Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: ShopperPro und Superfish nerven

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.07.2014, 13:04   #16
M-K-D-B
/// TB-Ausbilder
 
ShopperPro und Superfish nerven - Standard

ShopperPro und Superfish nerven



Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
(ShopperPro) C:\Program Files\Common Files\ShopperPro\spbiu.exe
R2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe [2346880 2014-06-26] (ShopperPro)
R3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [41856 2014-06-26] ()
C:\Program Files\Common Files\ShopperPro
C:\Program Files (x86)\SafetySearch
C:\Users\UpdatusUser\Desktop\YouTube Accelerator.lnk
C:\Users\Helene\AppData\Local\*.tmp
Task: {20C48B72-D2A3-4B86-B69E-DBFDFD7BD684} - \SPDriver No Task File <==== ATTENTION
Task: {21A15686-7026-4CAA-905D-1285339B4A58} - \ShopperProJSUpd No Task File <==== ATTENTION
Task: {4BE03F53-CD52-4493-A4DA-38D367CE538B} - \a097acfd-33d7-4167-9a2e-b241fa3244ae-5_user No Task File <==== ATTENTION
Task: {4CB21252-0439-45A3-BC09-3FDA87AA2931} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {6E352E34-2D64-4D38-A0EA-E1AE5C8D4496} - \51a98152-68df-45fd-baf2-e0bc3abe65b2-5_user No Task File <==== ATTENTION
Task: {7CDAA056-92D3-4D8C-828D-B29EC44B21C9} - \APSnotifierPP1 No Task File <==== ATTENTION
Task: {7FDECA42-E218-4F35-B65D-46087AF25AD0} - \APSnotifierPP3 No Task File <==== ATTENTION
Task: {8599D78C-DE17-4068-AE35-061C5226EF44} - \APSnotifierPP2 No Task File <==== ATTENTION
Task: {AEB7E18B-15C3-4826-9FCC-FB7F89D8202E} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {C7891459-02E9-4226-AEC2-C62D7F5695C5} - \ShopperPro No Task File <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
Reboot:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die beiden neuen Logdateien von FRST.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 13.07.2014, 13:19   #17
Ministerin
 
ShopperPro und Superfish nerven - Standard

ShopperPro und Superfish nerven



Fixlog.text
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-07-2014
Ran by Helene at 2014-07-13 13:09:12 Run:1
Running from C:\Users\Helene\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
(ShopperPro) C:\Program Files\Common Files\ShopperPro\spbiu.exe
R2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe [2346880 2014-06-26] (ShopperPro)
R3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [41856 2014-06-26] ()
C:\Program Files\Common Files\ShopperPro
C:\Program Files (x86)\SafetySearch
C:\Users\UpdatusUser\Desktop\YouTube Accelerator.lnk
C:\Users\Helene\AppData\Local\*.tmp
Task: {20C48B72-D2A3-4B86-B69E-DBFDFD7BD684} - \SPDriver No Task File <==== ATTENTION
Task: {21A15686-7026-4CAA-905D-1285339B4A58} - \ShopperProJSUpd No Task File <==== ATTENTION
Task: {4BE03F53-CD52-4493-A4DA-38D367CE538B} - \a097acfd-33d7-4167-9a2e-b241fa3244ae-5_user No Task File <==== ATTENTION
Task: {4CB21252-0439-45A3-BC09-3FDA87AA2931} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {6E352E34-2D64-4D38-A0EA-E1AE5C8D4496} - \51a98152-68df-45fd-baf2-e0bc3abe65b2-5_user No Task File <==== ATTENTION
Task: {7CDAA056-92D3-4D8C-828D-B29EC44B21C9} - \APSnotifierPP1 No Task File <==== ATTENTION
Task: {7FDECA42-E218-4F35-B65D-46087AF25AD0} - \APSnotifierPP3 No Task File <==== ATTENTION
Task: {8599D78C-DE17-4068-AE35-061C5226EF44} - \APSnotifierPP2 No Task File <==== ATTENTION
Task: {AEB7E18B-15C3-4826-9FCC-FB7F89D8202E} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {C7891459-02E9-4226-AEC2-C62D7F5695C5} - \ShopperPro No Task File <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
Reboot:
end
*****************

[2512] C:\Program Files\Common Files\ShopperPro\spbiu.exe => Process closed successfully.
SPBIUpd => Service stopped successfully.
SPBIUpd => Service deleted successfully.
SPBIUpdd => Unable to stop service
SPBIUpdd => Service deleted successfully.
C:\Program Files\Common Files\ShopperPro => Moved successfully.
C:\Program Files (x86)\SafetySearch => Moved successfully.
C:\Users\UpdatusUser\Desktop\YouTube Accelerator.lnk => Moved successfully.
Symbolic link found: "C:\Users\Helene\AppData\Local\*.tmp" => ""
"C:\Users\Helene\AppData\Local\*.tmp" => Failed to delete symbolic link.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{20C48B72-D2A3-4B86-B69E-DBFDFD7BD684}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20C48B72-D2A3-4B86-B69E-DBFDFD7BD684}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPDriver' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{21A15686-7026-4CAA-905D-1285339B4A58}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21A15686-7026-4CAA-905D-1285339B4A58}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperProJSUpd' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4BE03F53-CD52-4493-A4DA-38D367CE538B}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BE03F53-CD52-4493-A4DA-38D367CE538B}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\a097acfd-33d7-4167-9a2e-b241fa3244ae-5_user' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4CB21252-0439-45A3-BC09-3FDA87AA2931}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CB21252-0439-45A3-BC09-3FDA87AA2931}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6E352E34-2D64-4D38-A0EA-E1AE5C8D4496}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E352E34-2D64-4D38-A0EA-E1AE5C8D4496}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\51a98152-68df-45fd-baf2-e0bc3abe65b2-5_user' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7CDAA056-92D3-4D8C-828D-B29EC44B21C9}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CDAA056-92D3-4D8C-828D-B29EC44B21C9}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7FDECA42-E218-4F35-B65D-46087AF25AD0}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FDECA42-E218-4F35-B65D-46087AF25AD0}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8599D78C-DE17-4068-AE35-061C5226EF44}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8599D78C-DE17-4068-AE35-061C5226EF44}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AEB7E18B-15C3-4826-9FCC-FB7F89D8202E}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AEB7E18B-15C3-4826-9FCC-FB7F89D8202E}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C7891459-02E9-4226-AEC2-C62D7F5695C5}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7891459-02E9-4226-AEC2-C62D7F5695C5}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperPro' => Key deleted successfully.
'HKLM\SOFTWARE\Policies\Google' => Key deleted successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.


The system needed a reboot. 

==== End of Fixlog ====
         
neue logdatei FRST Editor

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-07-2014
Ran by Helene (administrator) on AFRIKA on 13-07-2014 13:14:01
Running from C:\Users\Helene\Desktop
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Genie9) C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Genie9) C:\Program Files\Genie9\Genie Timeline\GenieTimeLineAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Dropbox, Inc.) C:\Users\Helene\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
() C:\Program Files (x86)\GoCrypt\Enky.ED.Main.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Index.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\wmi64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\setup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1063200 2013-10-18] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-16] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe [24504 2012-10-25] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [122200 2014-06-09] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1030656583-4166508464-2724445772-1003\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466656 2014-05-23] (Sony)
HKU\S-1-5-21-1030656583-4166508464-2724445772-1003\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2295584 2014-04-21] (IObit)
HKU\S-1-5-21-1030656583-4166508464-2724445772-1003\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [122200 2014-06-09] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1030656583-4166508464-2724445772-1003\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Helene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Helene\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Helene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GoCrypt.lnk
ShortcutTarget: GoCrypt.lnk -> C:\Program Files (x86)\GoCrypt\Enky.ED.Main.exe ()
Startup: C:\Users\Helene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GoCrypt_Install.lnk
ShortcutTarget: GoCrypt_Install.lnk -> C:\Program Files (x86)\GoCrypt\GoCrypt_Install.cmd ()
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Helene\AppData\Roaming\Mozilla\Firefox\Profiles\ctnoteii.default
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Users\Helene\AppData\Roaming\Mozilla\Firefox\Profiles\ctnoteii.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Helene\AppData\Roaming\Mozilla\Firefox\Profiles\ctnoteii.default\Extensions\ascsurfingprotection@iobit.com [2014-05-20]
FF Extension: StumbleUpon - C:\Users\Helene\AppData\Roaming\Mozilla\Firefox\Profiles\ctnoteii.default\Extensions\toolbar@stumbleupon.com [2014-01-13]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013-09-06]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013-09-06]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013-09-06]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013-09-06]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013-09-06]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR DefaultNewTabURL: 
CHR Extension: (Google Docs) - C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-10]
CHR Extension: (Google Drive) - C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-10]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2014-07-12]
CHR Extension: (YouTube) - C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-10]
CHR Extension: (Google-Suche) - C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-10]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-07-10]
CHR Extension: (Minimal) - C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfhcmjkebafbfikmbkhdpbmfpfjgiog [2014-07-12]
CHR Extension: (Google Maps) - C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-07-12]
CHR Extension: (Google Wallet) - C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-10]
CHR Extension: (Google Mail) - C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-10]
CHR Extension: (Anti-Banner) - C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-07-10]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-10-25]

