Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows 7: Bei jedem Klick Werbung und Webseiten werden umgeleitet (https://www.trojaner-board.de/153046-windows-7-klick-werbung-webseiten-umgeleitet.html)

fixiboy 25.04.2014 21:09
Windows 7: Bei jedem Klick Werbung und Webseiten werden umgeleitet
 
Hallo liebe Trojaner-Board-Mitarbeiter,

ich muss zugestehen, dass ich einen gravierenden Fehler begangen habe. Vor ein paar Tagen kam die Meldung, dass mein Java veraltet wäre. Obwohl ich davor den Fehler nie gemacht habe und immer schön diesen Fake weggeklickt habe, habe ich ihn dann doch gemacht und die Installation durchgeführt. Ich weiß nicht, was mich dazu geritten hat, irgendwie habe ich der Seite vertraut und jetzt ist es geschehen. Das wird mir auf jeden Fall nicht nochmal passieren.
Zurück zum Thema, bei jedem Klick öffnet sich nun zusätzliche Werbung (In den meisten Fällen ist irgendetwas veraltet: Flashplayer, Java, Internet Explorer, ...) und in manchen Fällen wird auch einfach eine Internetseite zu irgendeiner anderen Werbung (meistens irgendwelche Browserspiele) umgeleitet, also kein neuer Tab aufgemacht. Ich weiß genau, dass es daran lag, dass ich dieses Java-Update gemacht habe.
Sofort danach habe ich die Installierten Dateien mit Erfolg wieder deinstalliert und danach versucht eine Systemwiederherstellung zu machen, weil ich dachte, dass ich damit das Problem bereinigen kann (Die Systemwiederherstellung hatte leider keinen Erfolg). Seit dem habe ich leider dieses Problem und der Virenscanner hat leider nichts gefunden.
Ich danke schon einmal vielmals für ihre Hilfe.
Unten dann die geforderten Dateien.
Liebe Grüße
Collin


Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:31 on 24/04/2014 (Collin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2014
Ran by Collin (administrator) on COLLIN-HP on 24-04-2014 14:37:58
Running from C:\Users\Collin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
() C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
() C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
() C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\scalc.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-10] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-08] (IDT, Inc.)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [168504 2011-06-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-05-17] (EasyBits Software AS)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Guard.Mail.ru.gui] => C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-03-30] ()
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1258504 2013-12-29] (Easybits)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-08] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-669750612-4099681080-2224479282-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-669750612-4099681080-2224479282-1000\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Collin\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-669750612-4099681080-2224479282-1000\...\MountPoints2: G - G:\laucher.exe
HKU\S-1-5-21-669750612-4099681080-2224479282-1000\...\MountPoints2: {3aadb74c-0bb7-11e2-86c1-101f74c42839} - G:\HPLauncher.exe
HKU\S-1-5-21-669750612-4099681080-2224479282-1000\...\MountPoints2: {58362958-7ea9-11e3-a651-101f74c42839} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-669750612-4099681080-2224479282-1000\...\MountPoints2: {5a36073e-5b45-11e3-a45f-101f74c42839} - G:\laucher.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397923092&from=tugs&uid=TOSHIBAXMK7559GSXP_91FAB0Q3BXX91FAB0Q3B
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397923092&from=tugs&uid=TOSHIBAXMK7559GSXP_91FAB0Q3BXX91FAB0Q3B&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397923092&from=tugs&uid=TOSHIBAXMK7559GSXP_91FAB0Q3BXX91FAB0Q3B
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397923092&from=tugs&uid=TOSHIBAXMK7559GSXP_91FAB0Q3BXX91FAB0Q3B
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1397923092&from=tugs&uid=TOSHIBAXMK7559GSXP_91FAB0Q3BXX91FAB0Q3B&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397923092&from=tugs&uid=TOSHIBAXMK7559GSXP_91FAB0Q3BXX91FAB0Q3B&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397923092&from=tugs&uid=TOSHIBAXMK7559GSXP_91FAB0Q3BXX91FAB0Q3B
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397923092&from=tugs&uid=TOSHIBAXMK7559GSXP_91FAB0Q3BXX91FAB0Q3B
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1397923092&from=tugs&uid=TOSHIBAXMK7559GSXP_91FAB0Q3BXX91FAB0Q3B&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1397923092&from=tugs&uid=TOSHIBAXMK7559GSXP_91FAB0Q3BXX91FAB0Q3B
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397923092&from=tugs&uid=TOSHIBAXMK7559GSXP_91FAB0Q3BXX91FAB0Q3B&q={searchTerms}
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397923092&from=tugs&uid=TOSHIBAXMK7559GSXP_91FAB0Q3BXX91FAB0Q3B&q={searchTerms}
SearchScopes: HKLM - {42218EA0-A1A3-4FAE-BBF7-7482498E8022} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397923092&from=tugs&uid=TOSHIBAXMK7559GSXP_91FAB0Q3BXX91FAB0Q3B&q={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397923092&from=tugs&uid=TOSHIBAXMK7559GSXP_91FAB0Q3BXX91FAB0Q3B&q={searchTerms}
SearchScopes: HKLM-x32 - {42218EA0-A1A3-4FAE-BBF7-7482498E8022} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - DefaultScope {74FED47D-911D-4547-BEF1-555B2396451A} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=78013e800000000000003859f97ffdb7&r=485
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397923092&from=tugs&uid=TOSHIBAXMK7559GSXP_91FAB0Q3BXX91FAB0Q3B&q={searchTerms}
SearchScopes: HKCU - {42218EA0-A1A3-4FAE-BBF7-7482498E8022} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {74FED47D-911D-4547-BEF1-555B2396451A} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=78013e800000000000003859f97ffdb7&r=485
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: MediaPlayerplus - {11111111-1111-1111-1111-110511421146} - C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho64.dll (Freeven)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: ICQ Sparberater - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-07-15] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 129.217.129.42

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-06-07]
FF HKCU\...\Firefox\Extensions: [{372479DD-B552-F0A8-F0E5-EEEEA6602285}] - C:\Program Files (x86)\Re-markit-soft\158.xpi
FF Extension: Re-markit - C:\Program Files (x86)\Re-markit-soft\158.xpi [2014-04-19]

