe im Suchfeld Datenträgerbereinigung ein
  • Klicke in den Einstellungen auf der linken Seite nun auf Speicherplatz durch Löschen nicht erforderlicher Dateien freigeben
  • Setze den Haken zusätzlich bei Temporäre Dateien
  • Bestätige mit OK
  • Bestätige dass du die Dateien unwiderruflich löschen möchtest

Halte dich fern von jeglichen Registry Cleanern.
Diese schaden deinem System mehr als dass sie es schneller machen.

Verhaltensregeln zum sichereren Surfen
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
  • Achte besonders bei der Installation von Programmen darauf, ob sich weitere Software mitinstallieren möchte, wähle wo immer es geht die benutzerdefinierte Installation und wähle alles ab, was nichts mit dem Programm zu tun hat, welches du dir installieren möchtest.

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind.

Falls Du Lob oder Kritik abgeben möchtest, kannst Du das sehr gerne hier tun.

Wenn Du etwas für das Forum und unsere Arbeit spenden möchtest, so kannst Du das hier tun.

Antwort

Themen zu Windows 7: websearch.de Virus? ständig poppen neue Seiten im Browser auf
deaktiviert, folge, installation, logdatei, msil/solimba.o, namen, neue seite, nicht mehr, notebook, pup.optional.ciuvo.a, pup.optional.superfish.a, seiten, spybot, update, win32/anyprotect.d, win32/domaiq.az, win32/loadtubes.a, win32/outbrowse.v, win32/systweak.b, win32/wajam.g, win64/riskware.netfilter.a, windows, windows 7



Ähnliche Themen: Windows 7: websearch.de Virus? ständig poppen neue Seiten im Browser auf


  1. Windows 7: Ständig neue Werbeanzeigen sowie neue Fenster öffnen sich in Chrome
    Plagegeister aller Art und deren Bekämpfung - 12.03.2015 (15)
  2. Chrome und Internet Explorer öffnen ständig neue Seiten
    Plagegeister aller Art und deren Bekämpfung - 17.01.2015 (5)
  3. Windows 7: Ständig neue Werbeanzeigen sowie neue Fenster öffnen sich in Chrome.
    Plagegeister aller Art und deren Bekämpfung - 13.01.2015 (10)
  4. Es kommt ständig Werbung und es werden ständig neue Seiten
    Log-Analyse und Auswertung - 31.10.2014 (15)
  5. Windows Installer und ständig Werbund und Pop Ups, neue Fenster im Browser
    Plagegeister aller Art und deren Bekämpfung - 27.07.2014 (13)
  6. Windows 7: Es poppen neue Tabs auf und fordern zur Installation auf.
    Log-Analyse und Auswertung - 01.07.2014 (9)
  7. Es kommt ständig Werbung und es werden ständig neue Seiten geöffnet
    Plagegeister aller Art und deren Bekämpfung - 29.06.2014 (16)
  8. Firefox öffnet ständig neue seiten
    Plagegeister aller Art und deren Bekämpfung - 06.04.2014 (9)
  9. neue Seiten mit rvzr-a.akamaihd.net öffnen sich ständig
    Log-Analyse und Auswertung - 01.12.2013 (18)
  10. Internet-Browser öffnet ständig neue Fenster
    Log-Analyse und Auswertung - 23.08.2011 (23)
  11. Trojaner öffnet ständig neue Seiten in Firefox!
    Plagegeister aller Art und deren Bekämpfung - 30.10.2010 (10)
  12. Ständig öffnen sich unerwünscht neue Fenster/Internet-Seiten
    Log-Analyse und Auswertung - 05.12.2009 (5)
  13. IE öffnet ständig neue Seiten Popups
    Log-Analyse und Auswertung - 04.02.2009 (3)
  14. Es öffnen sich ständig neue Seiten - Firefox
    Log-Analyse und Auswertung - 26.12.2008 (0)
  15. Browser öffnet ständig neue Fenster! Virus?
    Mülltonne - 22.12.2008 (0)
  16. ie öffnet ständig neue seiten
    Log-Analyse und Auswertung - 20.10.2008 (3)
  17. ständig gehen neue Seiten mit Werbung auf bitte Logfile auswerten
    Log-Analyse und Auswertung - 04.05.2008 (53)

Zum Thema Windows 7: websearch.de Virus? ständig poppen neue Seiten im Browser auf - Liebes Trojaner-Board-Team! Ich habe das Notebook eines Freundes zum "Viren-Bereinigen" erhalten und bin als Laie leider mit meinem Latein am Ende. Ständig poppen neue Seiten im Browser auf. Vor allem - Windows 7: websearch.de Virus? ständig poppen neue Seiten im Browser auf...
Archiv
Du betrachtest: Windows 7: websearch.de Virus? ständig poppen neue Seiten im Browser auf auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.