==================== Services (Whitelisted) =================

R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [435032 2014-06-09] (Garmin Ltd or its subsidiaries)
R2 GenieTimelineService; C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe [672272 2013-04-16] (Genie9)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-08-16] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-18] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72992 2014-06-06] (IObit)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [627296 2014-05-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-12-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [50448 2013-09-06] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178448 2013-09-06] (Kaspersky Lab ZAO)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit)
R1 UimBus; C:\Windows\System32\drivers\uimx64.sys [90960 2013-08-01] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-08-01] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-08-01] (Paragon)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-13 13:14 - 2014-07-13 13:14 - 00026288 _____ () C:\Users\Helene\Desktop\FRST.txt
2014-07-13 13:10 - 2014-07-13 13:10 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-07-13 12:54 - 2014-07-13 12:55 - 00040795 _____ () C:\Users\Helene\Desktop\Addition.txt
2014-07-13 12:53 - 2014-07-13 12:53 - 02086912 _____ (Farbar) C:\Users\Helene\Desktop\FRST64.exe
2014-07-13 12:53 - 2014-07-13 12:53 - 00000000 ____D () C:\Users\Helene\Desktop\FRST-OlderVersion
2014-07-13 12:35 - 2014-07-13 12:28 - 01285120 _____ () C:\Users\Helene\Desktop\zoek.exe
2014-07-13 12:28 - 2014-07-13 12:28 - 01285120 _____ () C:\Users\Helene\Downloads\zoek.exe
2014-07-13 12:28 - 2014-07-13 12:28 - 00000000 ____D () C:\zoek_backup
2014-07-13 12:14 - 2014-07-13 12:14 - 00000615 _____ () C:\Users\Helene\Desktop\JRT.txt
2014-07-13 12:06 - 2014-07-13 12:06 - 01016261 _____ (Thisisu) C:\Users\Helene\Desktop\JRT.exe
2014-07-13 11:51 - 2014-07-13 11:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Helene\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-07-13 11:46 - 2014-07-13 11:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Helene\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-13 11:38 - 2014-07-13 11:38 - 00000000 ____D () C:\ProgramData\ShopperPro
2014-07-13 11:35 - 2014-07-13 11:37 - 00000000 ____D () C:\AdwCleaner
2014-07-13 11:33 - 2014-07-13 11:33 - 01348263 _____ () C:\Users\Helene\Downloads\adwcleaner_3.215 (1).exe
2014-07-13 11:33 - 2014-07-13 11:33 - 01348263 _____ () C:\Users\Helene\Desktop\adwcleaner_3.215 (1).exe
2014-07-13 11:16 - 2014-07-13 11:16 - 07674224 _____ () C:\Users\Helene\Downloads\npp.6.6.7.Installer.exe
2014-07-13 11:09 - 2014-07-13 11:10 - 00077851 _____ () C:\Users\Helene\Downloads\FRST.txt
2014-07-13 11:09 - 2014-07-13 11:10 - 00053322 _____ () C:\Users\Helene\Downloads\Addition.txt
2014-07-13 11:08 - 2014-07-13 13:14 - 00000000 ____D () C:\FRST
2014-07-13 10:09 - 2014-07-13 13:10 - 00001894 _____ () C:\WINDOWS\PFRO.log
2014-07-13 10:09 - 2014-07-13 10:09 - 00312824 _____ () C:\WINDOWS\Minidump\071314-25562-01.dmp
2014-07-13 10:09 - 2014-07-13 10:09 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-12 18:11 - 2014-07-12 18:11 - 01348263 _____ () C:\Users\Helene\Downloads\adwcleaner_3.215.exe
2014-07-12 15:06 - 2014-07-13 13:14 - 00002201 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-12 15:06 - 2014-07-12 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-12 11:31 - 2014-07-13 12:08 - 00000294 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job
2014-07-12 11:31 - 2014-07-12 11:31 - 00002396 _____ () C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Administrator
2014-07-12 11:31 - 2014-07-12 11:31 - 00001270 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-07-11 17:42 - 2014-07-12 11:33 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-11 17:24 - 2014-07-11 20:23 - 00001752 _____ () C:\sc-cleaner.txt
2014-07-11 16:08 - 2014-07-11 17:09 - 00000000 ____D () C:\Users\Public\Documents\Stronghold AntiMalware
2014-07-11 07:51 - 2014-07-11 07:51 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-07-11 07:51 - 2014-07-11 07:51 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-07-11 07:51 - 2014-07-11 07:51 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-07-11 07:51 - 2014-07-11 07:51 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-07-11 07:51 - 2014-07-11 07:51 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-07-11 07:51 - 2014-07-11 07:51 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-07-11 07:51 - 2014-07-11 07:51 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-07-11 07:51 - 2014-07-11 07:51 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-07-11 07:51 - 2014-07-11 07:51 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-07-11 07:51 - 2014-07-11 07:51 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-07-11 07:51 - 2014-07-11 07:51 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-07-11 07:51 - 2014-07-11 07:51 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-07-11 07:51 - 2014-07-11 07:51 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-07-11 07:51 - 2014-07-11 07:51 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-07-11 07:51 - 2014-07-11 07:51 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-07-11 07:51 - 2014-07-11 07:51 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-07-11 07:51 - 2014-07-11 07:51 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-07-11 07:51 - 2014-07-11 07:51 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-07-11 07:51 - 2014-07-11 07:51 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-07-11 07:51 - 2014-07-11 07:51 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-07-10 07:04 - 2014-07-10 07:04 - 00000000 ____D () C:\Users\Helene\AppData\Local\IngES
2014-07-09 19:08 - 2014-06-26 22:55 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-07-09 19:08 - 2014-06-26 22:55 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 19:05 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-09 19:04 - 2014-07-09 19:04 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-09 18:21 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-09 18:21 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-09 18:21 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-09 18:21 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-09 18:21 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-09 18:21 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-09 18:21 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-09 18:21 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-09 18:20 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-09 18:20 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-09 18:20 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-09 18:20 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-09 18:20 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-09 18:20 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-09 18:20 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-09 18:20 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-09 18:20 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-09 18:20 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-09 18:20 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-09 18:20 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-09 18:20 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-09 18:20 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-09 18:20 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-09 18:20 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-09 18:20 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-09 18:20 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-09 18:20 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-09 18:20 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-09 18:20 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-09 18:20 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-09 18:20 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-09 18:20 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-09 18:20 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-09 18:20 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-09 18:20 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-09 18:20 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-09 18:20 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-09 18:20 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-09 18:20 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-09 18:19 - 2014-07-01 00:45 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-09 18:19 - 2014-06-28 09:48 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-09 18:19 - 2014-06-28 09:07 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-09 18:19 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-09 18:19 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-09 18:19 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-09 18:19 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-09 18:19 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 18:19 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-09 18:19 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-09 18:19 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 18:19 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-09 18:19 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-09 18:19 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-09 18:19 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-09 18:19 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-09 18:19 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-09 18:19 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-09 18:17 - 2014-07-09 18:17 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-09 07:01 - 2014-07-09 07:01 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\16BA38DE.sys
2014-07-09 06:56 - 2014-07-09 06:56 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys
2014-07-09 06:56 - 2014-07-09 06:56 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\3CFE091E.sys
2014-07-07 18:21 - 2014-07-07 18:21 - 00017170 _____ () C:\Users\Helene\Desktop\bookmarks_07.07.14.html
2014-07-07 18:19 - 2014-07-07 18:19 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\204F50BF.sys
2014-07-07 17:19 - 2014-07-07 19:47 - 00000000 ____D () C:\Users\Helene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-07-07 17:11 - 2014-07-07 17:11 - 00000000 ____D () C:\ProgramData\Licenses
2014-07-07 16:51 - 2014-07-07 16:51 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-07-07 16:41 - 2014-07-10 07:06 - 00000000 ____D () C:\Users\Helene\AppData\Roaming\WinDesinfector
2014-07-07 16:39 - 2014-07-07 16:39 - 00000000 ____D () C:\Users\Helene\AppData\Local\Downloaded Installations
2014-07-07 16:37 - 2014-07-09 18:36 - 00000000 ____D () C:\Users\Helene\AppData\Local\WEKA DVD Interface
2014-07-07 12:53 - 2014-07-07 12:53 - 00000000 ____D () C:\Users\Helene\AppData\Roaming\Abelssoft
2014-07-07 12:53 - 2014-07-07 12:53 - 00000000 ____D () C:\Users\Helene\AppData\Local\Abelssoft
2014-07-07 12:53 - 2014-07-07 12:53 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-07-07 12:51 - 2014-07-07 12:51 - 00000000 ____D () C:\Users\Helene\AppData\Roaming\COMPUTER BILD PC-Aufräumer 2014
2014-07-07 12:46 - 2014-07-07 18:59 - 00000000 ____D () C:\Program Files (x86)\AntiBrowserSpy
2014-07-07 12:45 - 2014-07-07 12:45 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2014-07-07 12:45 - 2014-07-07 12:45 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2014-07-07 12:45 - 2014-07-07 12:45 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2014-07-07 12:45 - 2014-07-07 12:45 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2014-07-07 12:45 - 2014-07-07 12:45 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2014-07-07 12:45 - 2014-07-07 12:45 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2014-07-07 12:45 - 2014-07-07 12:45 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2014-07-07 12:45 - 2014-07-07 12:45 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2014-07-07 12:45 - 2014-07-07 12:45 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2014-07-07 12:45 - 2014-07-07 12:45 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2014-07-07 12:45 - 2014-07-07 12:45 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2014-07-07 12:45 - 2014-07-07 12:45 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2014-07-07 12:45 - 2014-07-07 12:45 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2014-07-07 12:45 - 2014-07-07 12:45 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2014-07-06 18:43 - 2014-07-06 18:43 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-06 18:06 - 2014-07-06 18:06 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Helene\Downloads\WiNlOgOn.exe.exe
2014-07-06 17:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-07-06 17:18 - 2014-07-06 17:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-06 08:03 - 2014-07-06 10:00 - 00000003 _____ () C:\Users\Helene\AppData\Local\proxy.log
2014-07-06 08:02 - 2014-07-06 08:02 - 00172032 _____ (Jin Hui E-mail: jinhui@jcomsoft.com Web: hxxp://www.jcomsoft.com) C:\WINDOWS\SysWOW64\AniGIF.ocx
2014-07-06 07:57 - 2014-07-06 07:57 - 00000000 ____D () C:\Users\Helene\AppData\Local\CrashRpt
2014-07-06 07:57 - 2014-07-06 07:57 - 00000000 ____D () C:\ProgramData\RapidSolution
2014-07-06 07:57 - 2014-07-06 07:57 - 00000000 ____D () C:\Program Files (x86)\Audials
2014-07-06 07:56 - 2014-07-06 07:56 - 00591320 _____ (ClickMeIn Limited) C:\Users\Helene\AppData\Local\nspA723.tmp
2014-07-06 07:56 - 2014-07-06 07:56 - 00000000 ____D () C:\Users\Helene\AppData\Local\RapidSolution
2014-06-28 16:28 - 2014-07-06 16:05 - 00000000 ____D () C:\Users\Helene\Desktop\em-italy
2014-06-27 07:18 - 2014-06-27 07:18 - 00001365 _____ () C:\Users\Public\Desktop\NAVIGON Fresh.lnk
2014-06-27 07:18 - 2014-06-27 07:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON
2014-06-27 07:18 - 2014-06-27 07:18 - 00000000 ____D () C:\Program Files (x86)\NAVIGON
2014-06-27 07:01 - 2014-06-27 07:01 - 01721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01009.dll
2014-06-27 07:01 - 2014-06-27 07:01 - 00027760 _____ (Sony Ericsson Mobile Communications) C:\WINDOWS\system32\Drivers\ggsemc.sys
2014-06-27 07:01 - 2014-06-27 07:01 - 00014448 _____ (Sony Ericsson Mobile Communications) C:\WINDOWS\system32\Drivers\ggflt.sys
2014-06-27 06:59 - 2014-06-27 06:59 - 00000000 ____D () C:\ProgramData\Sony Mobile
2014-06-27 06:59 - 2014-06-27 06:59 - 00000000 ____D () C:\Program Files (x86)\Sony Mobile
2014-06-25 07:21 - 2014-06-25 07:21 - 00002056 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-06-19 06:32 - 2014-06-19 06:32 - 00000024 _____ () C:\Users\Helene\AppData\Roaming\temp.ini
2014-06-18 08:35 - 2014-06-18 15:11 - 00000000 ____D () C:\Users\Helene\AppData\Local\Adobe
2014-06-17 15:18 - 2014-07-07 20:05 - 00003164 _____ () C:\WINDOWS\System32\Tasks\StartMenuAutoupdate
2014-06-17 15:18 - 2014-06-17 15:18 - 00001289 _____ () C:\Users\Public\Desktop\Start Menu 8.lnk
2014-06-17 15:18 - 2014-06-17 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8
2014-06-14 12:58 - 2014-06-14 12:58 - 04720640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 02844160 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 02641920 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 02125344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 01726224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 01473080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 01118720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-06-14 12:58 - 2014-06-14 12:58 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-06-14 12:58 - 2014-06-14 12:58 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 01025536 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-06-14 12:58 - 2014-06-14 12:58 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-06-14 12:58 - 2014-06-14 12:58 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-06-14 12:58 - 2014-06-14 12:58 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2014-06-14 12:58 - 2014-06-14 12:58 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2014-06-14 12:58 - 2014-06-14 12:58 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2014-06-14 12:58 - 2014-06-14 12:58 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2014-06-14 12:58 - 2014-06-14 12:58 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2014-06-14 12:58 - 2014-06-14 12:58 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00050745 _____ () C:\WINDOWS\system32\srms.dat
2014-06-14 12:58 - 2014-06-14 12:58 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2014-06-14 12:58 - 2014-06-14 12:58 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll

==================== One Month Modified Files and Folders =======

2014-07-13 13:14 - 2014-07-13 13:14 - 00026288 _____ () C:\Users\Helene\Desktop\FRST.txt
2014-07-13 13:14 - 2014-07-13 11:08 - 00000000 ____D () C:\FRST
2014-07-13 13:14 - 2014-07-12 15:06 - 00002201 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-13 13:12 - 2013-09-02 18:45 - 00001120 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-13 13:11 - 2013-11-23 21:18 - 00000000 ___RD () C:\Users\Helene\Desktop\Dropbox
2014-07-13 13:11 - 2013-11-23 21:11 - 00000000 ____D () C:\Users\Helene\AppData\Roaming\Dropbox
2014-07-13 13:11 - 2013-09-02 21:08 - 00000000 ____D () C:\Users\Helene\AppData\Roaming\Skype
2014-07-13 13:10 - 2014-07-13 13:10 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-07-13 13:10 - 2014-07-13 10:09 - 00001894 _____ () C:\WINDOWS\PFRO.log
2014-07-13 13:10 - 2014-05-07 07:30 - 00000000 ____D () C:\Users\Helene\AppData\Roaming\DropboxMaster
2014-07-13 13:10 - 2013-10-30 12:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-13 13:10 - 2013-09-06 17:34 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-13 13:10 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-13 13:09 - 2013-08-22 17:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-07-13 13:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-13 12:55 - 2014-07-13 12:54 - 00040795 _____ () C:\Users\Helene\Desktop\Addition.txt
2014-07-13 12:53 - 2014-07-13 12:53 - 02086912 _____ (Farbar) C:\Users\Helene\Desktop\FRST64.exe
2014-07-13 12:53 - 2014-07-13 12:53 - 00000000 ____D () C:\Users\Helene\Desktop\FRST-OlderVersion
2014-07-13 12:28 - 2014-07-13 12:35 - 01285120 _____ () C:\Users\Helene\Desktop\zoek.exe
2014-07-13 12:28 - 2014-07-13 12:28 - 01285120 _____ () C:\Users\Helene\Downloads\zoek.exe
2014-07-13 12:28 - 2014-07-13 12:28 - 00000000 ____D () C:\zoek_backup
2014-07-13 12:22 - 2013-09-11 19:05 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-13 12:22 - 2013-09-02 18:45 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-13 12:17 - 2013-09-02 18:07 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1030656583-4166508464-2724445772-1003
2014-07-13 12:14 - 2014-07-13 12:14 - 00000615 _____ () C:\Users\Helene\Desktop\JRT.txt
2014-07-13 12:08 - 2014-07-12 11:31 - 00000294 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job
2014-07-13 12:06 - 2014-07-13 12:06 - 01016261 _____ (Thisisu) C:\Users\Helene\Desktop\JRT.exe
2014-07-13 11:51 - 2014-07-13 11:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Helene\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-07-13 11:46 - 2014-07-13 11:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Helene\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-13 11:38 - 2014-07-13 11:38 - 00000000 ____D () C:\ProgramData\ShopperPro
2014-07-13 11:37 - 2014-07-13 11:35 - 00000000 ____D () C:\AdwCleaner
2014-07-13 11:37 - 2013-10-30 12:12 - 00000000 ____D () C:\Users\Helene
2014-07-13 11:33 - 2014-07-13 11:33 - 01348263 _____ () C:\Users\Helene\Downloads\adwcleaner_3.215 (1).exe
2014-07-13 11:33 - 2014-07-13 11:33 - 01348263 _____ () C:\Users\Helene\Desktop\adwcleaner_3.215 (1).exe
2014-07-13 11:16 - 2014-07-13 11:16 - 07674224 _____ () C:\Users\Helene\Downloads\npp.6.6.7.Installer.exe
2014-07-13 11:10 - 2014-07-13 11:09 - 00077851 _____ () C:\Users\Helene\Downloads\FRST.txt
2014-07-13 11:10 - 2014-07-13 11:09 - 00053322 _____ () C:\Users\Helene\Downloads\Addition.txt
2014-07-13 10:09 - 2014-07-13 10:09 - 00312824 _____ () C:\WINDOWS\Minidump\071314-25562-01.dmp
2014-07-13 10:09 - 2014-07-13 10:09 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-13 10:09 - 2012-10-07 11:45 - 571964767 _____ () C:\WINDOWS\MEMORY.DMP
2014-07-13 09:25 - 2013-10-31 16:09 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6658EC1B-A6D8-421D-AEDC-FD2FDFBDB560}
2014-07-13 07:55 - 2012-08-29 17:56 - 00000000 ____D () C:\WINDOWS\it
2014-07-13 07:54 - 2013-10-30 12:09 - 01552618 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-12 18:13 - 2013-08-22 15:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-12 18:11 - 2014-07-12 18:11 - 01348263 _____ () C:\Users\Helene\Downloads\adwcleaner_3.215.exe
2014-07-12 16:42 - 2013-09-02 21:22 - 00000000 ____D () C:\Users\Helene\AppData\Roaming\XnView
2014-07-12 15:06 - 2014-07-12 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-12 15:06 - 2013-09-02 18:45 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-12 14:19 - 2014-01-13 07:51 - 84443136 _____ () C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak
2014-07-12 14:19 - 2014-01-13 07:51 - 05283840 _____ () C:\WINDOWS\system32\config\DRIVERS.iodefrag.bak
2014-07-12 14:19 - 2014-01-13 07:51 - 00425984 _____ () C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak
2014-07-12 14:19 - 2014-01-13 07:51 - 00032768 _____ () C:\WINDOWS\system32\config\SAM.iodefrag.bak
2014-07-12 14:19 - 2014-01-13 07:51 - 00028672 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2014-07-12 11:33 - 2014-07-11 17:42 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-12 11:31 - 2014-07-12 11:31 - 00002396 _____ () C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Administrator
2014-07-12 11:31 - 2014-07-12 11:31 - 00001270 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-07-12 08:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-12 07:14 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-11 20:23 - 2014-07-11 17:24 - 00001752 _____ () C:\sc-cleaner.txt
2014-07-11 17:09 - 2014-07-11 16:08 - 00000000 ____D () C:\Users\Public\Documents\Stronghold AntiMalware
2014-07-11 07:51 - 2014-07-11 07:51 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-07-11 07:51 - 2014-07-11 07:51 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-07-11 07:51 - 2014-07-11 07:51 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-07-11 07:51 - 2014-07-11 07:51 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-07-11 07:51 - 2014-07-11 07:51 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-07-11 07:51 - 2014-07-11 07:51 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-07-11 07:51 - 2014-07-11 07:51 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-07-11 07:51 - 2014-07-11 07:51 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-07-11 07:51 - 2014-07-11 07:51 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-07-11 07:51 - 2014-07-11 07:51 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-07-11 07:51 - 2014-07-11 07:51 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-07-11 07:51 - 2014-07-11 07:51 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-07-11 07:51 - 2014-07-11 07:51 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-07-11 07:51 - 2014-07-11 07:51 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-07-11 07:51 - 2014-07-11 07:51 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-07-11 07:51 - 2014-07-11 07:51 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-07-11 07:51 - 2014-07-11 07:51 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-07-11 07:51 - 2014-07-11 07:51 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-07-11 07:51 - 2014-07-11 07:51 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-07-11 07:51 - 2014-07-11 07:51 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-07-11 07:51 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-10 07:06 - 2014-07-07 16:41 - 00000000 ____D () C:\Users\Helene\AppData\Roaming\WinDesinfector
2014-07-10 07:04 - 2014-07-10 07:04 - 00000000 ____D () C:\Users\Helene\AppData\Local\IngES
2014-07-10 05:51 - 2013-08-22 16:44 - 00469160 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-09 19:44 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-09 19:44 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-09 19:44 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-09 19:44 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-09 19:14 - 2013-09-03 09:04 - 00000000 ___RD () C:\Users\Helene\Desktop\Sicherungsfreie Zone
2014-07-09 19:08 - 2013-09-03 19:17 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-09 19:08 - 2013-09-02 18:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 19:07 - 2013-09-03 19:17 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-09 19:07 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-09 19:05 - 2013-09-30 05:59 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 19:04 - 2014-07-09 19:04 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-09 18:36 - 2014-07-07 16:37 - 00000000 ____D () C:\Users\Helene\AppData\Local\WEKA DVD Interface
2014-07-09 18:17 - 2014-07-09 18:17 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-09 17:53 - 2013-11-05 07:39 - 00000000 ____D () C:\ProgramData\ProductData
2014-07-09 17:52 - 2013-11-03 08:16 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2014-07-09 07:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Resources
2014-07-09 07:01 - 2014-07-09 07:01 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\16BA38DE.sys
2014-07-09 06:56 - 2014-07-09 06:56 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys
2014-07-09 06:56 - 2014-07-09 06:56 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\3CFE091E.sys
2014-07-08 19:22 - 2013-09-11 19:05 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-07-08 13:36 - 2013-08-22 17:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-07-07 22:27 - 2013-09-30 05:59 - 00000000 ____D () C:\WINDOWS\ShellNew
2014-07-07 20:19 - 2014-02-27 20:25 - 00000258 _____ () C:\WINDOWS\Tasks\ASC7_SkipUac_Helene.job
2014-07-07 20:05 - 2014-06-17 15:18 - 00003164 _____ () C:\WINDOWS\System32\Tasks\StartMenuAutoupdate
2014-07-07 20:05 - 2014-06-12 05:45 - 00003558 _____ () C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2014-07-07 20:05 - 2014-05-27 09:53 - 00003168 _____ () C:\WINDOWS\System32\Tasks\SmartDefrag3_Update
2014-07-07 20:05 - 2014-02-27 20:25 - 00002362 _____ () C:\WINDOWS\System32\Tasks\ASC7_SkipUac_Helene
2014-07-07 20:05 - 2013-09-06 17:40 - 00003062 _____ () C:\WINDOWS\System32\Tasks\{D0EDCB75-4D55-4736-8AED-8D9F3028E3BC}
2014-07-07 19:53 - 2013-09-02 21:02 - 00000000 ____D () C:\Users\Helene\AppData\Roaming\IObit
2014-07-07 19:47 - 2014-07-07 17:19 - 00000000 ____D () C:\Users\Helene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-07-07 19:03 - 2013-09-05 15:27 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-07 19:03 - 2013-09-05 15:27 - 00001149 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-07 18:59 - 2014-07-07 12:46 - 00000000 ____D () C:\Program Files (x86)\AntiBrowserSpy
2014-07-07 18:49 - 2013-09-02 18:00 - 00000000 ____D () C:\Users\Helene\AppData\Local\VirtualStore
2014-07-07 18:21 - 2014-07-07 18:21 - 00017170 _____ () C:\Users\Helene\Desktop\bookmarks_07.07.14.html
2014-07-07 18:19 - 2014-07-07 18:19 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\204F50BF.sys
2014-07-07 17:11 - 2014-07-07 17:11 - 00000000 ____D () C:\ProgramData\Licenses
2014-07-07 17:11 - 2012-09-10 13:35 - 00000000 ____D () C:\ProgramData\Temp
2014-07-07 16:51 - 2014-07-07 16:51 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-07-07 16:39 - 2014-07-07 16:39 - 00000000 ____D () C:\Users\Helene\AppData\Local\Downloaded Installations
2014-07-07 12:53 - 2014-07-07 12:53 - 00000000 ____D () C:\Users\Helene\AppData\Roaming\Abelssoft
2014-07-07 12:53 - 2014-07-07 12:53 - 00000000 ____D () C:\Users\Helene\AppData\Local\Abelssoft
2014-07-07 12:53 - 2014-07-07 12:53 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-07-07 12:51 - 2014-07-07 12:51 - 00000000 ____D () C:\Users\Helene\AppData\Roaming\COMPUTER BILD PC-Aufräumer 2014
2014-07-07 12:45 - 2014-07-07 12:45 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2014-07-07 12:45 - 2014-07-07 12:45 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2014-07-07 12:45 - 2014-07-07 12:45 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2014-07-07 12:45 - 2014-07-07 12:45 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2014-07-07 12:45 - 2014-07-07 12:45 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2014-07-07 12:45 - 2014-07-07 12:45 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2014-07-07 12:45 - 2014-07-07 12:45 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2014-07-07 12:45 - 2014-07-07 12:45 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2014-07-07 12:45 - 2014-07-07 12:45 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2014-07-07 12:45 - 2014-07-07 12:45 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2014-07-07 12:45 - 2014-07-07 12:45 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2014-07-07 12:45 - 2014-07-07 12:45 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2014-07-07 12:45 - 2014-07-07 12:45 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2014-07-07 12:45 - 2014-07-07 12:45 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2014-07-07 10:15 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\schemas
2014-07-06 18:43 - 2014-07-06 18:43 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-06 18:06 - 2014-07-06 18:06 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Helene\Downloads\WiNlOgOn.exe.exe
2014-07-06 17:18 - 2014-07-06 17:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-06 16:05 - 2014-06-28 16:28 - 00000000 ____D () C:\Users\Helene\Desktop\em-italy
2014-07-06 10:00 - 2014-07-06 08:03 - 00000003 _____ () C:\Users\Helene\AppData\Local\proxy.log
2014-07-06 08:02 - 2014-07-06 08:02 - 00172032 _____ (Jin Hui E-mail: jinhui@jcomsoft.com Web: hxxp://www.jcomsoft.com) C:\WINDOWS\SysWOW64\AniGIF.ocx
2014-07-06 08:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2014-07-06 07:57 - 2014-07-06 07:57 - 00000000 ____D () C:\Users\Helene\AppData\Local\CrashRpt
2014-07-06 07:57 - 2014-07-06 07:57 - 00000000 ____D () C:\ProgramData\RapidSolution
2014-07-06 07:57 - 2014-07-06 07:57 - 00000000 ____D () C:\Program Files (x86)\Audials
2014-07-06 07:56 - 2014-07-06 07:56 - 00591320 _____ (ClickMeIn Limited) C:\Users\Helene\AppData\Local\nspA723.tmp
2014-07-06 07:56 - 2014-07-06 07:56 - 00000000 ____D () C:\Users\Helene\AppData\Local\RapidSolution
2014-07-04 11:22 - 2013-09-30 06:14 - 00005640 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-04 11:22 - 2013-09-30 05:56 - 01097636 _____ () C:\WINDOWS\system32\perfh007.dat
2014-07-04 11:22 - 2013-09-30 05:56 - 00261402 _____ () C:\WINDOWS\system32\perfc007.dat
2014-07-03 19:44 - 2013-09-02 17:59 - 00000000 ____D () C:\Users\Helene\AppData\Local\Packages
2014-07-02 16:33 - 2013-09-03 09:04 - 00000000 ____D () C:\Users\Helene\Desktop\unterlagen
2014-07-01 00:45 - 2014-07-09 18:19 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-06-28 09:48 - 2014-07-09 18:19 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-06-28 09:07 - 2014-07-09 18:19 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-06-27 07:18 - 2014-06-27 07:18 - 00001365 _____ () C:\Users\Public\Desktop\NAVIGON Fresh.lnk
2014-06-27 07:18 - 2014-06-27 07:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON
2014-06-27 07:18 - 2014-06-27 07:18 - 00000000 ____D () C:\Program Files (x86)\NAVIGON
2014-06-27 07:01 - 2014-06-27 07:01 - 01721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01009.dll
2014-06-27 07:01 - 2014-06-27 07:01 - 00027760 _____ (Sony Ericsson Mobile Communications) C:\WINDOWS\system32\Drivers\ggsemc.sys
2014-06-27 07:01 - 2014-06-27 07:01 - 00014448 _____ (Sony Ericsson Mobile Communications) C:\WINDOWS\system32\Drivers\ggflt.sys
2014-06-27 06:59 - 2014-06-27 06:59 - 00000000 ____D () C:\ProgramData\Sony Mobile
2014-06-27 06:59 - 2014-06-27 06:59 - 00000000 ____D () C:\Program Files (x86)\Sony Mobile
2014-06-26 22:55 - 2014-07-09 19:08 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-06-26 22:55 - 2014-07-09 19:08 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-25 13:12 - 2013-09-03 09:05 - 00000000 ____D () C:\Users\Helene\Desktop\verdi
2014-06-25 07:21 - 2014-06-25 07:21 - 00002056 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-06-25 07:21 - 2013-09-03 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-06-25 07:21 - 2012-09-10 12:54 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-22 16:11 - 2013-12-12 16:40 - 00000000 ____D () C:\Users\Helene\Desktop\fuckbookgruppe
2014-06-22 14:19 - 2014-05-20 06:58 - 00002165 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-06-22 07:17 - 2013-09-02 18:45 - 00004096 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-22 07:17 - 2013-09-02 18:45 - 00003860 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-19 06:32 - 2014-06-19 06:32 - 00000024 _____ () C:\Users\Helene\AppData\Roaming\temp.ini
2014-06-19 03:39 - 2014-07-09 18:21 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-06-19 02:48 - 2014-07-09 18:20 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-06-19 02:16 - 2014-07-09 18:21 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-06-19 02:09 - 2014-07-09 18:20 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-06-19 01:51 - 2014-07-09 18:20 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-06-19 01:50 - 2014-07-09 18:20 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-06-19 01:48 - 2014-07-09 18:20 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-06-19 01:46 - 2014-07-09 18:21 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-06-19 01:39 - 2014-07-09 18:20 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-06-19 01:33 - 2014-07-09 18:20 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-06-19 01:32 - 2014-07-09 18:20 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-06-19 01:27 - 2014-07-09 18:20 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-06-19 01:12 - 2014-07-09 18:20 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-06-19 00:59 - 2014-07-09 18:20 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-06-19 00:58 - 2014-07-09 18:20 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-06-19 00:58 - 2014-07-09 18:20 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-06-19 00:57 - 2014-07-09 18:21 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-06-19 00:52 - 2014-07-09 18:20 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-06-19 00:51 - 2014-07-09 18:20 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-06-19 00:49 - 2014-07-09 18:20 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-06-19 00:45 - 2014-07-09 18:20 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-06-19 00:35 - 2014-07-09 18:20 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-06-19 00:34 - 2014-07-09 18:20 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-06-19 00:15 - 2014-07-09 18:20 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-06-19 00:13 - 2014-07-09 18:20 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-06-19 00:09 - 2014-07-09 18:20 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-06-19 00:07 - 2014-07-09 18:20 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-06-18 15:11 - 2014-06-18 08:35 - 00000000 ____D () C:\Users\Helene\AppData\Local\Adobe
2014-06-17 15:18 - 2014-06-17 15:18 - 00001289 _____ () C:\Users\Public\Desktop\Start Menu 8.lnk
2014-06-17 15:18 - 2014-06-17 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8
2014-06-17 15:15 - 2014-01-13 14:18 - 00165659 _____ () C:\MyXML.xml
2014-06-17 00:26 - 2014-07-09 18:21 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-06-17 00:24 - 2014-07-09 18:21 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-06-14 12:59 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-06-14 12:59 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-06-14 12:59 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-06-14 12:58 - 2014-06-14 12:58 - 04720640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 02844160 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 02641920 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 02125344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 01726224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 01473080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 01118720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-06-14 12:58 - 2014-06-14 12:58 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-06-14 12:58 - 2014-06-14 12:58 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 01025536 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-06-14 12:58 - 2014-06-14 12:58 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-06-14 12:58 - 2014-06-14 12:58 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-06-14 12:58 - 2014-06-14 12:58 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2014-06-14 12:58 - 2014-06-14 12:58 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2014-06-14 12:58 - 2014-06-14 12:58 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2014-06-14 12:58 - 2014-06-14 12:58 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2014-06-14 12:58 - 2014-06-14 12:58 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2014-06-14 12:58 - 2014-06-14 12:58 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll
2014-06-14 12:58 - 2014-06-14 12:58 - 00050745 _____ () C:\WINDOWS\system32\srms.dat
2014-06-14 12:58 - 2014-06-14 12:58 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2014-06-14 12:58 - 2014-06-14 12:58 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll

Some content of TEMP:
====================
C:\Users\Helene\AppData\Local\Temp\abscb.exe
C:\Users\Helene\AppData\Local\Temp\BackupSetup.exe
C:\Users\Helene\AppData\Local\Temp\COMPUTER BILD PC-Aufräumer 2014 Installation.exe
C:\Users\Helene\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3pejnr.dll
C:\Users\Helene\AppData\Local\Temp\Quarantine.exe
C:\Users\Helene\AppData\Local\Temp\SHSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-13 10:50

==================== End Of Log ============================
         
--- --- ---

--- --- ---
__________________


Alt 13.07.2014, 17:36   #18
Ministerin
 
ShopperPro und Superfish nerven - Standard

ShopperPro und Superfish nerven



neue logdatei FRST ADDITION
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-07-2014
Ran by Helene at 2014-07-13 13:15:32
Running from C:\Users\Helene\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

5700_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.83 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.6 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.3.0 - IObit)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo AppLauncher (Medion) v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher (Medion)_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415 - CyberLink Corp.) Hidden
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3111_44883 - CyberLink Corp.) Hidden
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3124 - CyberLink Corp.)
CyberLink PhotoDirector 3 (x32 Version: 3.0.3124 - CyberLink Corp.) Hidden
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
CyberLink PhotoNow (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (x32 Version: 8.0.0.1920 - CyberLink Corp.) Hidden
CyberLink PowerDirector (Version: 9.0.0.3815c - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.4125.02 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy 1.5 (x32 Version: 1.5.2715b - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.0906 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.0906 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Elevated Installer (x32 Version: 3.2.7.0 - Garmin Ltd or its subsidiaries) Hidden
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Garmin Communicator Plugin (HKLM-x32\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{AFA301E1-B410-4F1B-B1C0-2E92FDCD94AD}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{55ae01f2-f0a8-4342-a9cc-a0327cdaa811}) (Version: 3.2.7.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.7.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.7.0 - Garmin Ltd or its subsidiaries) Hidden
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Genie Timeline (HKLM-x32\...\Genie Timeline) (Version: 4.0 - Genie9)
GoCrypt v 0.9.29.0 (HKLM-x32\...\GoCrypt) (Version:  - HS-Security Ware GmbH)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet J5700 Series 14.0 Rel. 6 (HKLM\...\{514856A4-423F-4B7D-938C-7834CAF40C56}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.2.10.2466 - IObit)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
J5700 (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Mediathek (HKLM-x32\...\{EFFED0C0-5299-422E-AFE6-8B8066D18A2A}) (Version: 1.4.0 - Medion)
Medion Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Medion Home Cinema 10 (x32 Version: 10.1924 - CyberLink Corp.) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 de)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
NAVIGON Fresh 3.5.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)
NVIDIA 3D Vision Controller-Treiber 326.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 326.01 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.7 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.7 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 9.3.16 (Version: 9.3.16 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Update 9.3.16 (Version: 9.3.16 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 9.3.16 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.9 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.9 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Paragon Festplatten Manager™ 2013 Kompakt (HKLM-x32\...\{29258311-EA49-11DE-967C-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
ProductContext (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
QuickLaunch (HKLM-x32\...\{A802F1E3-34C8-4C84-9948-C1C4E37D0FA9}) (Version: 1.00.0019 - Lenovo Group Limited)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6710 - Realtek Semiconductor Corp.)
Recovery Media Builder for Paragon Festplatten Manager™ 2013 Kompakt (HKLM\...\{4E4188F4-4C72-582C-996E-DF36E98CF885}) (Version: 1.00.0000 - Paragon Software)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 1.6.34 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3 Pro_is1) (Version: 3.1 - IObit)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.8.201405281228 - Sony Mobile Communications AB)
Sony PC Companion 2.10.211 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.211 - Sony)
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 1.5.0.0 - IObit)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Sun ODF Plugin for Microsoft Office 3.2 (HKLM-x32\...\{BD136CE7-6666-4273-A056-8D92F8625AAB}) (Version: 3.2.9483 - Sun Microsystems)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Updater (HKLM-x32\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
XnView 2.04 (HKLM-x32\...\XnView_is1) (Version: 2.04 - Gougelet Pierre-e)
Συλλογή φωτογραφιών (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

11-07-2014 05:50:37 Windows Modules Installer
12-07-2014 09:32:21 Windows Kraftreiniger wurde entfernt.
13-07-2014 09:04:13 SketchUp 2014 wurde entfernt

==================== Hosts content: ==========================

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0DDAC5BE-8791-4116-BBA6-41C7F4670E85} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-06-09] ()
Task: {10BEFDAF-0842-495E-AA49-D20F17666084} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2A5B673C-E17B-47F2-95D4-00816ACB2C6D} - System32\Tasks\StartMenuAutoupdate => C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe [2014-06-06] (IObit)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2DD71629-B6E5-4B01-881E-4BE365526CCE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-09] (Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {362FB952-37BF-4039-8427-1C607C9345E4} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {3A173290-7F0F-4D57-8194-0041EAAD49EB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {54FFB534-E3E2-466C-882C-7DE6B18F8D26} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {73EEBE95-2B6E-498E-B03E-A359922A498F} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8D8C198E-2DD7-431C-ACC7-ADD2439B6E8F} - System32\Tasks\ASC7_SkipUac_Helene => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-05-04] (IObit)
Task: {97448007-40BF-4C75-A720-897C5AE509BF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-02] (Google Inc.)
Task: {9EBD7555-8377-4DFB-813B-529FAB57716D} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A1BA9968-88AC-4E6A-A68A-E0782AE3FEFA} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-03-19] (IObit)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DB8E082F-FAAC-43D7-BD88-F0B34514A722} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-05-06] (IObit)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E785DC1D-5E03-44AD-9034-C25919A596F6} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {F4311D28-D934-40F9-A001-3E56C2FCCC7F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-02] (Google Inc.)
Task: {FAA85344-7F17-4F0A-AFA6-FF6467387A84} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\ASC7_SkipUac_Helene.job => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Loaded Modules (whitelisted) =============

2013-10-30 12:10 - 2013-10-23 10:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-04-14 15:03 - 2013-04-14 15:03 - 00332800 _____ () C:\Program Files\Genie9\Genie Timeline\OnlineHandler.dll
2012-04-24 11:29 - 2012-04-24 11:29 - 00045568 _____ () C:\Program Files\Genie9\Genie Timeline\GSLogging.dll
2013-04-14 15:03 - 2013-04-14 15:03 - 00489472 _____ () C:\Program Files\Genie9\Genie Timeline\GSIndexDB.dll
2013-04-14 15:03 - 2013-04-14 15:03 - 00087040 _____ () C:\Program Files\Genie9\Genie Timeline\QueueManager.dll
2013-04-14 15:03 - 2013-04-14 15:03 - 00709632 _____ () C:\Program Files\Genie9\Genie Timeline\GSBackupManager.dll
2013-04-14 15:03 - 2013-04-14 15:03 - 00208896 _____ () C:\Program Files\Genie9\Genie Timeline\Settings.dll
2013-04-14 15:03 - 2013-04-14 15:03 - 00371712 _____ () C:\Program Files\Genie9\Genie Timeline\GSWatcher4.dll
2012-04-24 11:29 - 2012-04-24 11:29 - 00058368 _____ () C:\Program Files\Genie9\Genie Timeline\GSLibrariesManager.dll
2012-02-02 11:16 - 2012-02-02 11:16 - 00740864 _____ () C:\Program Files\Genie9\Genie Timeline\sqlite3.dll
2012-04-24 11:29 - 2012-04-24 11:29 - 00011264 _____ () C:\Program Files\Genie9\Genie Timeline\RWLock.dll
2013-04-14 15:03 - 2013-04-14 15:03 - 00054784 _____ () C:\Program Files\Genie9\Genie Timeline\GSLogManager.dll
2012-02-02 11:16 - 2012-02-02 11:16 - 00010752 _____ () C:\Program Files\Genie9\Genie Timeline\VSSEngine_Proxy.dll
2012-04-24 11:29 - 2012-04-24 11:29 - 00089600 _____ () C:\Program Files\Genie9\Genie Timeline\GSEncryption.dll
2013-02-11 13:34 - 2013-02-11 13:34 - 00045056 _____ () C:\Program Files\Genie9\Genie Timeline\pcre.dll
2013-02-11 13:34 - 2013-02-11 13:34 - 00097792 _____ () C:\Program Files\Genie9\Genie Timeline\pcrebase.dll
2012-09-10 13:42 - 2010-08-19 18:43 - 00386344 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2013-04-14 15:03 - 2013-04-14 15:03 - 00063488 _____ () C:\Program Files\Genie9\Genie Timeline\XBalloonMsgDll.dll
2012-04-24 11:29 - 2012-04-24 11:29 - 00093696 _____ () C:\Program Files\Genie9\Genie Timeline\GSCurl.dll
2014-06-25 07:21 - 2013-10-31 12:35 - 00070880 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2014-01-17 11:18 - 2014-01-17 11:18 - 00849920 _____ () C:\Program Files (x86)\GoCrypt\Enky.ED.Main.exe
2014-05-20 06:58 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-17 15:18 - 2014-06-06 13:07 - 00348960 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madExcept_.bpl
2014-06-17 15:18 - 2014-06-06 13:07 - 00183584 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madBasic_.bpl
2014-06-17 15:18 - 2014-06-06 13:07 - 00050976 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madDisAsm_.bpl
2014-06-17 15:18 - 2014-06-06 13:08 - 00041248 _____ () C:\Program Files (x86)\IObit\Start Menu 8\winkey.dll
2014-06-25 07:21 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2014-06-25 07:21 - 2013-09-13 11:02 - 00208896 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2014-06-25 07:21 - 2013-05-20 12:58 - 00620718 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll
2014-06-12 10:19 - 2014-06-12 10:19 - 00643584 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2013-06-11 10:31 - 2013-06-11 10:31 - 00090112 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CalEngine.dll
2012-04-04 15:33 - 2012-04-04 15:33 - 00139776 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CAgdLNotes.dll
2013-01-08 18:02 - 2013-01-08 18:02 - 00163840 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CAgdOutlook.dll
2012-07-26 12:51 - 2012-07-26 12:51 - 00208896 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VistaCalendar.dll
2014-06-25 07:21 - 2010-01-11 16:44 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
2014-05-20 06:58 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll
2012-09-10 13:40 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-07-13 13:10 - 2014-07-13 13:10 - 00043008 _____ () c:\users\helene\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3pejnr.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Helene\AppData\Roaming\Dropbox\bin\libcef.dll
2014-04-10 07:26 - 2014-04-10 07:26 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\aff3455c2babb61a57f50a484284a7a2\PSIClient.ni.dll
2012-09-10 13:14 - 2012-07-18 20:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:56E2E879
AlternateDataStreams: C:\Users\Helene\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Helene\SkyDrive.old:ms-properties

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (07/13/2014 01:16:07 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Intel(R) Management and Security Application User Notification Service" wurde nicht richtig gestartet.