Chrome:
=======
CHR HomePage: hxxp://istart.webssearches.com/?type=hp&ts=1397923092&from=tugs&uid=TOSHIBAXMK7559GSXP_91FAB0Q3BXX91FAB0Q3B
CHR StartupUrls: "hxxp://istart.webssearches.com/?type=hp&ts=1397923092&from=tugs&uid=TOSHIBAXMK7559GSXP_91FAB0Q3BXX91FAB0Q3B"
CHR DefaultSearchKeyword: webssearches
CHR DefaultSearchProvider: webssearches
CHR DefaultSearchURL: hxxp://istart.webssearches.com/web/?type=ds&ts=1397923092&from=tugs&uid=TOSHIBAXMK7559GSXP_91FAB0Q3BXX91FAB0Q3B&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-15]
CHR Extension: (Google Drive) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-15]
CHR Extension: (YouTube) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-15]
CHR Extension: (Google Search) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-15]
CHR Extension: (Website Logon) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfaldikcoaplhepekpbngkepfcoiihef [2013-11-15]
CHR Extension: (Re-markit) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikcggonfhgaingjbhjanbibmlfeomooc [2014-04-19]
CHR Extension: (MediaPlayerplus) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd [2014-04-19]
CHR Extension: (Google Wallet) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-15]
CHR Extension: (Gmail) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-15]
CHR HKLM-x32\...\Chrome\Extension: [dfaldikcoaplhepekpbngkepfcoiihef] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-08-22]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-04-19]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [240736 2013-10-07] (WildTangent)
R2 Guard.Mail.ru; C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-03-30] ()
R2 ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [247872 2011-08-17] ()
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Re-markit; C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.exe [142848 2014-04-19] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-24 14:37 - 2014-04-24 14:39 - 00027035 _____ () C:\Users\Collin\Desktop\FRST.txt
2014-04-24 14:37 - 2014-04-24 14:37 - 00000000 ____D () C:\FRST
2014-04-24 14:33 - 2014-04-24 14:33 - 02061824 _____ (Farbar) C:\Users\Collin\Desktop\FRST64.exe
2014-04-24 14:31 - 2014-04-24 14:31 - 00000474 _____ () C:\Users\Collin\Desktop\defogger_disable.log
2014-04-24 14:31 - 2014-04-24 14:31 - 00000000 _____ () C:\Users\Collin\defogger_reenable
2014-04-24 14:30 - 2014-04-24 14:30 - 00050477 _____ () C:\Users\Collin\Desktop\Defogger.exe
2014-04-24 10:02 - 2014-04-24 10:02 - 00000114 ____H () C:\Users\Collin\Desktop\.~lock.Stundenplan SS2014.ods#
2014-04-22 16:03 - 2014-04-22 16:03 - 00000000 __SHD () C:\Users\Collin\AppData\Local\EmieUserList
2014-04-22 16:03 - 2014-04-22 16:03 - 00000000 __SHD () C:\Users\Collin\AppData\Local\EmieSiteList
2014-04-22 16:00 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-22 16:00 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-22 16:00 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-22 16:00 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-22 15:59 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-22 15:59 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-22 15:59 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-22 15:59 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-22 15:59 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-22 15:59 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-22 15:59 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-22 15:59 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-22 15:59 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-22 15:59 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-22 15:59 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-22 15:59 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-22 15:59 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-22 15:59 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-22 15:59 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-22 15:59 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-22 15:59 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-22 15:59 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-22 15:59 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-22 15:59 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-22 15:59 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-22 15:59 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-22 15:59 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-22 15:59 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-22 15:59 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-22 15:59 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-22 15:59 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-22 15:59 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-22 15:59 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-22 15:59 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-22 15:59 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-22 15:59 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-22 15:59 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-22 15:59 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-22 15:59 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-22 15:59 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-22 15:59 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-22 15:59 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-22 15:59 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-22 15:59 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-22 15:59 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-22 15:59 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-22 15:59 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-22 15:59 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-19 18:03 - 2014-04-19 19:06 - 00000000 ___RD () C:\Users\Collin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-19 18:02 - 2014-04-19 18:02 - 00003158 _____ () C:\Windows\System32\Tasks\{63413530-4970-4B09-9431-53CAB00FB246}
2014-04-19 18:00 - 2014-04-24 12:07 - 00001538 _____ () C:\Windows\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-5.job
2014-04-19 18:00 - 2014-04-24 12:07 - 00001442 _____ () C:\Windows\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-2.job
2014-04-19 18:00 - 2014-04-19 18:22 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-04-19 18:00 - 2014-04-19 18:22 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-04-19 18:00 - 2014-04-19 18:20 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-04-19 18:00 - 2014-04-19 18:00 - 00004568 _____ () C:\Windows\System32\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-5
2014-04-19 18:00 - 2014-04-19 18:00 - 00004472 _____ () C:\Windows\System32\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-2
2014-04-19 18:00 - 2014-04-19 18:00 - 00002832 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-04-19 18:00 - 2014-04-19 18:00 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-04-19 18:00 - 2014-04-19 18:00 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-04-19 17:59 - 2014-04-24 12:07 - 00003128 _____ () C:\Windows\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-3.job
2014-04-19 17:59 - 2014-04-24 12:07 - 00002222 _____ () C:\Windows\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-4.job
2014-04-19 17:59 - 2014-04-24 12:07 - 00001464 _____ () C:\Windows\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-1.job
2014-04-19 17:59 - 2014-04-19 19:06 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-04-19 17:59 - 2014-04-19 18:02 - 00000000 ____D () C:\ProgramData\WPM
2014-04-19 17:59 - 2014-04-19 18:00 - 00004494 _____ () C:\Windows\System32\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-1
2014-04-19 17:59 - 2014-04-19 18:00 - 00001194 _____ () C:\Users\Collin\AppData\Roaming\aps.scan.quick.results
2014-04-19 17:59 - 2014-04-19 18:00 - 00000316 _____ () C:\Users\Collin\AppData\Roaming\aps.uninstall.scan.results
2014-04-19 17:59 - 2014-04-19 17:59 - 00006158 _____ () C:\Windows\System32\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-3
2014-04-19 17:59 - 2014-04-19 17:59 - 00005252 _____ () C:\Windows\System32\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-4
2014-04-19 17:59 - 2014-04-19 17:59 - 00000000 ____D () C:\Users\Collin\AppData\Roaming\SupTab
2014-04-19 17:59 - 2014-04-19 17:59 - 00000000 ____D () C:\ProgramData\IePluginService
2014-04-19 17:59 - 2014-04-19 17:59 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx
2014-04-19 17:59 - 2014-04-19 17:59 - 00000000 _____ () C:\Users\Collin\AppData\Roaming\aps.scan.results
2014-04-19 17:59 - 2014-04-19 17:58 - 01097384 _____ (AnyProtect.com) C:\Users\Collin\AppData\Local\nsv72BC.tmp
2014-04-19 17:58 - 2014-04-24 12:07 - 00001470 _____ () C:\Windows\Tasks\b71da451-9cb4-4361-813f-6044461839ae-5.job
2014-04-19 17:58 - 2014-04-24 10:00 - 00000408 _____ () C:\Windows\Tasks\Re-markit Update.job
2014-04-19 17:58 - 2014-04-24 10:00 - 00000398 _____ () C:\Windows\Tasks\Re-markit_wd.job
2014-04-19 17:58 - 2014-04-21 00:40 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus
2014-04-19 17:58 - 2014-04-21 00:40 - 00000000 ____D () C:\Program Files (x86)\HQ-Video-Pro-1.9
2014-04-19 17:58 - 2014-04-19 19:06 - 00000000 ____D () C:\Program Files (x86)\Re-markit-soft
2014-04-19 17:58 - 2014-04-19 17:58 - 00004500 _____ () C:\Windows\System32\Tasks\b71da451-9cb4-4361-813f-6044461839ae-5
2014-04-19 17:58 - 2014-04-19 17:58 - 00003058 _____ () C:\Windows\System32\Tasks\Re-markit Update
2014-04-19 17:58 - 2014-04-19 17:58 - 00002988 _____ () C:\Windows\System32\Tasks\Re-markit_wd
2014-04-19 17:58 - 2014-04-19 17:58 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-17 11:18 - 2014-04-17 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-17 11:18 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-17 11:18 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-17 11:18 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-17 11:18 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-17 11:17 - 2014-04-17 11:18 - 00005449 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-15 13:04 - 2014-04-15 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio
2014-04-15 13:04 - 2014-04-15 13:04 - 00000000 ____D () C:\Program Files\RStudio
2014-04-13 16:12 - 2014-04-13 16:12 - 00003606 _____ () C:\Users\Collin\Desktop\DATEN.csv
2014-04-09 13:45 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 13:45 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 13:45 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 13:45 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 13:45 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 13:45 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 13:45 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 13:45 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 13:45 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 13:45 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 13:45 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 13:45 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 13:45 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 13:45 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 13:45 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 13:45 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 13:45 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-07 13:35 - 2014-04-07 13:36 - 00000000 ____D () C:\Users\Collin\Desktop\Bilder
2014-04-07 13:29 - 2014-04-07 13:29 - 00000000 ____D () C:\Users\Collin\AppData\Roaming\OpenOffice
2014-04-07 13:28 - 2014-04-07 13:28 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-04-07 13:28 - 2014-04-07 13:28 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
2014-04-07 13:27 - 2014-04-07 13:28 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-04-07 12:12 - 2014-04-15 02:30 - 00012618 _____ () C:\Users\Collin\Desktop\Stundenplan SS2014.ods
2014-03-31 14:48 - 2014-03-31 14:48 - 00000165 ____H () C:\Users\Collin\Desktop\~$Stundenplan WS 2013.xlsx
2014-03-28 16:55 - 2014-04-23 10:35 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForCollin.job
2014-03-28 16:55 - 2014-04-22 23:45 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCollin
2014-03-28 16:54 - 2014-03-28 16:54 - 00002217 _____ () C:\Users\Collin\Desktop\HP Support Assistant.lnk
2014-03-28 16:49 - 2014-03-28 16:49 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}

==================== One Month Modified Files and Folders =======

2014-04-24 14:39 - 2014-04-24 14:37 - 00027035 _____ () C:\Users\Collin\Desktop\FRST.txt
2014-04-24 14:37 - 2014-04-24 14:37 - 00000000 ____D () C:\FRST
2014-04-24 14:33 - 2014-04-24 14:33 - 02061824 _____ (Farbar) C:\Users\Collin\Desktop\FRST64.exe
2014-04-24 14:31 - 2014-04-24 14:31 - 00000474 _____ () C:\Users\Collin\Desktop\defogger_disable.log
2014-04-24 14:31 - 2014-04-24 14:31 - 00000000 _____ () C:\Users\Collin\defogger_reenable
2014-04-24 14:31 - 2011-12-24 19:47 - 00000000 ____D () C:\Users\Collin
2014-04-24 14:30 - 2014-04-24 14:30 - 00050477 _____ () C:\Users\Collin\Desktop\Defogger.exe
2014-04-24 14:21 - 2013-11-14 22:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-24 14:20 - 2013-11-14 22:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-24 14:14 - 2011-11-16 10:28 - 01311547 _____ () C:\Windows\WindowsUpdate.log
2014-04-24 12:07 - 2014-04-19 18:00 - 00001538 _____ () C:\Windows\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-5.job
2014-04-24 12:07 - 2014-04-19 18:00 - 00001442 _____ () C:\Windows\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-2.job
2014-04-24 12:07 - 2014-04-19 17:59 - 00003128 _____ () C:\Windows\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-3.job
2014-04-24 12:07 - 2014-04-19 17:59 - 00002222 _____ () C:\Windows\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-4.job
2014-04-24 12:07 - 2014-04-19 17:59 - 00001464 _____ () C:\Windows\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-1.job
2014-04-24 12:07 - 2014-04-19 17:58 - 00001470 _____ () C:\Windows\Tasks\b71da451-9cb4-4361-813f-6044461839ae-5.job
2014-04-24 10:08 - 2009-07-14 06:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-24 10:08 - 2009-07-14 06:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-24 10:02 - 2014-04-24 10:02 - 00000114 ____H () C:\Users\Collin\Desktop\.~lock.Stundenplan SS2014.ods#
2014-04-24 10:01 - 2014-01-14 15:29 - 00000000 ____D () C:\Users\Collin\AppData\Roaming\newnext.me
2014-04-24 10:00 - 2014-04-19 17:58 - 00000408 _____ () C:\Windows\Tasks\Re-markit Update.job
2014-04-24 10:00 - 2014-04-19 17:58 - 00000398 _____ () C:\Windows\Tasks\Re-markit_wd.job
2014-04-24 10:00 - 2013-11-14 22:51 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-24 10:00 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-24 10:00 - 2009-07-14 06:51 - 00149340 _____ () C:\Windows\setupact.log
2014-04-24 00:44 - 2013-11-12 10:04 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8284362C-B5C4-4E7C-B824-25F2F57764D4}
2014-04-23 10:35 - 2014-03-28 16:55 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForCollin.job
2014-04-22 23:45 - 2014-03-28 16:55 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCollin
2014-04-22 16:03 - 2014-04-22 16:03 - 00000000 __SHD () C:\Users\Collin\AppData\Local\EmieUserList
2014-04-22 16:03 - 2014-04-22 16:03 - 00000000 __SHD () C:\Users\Collin\AppData\Local\EmieSiteList
2014-04-22 16:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-21 00:40 - 2014-04-19 17:58 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus
2014-04-21 00:40 - 2014-04-19 17:58 - 00000000 ____D () C:\Program Files (x86)\HQ-Video-Pro-1.9
2014-04-20 19:24 - 2012-01-10 00:42 - 00000000 ____D () C:\Users\Collin\AppData\Local\CrashDumps
2014-04-19 19:06 - 2014-04-19 18:03 - 00000000 ___RD () C:\Users\Collin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-19 19:06 - 2014-04-19 17:59 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-04-19 19:06 - 2014-04-19 17:58 - 00000000 ____D () C:\Program Files (x86)\Re-markit-soft
2014-04-19 19:06 - 2012-03-21 11:28 - 00000000 ___HD () C:\Users\Collin\Documents\Runes of Magic
2014-04-19 19:06 - 2012-03-21 11:05 - 00000000 ____D () C:\Program Files (x86)\Runes of Magic
2014-04-19 19:06 - 2012-03-12 14:45 - 00000000 ____D () C:\Users\Collin\AppData\Roaming\RStudio
2014-04-19 19:06 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-19 19:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-04-19 18:22 - 2014-04-19 18:00 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-04-19 18:22 - 2014-04-19 18:00 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-04-19 18:22 - 2010-11-21 05:47 - 00532430 _____ () C:\Windows\PFRO.log
2014-04-19 18:20 - 2014-04-19 18:00 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-04-19 18:02 - 2014-04-19 18:02 - 00003158 _____ () C:\Windows\System32\Tasks\{63413530-4970-4B09-9431-53CAB00FB246}
2014-04-19 18:02 - 2014-04-19 17:59 - 00000000 ____D () C:\ProgramData\WPM
2014-04-19 18:00 - 2014-04-19 18:00 - 00004568 _____ () C:\Windows\System32\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-5
2014-04-19 18:00 - 2014-04-19 18:00 - 00004472 _____ () C:\Windows\System32\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-2
2014-04-19 18:00 - 2014-04-19 18:00 - 00002832 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-04-19 18:00 - 2014-04-19 18:00 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-04-19 18:00 - 2014-04-19 18:00 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-04-19 18:00 - 2014-04-19 17:59 - 00004494 _____ () C:\Windows\System32\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-1
2014-04-19 18:00 - 2014-04-19 17:59 - 00001194 _____ () C:\Users\Collin\AppData\Roaming\aps.scan.quick.results
2014-04-19 18:00 - 2014-04-19 17:59 - 00000316 _____ () C:\Users\Collin\AppData\Roaming\aps.uninstall.scan.results
2014-04-19 17:59 - 2014-04-19 17:59 - 00006158 _____ () C:\Windows\System32\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-3
2014-04-19 17:59 - 2014-04-19 17:59 - 00005252 _____ () C:\Windows\System32\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-4
2014-04-19 17:59 - 2014-04-19 17:59 - 00000000 ____D () C:\Users\Collin\AppData\Roaming\SupTab
2014-04-19 17:59 - 2014-04-19 17:59 - 00000000 ____D () C:\ProgramData\IePluginService
2014-04-19 17:59 - 2014-04-19 17:59 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx
2014-04-19 17:59 - 2014-04-19 17:59 - 00000000 _____ () C:\Users\Collin\AppData\Roaming\aps.scan.results
2014-04-19 17:58 - 2014-04-19 17:59 - 01097384 _____ (AnyProtect.com) C:\Users\Collin\AppData\Local\nsv72BC.tmp
2014-04-19 17:58 - 2014-04-19 17:58 - 00004500 _____ () C:\Windows\System32\Tasks\b71da451-9cb4-4361-813f-6044461839ae-5
2014-04-19 17:58 - 2014-04-19 17:58 - 00003058 _____ () C:\Windows\System32\Tasks\Re-markit Update
2014-04-19 17:58 - 2014-04-19 17:58 - 00002988 _____ () C:\Windows\System32\Tasks\Re-markit_wd
2014-04-19 17:58 - 2014-04-19 17:58 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-19 17:58 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-04-18 02:43 - 2012-07-18 21:05 - 00000242 _____ () C:\Users\Collin\Desktop\FILME.txt
2014-04-17 17:31 - 2012-01-16 22:52 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-04-17 17:31 - 2011-12-30 01:26 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-04-17 12:08 - 2011-07-16 07:32 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2014-04-17 12:08 - 2011-07-16 07:32 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2014-04-17 12:08 - 2009-07-14 07:13 - 01622236 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-17 11:20 - 2013-11-06 11:15 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-17 11:18 - 2014-04-17 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-17 11:18 - 2014-04-17 11:17 - 00005449 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-17 11:18 - 2013-11-06 11:15 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-15 13:04 - 2014-04-15 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio
2014-04-15 13:04 - 2014-04-15 13:04 - 00000000 ____D () C:\Program Files\RStudio
2014-04-15 02:30 - 2014-04-07 12:12 - 00012618 _____ () C:\Users\Collin\Desktop\Stundenplan SS2014.ods
2014-04-14 20:13 - 2014-04-17 11:18 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-04-17 11:18 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-04-17 11:18 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-04-17 11:18 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-13 16:12 - 2014-04-13 16:12 - 00003606 _____ () C:\Users\Collin\Desktop\DATEN.csv
2014-04-13 14:49 - 2011-12-24 19:54 - 00000000 ____D () C:\Users\Collin\AppData\Roaming\Skype
2014-04-10 03:06 - 2012-09-04 09:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 03:05 - 2013-07-16 01:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 03:02 - 2012-09-27 18:44 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-08 13:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-08 12:52 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-08 09:40 - 2009-07-14 06:45 - 00370840 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-07 13:36 - 2014-04-07 13:35 - 00000000 ____D () C:\Users\Collin\Desktop\Bilder
2014-04-07 13:36 - 2012-03-13 01:36 - 00000000 ___RD () C:\Users\Collin\Desktop\Programme
2014-04-07 13:34 - 2012-03-13 01:41 - 00000000 ____D () C:\Users\Collin\Desktop\Uni
2014-04-07 13:29 - 2014-04-07 13:29 - 00000000 ____D () C:\Users\Collin\AppData\Roaming\OpenOffice
2014-04-07 13:29 - 2011-12-24 19:52 - 00092944 _____ () C:\Users\Collin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-07 13:28 - 2014-04-07 13:28 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-04-07 13:28 - 2014-04-07 13:28 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
2014-04-07 13:28 - 2014-04-07 13:27 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-04-07 12:13 - 2011-12-28 14:28 - 00000000 ____D () C:\Users\Collin\AppData\Roaming\SoftGrid Client
2014-04-07 02:00 - 2012-12-06 15:18 - 00003220 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCOLLIN-HP$
2014-04-07 02:00 - 2012-12-06 15:18 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForCOLLIN-HP$.job
2014-03-31 14:48 - 2014-03-31 14:48 - 00000165 ____H () C:\Users\Collin\Desktop\~$Stundenplan WS 2013.xlsx
2014-03-31 09:35 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-28 16:54 - 2014-03-28 16:54 - 00002217 _____ () C:\Users\Collin\Desktop\HP Support Assistant.lnk
2014-03-28 16:54 - 2011-07-15 22:07 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-03-28 16:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-03-28 16:51 - 2011-07-15 22:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-28 16:51 - 2011-07-15 21:59 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-03-28 16:49 - 2014-03-28 16:49 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-03-28 16:46 - 2011-07-15 22:10 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-03-28 16:45 - 2011-02-10 21:23 - 00000000 ____D () C:\SWSetup
2014-03-28 01:15 - 2013-11-14 22:51 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-28 01:15 - 2013-11-14 22:51 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-26 11:27 - 2013-01-18 09:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-25 13:42 - 2014-03-24 09:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