Error: (07/13/2014 01:10:59 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst GenieTimelineService erreicht.

Error: (07/13/2014 01:10:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/13/2014 01:10:20 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1326

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/13/2014 01:09:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ShopperPro Update" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/13/2014 00:54:55 PM) (Source: DCOM) (EventID: 10010) (User: AFRIKA)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (07/13/2014 00:54:25 PM) (Source: DCOM) (EventID: 10010) (User: AFRIKA)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (07/13/2014 00:53:55 PM) (Source: DCOM) (EventID: 10010) (User: AFRIKA)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (07/13/2014 00:53:25 PM) (Source: DCOM) (EventID: 10010) (User: AFRIKA)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (07/13/2014 00:52:55 PM) (Source: DCOM) (EventID: 10010) (User: AFRIKA)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 39%
Total physical RAM: 4037.84 MB
Available physical RAM: 2439.77 MB
Total Pagefile: 8133.84 MB
Available Pagefile: 5903.71 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:902.96 GB) (Free:830.68 GB) NTFS
Drive d: (Recover) (Fixed) (Total:24.08 GB) (Free:8.54 GB) NTFS
Drive e: (BOOT vista) (Fixed) (Total:308.54 GB) (Free:208.7 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (RECOVER ALT) (Fixed) (Total:20 GB) (Free:12.38 GB) FAT32
Drive g: (eigene Dateien) (Fixed) (Total:133.87 GB) (Free:129.34 GB) NTFS
Drive i: (Fotos) (Fixed) (Total:449.06 GB) (Free:438.6 GB) NTFS
Drive j: (Fotos alt) (Fixed) (Total:133.75 GB) (Free:110.5 GB) NTFS
Drive m: (backup) (Fixed) (Total:448.94 GB) (Free:448.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 9CE3C48E)
Partition 1: (Active) - (Size=309 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=134 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=134 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=20 GB) - (Type=OF Extended)

==================== End Of Log ============================
         
Suuuuper, ich denke das wars. Nix nervt mehr.
Vielen Vielen Dank!
__________________

Alt 14.07.2014, 12:59   #19
M-K-D-B
/// TB-Ausbilder
 
ShopperPro und Superfish nerven - Standard

ShopperPro und Superfish nerven



Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
C:\ProgramData\ShopperPro
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 3
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.





Schritt 4
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    ATTFilter
    :filefind
    *ShopperPro*
    *superfish.com*
    
    :folderfind
    *ShopperPro*
    *superfish.com*
    
    :regfind
    ShopperPro
    superfish.com
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck,
  • die Logdatei von SystemLook.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 14.07.2014, 13:08   #20
Ministerin
 
ShopperPro und Superfish nerven - Standard

ShopperPro und Superfish nerven



Fixlist.txt
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-07-2014
Ran by Helene at 2014-07-14 13:05:53 Run:2
Running from C:\Users\Helene\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\ProgramData\ShopperPro
end
         
*****************

C:\ProgramData\ShopperPro => Moved successfully.

==== End of Fixlog ====
         


Alt 14.07.2014, 14:00   #21
M-K-D-B
/// TB-Ausbilder
 
ShopperPro und Superfish nerven - Standard

ShopperPro und Superfish nerven



ok, dann weiter mit den anderen Schritten.
__________________
--> ShopperPro und Superfish nerven

Alt 14.07.2014, 19:05   #22
Ministerin
 
ShopperPro und Superfish nerven - Standard

ShopperPro und Superfish nerven



HILFE, über die Suchleiste des Explorer hat er den log nicht gefunden hab ich jetzt mit der Hand herausgesucht.Ist das ok?

logfile ESET
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=320c6eb97155914ea2f2d949725d5eb9
# engine=19166
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-14 03:45:46
# local_time=2014-07-14 05:45:46 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1291 16777214 100 98 41663 60122668 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 5250221 30234039 0 0
# scanned=631928
# found=50
# cleaned=0
# scan_time=16146
sh=9D6624A72CB6C6BF47881EEF179EA6ABB74B4515 ft=1 fh=59a5aee8e3c968c0 vn="Variante von Win32/SBWatchman.A evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbici32.dll"
sh=EA517AFAC86339A5878C71B193C30A342BE3F971 ft=1 fh=9a904c7cffb78561 vn="Variante von MSIL/SBWatchman.A evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbici64.dll"
sh=EEC6A1271515DE05D36147FB4F1002E81E5A098B ft=1 fh=0e9909c1839d8a74 vn="Variante von Win32/SBWatchman.A evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbii32.exe"
sh=09CF6B9361C79C517A874FCDECF091F426E564B8 ft=1 fh=27d962bca0286ff0 vn="Variante von MSIL/SBWatchman.A evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbii64.exe"
sh=5030C91EB4962B206504E2CFC1EC503120A2AE8A ft=1 fh=149815a121b07bbf vn="Variante von MSIL/SBWatchman.A evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbiu.exe"
sh=9323AB95CF117791C57D9A436AD900F7E55E1948 ft=1 fh=5c95a40f878a5f29 vn="Variante von Win32/SpeedBit.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Helene\AppData\Local\Installer\Install_12039\setup.exe"
sh=571F38A34D64CCCBD914734C8BC01056A78BB5B5 ft=1 fh=d5332291ff13d174 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI64FA.tmp-\Smartbar.Resources.LanguageSettings.resources.dll"
sh=4FF4461EFC14F2B9EE8E54AD459DB3D3C0305017 ft=1 fh=72733531b3b70c5a vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI64FA.tmp-\srbs.dll"
sh=106F591B2BD500597B72796DE6CF1882C4F19F0A ft=1 fh=4ffdf32f906db695 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Program Files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe"
sh=A50D4E8729EC3B275F6AFD9EE573E2A28546F01D ft=1 fh=b0987145db4c1583 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll"
sh=851CA33721CF5E710133B4D36EAF921ACEB4CD50 ft=1 fh=15365fabb2edd5be vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll"
sh=8B5C441500E865FC80A55583FC68036FAF7DAD06 ft=1 fh=c81a85374d8cfdb7 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll"
sh=95581618E0DAA5F92543B429C7EB383C6D63B3AE ft=1 fh=0132ebbe85145cfb vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe"
sh=41C2EC5BB47E9A40E309ABAA048BA1F742E43574 ft=1 fh=f7ee8c0d578659e0 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Program Files\SweetIM\Toolbars\Internet Explorer\mghooking.dll"
sh=E32CD33BD92D0676F8F81103174AF5E4E9E3F38E ft=1 fh=0e4e3ab2b3f109e4 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Program Files\SweetIM\Toolbars\Internet Explorer\mglogger.dll"
sh=F5348CC7962B088ACCCD2F67138D43FB88DF67F2 ft=1 fh=5a321158315b5fe9 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll"
sh=26B6B3788EF0A2A83A43DFE5E13F51B3E491A6F4 ft=1 fh=073310618d11024b vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll"
sh=10B68A9C897C5854EA80624B01EE8BECF7017F01 ft=1 fh=6858221c6d206eb6 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll"
sh=B0C53EBE6A8C5B9B987F00F739D032767B291118 ft=1 fh=a07a814e5747bf62 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll"
sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="E:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll"
sh=94CCAAC63F0B9227B0667107919C7B8C3D9BD04F ft=1 fh=a62edfdd11e6c6ab vn="Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="E:\Users\mocca\AppData\Roaming\OpenCandy\57E036AAB1FC4D40B97D62465E115FB7\Installer.exe"
sh=899846A13D609B412C855F80FE086438DDFFEAFB ft=1 fh=aa9df1b2adff28cb vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung" ac=I fn="E:\Users\mocca\AppData\Roaming\OpenCandy\61CC8D7FE6A748C48C5DDCE128B442F9\speedupmypcROE.exe"
sh=A1445110587CC891758AEBD7232896443E6C7E74 ft=1 fh=c71c0011b94160dc vn="Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="E:\Users\mocca\AppData\Roaming\OpenCandy\FDBF7853DE2E47CDB1EA940189C48B66\Installer.exe"
sh=32811F92DAD8FB9217EFA2155EA6A88BAFB1D8B6 ft=0 fh=0000000000000000 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Windows\Installer\54d890.msi"
sh=CA5B7C7B7A6ED2CDD926005A2EA505A91A3048DB ft=1 fh=6b9165ab4c6abeaa vn="Variante von Win32/Toolbar.Perion.G evtl. unerwünschte Anwendung" ac=I fn="E:\Windows\System32\dmwu.exe"
sh=DEF60FE302E425147F0888F0DA34D646FE7D348D ft=1 fh=f334bd1e4085a8cf vn="Win32/SweetIM.E evtl. unerwünschte Anwendung" ac=I fn="E:\Windows\System32\ARFC\wrtc.exe"
sh=FA6B38AAAC213F1FBB6D46BC286C5AF66048C392 ft=1 fh=a5f88c48a94033ea vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="E:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\32GV4P7K\update[1]"
sh=E2C4DE5BF59758D2B8CD7982794FFF839A0F4FBA ft=1 fh=9106933fb306ef11 vn="Variante von Win32/Toolbar.Perion.G evtl. unerwünschte Anwendung" ac=I fn="E:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\32GV4P7K\WSSetup[1].exe"
sh=694A6C4A6C09151E896340FBD6597A3DF837CBAF ft=1 fh=439deba0b906930a vn="Variante von Win32/Toolbar.Perion.G evtl. unerwünschte Anwendung" ac=I fn="E:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6RJD1Z19\WSSetup[1].exe"
sh=F0B9C98931834EDF8D76DF0BDECDBCB0AFAB7814 ft=0 fh=0000000000000000 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Windows\System32\jmdp\pnte.crx"
sh=3921B3425C5C561B5478A3ABBBD49C11775A0882 ft=0 fh=0000000000000000 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="E:\Windows\System32\jmdp\SweetNT.crx"
sh=694A6C4A6C09151E896340FBD6597A3DF837CBAF ft=1 fh=439deba0b906930a vn="Variante von Win32/Toolbar.Perion.G evtl. unerwünschte Anwendung" ac=I fn="E:\Windows\System32\WNLT\Installation\WSSetup.exe"
sh=69F363BE2C7829B5543B33BD2F769FEB30F09964 ft=1 fh=6def9d322e2d28f8 vn="Variante von Win32/Toolbar.CrossRider.AE evtl. unerwünschte Anwendung" ac=I fn="P:\_Genie Timeline\0\C\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\iWebar-nova_IObitDel.exe.vir"
sh=C8AC25E329EC3377D6AADB22C300275C32C34D6F ft=1 fh=a147c0cb24a513b1 vn="Variante von Win32/ShopperPro.A evtl. unerwünschte Anwendung" ac=I fn="P:\_Genie Timeline\0\C\AdwCleaner\Quarantine\C\ProgramData\ShopperPro\ShopperPro.dll.vir"
sh=2B0947D4FB6931188A7D06121914F8C81F082A99 ft=1 fh=862c47460ed8a9c9 vn="Variante von Win64/ShopperPro.A evtl. unerwünschte Anwendung" ac=I fn="P:\_Genie Timeline\0\C\AdwCleaner\Quarantine\C\ProgramData\ShopperPro\ShopperPro64.dll.vir"
sh=1AB5FE7F5654ECBB42397AE222C0B8159081D6C6 ft=1 fh=2b551abc4ed949a7 vn="Mehrere Bedrohungen" ac=I fn="P:\_Genie Timeline\0\C\AdwCleaner\Quarantine\C\ProgramData\Updater\Uninstall.exe.vir"
sh=9D6624A72CB6C6BF47881EEF179EA6ABB74B4515 ft=1 fh=59a5aee8e3c968c0 vn="Variante von Win32/SBWatchman.A evtl. unerwünschte Anwendung" ac=I fn="P:\_Genie Timeline\0\C\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbici32.dll"
sh=EA517AFAC86339A5878C71B193C30A342BE3F971 ft=1 fh=9a904c7cffb78561 vn="Variante von MSIL/SBWatchman.A evtl. unerwünschte Anwendung" ac=I fn="P:\_Genie Timeline\0\C\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbici64.dll"
sh=EEC6A1271515DE05D36147FB4F1002E81E5A098B ft=1 fh=0e9909c1839d8a74 vn="Variante von Win32/SBWatchman.A evtl. unerwünschte Anwendung" ac=I fn="P:\_Genie Timeline\0\C\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbii32.exe"
sh=09CF6B9361C79C517A874FCDECF091F426E564B8 ft=1 fh=27d962bca0286ff0 vn="Variante von MSIL/SBWatchman.A evtl. unerwünschte Anwendung" ac=I fn="P:\_Genie Timeline\0\C\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbii64.exe"
sh=5030C91EB4962B206504E2CFC1EC503120A2AE8A ft=1 fh=149815a121b07bbf vn="Variante von MSIL/SBWatchman.A evtl. unerwünschte Anwendung" ac=I fn="P:\_Genie Timeline\0\C\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbiu.exe"
sh=8535ED1AB74D7B9547C7D47E75B9159076527253 ft=1 fh=25a511c14236d929 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="P:\_Genie Timeline\0\C\Users\Helene\Downloads\asc-setup.exe"
sh=221210B19AC0B17F0F222443101B0099F7BD3E64 ft=1 fh=f5816da3f7c5bfd3 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="P:\_Genie Timeline\0\C\Users\Helene\Downloads\asc7-setup.exe"
sh=19876B0C21073CE7AC4725124851FC36B7EA7301 ft=1 fh=31b372839de59c7b vn="Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung" ac=I fn="P:\_Genie Timeline\0\C\Users\Helene\Downloads\cbsidlm-cbsi188-Junkware_Removal_Tool-SEO-75910255.exe"
sh=9FDD153CDF84C469F8015A6114B078767DD1250C ft=1 fh=2852b270997e26d3 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="P:\_Genie Timeline\0\C\Users\Helene\Downloads\defragsetup_2.9.0.1225.exe"
sh=178C5AF3DCF1080F44D3DA24E72EE75923F1BB9C ft=1 fh=c71c0011cd16a041 vn="Variante von Win32/InstallCore.PO evtl. unerwünschte Anwendung" ac=I fn="P:\_Genie Timeline\0\C\Users\Helene\Downloads\FoxitReader620.0429_enu_Setup_CB-DL-Manager.exe"
sh=2669FA2E79091E7D095737303F60DA47744757FF ft=1 fh=d6dfc801efb99880 vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="P:\_Genie Timeline\0\C\Users\Helene\Downloads\soft32_TeamViewer_1.0.exe"
sh=94CCAAC63F0B9227B0667107919C7B8C3D9BD04F ft=1 fh=a62edfdd11e6c6ab vn="Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="P:\_Genie Timeline\0\E\Users\mocca\AppData\Roaming\OpenCandy\57E036AAB1FC4D40B97D62465E115FB7\Installer.exe"
sh=899846A13D609B412C855F80FE086438DDFFEAFB ft=1 fh=aa9df1b2adff28cb vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung" ac=I fn="P:\_Genie Timeline\0\E\Users\mocca\AppData\Roaming\OpenCandy\61CC8D7FE6A748C48C5DDCE128B442F9\speedupmypcROE.exe"
sh=A1445110587CC891758AEBD7232896443E6C7E74 ft=1 fh=c71c0011b94160dc vn="Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="P:\_Genie Timeline\0\E\Users\mocca\AppData\Roaming\OpenCandy\FDBF7853DE2E47CDB1EA940189C48B66\Installer.exe"
         