Some content of TEMP:
====================
C:\Users\Collin\AppData\Local\Temp\AskSLib.dll
C:\Users\Collin\AppData\Local\Temp\AutoRun.exe
C:\Users\Collin\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Collin\AppData\Local\Temp\avgnt.exe
C:\Users\Collin\AppData\Local\Temp\BackupSetup.exe
C:\Users\Collin\AppData\Local\Temp\drm_dyndata_7380009.dll
C:\Users\Collin\AppData\Local\Temp\Extract.exe
C:\Users\Collin\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Collin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Collin\AppData\Local\Temp\Mobogenie_Setup_2-1-37_37.exe
C:\Users\Collin\AppData\Local\Temp\One.Piece.E045.Wanted.UNCUT.German.Dubbed.1999.ANiME.DVDRiP.XviD STARS.avi.flv__3515_i136567299_il6796496.exe
C:\Users\Collin\AppData\Local\Temp\Resource.exe
C:\Users\Collin\AppData\Local\Temp\SIntf16.dll
C:\Users\Collin\AppData\Local\Temp\SIntf32.dll
C:\Users\Collin\AppData\Local\Temp\SIntfNT.dll
C:\Users\Collin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Collin\AppData\Local\Temp\sp54620.exe
C:\Users\Collin\AppData\Local\Temp\SP54714.exe
C:\Users\Collin\AppData\Local\Temp\SP55025.exe
C:\Users\Collin\AppData\Local\Temp\SP55031.exe
C:\Users\Collin\AppData\Local\Temp\SP55152.exe
C:\Users\Collin\AppData\Local\Temp\SP56221.exe
C:\Users\Collin\AppData\Local\Temp\SP56878.exe
C:\Users\Collin\AppData\Local\Temp\SP56929.exe
C:\Users\Collin\AppData\Local\Temp\SP57538.exe
C:\Users\Collin\AppData\Local\Temp\SP57698.exe
C:\Users\Collin\AppData\Local\Temp\sp58915.exe
C:\Users\Collin\AppData\Local\Temp\SP59202.exe
C:\Users\Collin\AppData\Local\Temp\SP61152.exe
C:\Users\Collin\AppData\Local\Temp\sp64126.exe
C:\Users\Collin\AppData\Local\Temp\UninstallHPSA.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-31 21:40

==================== End Of Log ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-04-2014
Ran by Collin at 2014-04-24 14:39:49
Running from C:\Users\Collin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

ATI Catalyst Install Manager (HKLM\...\{B066BF95-890E-A532-A58F-D13E0805DC04}) (Version: 3.0.816.0 - ATI Technologies, Inc.)
AuthenTec TrueAPI (Version: 1.3.0.144 - AuthenTec, Inc.) Hidden
ccc-utility64 (Version: 2011.0508.224.2391 - ATI) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
GSview 5.0 (HKLM\...\GSview 5.0) (Version: 5.0 - Ghostgum Software Pty Ltd)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Launch Box (HKLM\...\{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}) (Version: 1.0.11 - Hewlett-Packard Company)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 x64 English (HKLM\...\{F83779DF-E1F5-43A2-A7BE-732F856FADB7}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
R for Windows 3.0.2 (HKLM\...\R for Windows 3.0.2_is1) (Version: 3.0.2 - R Core Team)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
TeXnicCenter Version 2.02 Stable (HKLM\...\TeXnicCenter_is1) (Version: 2.02 Stable - The TeXnicCenter Team)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

==================== Restore Points  =========================

25-03-2014 13:06:07 Windows Update
28-03-2014 14:34:59 Windows Update
28-03-2014 14:49:27 Installed HP Support Assistant
28-03-2014 14:52:49 Windows Modules Installer
28-03-2014 14:53:40 Windows Modules Installer
01-04-2014 08:36:05 Windows Update
04-04-2014 10:37:53 Windows Update
07-04-2014 11:26:51 OpenOffice 4.0.1 wird installiert
08-04-2014 08:06:46 Windows Update
10-04-2014 01:00:38 Windows Update
15-04-2014 12:12:06 Windows Update
17-04-2014 09:16:55 Installed Java 7 Update 55
19-04-2014 14:01:24 Windows Update
19-04-2014 15:58:17 Uniblue SpeedUpMyPC installation
19-04-2014 16:25:42 Wiederherstellungsvorgang
22-04-2014 13:58:54 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {104877EF-E4BB-4A63-9856-DABD95E62618} - System32\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-4 => C:\Program Files (x86)\MediaPlayerplus\f08de44e-751a-4092-ad9e-9c9a07ee0606-4.exe <==== ATTENTION
Task: {10911729-7B1E-4CF0-8413-47FE854489E8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {1151D92C-6FA7-4528-80FA-EAE332DE1849} - System32\Tasks\Re-markit_wd => C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe [2014-04-19] () <==== ATTENTION
Task: {2A2E6A0F-0C22-46F9-9BEB-CAE3E48FCE6C} - System32\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-5 => C:\Program Files (x86)\MediaPlayerplus\f08de44e-751a-4092-ad9e-9c9a07ee0606-5.exe <==== ATTENTION
Task: {2DB65689-EE41-4401-9E46-C0DD1BA87308} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-14] (Google Inc.)
Task: {3060CE9C-BBE3-4F92-B5E8-4E625D5378BC} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-04-19] (AnyProtect by CMI) <==== ATTENTION
Task: {330D1208-8E53-49FA-B629-54EF64A1FE0B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {35DCE7DA-6920-4967-8F7A-39ECB6318E54} - System32\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-2 => C:\Program Files (x86)\MediaPlayerplus\f08de44e-751a-4092-ad9e-9c9a07ee0606-2.exe <==== ATTENTION
Task: {37ABD549-EE3D-45C2-B2C8-A271D955E3F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-14] (Google Inc.)
Task: {423F5CB6-310C-4747-A513-D48C0CC69C7A} - System32\Tasks\HPCeeScheduleForCollin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {59B72576-7A90-48B4-8D4A-E2E951596F1E} - System32\Tasks\b71da451-9cb4-4361-813f-6044461839ae-5 => C:\Program Files (x86)\HQ-Video-Pro-1.9\b71da451-9cb4-4361-813f-6044461839ae-5.exe
Task: {6A059991-9EA8-43BB-9EE2-220635A74907} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {796C97AF-CB3F-4CDF-9FDC-7244C8A13F14} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-04-19] (AnyProtect by CMI) <==== ATTENTION
Task: {8813D2E1-EB1A-4092-9DB8-8F35F0D27224} - System32\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-1 => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe <==== ATTENTION
Task: {AAFE830C-EC2D-46FC-991C-036F058F2B04} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-04-19] (AnyProtect by CMI) <==== ATTENTION
Task: {AC5FE2B3-1ECD-455E-B091-16A92EFFE2AC} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-15] (CyberLink)
Task: {BB3F878F-4565-40B8-B3F4-579388281DFC} - System32\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-3 => C:\Program Files (x86)\MediaPlayerplus\f08de44e-751a-4092-ad9e-9c9a07ee0606-3.exe <==== ATTENTION
Task: {BD61BB9B-C46E-41AC-91B4-80D7163B7BE1} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-06-27] ()
Task: {C023A289-1893-4C35-B5B1-26A010B417F6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {C2237FC8-AFD1-4F5A-BA7D-04ACD07D3214} - System32\Tasks\HPCeeScheduleForCOLLIN-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {CF53BD40-3EDB-4AD0-9812-2319091B15A0} - System32\Tasks\Re-markit Update => C:\Program Files (x86)\Re-markit-soft\Re-markitfQL.exe [2014-04-19] () <==== ATTENTION
Task: {D5EF0370-546A-4936-AAC2-CD169CB3D411} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {E8054BF3-92F3-4C6F-8055-CF8C9AFEC6AE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\b71da451-9cb4-4361-813f-6044461839ae-5.job => C:\Program Files (x86)\HQ-Video-Pro-1.9\b71da451-9cb4-4361-813f-6044461839ae-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-1.job => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe
Task: C:\Windows\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-2.job => C:\Program Files (x86)\MediaPlayerplus\f08de44e-751a-4092-ad9e-9c9a07ee0606-2.exe
Task: C:\Windows\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-3.job => C:\Program Files (x86)\MediaPlayerplus\f08de44e-751a-4092-ad9e-9c9a07ee0606-3.exe
Task: C:\Windows\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-4.job => C:\Program Files (x86)\MediaPlayerplus\f08de44e-751a-4092-ad9e-9c9a07ee0606-4.exe
Task: C:\Windows\Tasks\f08de44e-751a-4092-ad9e-9c9a07ee0606-5.job => C:\Program Files (x86)\MediaPlayerplus\f08de44e-751a-4092-ad9e-9c9a07ee0606-5.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForCOLLIN-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForCollin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Re-markit Update.job => C:\Program Files (x86)\Re-markit-soft\Re-markitfQL.exe <==== ATTENTION
Task: C:\Windows\Tasks\Re-markit_wd.job => C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2012-01-12 17:17 - 2011-05-28 23:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2012-03-30 13:39 - 2012-03-30 13:39 - 01564368 _____ () C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
2014-04-19 17:58 - 2014-04-19 17:58 - 00077312 _____ () C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe
2012-03-30 13:39 - 2011-08-17 11:04 - 00247872 _____ () C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
2014-04-19 17:58 - 2014-04-19 17:58 - 00142848 _____ () C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.exe
2011-04-15 20:16 - 2011-04-15 20:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-06-27 16:18 - 2011-06-27 16:18 - 00107320 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
2011-05-12 15:13 - 2011-05-12 15:13 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-05-08 03:23 - 2011-05-08 03:23 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-08-07 16:04 - 2013-08-06 23:23 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-04-19 17:58 - 2014-04-19 17:58 - 00133120 _____ () C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.dll
2013-09-20 13:50 - 2013-09-20 13:50 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2013-09-17 04:54 - 2013-09-17 04:54 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
2014-02-14 14:16 - 2014-02-14 14:16 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ae685719bd599604bdf031cdad0ba38a\IsdiInterop.ni.dll
2011-11-16 10:26 - 2011-04-30 01:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-03-24 09:54 - 2014-03-24 09:54 - 03018864 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-03-24 09:54 - 2014-03-24 09:54 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-03-24 09:54 - 2014-03-24 09:54 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/24/2014 10:07:49 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped.  Verify that you have sufficient privileges to stop system services.

Error: (04/24/2014 10:00:51 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/24/2014 02:06:50 AM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC

Error: (04/23/2014 10:43:05 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped.  Verify that you have sufficient privileges to stop system services.

Error: (04/23/2014 10:36:10 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/23/2014 02:07:21 AM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC

Error: (04/22/2014 11:48:12 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped.  Verify that you have sufficient privileges to stop system services.

Error: (04/22/2014 11:41:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/22/2014 04:08:14 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC

Error: (04/22/2014 04:03:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/22/2014 01:31:18 AM) (Source: iaStor) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.

Error: (04/19/2014 06:38:25 PM) (Source: iaStor) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.

Error: (04/19/2014 06:33:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%-2147024882

Error: (04/17/2014 01:51:24 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (04/16/2014 01:02:04 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (04/16/2014 01:02:04 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (04/13/2014 03:08:20 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎13.‎04.‎2014 um 15:06:29 unerwartet heruntergefahren.

Error: (04/10/2014 03:24:04 AM) (Source: iaStor) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.

Error: (04/09/2014 01:03:50 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎09.‎04.‎2014 um 00:53:07 unerwartet heruntergefahren.

Error: (04/09/2014 00:48:30 AM) (Source: DCOM) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}


Microsoft Office Sessions:
=========================
Error: (04/24/2014 10:07:49 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped.  Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/24/2014 10:00:51 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/24/2014 02:06:50 AM) (Source: ATIeRecord)(User: )
Description:

Error: (04/23/2014 10:43:05 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped.  Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/23/2014 10:36:10 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/23/2014 02:07:21 AM) (Source: ATIeRecord)(User: )
Description:

Error: (04/22/2014 11:48:12 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped.  Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/22/2014 11:41:26 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/22/2014 04:08:14 PM) (Source: ATIeRecord)(User: )
Description:

Error: (04/22/2014 04:03:40 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 6091.86 MB
Available physical RAM: 3339.89 MB
Total Pagefile: 12181.9 MB
Available Pagefile: 8426.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:678.17 GB) (Free:318.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:16.3 GB) (Free:1.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: F36AF300)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=678 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End Of Log ============================
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-24 15:04:20
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GN00 698,64GB
Running: Gmer-19357.exe; Driver: C:\Users\Collin\AppData\Local\Temp\pxdcapod.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                    fffff80002ff8000 45 bytes [00, 00, 16, 02, 4E, 74, 66, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                                    fffff80002ff802f 29 bytes [00, 01, 00, 06, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text    C:\ProgramData\IePluginService\PluginService.exe[1420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                        0000000075741465 2 bytes [74, 75]
.text    C:\ProgramData\IePluginService\PluginService.exe[1420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                        00000000757414bb 2 bytes [74, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                            0000000075741465 2 bytes [74, 75]
.text    C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe[2144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                          00000000757414bb 2 bytes [74, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                0000000075741465 2 bytes [74, 75]
.text    C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                              00000000757414bb 2 bytes [74, 75]
.text    ...                                                                                                                                                    * 2
?        C:\Windows\system32\mssprxy.dll [3160] entry point in ".rdata" section                                                                                00000000720071e6
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  0000000075741465 2 bytes [74, 75]
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000757414bb 2 bytes [74, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                          0000000075741465 2 bytes [74, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                          00000000757414bb 2 bytes [74, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe[4100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                            0000000075741465 2 bytes [74, 75]
.text    C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe[4100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                          00000000757414bb 2 bytes [74, 75]
.text    ...                                                                                                                                                    * 2
.text    C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[32216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              0000000075741465 2 bytes [74, 75]
.text    C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[32216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                            00000000757414bb 2 bytes [74, 75]
.text    ...                                                                                                                                                    * 2

---- EOF - GMER 2.1 ----

schrauber 25.04.2014 21:12
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

fixiboy 26.04.2014 12:48
Hallo Schrauber,

ich danke dir für deine Hilfe :)
Combofix lief ohne Probleme und auch nach dem Neustart keine Fehlermeldung.
Hier also die Auswertung:

[CODE]
Combofix Logfile:
Code:
ComboFix 14-04-20.01 - Collin 26.04.2014  12:47:40.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.6092.3991 [GMT 2:00]
ausgeführt von:: c:\users\Collin\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\background.html
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\chromeCoreFilesIndex.txt
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\crossriderManifest.json
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\manifest.xml
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\plugins.json
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\plugins\1.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\plugins\102.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\plugins\103.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\plugins\104.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\plugins\13.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\plugins\14.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\plugins\155.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\plugins\17.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\plugins\177.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\plugins\182.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\plugins\183.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\plugins\184.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\plugins\19.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\plugins\190.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\plugins\191.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\plugins\195.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\plugins\207.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\plugins\21.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\plugins\211.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\plugins\22.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\plugins\220.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\plugins\233.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\plugins\242.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\plugins\246.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\plugins\28.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\plugins\4.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\plugins\47.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\plugins\64.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\plugins\7.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\plugins\72.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\plugins\78.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\plugins\80.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\plugins\9.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\plugins\91.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\plugins\93.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\plugins\97.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\userCode\background.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\extensionData\userCode\extension.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\icons\actions\1.png
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\icons\icon128.png
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\icons\icon16.png
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\icons\icon48.png
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\js\api\chrome.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\js\api\cookie.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\js\api\message.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\js\api\monitor.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\js\api\pageAction.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\js\api\pageActionBG.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\js\background.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\js\lib\app_api.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\js\lib\bg_app_api.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\js\lib\consts.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\js\lib\cookie_store.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\js\lib\crossriderAPI.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\js\lib\delegate.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\js\lib\events.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\js\lib\extensionDataStore.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\js\lib\installer.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\js\lib\logFile.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\js\lib\logging.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\js\lib\onBGDocumentLoad.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\js\lib\popupResource\newPopup.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\js\lib\popupResource\popup.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\js\lib\reports.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\js\lib\storageWrapper.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\js\lib\updateManager.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\js\lib\util.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\js\lib\xhr.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\js\main.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\js\platformVersion.js
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\manifest.json
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.21_0\popup.html
c:\users\Collin\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Collin\AppData\Local\nsv72BC.tmp
c:\users\Public\sdelevURL.tmp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-03-26 bis 2014-04-26  ))))))))))))))))))))))))))))))
.
.
2014-04-26 11:00 . 2014-04-26 11:00        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Local\temp
2014-04-26 11:00 . 2014-04-26 11:00        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-04-25 11:52 . 2014-04-17 03:31        10651704        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{9207E3B1-3BCD-4B73-8D61-5E454E49CD1A}\mpengine.dll
2014-04-24 12:37 . 2014-04-24 12:41        --------        d-----w-        C:\FRST
2014-04-22 14:03 . 2014-04-22 14:03        --------        d-sh--w-        c:\users\Collin\AppData\Local\EmieUserList
2014-04-22 14:03 . 2014-04-22 14:03        --------        d-sh--w-        c:\users\Collin\AppData\Local\EmieSiteList
2014-04-22 14:00 . 2014-03-06 06:00        359936        ----a-w-        c:\program files\Internet Explorer\IEShims.dll
2014-04-22 14:00 . 2014-03-06 05:50        257536        ----a-w-        c:\program files (x86)\Internet Explorer\IEShims.dll
2014-04-22 14:00 . 2014-03-06 08:32        574976        ----a-w-        c:\windows\system32\ieui.dll
2014-04-22 14:00 . 2014-03-06 08:57        548352        ----a-w-        c:\windows\system32\vbscript.dll
2014-04-22 14:00 . 2014-03-06 08:02        455168        ----a-w-        c:\windows\SysWow64\vbscript.dll
2014-04-22 14:00 . 2014-03-06 08:36        222720        ----a-w-        c:\program files\Internet Explorer\ielowutil.exe
2014-04-22 14:00 . 2014-03-06 07:44        222720        ----a-w-        c:\program files (x86)\Internet Explorer\ielowutil.exe
2014-04-19 15:59 . 2014-04-19 15:59        --------        d-----w-        c:\users\Collin\AppData\Roaming\SupTab
2014-04-19 15:59 . 2014-04-19 17:06        --------        d-----w-        c:\program files (x86)\SupTab
2014-04-19 15:59 . 2014-04-19 15:59        --------        d-----w-        c:\programdata\IePluginService
2014-04-19 15:59 . 2014-04-19 16:02        --------        d-----w-        c:\programdata\WPM
2014-04-19 15:59 . 2014-04-19 15:59        --------        d-----w-        c:\program files (x86)\AnyProtectEx
2014-04-19 15:58 . 2014-04-20 22:40        --------        d-----w-        c:\program files (x86)\MediaPlayerplus
2014-04-19 15:58 . 2014-04-20 22:40        --------        d-----w-        c:\program files (x86)\HQ-Video-Pro-1.9
2014-04-19 15:58 . 2014-04-19 16:03        --------        d-----w-        c:\users\Collin\AppData\Roaming\webssearches
2014-04-19 15:58 . 2014-04-19 17:06        --------        d-----w-        c:\program files (x86)\Re-markit-soft
2014-04-17 09:18 . 2014-04-14 18:13        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-15 11:04 . 2014-04-15 11:04        --------        d-----w-        c:\program files\RStudio
2014-04-07 11:29 . 2014-04-07 11:29        --------        d-----w-        c:\users\Collin\AppData\Roaming\OpenOffice
2014-04-07 11:27 . 2014-04-07 11:28        --------        d-----w-        c:\program files (x86)\OpenOffice 4
2014-03-28 14:49 . 2014-03-28 14:49        --------        d-----w-        c:\programdata\{18165758-115C-4DC0-9EC2-FF89F725767F}
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-10 01:02 . 2012-09-27 16:44        90655440        ----a-w-        c:\windows\system32\MRT.exe
2014-03-31 07:35 . 2010-11-21 03:27        270496        ------w-        c:\windows\system32\MpSigStub.exe
2014-03-12 11:21 . 2013-11-14 20:51        692616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 11:21 . 2011-07-15 20:03        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-04 09:17 . 2014-04-09 11:45        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2014-02-07 01:23 . 2014-03-12 10:33        3156480        ----a-w-        c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-12 10:32        1424384        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-12 10:32        624128        ----a-w-        c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-12 10:32        1230336        ----a-w-        c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-12 10:32        509440        ----a-w-        c:\windows\SysWow64\qedit.dll
2014-01-29 02:32 . 2014-03-12 10:33        484864        ----a-w-        c:\windows\system32\wer.dll
2014-01-29 02:06 . 2014-03-12 10:33        381440        ----a-w-        c:\windows\SysWow64\wer.dll
2014-01-28 02:32 . 2014-03-12 10:33        228864        ----a-w-        c:\windows\system32\wwansvc.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}]
2011-12-28 12:21        128064        ----a-w-        c:\program files (x86)\icq\Internet Explorer\icq.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
2014-04-11 02:05        513648        ----a-w-        c:\program files (x86)\SupTab\SupTab.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NextLive"="c:\users\Collin\AppData\Roaming\newnext.me\nengine.dll" [2014-01-06 1283584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-08 336384]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-06-28 168504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-05-17 61112]
"Guard.Mail.ru.gui"="c:\program files (x86)\Guard-ICQ\GuardICQ.exe" [2012-03-30 1564368]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-20 689744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Magic Desktop for HP notification"="c:\programdata\Easybits Magic Desktop for HP\mdhpSUN.exe" [2013-12-29 1258504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IePluginService;IePlugin Service;c:\programdata\IePluginService\PluginService.exe;c:\programdata\IePluginService\PluginService.exe [x]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [x]
S2 Guard.Mail.ru;Guard.Mail.ru;c:\program files (x86)\Guard-ICQ\GuardICQ.exe;c:\program files (x86)\Guard-ICQ\GuardICQ.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 Re-markit;Re-markit;c:\program files (x86)\Re-markit-soft\Re-markitfQL158.exe;c:\program files (x86)\Re-markit-soft\Re-markitfQL158.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-11 08:14        1077576        ----a-w-        c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-14 11:21]
.
2014-04-19 c:\windows\Tasks\APSnotifierPP1.job
- c:\program files (x86)\AnyProtectEx\AnyProtect.exe [2014-04-19 15:59]
.
2014-04-19 c:\windows\Tasks\APSnotifierPP2.job
- c:\program files (x86)\AnyProtectEx\AnyProtect.exe [2014-04-19 15:59]
.
2014-04-19 c:\windows\Tasks\APSnotifierPP3.job
- c:\program files (x86)\AnyProtectEx\AnyProtect.exe [2014-04-19 15:59]
.
2014-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-14 20:51]
.
2014-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-14 20:51]
.
2014-04-07 c:\windows\Tasks\HPCeeScheduleForCOLLIN-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
2014-04-25 c:\windows\Tasks\HPCeeScheduleForCollin.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
2014-04-26 c:\windows\Tasks\Re-markit Update.job
- c:\program files (x86)\Re-markit-soft\Re-markitfQL.exe [2014-04-19 15:58]
.
2014-04-26 c:\windows\Tasks\Re-markit_wd.job
- c:\program files (x86)\Re-markit-soft\Re-markitfQLOWw.exe [2014-04-19 15:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11111111-1111-1111-1111-110511421146}]
2014-04-19 16:00        665448        ----a-w-        c:\program files (x86)\MediaPlayerplus\MediaPlayerplus-bho64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-15 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-15 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-15 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-07 1128448]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-06-27 42808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-04-22 21720]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397923092&from=tugs&uid=TOSHIBAXMK7559GSXP_91FAB0Q3BXX91FAB0Q3B&q={searchTerms}
mDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397923092&from=tugs&uid=TOSHIBAXMK7559GSXP_91FAB0Q3BXX91FAB0Q3B
mStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1397923092&from=tugs&uid=TOSHIBAXMK7559GSXP_91FAB0Q3BXX91FAB0Q3B
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1397923092&from=tugs&uid=TOSHIBAXMK7559GSXP_91FAB0Q3BXX91FAB0Q3B&q={searchTerms}
uInternet Settings,ProxyServer = http=127.0.0.1:13828
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-mobilegeni daemon - c:\program files (x86)\Mobogenie\DaemonProcess.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-669750612-4099681080-2224479282-1000\Software\SecuROM\License information*]
"datasecu"=hex:30,d2,82,88,4f,e8,3b,f4,52,b7,eb,17,6c,6c,21,7d,76,a0,b7,2e,4c,
  aa,a4,c8,ff,14,8f,37,07,49,53,b2,92,66,23,12,78,ae,4b,51,c1,b0,51,0a,58,9a,\
"rkeysecu"=hex:c9,c7,19,31,ed,20,01,e0,ed,3f,8d,c4,e9,91,03,5b
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-04-26  13:10:05
ComboFix-quarantined-files.txt  2014-04-26 11:10
.
Vor Suchlauf: 9 Verzeichnis(se), 346.792.976.384 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 355.284.348.928 Bytes frei
.
- - End Of File - - 64F9A2B2A5A457F64B6FA3FDB9E6615B
--- --- ---