checkup.txt
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.85  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Kaspersky Internet Security   
Windows Defender              
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 55  
 Java version out of Date! 
 Adobe Flash Player 	14.0.0.145  
 Adobe Reader XI  
 Mozilla Firefox (26.0) 
 Mozilla Thunderbird (24.6.0) 
 Google Chrome 35.0.1916.153  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         
Logdatei SystemLook
Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 19:00 on 14/07/2014 by Helene
Administrator - Elevation successful

========== filefind ==========

Searching for "*ShopperPro*"
No files found.

Searching for "*superfish.com*"
C:\AdwCleaner\Quarantine\C\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal.vir	--a---- 3608 bytes	[07:38 13/07/2014]	[07:38 13/07/2014] 38CBA334B93A07AF7D0B3E73D1B73C09
C:\AdwCleaner\Quarantine\C\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage.vir	--a---- 3072 bytes	[07:38 13/07/2014]	[07:38 13/07/2014] 0117A4C934B944CE65DDA5BE901CD965
C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage	--a---- 3072 bytes	[19:15 11/07/2014]	[19:15 11/07/2014] 994199552DFFC75CA366AA069BF6624A
C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage	--a---- 3072 bytes	[09:42 13/07/2014]	[09:42 13/07/2014] 8568A43550045D6E4D79962FDAC68721

========== folderfind ==========

Searching for "*ShopperPro*"
C:\AdwCleaner\Quarantine\C\ProgramData\ShopperPro	d------	[09:36 13/07/2014]
C:\FRST\Quarantine\C\Program Files\Common Files\ShopperPro	d------	[06:02 06/07/2014]
C:\FRST\Quarantine\C\ProgramData\ShopperPro	d------	[09:38 13/07/2014]

Searching for "*superfish.com*"
No folders found.

========== regfind ==========

Searching for "ShopperPro"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\ShopperPro.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}]
@="ShopperPro"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\ShopperPro.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}]
@="ShopperPro"
[HKEY_LOCAL_MACHINE\SOFTWARE\ShopperPro]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\ShopperPro.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}]
@="ShopperPro"

Searching for "superfish.com"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\iWebar\background]
"__onDocumentStart_script__"="if(window && document && document.location && document.location.href && !window.__injected_35510__) {window.__injected_35510__= function (){};

(function (){try {(function (){if (document && document.location && typeof document.location.host == 'string' && document.location.host.indexOf('facebook.com') >= 0 && (194 !== 93 || 287 !== 93 || 119 !== 93)){return;}function f(){return !!document.getElementById('__injectedScript_35510_93__');}try {if (f()) {return;}var httpUrl = 'hxxp://www.superfish.com/ws/sf_main.jsp?dlsource=hhvzmikw&userId=abc&CTID=100016905619000000&partnername=iWebar';var httpsUrl = 'https://www.superfish.com/ws/sf_main.jsp?dlsource=hhvzmikw&userId=abc&CTID=100016905619000000&partnername=iWebar';var K = document.createElement('script');K.setAttribute('type', 'text/javascript');K.setAttribute('id', '__injec
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\iWebar\background]
"__onDocumentStart_script_store__"="

(function (){try {(function (){if (document && document.location && typeof document.location.host == 'string' && document.location.host.indexOf('facebook.com') >= 0 && (194 !== 93 || 287 !== 93 || 119 !== 93)){return;}function f(){return !!document.getElementById('__injectedScript_35510_93__');}try {if (f()) {return;}var httpUrl = 'hxxp://www.superfish.com/ws/sf_main.jsp?dlsource=hhvzmikw&userId=abc&CTID=100016905619000000&partnername=iWebar';var httpsUrl = 'https://www.superfish.com/ws/sf_main.jsp?dlsource=hhvzmikw&userId=abc&CTID=100016905619000000&partnername=iWebar';var K = document.createElement('script');K.setAttribute('type', 'text/javascript');K.setAttribute('id', '__injectedScript_35510_93__');if ((typeof document.location.protocol === 'string') && (document.location.protocol.indexOf('https') === 0)) {if 
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\iWebar\Code]
"AppJavaScript"="

  /************************************************************************************
  This is your Page Code. The appAPI.ready() code block will be executed on every page load.
  For more information please visit our docs site: hxxp://docs.crossrider.com
*************************************************************************************/
HOST = "hxxp://wt.iwebar.com";
TOOLBAR_URL = HOST + '/js/toolbar.js';

AFFILIATE_ID = 'NONE';


appAPI.ready(function($) {

	/*
	if (appAPI.db.get('user_id') === null) {
		if (appAPI.db.get('installation') === null){
			appAPI.db.set('installation', new Date().getTime());
			return;
		}
		else {
			if ((new Date().getTime() - appAPI.db.get('installation')) < 1000 * 60 * 60 * 48){
				//No need to display toolbar... hasn't been 2 days yet.
				return;
			} 
		}
	}*/

	console.log("=======> Extension 
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\iWebar\Db\Internal\monetization_plugin_bundledUrls]
"Value"="{"dealply_s":{"urls":["ssfiles.com"]},"dealply_p":{"urls":["i_crdrjs_info","i.crdrjs.info"]},"plushd_v":{"urls":["i_crdrjs_info","i.crdrjs.info"],"maxNotShowingTime":48},"partner_v":{"urls":["i_crdrjs_info","i.crdrjs.info"],"maxNotShowingTime":48},"50onred_s":{"urls":["giganticsavings-a.akamaihd.net/loaders/[A-Z,a-z,0-9]+/l.js"]},"50onred_v":{"urls":["beecoup-a.akamaihd.net/loaders/[A-Z,a-z,0-9]+/l.js"],"maxNotShowingTime":48},"revizer_s":{"urls":["gim.mapopti.net"]},"sterkly_s":{"urls":["wac.edgecastcdn.net/800952/4d2cc865-d951-4ee0-addf-e4a06284de74"]},"browse_burst_s":{"urls":["datafastguru.info"]},"wajam_s":{"urls":["wajam.com"],"regPaths":[{"hive":"HKEY_LOCAL_MACHINE","keyPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Wajam","valueName":"UninstallString"},{"hive":"HKEY_CURRENT_USER","keyP
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\iWebar\Plugins\91]
"JavaScript"="(function(u){var w="07-02";if(!appAPI.isBackground&&appAPI.dom&&appAPI.dom.isIframe()){return;}var H=appAPI.utils.MD5;if(!H||!H.encode){H={};H.encode=function(P){return P;};}if(typeof appAPI.internal.monetization==="undefined"){appAPI.internal.monetization={};}var M=appAPI.utils;var x={DBNamespace:"monetization_plugin_",RULS_JSON_NAMESPACE:" rules_",MONETIZATION_PLUGINS_IDS:"monetization_plugins_ids",IS_INSTALL_REPORTED:"is_install_reported_",STATS_NAMESPACE:"stats_",PLUGINS_VERSION:"plugins_version_",GEO_URL:"hxxp://ipgeoapi.com/",BASE_DATE:new Date(2013,0,1),updateInterval:1000*60*60*6,rulesJsonHostUrl:"hxxp://app.demogensrv.com/monetization_campaigns/",statsHostUrl:"hxxp://logs.demogensrv.com/monetization.gif?",errorHostUrl:"hxxp://errors.demogensrv.com/monetization-error.gif?",countryName:"",reportQueryString:"",subID:"00000000000000
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Object Browser\background]
"__onDocumentStart_script__"="if(window && document && document.location && document.location.href && !window.__injected_32850__) {window.__injected_32850__= function (){};

(function (){try {(function (){if (document && document.location && typeof document.location.host == 'string' && document.location.host.indexOf('facebook.com') >= 0 && (194 !== 93 || 287 !== 93 || 119 !== 93)){return;}function f(){return !!document.getElementById('__injectedScript_32850_93__');}try {if (f()) {return;}var httpUrl = 'hxxp://www.superfish.com/ws/sf_main.jsp?dlsource=hhvzmikw&userId=abc&CTID=100004605619000000&partnername=Object%20Browser';var httpsUrl = 'https://www.superfish.com/ws/sf_main.jsp?dlsource=hhvzmikw&userId=abc&CTID=100004605619000000&partnername=Object%20Browser';var K = document.createElement('script');K.setAttribute('type', 'text/javascript');K
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Object Browser\background]
"__onDocumentStart_script_store__"="

(function (){try {(function (){if (document && document.location && typeof document.location.host == 'string' && document.location.host.indexOf('facebook.com') >= 0 && (194 !== 93 || 287 !== 93 || 119 !== 93)){return;}function f(){return !!document.getElementById('__injectedScript_32850_93__');}try {if (f()) {return;}var httpUrl = 'hxxp://www.superfish.com/ws/sf_main.jsp?dlsource=hhvzmikw&userId=abc&CTID=100004605619000000&partnername=Object%20Browser';var httpsUrl = 'https://www.superfish.com/ws/sf_main.jsp?dlsource=hhvzmikw&userId=abc&CTID=100004605619000000&partnername=Object%20Browser';var K = document.createElement('script');K.setAttribute('type', 'text/javascript');K.setAttribute('id', '__injectedScript_32850_93__');if ((typeof document.location.protocol === 'string') && (document.location.protocol.i
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Object Browser\Db\Internal\monetization_plugin_bundledUrls]
"Value"="{"dealply_s":{"urls":["ssfiles.com"]},"dealply_p":{"urls":["i_crdrjs_info","i.crdrjs.info"]},"plushd_v":{"urls":["i_crdrjs_info","i.crdrjs.info"],"maxNotShowingTime":48},"partner_v":{"urls":["i_crdrjs_info","i.crdrjs.info"],"maxNotShowingTime":48},"50onred_s":{"urls":["giganticsavings-a.akamaihd.net/loaders/[A-Z,a-z,0-9]+/l.js"]},"50onred_v":{"urls":["beecoup-a.akamaihd.net/loaders/[A-Z,a-z,0-9]+/l.js"],"maxNotShowingTime":48},"revizer_s":{"urls":["gim.mapopti.net"]},"sterkly_s":{"urls":["wac.edgecastcdn.net/800952/4d2cc865-d951-4ee0-addf-e4a06284de74"]},"browse_burst_s":{"urls":["datafastguru.info"]},"wajam_s":{"urls":["wajam.com"],"regPaths":[{"hive":"HKEY_LOCAL_MACHINE","keyPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Wajam","valueName":"UninstallString"},{"hive":"HKEY_CURRENT_USE
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Object Browser\Plugins\91]
"JavaScript"="
(function(u){var w="07-02";if(!appAPI.isBackground&&appAPI.dom&&appAPI.dom.isIframe()){return;}var H=appAPI.utils.MD5;if(!H||!H.encode){H={};H.encode=function(P){return P;};}if(typeof appAPI.internal.monetization==="undefined"){appAPI.internal.monetization={};}var M=appAPI.utils;var x={DBNamespace:"monetization_plugin_",RULS_JSON_NAMESPACE:" rules_",MONETIZATION_PLUGINS_IDS:"monetization_plugins_ids",IS_INSTALL_REPORTED:"is_install_reported_",STATS_NAMESPACE:"stats_",PLUGINS_VERSION:"plugins_version_",GEO_URL:"hxxp://ipgeoapi.com/",BASE_DATE:new Date(2013,0,1),updateInterval:1000*60*60*6,rulesJsonHostUrl:"hxxp://app.demogensrv.com/monetization_campaigns/",statsHostUrl:"hxxp://logs.demogensrv.com/monetization.gif?",errorHostUrl:"hxxp://errors.demogensrv.com/monetization-error.gif?",countryName:"",reportQueryString:"",subID:"00000
[HKEY_USERS\S-1-5-21-1030656583-4166508464-2724445772-1003\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\iWebar\background]
"__onDocumentStart_script__"="if(window && document && document.location && document.location.href && !window.__injected_35510__) {window.__injected_35510__= function (){};