schrauber 26.04.2014 18:35
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

fixiboy 27.04.2014 21:57
Nabend,

tut mir leid, dass ich mich so spät melde, habe spät angefangen und hat alles doch ein wenig gedauert^^

mbam.txt:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 27.04.2014
Suchlauf-Zeit: 21:08:16
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.27.04
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Collin

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 276689
Verstrichene Zeit: 1 Std, 43 Min, 51 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 2
PUP.Optional.ReMarkit.A, C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.exe, 2936, Löschen bei Neustart, [8c74976921dfb44c25eff68444be47b9]
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe, 2396, Löschen bei Neustart, [ad531ce46f9141bf6e95c9a1a260629e]

Module: 3
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, Löschen bei Neustart, [926edd23659bb8480548979e43bdda26],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, Löschen bei Neustart, [926edd23659bb8480548979e43bdda26],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.dll, Löschen bei Neustart, [ad531ce46f9141bf6e95c9a1a260629e],

Registrierungsschlüssel: 43
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [926edd23659bb8480548979e43bdda26],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [926edd23659bb8480548979e43bdda26],
PUP.Optional.SupTab.A, HKU\S-1-5-21-669750612-4099681080-2224479282-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Löschen bei Neustart, [926edd23659bb8480548979e43bdda26],
PUP.Optional.SupTab.A, HKU\S-1-5-21-669750612-4099681080-2224479282-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Löschen bei Neustart, [926edd23659bb8480548979e43bdda26],
PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginService, In Quarantäne, [0df377899b65f40c84ee5ff3867b639d],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511421146}, In Quarantäne, [ad53d32d15eb669a77ed0364ac557789],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544424446}, In Quarantäne, [ad53d32d15eb669a77ed0364ac557789],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555425546}, In Quarantäne, [ad53d32d15eb669a77ed0364ac557789],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566426646}, In Quarantäne, [ad53d32d15eb669a77ed0364ac557789],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555425546}, In Quarantäne, [ad53d32d15eb669a77ed0364ac557789],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566426646}, In Quarantäne, [ad53d32d15eb669a77ed0364ac557789],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544424446}, In Quarantäne, [ad53d32d15eb669a77ed0364ac557789],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0054246.BHO.1, In Quarantäne, [ad53d32d15eb669a77ed0364ac557789],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511421146}, In Quarantäne, [ad53d32d15eb669a77ed0364ac557789],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0054246.BHO, In Quarantäne, [ad53d32d15eb669a77ed0364ac557789],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0054246.BHO, In Quarantäne, [ad53d32d15eb669a77ed0364ac557789],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0054246.BHO.1, In Quarantäne, [ad53d32d15eb669a77ed0364ac557789],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220522422246}, In Quarantäne, [ad53d32d15eb669a77ed0364ac557789],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0054246.Sandbox.1, In Quarantäne, [ad53d32d15eb669a77ed0364ac557789],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0054246.Sandbox, In Quarantäne, [ad53d32d15eb669a77ed0364ac557789],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0054246.Sandbox, In Quarantäne, [ad53d32d15eb669a77ed0364ac557789],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0054246.Sandbox.1, In Quarantäne, [ad53d32d15eb669a77ed0364ac557789],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220522422246}, In Quarantäne, [ad53d32d15eb669a77ed0364ac557789],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511421146}\INPROCSERVER32, In Quarantäne, [ad53d32d15eb669a77ed0364ac557789],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\21636, In Quarantäne, [4eb235cb847c1de311281465cd3556aa],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\27058, In Quarantäne, [7e82a858fa06dc24ae8b7801e919ae52],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [1ce48878897767992bec9e0adf24e61a],
PUP.Optional.HQVideoPro.A, HKLM\SOFTWARE\WOW6432NODE\HQ-Video-Pro-1.9, In Quarantäne, [e41cbe426f918d731a6f04799d6521df],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\MediaPlayerplus, In Quarantäne, [af51d42ce61a6d938ab8e59382801be5],
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, In Quarantäne, [ee128c74e11f2cd42feb41381be75ba5],
PUP.Optional.QuickStart.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pelmeidfhdlhlbjimpabfcbnnojbboma, In Quarantäne, [2ad65ca4c13f58a8cd098beed32ff907],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\21636, In Quarantäne, [1de3639ddb25ca36de5b6e0bcf3305fb],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\27058, In Quarantäne, [e41cc73924dc68988faaf2877a884db3],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [748ccd3325db827e2ceb0f99be45ac54],
PUP.Optional.ReMarkit.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Re-markit, In Quarantäne, [8c74976921dfb44c25eff68444be47b9],
PUP.Optional.MediaPlayerplus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerplus, Löschen bei Neustart, [d42cd927c63a1ce496aedb9d32d07987],
PUP.Optional.MediaPlayerplus.A, HKU\S-1-5-21-669750612-4099681080-2224479282-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerplus, Löschen bei Neustart, [1be5a858e02018e84cf84f297a889f61],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-669750612-4099681080-2224479282-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\21636, Löschen bei Neustart, [0af68d7342bea65ab4868dece81ab749],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-669750612-4099681080-2224479282-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\27058, Löschen bei Neustart, [7f81e21ee917a45c84b6f18849b950b0],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-669750612-4099681080-2224479282-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Freeven, Löschen bei Neustart, [748c3ac65ba5c23e0d9499e3be44e719],
PUP.Optional.HQVideoProfessional.A, HKU\S-1-5-21-669750612-4099681080-2224479282-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\HQ-Video, Löschen bei Neustart, [52ae946c98689f61d0107908aa5821df],
PUP.Optional.Qone8, HKU\S-1-5-21-669750612-4099681080-2224479282-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Löschen bei Neustart, [cc340af620e010f069ad882059aad729],
PUP.Optional.Softonic.A, HKU\S-1-5-21-669750612-4099681080-2224479282-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Löschen bei Neustart, [0df38d73ea16c739e965443043bf45bb],