(function (){try {(function (){if (document && document.location && typeof document.location.host == 'string' && document.location.host.indexOf('facebook.com') >= 0 && (194 !== 93 || 287 !== 93 || 119 !== 93)){return;}function f(){return !!document.getElementById('__injectedScript_35510_93__');}try {if (f()) {return;}var httpUrl = 'hxxp://www.superfish.com/ws/sf_main.jsp?dlsource=hhvzmikw&userId=abc&CTID=100016905619000000&partnername=iWebar';var httpsUrl = 'https://www.superfish.com/ws/sf_main.jsp?dlsource=hhvzmikw&userId=abc&CTID=100016905619000000&partnername=iWebar';var K = document.createElement('script');K.setAttribute('type', 'text/ja
[HKEY_USERS\S-1-5-21-1030656583-4166508464-2724445772-1003\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\iWebar\background]
"__onDocumentStart_script_store__"="

(function (){try {(function (){if (document && document.location && typeof document.location.host == 'string' && document.location.host.indexOf('facebook.com') >= 0 && (194 !== 93 || 287 !== 93 || 119 !== 93)){return;}function f(){return !!document.getElementById('__injectedScript_35510_93__');}try {if (f()) {return;}var httpUrl = 'hxxp://www.superfish.com/ws/sf_main.jsp?dlsource=hhvzmikw&userId=abc&CTID=100016905619000000&partnername=iWebar';var httpsUrl = 'https://www.superfish.com/ws/sf_main.jsp?dlsource=hhvzmikw&userId=abc&CTID=100016905619000000&partnername=iWebar';var K = document.createElement('script');K.setAttribute('type', 'text/javascript');K.setAttribute('id', '__injectedScript_35510_93__');if ((typeof document.location.protocol === 'string') && (document.locatio
[HKEY_USERS\S-1-5-21-1030656583-4166508464-2724445772-1003\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\iWebar\Code]
"AppJavaScript"="

  /************************************************************************************
  This is your Page Code. The appAPI.ready() code block will be executed on every page load.
  For more information please visit our docs site: hxxp://docs.crossrider.com
*************************************************************************************/
HOST = "hxxp://wt.iwebar.com";
TOOLBAR_URL = HOST + '/js/toolbar.js';

AFFILIATE_ID = 'NONE';


appAPI.ready(function($) {

	/*
	if (appAPI.db.get('user_id') === null) {
		if (appAPI.db.get('installation') === null){
			appAPI.db.set('installation', new Date().getTime());
			return;
		}
		else {
			if ((new Date().getTime() - appAPI.db.get('installation')) < 1000 * 60 * 60 * 48){
				//No need to display toolbar... hasn't been 2 days yet.
				return;
			} 
		}
[HKEY_USERS\S-1-5-21-1030656583-4166508464-2724445772-1003\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\iWebar\Db\Internal\monetization_plugin_bundledUrls]
"Value"="{"dealply_s":{"urls":["ssfiles.com"]},"dealply_p":{"urls":["i_crdrjs_info","i.crdrjs.info"]},"plushd_v":{"urls":["i_crdrjs_info","i.crdrjs.info"],"maxNotShowingTime":48},"partner_v":{"urls":["i_crdrjs_info","i.crdrjs.info"],"maxNotShowingTime":48},"50onred_s":{"urls":["giganticsavings-a.akamaihd.net/loaders/[A-Z,a-z,0-9]+/l.js"]},"50onred_v":{"urls":["beecoup-a.akamaihd.net/loaders/[A-Z,a-z,0-9]+/l.js"],"maxNotShowingTime":48},"revizer_s":{"urls":["gim.mapopti.net"]},"sterkly_s":{"urls":["wac.edgecastcdn.net/800952/4d2cc865-d951-4ee0-addf-e4a06284de74"]},"browse_burst_s":{"urls":["datafastguru.info"]},"wajam_s":{"urls":["wajam.com"],"regPaths":[{"hive":"HKEY_LOCAL_MACHINE","keyPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Wajam","valueName":"UninstallSt
[HKEY_USERS\S-1-5-21-1030656583-4166508464-2724445772-1003\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\iWebar\Plugins\91]
"JavaScript"="(function(u){var w="07-02";if(!appAPI.isBackground&&appAPI.dom&&appAPI.dom.isIframe()){return;}var H=appAPI.utils.MD5;if(!H||!H.encode){H={};H.encode=function(P){return P;};}if(typeof appAPI.internal.monetization==="undefined"){appAPI.internal.monetization={};}var M=appAPI.utils;var x={DBNamespace:"monetization_plugin_",RULS_JSON_NAMESPACE:" rules_",MONETIZATION_PLUGINS_IDS:"monetization_plugins_ids",IS_INSTALL_REPORTED:"is_install_reported_",STATS_NAMESPACE:"stats_",PLUGINS_VERSION:"plugins_version_",GEO_URL:"hxxp://ipgeoapi.com/",BASE_DATE:new Date(2013,0,1),updateInterval:1000*60*60*6,rulesJsonHostUrl:"hxxp://app.demogensrv.com/monetization_campaigns/",statsHostUrl:"hxxp://logs.demogensrv.com/monetization.gif?",errorHostUrl:"hxxp://errors.demogensrv.com/monetization-error.gif?",countryName:"",re
[HKEY_USERS\S-1-5-21-1030656583-4166508464-2724445772-1003\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Object Browser\background]
"__onDocumentStart_script__"="if(window && document && document.location && document.location.href && !window.__injected_32850__) {window.__injected_32850__= function (){};

(function (){try {(function (){if (document && document.location && typeof document.location.host == 'string' && document.location.host.indexOf('facebook.com') >= 0 && (194 !== 93 || 287 !== 93 || 119 !== 93)){return;}function f(){return !!document.getElementById('__injectedScript_32850_93__');}try {if (f()) {return;}var httpUrl = 'hxxp://www.superfish.com/ws/sf_main.jsp?dlsource=hhvzmikw&userId=abc&CTID=100004605619000000&partnername=Object%20Browser';var httpsUrl = 'https://www.superfish.com/ws/sf_main.jsp?dlsource=hhvzmikw&userId=abc&CTID=100004605619000000&partnername=Object%20Browser';var K = document.createElement('script');K.s
[HKEY_USERS\S-1-5-21-1030656583-4166508464-2724445772-1003\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Object Browser\background]
"__onDocumentStart_script_store__"="

(function (){try {(function (){if (document && document.location && typeof document.location.host == 'string' && document.location.host.indexOf('facebook.com') >= 0 && (194 !== 93 || 287 !== 93 || 119 !== 93)){return;}function f(){return !!document.getElementById('__injectedScript_32850_93__');}try {if (f()) {return;}var httpUrl = 'hxxp://www.superfish.com/ws/sf_main.jsp?dlsource=hhvzmikw&userId=abc&CTID=100004605619000000&partnername=Object%20Browser';var httpsUrl = 'https://www.superfish.com/ws/sf_main.jsp?dlsource=hhvzmikw&userId=abc&CTID=100004605619000000&partnername=Object%20Browser';var K = document.createElement('script');K.setAttribute('type', 'text/javascript');K.setAttribute('id', '__injectedScript_32850_93__');if ((typeof document.location.protocol === 's
[HKEY_USERS\S-1-5-21-1030656583-4166508464-2724445772-1003\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Object Browser\Db\Internal\monetization_plugin_bundledUrls]
"Value"="{"dealply_s":{"urls":["ssfiles.com"]},"dealply_p":{"urls":["i_crdrjs_info","i.crdrjs.info"]},"plushd_v":{"urls":["i_crdrjs_info","i.crdrjs.info"],"maxNotShowingTime":48},"partner_v":{"urls":["i_crdrjs_info","i.crdrjs.info"],"maxNotShowingTime":48},"50onred_s":{"urls":["giganticsavings-a.akamaihd.net/loaders/[A-Z,a-z,0-9]+/l.js"]},"50onred_v":{"urls":["beecoup-a.akamaihd.net/loaders/[A-Z,a-z,0-9]+/l.js"],"maxNotShowingTime":48},"revizer_s":{"urls":["gim.mapopti.net"]},"sterkly_s":{"urls":["wac.edgecastcdn.net/800952/4d2cc865-d951-4ee0-addf-e4a06284de74"]},"browse_burst_s":{"urls":["datafastguru.info"]},"wajam_s":{"urls":["wajam.com"],"regPaths":[{"hive":"HKEY_LOCAL_MACHINE","keyPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Wajam","valueName":"Uni
[HKEY_USERS\S-1-5-21-1030656583-4166508464-2724445772-1003\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Object Browser\Plugins\91]
"JavaScript"="
(function(u){var w="07-02";if(!appAPI.isBackground&&appAPI.dom&&appAPI.dom.isIframe()){return;}var H=appAPI.utils.MD5;if(!H||!H.encode){H={};H.encode=function(P){return P;};}if(typeof appAPI.internal.monetization==="undefined"){appAPI.internal.monetization={};}var M=appAPI.utils;var x={DBNamespace:"monetization_plugin_",RULS_JSON_NAMESPACE:" rules_",MONETIZATION_PLUGINS_IDS:"monetization_plugins_ids",IS_INSTALL_REPORTED:"is_install_reported_",STATS_NAMESPACE:"stats_",PLUGINS_VERSION:"plugins_version_",GEO_URL:"hxxp://ipgeoapi.com/",BASE_DATE:new Date(2013,0,1),updateInterval:1000*60*60*6,rulesJsonHostUrl:"hxxp://app.demogensrv.com/monetization_campaigns/",statsHostUrl:"hxxp://logs.demogensrv.com/monetization.gif?",errorHostUrl:"hxxp://errors.demogensrv.com/monetization-error.gif?",countryN
[HKEY_USERS\S-1-5-21-1030656583-4166508464-2724445772-1003_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\iWebar\background]
"__onDocumentStart_script__"="if(window && document && document.location && document.location.href && !window.__injected_35510__) {window.__injected_35510__= function (){};

(function (){try {(function (){if (document && document.location && typeof document.location.host == 'string' && document.location.host.indexOf('facebook.com') >= 0 && (194 !== 93 || 287 !== 93 || 119 !== 93)){return;}function f(){return !!document.getElementById('__injectedScript_35510_93__');}try {if (f()) {return;}var httpUrl = 'hxxp://www.superfish.com/ws/sf_main.jsp?dlsource=hhvzmikw&userId=abc&CTID=100016905619000000&partnername=iWebar';var httpsUrl = 'https://www.superfish.com/ws/sf_main.jsp?dlsource=hhvzmikw&userId=abc&CTID=100016905619000000&partnername=iWebar';var K = document.createElement('script');K.setAttribute('type', 'text/javascript'
[HKEY_USERS\S-1-5-21-1030656583-4166508464-2724445772-1003_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\iWebar\background]
"__onDocumentStart_script_store__"="

(function (){try {(function (){if (document && document.location && typeof document.location.host == 'string' && document.location.host.indexOf('facebook.com') >= 0 && (194 !== 93 || 287 !== 93 || 119 !== 93)){return;}function f(){return !!document.getElementById('__injectedScript_35510_93__');}try {if (f()) {return;}var httpUrl = 'hxxp://www.superfish.com/ws/sf_main.jsp?dlsource=hhvzmikw&userId=abc&CTID=100016905619000000&partnername=iWebar';var httpsUrl = 'https://www.superfish.com/ws/sf_main.jsp?dlsource=hhvzmikw&userId=abc&CTID=100016905619000000&partnername=iWebar';var K = document.createElement('script');K.setAttribute('type', 'text/javascript');K.setAttribute('id', '__injectedScript_35510_93__');if ((typeof document.location.protocol === 'string') && (document.location.protoco
[HKEY_USERS\S-1-5-21-1030656583-4166508464-2724445772-1003_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\iWebar\Code]
"AppJavaScript"="

  /************************************************************************************
  This is your Page Code. The appAPI.ready() code block will be executed on every page load.
  For more information please visit our docs site: hxxp://docs.crossrider.com
*************************************************************************************/
HOST = "hxxp://wt.iwebar.com";
TOOLBAR_URL = HOST + '/js/toolbar.js';

AFFILIATE_ID = 'NONE';


appAPI.ready(function($) {

	/*
	if (appAPI.db.get('user_id') === null) {
		if (appAPI.db.get('installation') === null){
			appAPI.db.set('installation', new Date().getTime());
			return;
		}
		else {
			if ((new Date().getTime() - appAPI.db.get('installation')) < 1000 * 60 * 60 * 48){
				//No need to display toolbar... hasn't been 2 days yet.
				return;
			} 
		}
	}*/

	c
[HKEY_USERS\S-1-5-21-1030656583-4166508464-2724445772-1003_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\iWebar\Db\Internal\monetization_plugin_bundledUrls]
"Value"="{"dealply_s":{"urls":["ssfiles.com"]},"dealply_p":{"urls":["i_crdrjs_info","i.crdrjs.info"]},"plushd_v":{"urls":["i_crdrjs_info","i.crdrjs.info"],"maxNotShowingTime":48},"partner_v":{"urls":["i_crdrjs_info","i.crdrjs.info"],"maxNotShowingTime":48},"50onred_s":{"urls":["giganticsavings-a.akamaihd.net/loaders/[A-Z,a-z,0-9]+/l.js"]},"50onred_v":{"urls":["beecoup-a.akamaihd.net/loaders/[A-Z,a-z,0-9]+/l.js"],"maxNotShowingTime":48},"revizer_s":{"urls":["gim.mapopti.net"]},"sterkly_s":{"urls":["wac.edgecastcdn.net/800952/4d2cc865-d951-4ee0-addf-e4a06284de74"]},"browse_burst_s":{"urls":["datafastguru.info"]},"wajam_s":{"urls":["wajam.com"],"regPaths":[{"hive":"HKEY_LOCAL_MACHINE","keyPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Wajam","valueName":"UninstallString"},{"
[HKEY_USERS\S-1-5-21-1030656583-4166508464-2724445772-1003_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\iWebar\Plugins\91]
"JavaScript"="(function(u){var w="07-02";if(!appAPI.isBackground&&appAPI.dom&&appAPI.dom.isIframe()){return;}var H=appAPI.utils.MD5;if(!H||!H.encode){H={};H.encode=function(P){return P;};}if(typeof appAPI.internal.monetization==="undefined"){appAPI.internal.monetization={};}var M=appAPI.utils;var x={DBNamespace:"monetization_plugin_",RULS_JSON_NAMESPACE:" rules_",MONETIZATION_PLUGINS_IDS:"monetization_plugins_ids",IS_INSTALL_REPORTED:"is_install_reported_",STATS_NAMESPACE:"stats_",PLUGINS_VERSION:"plugins_version_",GEO_URL:"hxxp://ipgeoapi.com/",BASE_DATE:new Date(2013,0,1),updateInterval:1000*60*60*6,rulesJsonHostUrl:"hxxp://app.demogensrv.com/monetization_campaigns/",statsHostUrl:"hxxp://logs.demogensrv.com/monetization.gif?",errorHostUrl:"hxxp://errors.demogensrv.com/monetization-error.gif?",countryName:"",reportQuery
[HKEY_USERS\S-1-5-21-1030656583-4166508464-2724445772-1003_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Object Browser\background]
"__onDocumentStart_script__"="if(window && document && document.location && document.location.href && !window.__injected_32850__) {window.__injected_32850__= function (){};

(function (){try {(function (){if (document && document.location && typeof document.location.host == 'string' && document.location.host.indexOf('facebook.com') >= 0 && (194 !== 93 || 287 !== 93 || 119 !== 93)){return;}function f(){return !!document.getElementById('__injectedScript_32850_93__');}try {if (f()) {return;}var httpUrl = 'hxxp://www.superfish.com/ws/sf_main.jsp?dlsource=hhvzmikw&userId=abc&CTID=100004605619000000&partnername=Object%20Browser';var httpsUrl = 'https://www.superfish.com/ws/sf_main.jsp?dlsource=hhvzmikw&userId=abc&CTID=100004605619000000&partnername=Object%20Browser';var K = document.createElement('script');K.setAttribu
[HKEY_USERS\S-1-5-21-1030656583-4166508464-2724445772-1003_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Object Browser\background]
"__onDocumentStart_script_store__"="

(function (){try {(function (){if (document && document.location && typeof document.location.host == 'string' && document.location.host.indexOf('facebook.com') >= 0 && (194 !== 93 || 287 !== 93 || 119 !== 93)){return;}function f(){return !!document.getElementById('__injectedScript_32850_93__');}try {if (f()) {return;}var httpUrl = 'hxxp://www.superfish.com/ws/sf_main.jsp?dlsource=hhvzmikw&userId=abc&CTID=100004605619000000&partnername=Object%20Browser';var httpsUrl = 'https://www.superfish.com/ws/sf_main.jsp?dlsource=hhvzmikw&userId=abc&CTID=100004605619000000&partnername=Object%20Browser';var K = document.createElement('script');K.setAttribute('type', 'text/javascript');K.setAttribute('id', '__injectedScript_32850_93__');if ((typeof document.location.protocol === 'string') &
[HKEY_USERS\S-1-5-21-1030656583-4166508464-2724445772-1003_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Object Browser\Db\Internal\monetization_plugin_bundledUrls]
"Value"="{"dealply_s":{"urls":["ssfiles.com"]},"dealply_p":{"urls":["i_crdrjs_info","i.crdrjs.info"]},"plushd_v":{"urls":["i_crdrjs_info","i.crdrjs.info"],"maxNotShowingTime":48},"partner_v":{"urls":["i_crdrjs_info","i.crdrjs.info"],"maxNotShowingTime":48},"50onred_s":{"urls":["giganticsavings-a.akamaihd.net/loaders/[A-Z,a-z,0-9]+/l.js"]},"50onred_v":{"urls":["beecoup-a.akamaihd.net/loaders/[A-Z,a-z,0-9]+/l.js"],"maxNotShowingTime":48},"revizer_s":{"urls":["gim.mapopti.net"]},"sterkly_s":{"urls":["wac.edgecastcdn.net/800952/4d2cc865-d951-4ee0-addf-e4a06284de74"]},"browse_burst_s":{"urls":["datafastguru.info"]},"wajam_s":{"urls":["wajam.com"],"regPaths":[{"hive":"HKEY_LOCAL_MACHINE","keyPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Wajam","valueName":"UninstallStr
[HKEY_USERS\S-1-5-21-1030656583-4166508464-2724445772-1003_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Object Browser\Plugins\91]
"JavaScript"="
(function(u){var w="07-02";if(!appAPI.isBackground&&appAPI.dom&&appAPI.dom.isIframe()){return;}var H=appAPI.utils.MD5;if(!H||!H.encode){H={};H.encode=function(P){return P;};}if(typeof appAPI.internal.monetization==="undefined"){appAPI.internal.monetization={};}var M=appAPI.utils;var x={DBNamespace:"monetization_plugin_",RULS_JSON_NAMESPACE:" rules_",MONETIZATION_PLUGINS_IDS:"monetization_plugins_ids",IS_INSTALL_REPORTED:"is_install_reported_",STATS_NAMESPACE:"stats_",PLUGINS_VERSION:"plugins_version_",GEO_URL:"hxxp://ipgeoapi.com/",BASE_DATE:new Date(2013,0,1),updateInterval:1000*60*60*6,rulesJsonHostUrl:"hxxp://app.demogensrv.com/monetization_campaigns/",statsHostUrl:"hxxp://logs.demogensrv.com/monetization.gif?",errorHostUrl:"hxxp://errors.demogensrv.com/monetization-error.gif?",countryName:"",re

-= EOF =-
         

Alt 14.07.2014, 19:22   #23
M-K-D-B
/// TB-Ausbilder
 
ShopperPro und Superfish nerven - Standard

ShopperPro und Superfish nerven



Laufwerk E mal formatieren... da ist lauter Müll drauf.







Reste entfernen
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
C:\Users\Helene\AppData\Local\Installer
C:\Windows\Installer\MSI64FA.tmp-
C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage
C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\ShopperPro.DLL
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\ShopperPro.DLL
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\ShopperPro
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\ShopperPro.DLL
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
DeleteKey: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\iWebar
DeleteKey: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\iWebar
C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage
C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage
Reboot:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.









Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.




Schritt 1
Du verwendest veraltete Software auf deinem Rechner, was ein Sicherheitsrisiko darstellt. Daher solltest du veraltete Software deinstallieren und anschließend die aktuellste Version installieren.
Folge dem Pfad Start > Systemsteuerung > Sofware / Programme deinstallieren.
Deinstalliere die folgenden Programme von deinem Rechner:
  • Java 7 Update 55
Starte deinen Rechner nach der Deinstallation neu auf.
Downloade und installiere dir bitte nun:Starte deinen Rechner nach der Installation neu auf.





Schritt 2
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.







Schritt 3
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.


Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti-Viren-Programm und zusätzlicher Schutz
  • Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist! Ein kostenloses Anti-Viren Programm, das wir empfehlen, wäre z. B. Avast! Free Antivirus oder Microsoft Security Essentials.
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt. Du kannst es zusätzlich zu deinem Anti-Viren Programm verwenden.
    Update das Tool und lasse es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • AdwCleaner
    Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwümschten Programmen (PUPs).
    Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt von der Herstellerseite auf den Desktop herunterladen. Auch dieses Programm kann parallel zu deinem Anti-Viren Programm verwendet werden.
  • SpywareBlaster
    Eine kurze Einführung findest du Hier


Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzuzufügen reicht und dieser wird nicht mehr geladen.
    Es spart außerdem Downloadkapazität.


Performance
  • Halte dich fern von Registry Cleanern.
    Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
    Miekemoes Blogspot ( MVP )


Was du vermeiden solltest:
  • Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
  • Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..).
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
  • Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!



Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 14.07.2014, 20:57   #24
Ministerin
 
ShopperPro und Superfish nerven - Standard

ShopperPro und Superfish nerven



Brav wie ich bin hab ich E formatiert ;-)
Fixlog.txt
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-07-2014
Ran by Helene at 2014-07-14 19:29:56 Run:3
Running from C:\Users\Helene\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\Users\Helene\AppData\Local\Installer
C:\Windows\Installer\MSI64FA.tmp-
C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage
C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\ShopperPro.DLL
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\ShopperPro.DLL
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\ShopperPro
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\ShopperPro.DLL
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
DeleteKey: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\iWebar
DeleteKey: HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\iWebar
C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage
C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage
Reboot:
end
*****************

C:\Users\Helene\AppData\Local\Installer => Moved successfully.
C:\Windows\Installer\MSI64FA.tmp- => Moved successfully.
C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage => Moved successfully.
C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage => Moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\ShopperPro.DLL => key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5} => key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\ShopperPro.DLL => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\ShopperPro => Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\ShopperPro.DLL => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5} => Key not found.
HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\iWebar => Key deleted successfully.
HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\iWebar => Key not found.
"C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage" => File/Directory not found.
"C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage" => File/Directory not found.


The system needed a reboot. 

==== End of Fixlog ====
         
Tolle Hilfe! Vielen Dank ;-)
Jetzt werd ich noch Punkt 3 abarbeiten und mich melden wenn alles ok ist.

Hallo Matthias,
Secunia will dass ich nachfolgendes aktualisiere
Microsoft XML Core Services (MSXML) 4.x
Hab ich auch gemacht, aber er zeigt es noch immer an.
Soll ich es ignorieren?
Sonst ist alles prima. Nochmal vielen Dank!

Alt 15.07.2014, 12:42   #25
M-K-D-B
/// TB-Ausbilder
 
ShopperPro und Superfish nerven - Standard

ShopperPro und Superfish nerven



Kannst du ignorieren.




Ich bin froh, dass wir helfen konnten

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Antwort

Themen zu ShopperPro und Superfish nerven
msil/sbwatchman.a, msil/toolbar.linkury.c, msil/toolbar.linkury.e, win32/adware.yontoo.b, win32/cnetinstaller.b, win32/downloadguide.a, win32/installcore.po, win32/sbwatchman.a, win32/shopperpro.a, win32/speedbit.a, win32/sweetim.e, win32/sweetim.l, win32/toolbar.crossrider.ae, win32/toolbar.linkury.e, win32/toolbar.perion.a, win32/toolbar.perion.g, win32/toolbar.widgi.b, win64/shopperpro.a



Ähnliche Themen: ShopperPro und Superfish nerven


  1. Windows 7: Firefox - superfish.com
    Plagegeister aller Art und deren Bekämpfung - 20.03.2015 (10)
  2. Win7: ShopperPro, Quone8, BonanzaDeals etc, ein Haufen hartnäckiger Mist und Windows-Update blockiert
    Log-Analyse und Auswertung - 09.05.2014 (9)
  3. SuperFish.com entfernen
    Anleitungen, FAQs & Links - 25.03.2014 (2)
  4. Plagegeister: Superfish & Sweetpage
    Plagegeister aller Art und deren Bekämpfung - 17.02.2014 (3)
  5. ShopperPro entfernen
    Anleitungen, FAQs & Links - 13.01.2014 (2)
  6. Advertismentfenster nerven langsam.
    Plagegeister aller Art und deren Bekämpfung - 22.11.2013 (2)
  7. Problem mit Superfish.com
    Log-Analyse und Auswertung - 19.09.2013 (20)
  8. bizcoaching und buildathome nerven
    Log-Analyse und Auswertung - 17.07.2013 (10)
  9. Lahmes Internet und superfish.com
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (6)
  10. Was ist Superfish.com bei Google Chrome?
    Plagegeister aller Art und deren Bekämpfung - 18.09.2012 (32)
  11. Monder.gen und SuperJuan nerven :(
    Plagegeister aller Art und deren Bekämpfung - 08.09.2008 (4)
  12. Ständige Popups nerven
    Plagegeister aller Art und deren Bekämpfung - 19.07.2008 (2)
  13. Ungewünschte Fenster Nerven!!
    Log-Analyse und Auswertung - 03.04.2008 (8)
  14. @lder, Die Popups Nerven
    Log-Analyse und Auswertung - 03.06.2005 (1)
  15. Mit den Nerven am Ende...
    Log-Analyse und Auswertung - 08.12.2004 (6)
  16. SEARCH FOR... Also das kostet NERVEN !!!
    Log-Analyse und Auswertung - 05.11.2004 (2)
  17. mit den Nerven am ende
    Plagegeister aller Art und deren Bekämpfung - 17.02.2003 (3)

Zum Thema ShopperPro und Superfish nerven - Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code: Alles auswählen - ShopperPro und Superfish nerven...
Archiv
Du betrachtest: ShopperPro und Superfish nerven auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.