Registrierungswerte: 2
PUP.Optional.NextLive.A, HKU\S-1-5-21-669750612-4099681080-2224479282-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|NextLive, C:\Windows\SysWOW64\rundll32.exe "C:\Users\Collin\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l, Löschen bei Neustart, [ac5412eeb24e9d634c5490c0d52cd32d]
PUM.Bad.Proxy, HKU\S-1-5-21-669750612-4099681080-2224479282-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:13828, Löschen bei Neustart, [d8287789cf3102fec97193223ac950b0]

Registrierungsdaten: 6
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1397923092&from=tugs&uid=TOSHIBAXMK7559GSXP_91FAB0Q3BXX91FAB0Q3B, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1397923092&from=tugs&uid=TOSHIBAXMK7559GSXP_91FAB0Q3BXX91FAB0Q3B),Ersetzt,[6f91fb0524dc1ce4f276c1663fc54eb2]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[ae5260a03ec27888b7e250e13dc731cf]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1397923092&from=tugs&uid=TOSHIBAXMK7559GSXP_91FAB0Q3BXX91FAB0Q3B&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1397923092&from=tugs&uid=TOSHIBAXMK7559GSXP_91FAB0Q3BXX91FAB0Q3B&q={searchTerms}),Ersetzt,[4eb2629e758bea16590d210630d4629e]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1397923092&from=tugs&uid=TOSHIBAXMK7559GSXP_91FAB0Q3BXX91FAB0Q3B, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1397923092&from=tugs&uid=TOSHIBAXMK7559GSXP_91FAB0Q3BXX91FAB0Q3B),Ersetzt,[e61a37c9c43c8779d88cbe69ca3ab54b]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1397923092&from=tugs&uid=TOSHIBAXMK7559GSXP_91FAB0Q3BXX91FAB0Q3B, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1397923092&from=tugs&uid=TOSHIBAXMK7559GSXP_91FAB0Q3BXX91FAB0Q3B),Ersetzt,[6c94c73946ba847cd6920522dc280df3]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[16ea867ae11f39c709902809897b8a76]

Ordner: 40
PUP.Optional.MediaPlayerplus.A, C:\Program Files (x86)\MediaPlayerplus, In Quarantäne, [0bf5c33d10f0d729360a393f000233cd],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, Löschen bei Neustart, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.OpenCandy, C:\Users\Collin\AppData\Roaming\OpenCandy, In Quarantäne, [cd33f0102bd588782f6281e2808229d7],
PUP.Optional.OpenCandy, C:\Users\Collin\AppData\Roaming\OpenCandy\C0C88DEB32DE42E68AD37C273F1793EB, In Quarantäne, [cd33f0102bd588782f6281e2808229d7],
PUP.Optional.OpenCandy, C:\Users\Collin\AppData\Roaming\OpenCandy\E6F35348C12A400A8A3FD792EC8D8B6B, In Quarantäne, [cd33f0102bd588782f6281e2808229d7],
PUP.Optional.NextLive.A, C:\Users\Collin\AppData\Roaming\newnext.me, In Quarantäne, [6f91eb1532ceff01c384e67fff03837d],
PUP.Optional.NextLive.A, C:\Users\Collin\AppData\Roaming\newnext.me\cache, In Quarantäne, [6f91eb1532ceff01c384e67fff03837d],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, In Quarantäne, [f808f20ef808649c91cf87df976ba060],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, In Quarantäne, [f808f20ef808649c91cf87df976ba060],
PUP.Optional.HQVideoPro.A, C:\Program Files (x86)\HQ-Video-Pro-1.9, In Quarantäne, [e020f0104db3827ef874d98fe61cb848],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft, Löschen bei Neustart, [ad531ce46f9141bf6e95c9a1a260629e],
PUP.Optional.WebsSearches.A, C:\Users\Collin\AppData\Roaming\webssearches, In Quarantäne, [89774bb5ec145fa1d0c599d17f83b749],
PUP.Optional.WebsSearches.A, C:\Users\Collin\AppData\Roaming\webssearches\images, In Quarantäne, [89774bb5ec145fa1d0c599d17f83b749],
PUP.Optional.WebsSearches.A, C:\Users\Collin\AppData\Roaming\webssearches\log, In Quarantäne, [89774bb5ec145fa1d0c599d17f83b749],
PUP.Optional.TheBestDeals.A, C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikcggonfhgaingjbhjanbibmlfeomooc, In Quarantäne, [b947b44cb7498c742921bfb0c93950b0],
PUP.Optional.TheBestDeals.A, C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikcggonfhgaingjbhjanbibmlfeomooc\1.158.0.0_0, In Quarantäne, [b947b44cb7498c742921bfb0c93950b0],

Dateien: 103
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, Löschen bei Neustart, [926edd23659bb8480548979e43bdda26],
PUP.Optional.NextLive.A, C:\Users\Collin\AppData\Roaming\newnext.me\nengine.dll, In Quarantäne, [ac5412eeb24e9d634c5490c0d52cd32d],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, In Quarantäne, [0df377899b65f40c84ee5ff3867b639d],
PUP.Optional.MediaPlayerplus.A, C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho64.dll, In Quarantäne, [ad53d32d15eb669a77ed0364ac557789],
PUP.Optional.OpenCandy.A, C:\Users\Collin\AppData\Roaming\OpenCandy\E6F35348C12A400A8A3FD792EC8D8B6B\Setupsft_chr_p1v7.exe, In Quarantäne, [19e730d09d638d732bbe7ba80df76997],
PUP.Optional.SupTab.A, C:\Users\Collin\AppData\Roaming\SupTab\SupTab.dll, In Quarantäne, [f60a39c7916f27d91439bf76f7092ad6],
PUP.Optional.NextLive.A, C:\Users\Collin\AppData\Local\genienext\nengine.dll, In Quarantäne, [ad53a858827ef50b57494b05ff02f709],
Trojan.Agent.OLG, C:\Users\Collin\Desktop\Programme\Yu-Gi-Oh! Power of Chaos LEGEND REBORN\All Cards - UNLOCKER\AllCards.exe, In Quarantäne, [4db37987c53b0cf4f0f6e1705da405fb],
RiskWare.Tool.CK, C:\Users\Collin\Desktop\Programme\OFFICE 2007\Generateur_Office.exe, In Quarantäne, [db2539c7837d8a7638607930c53c8b75],
PUP.Optional.QuickStart.A, C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx, In Quarantäne, [cf31db255ea2718fb53ba7d043bf9868],
PUP.Optional.MediaPlayerplus.A, C:\Program Files (x86)\MediaPlayerplus\background.html, In Quarantäne, [0bf5c33d10f0d729360a393f000233cd],
PUP.Optional.MediaPlayerplus.A, C:\Program Files (x86)\MediaPlayerplus\54246.crx, In Quarantäne, [0bf5c33d10f0d729360a393f000233cd],
PUP.Optional.MediaPlayerplus.A, C:\Program Files (x86)\MediaPlayerplus\54246.xpi, In Quarantäne, [0bf5c33d10f0d729360a393f000233cd],
PUP.Optional.MediaPlayerplus.A, C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus.ico, In Quarantäne, [0bf5c33d10f0d729360a393f000233cd],
PUP.Optional.MediaPlayerplus.A, C:\Program Files (x86)\MediaPlayerplus\Uninstall.exe, In Quarantäne, [0bf5c33d10f0d729360a393f000233cd],
PUP.Optional.MediaPlayerplus.A, C:\Program Files (x86)\MediaPlayerplus\utils.exe, In Quarantäne, [0bf5c33d10f0d729360a393f000233cd],
PUP.Optional.ReMarkIt.A, C:\Windows\Tasks\Re-markit Update.job, In Quarantäne, [f20e3ac6817f1ce4799c12687989bc44],
PUP.Optional.ReMarkIt.A, C:\Windows\Tasks\Re-markit_wd.job, In Quarantäne, [a15f847ca15ffa06e62fd9a10ef45aa6],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface64.dll, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterfacef32.dll, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\RSHP.exe, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SearchProtect32.dll, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SearchProtect64.dll, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SpAPPSv32.dll, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SpAPPSv64.dll, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WebDataJs, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\arrow.png, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo.png, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo_hover.png, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_logo.png, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo.png, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo2.png, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\0.png, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ie8.js, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit.js, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, In Quarantäne, [2ad6857b7789f40c5a7fa2e06b9740c0],
PUP.Optional.ReMarkit.A, C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.exe, Löschen bei Neustart, [8c74976921dfb44c25eff68444be47b9],
PUP.Optional.OpenCandy, C:\Users\Collin\AppData\Roaming\OpenCandy\C0C88DEB32DE42E68AD37C273F1793EB\Trial-14.0.1000.89_de-DE_1004733_DE-2.exe, In Quarantäne, [cd33f0102bd588782f6281e2808229d7],
PUP.Optional.NextLive.A, C:\Users\Collin\AppData\Roaming\newnext.me\nengine.cookie, In Quarantäne, [6f91eb1532ceff01c384e67fff03837d],
PUP.Optional.NextLive.A, C:\Users\Collin\AppData\Roaming\newnext.me\cache\spark.bin, In Quarantäne, [6f91eb1532ceff01c384e67fff03837d],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update\conf, In Quarantäne, [f808f20ef808649c91cf87df976ba060],
PUP.Optional.HQVideoPro.A, C:\Program Files (x86)\HQ-Video-Pro-1.9\53172.crx, In Quarantäne, [e020f0104db3827ef874d98fe61cb848],
PUP.Optional.HQVideoPro.A, C:\Program Files (x86)\HQ-Video-Pro-1.9\53172.xpi, In Quarantäne, [e020f0104db3827ef874d98fe61cb848],
PUP.Optional.HQVideoPro.A, C:\Program Files (x86)\HQ-Video-Pro-1.9\Uninstall.exe, In Quarantäne, [e020f0104db3827ef874d98fe61cb848],
PUP.Optional.HQVideoPro.A, C:\Program Files (x86)\HQ-Video-Pro-1.9\utils.exe, In Quarantäne, [e020f0104db3827ef874d98fe61cb848],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\158.crx, In Quarantäne, [ad531ce46f9141bf6e95c9a1a260629e],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\158.dat, In Quarantäne, [ad531ce46f9141bf6e95c9a1a260629e],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\158.xpi, In Quarantäne, [ad531ce46f9141bf6e95c9a1a260629e],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\a.db, In Quarantäne, [ad531ce46f9141bf6e95c9a1a260629e],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\b.db, In Quarantäne, [ad531ce46f9141bf6e95c9a1a260629e],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\Re-markitfQL.exe, In Quarantäne, [ad531ce46f9141bf6e95c9a1a260629e],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.bin, In Quarantäne, [ad531ce46f9141bf6e95c9a1a260629e],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.dll, Löschen bei Neustart, [ad531ce46f9141bf6e95c9a1a260629e],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.ini, In Quarantäne, [ad531ce46f9141bf6e95c9a1a260629e],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe, Löschen bei Neustart, [ad531ce46f9141bf6e95c9a1a260629e],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\Sqlite3.dll, In Quarantäne, [ad531ce46f9141bf6e95c9a1a260629e],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit-soft\Uninstall.exe, In Quarantäne, [ad531ce46f9141bf6e95c9a1a260629e],
PUP.Optional.TheBestDeals.A, C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikcggonfhgaingjbhjanbibmlfeomooc\1.158.0.0_0\b.html, In Quarantäne, [b947b44cb7498c742921bfb0c93950b0],
PUP.Optional.TheBestDeals.A, C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikcggonfhgaingjbhjanbibmlfeomooc\1.158.0.0_0\b.js, In Quarantäne, [b947b44cb7498c742921bfb0c93950b0],
PUP.Optional.TheBestDeals.A, C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikcggonfhgaingjbhjanbibmlfeomooc\1.158.0.0_0\c.js, In Quarantäne, [b947b44cb7498c742921bfb0c93950b0],
PUP.Optional.TheBestDeals.A, C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikcggonfhgaingjbhjanbibmlfeomooc\1.158.0.0_0\icon128.png, In Quarantäne, [b947b44cb7498c742921bfb0c93950b0],
PUP.Optional.TheBestDeals.A, C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikcggonfhgaingjbhjanbibmlfeomooc\1.158.0.0_0\icon16.png, In Quarantäne, [b947b44cb7498c742921bfb0c93950b0],
PUP.Optional.TheBestDeals.A, C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikcggonfhgaingjbhjanbibmlfeomooc\1.158.0.0_0\icon48.png, In Quarantäne, [b947b44cb7498c742921bfb0c93950b0],
PUP.Optional.TheBestDeals.A, C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikcggonfhgaingjbhjanbibmlfeomooc\1.158.0.0_0\manifest.json, In Quarantäne, [b947b44cb7498c742921bfb0c93950b0],

Physische Sektoren: 0
(No malicious items detected)


(end)
Adwcleaner:
AdwCleaner Logfile:
Code:
# AdwCleaner v3.204 - Bericht erstellt am 27/04/2014 um 22:01:59
# Aktualisiert 26/04/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Collin - COLLIN-HP
# Gestartet von : C:\Users\Collin\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : ICQ Service

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\AnyProtectEx
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Collin\.android
Ordner Gelöscht : C:\Users\Collin\AppData\Local\genienext
Ordner Gelöscht : C:\Users\Collin\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Collin\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\Collin\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Collin\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Collin\AppData\Roaming\SupTab
Ordner Gelöscht : C:\Users\Collin\Documents\Mobogenie
Datei Gelöscht : C:\Users\Collin\daemonprocess.txt
Datei Gelöscht : C:\Users\Collin\AppData\Roaming\aps.scan.quick.results
Datei Gelöscht : C:\Users\Collin\AppData\Roaming\aps.scan.results
Datei Gelöscht : C:\Users\Collin\AppData\Roaming\aps.uninstall.scan.results
Datei Gelöscht : C:\Windows\Tasks\APSnotifierPP1.job
Datei Gelöscht : C:\Windows\System32\Tasks\APSnotifierPP1
Datei Gelöscht : C:\Windows\Tasks\APSnotifierPP2.job
Datei Gelöscht : C:\Windows\System32\Tasks\APSnotifierPP2
Datei Gelöscht : C:\Windows\Tasks\APSnotifierPP3.job
Datei Gelöscht : C:\Windows\System32\Tasks\APSnotifierPP3

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{372479DD-B552-F0A8-F0E5-EEEEA6602285}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_ikea-home-planer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_ikea-home-planer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\Software\installedbrowserextensions
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\supTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\Wpm
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\installedbrowserextensions

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

*************************

AdwCleaner[R0].txt - [7203 octets] - [27/04/2014 21:53:17]
AdwCleaner[S0].txt - [6215 octets] - [27/04/2014 22:01:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6275 octets] ##########
--- --- ---


JRT.txt:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Collin on 27.04.2014 at 22:18:30,23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{42218EA0-A1A3-4FAE-BBF7-7482498E8022}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{74FED47D-911D-4547-BEF1-555B2396451A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{42218EA0-A1A3-4FAE-BBF7-7482498E8022}



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\shoB23E.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC734.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Empty Folder] C:\Users\Collin\appdata\local\{5C629015-1CB8-4666-BE94-CF5BC22595FE}
Successfully deleted: [Empty Folder] C:\Users\Collin\appdata\local\{80BAFD0F-ECCA-442F-BAE9-C7D89B2FDD8B}
Successfully deleted: [Empty Folder] C:\Users\Collin\appdata\local\{8644E06D-3362-4DB8-A471-D74F4BD506DC}
Successfully deleted: [Empty Folder] C:\Users\Collin\appdata\local\{9171C419-23AF-45D7-A70E-2E616C06CCB5}
Successfully deleted: [Empty Folder] C:\Users\Collin\appdata\local\{E2AA2232-9CF7-499A-A6D3-9678CACB19F1}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.04.2014 at 22:39:56,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
und abschließend das frische FRST:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2014
Ran by Collin (administrator) on COLLIN-HP on 27-04-2014 22:45:09
Running from C:\Users\Collin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
() C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-10] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-08] (IDT, Inc.)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [168504 2011-06-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-05-17] (EasyBits Software AS)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Guard.Mail.ru.gui] => C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-03-30] ()
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1258504 2013-12-29] (Easybits)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-22] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {42218EA0-A1A3-4FAE-BBF7-7482498E8022} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - DefaultScope {74FED47D-911D-4547-BEF1-555B2396451A} URL =
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: ICQ Sparberater - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-07-15] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-06-07]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Google Docs) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-15]
CHR Extension: (Google Drive) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-15]
CHR Extension: (YouTube) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-15]
CHR Extension: (Google Search) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-15]
CHR Extension: (Website Logon) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfaldikcoaplhepekpbngkepfcoiihef [2013-11-15]
CHR Extension: (Google Wallet) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-15]
CHR Extension: (Gmail) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-15]
CHR HKLM-x32\...\Chrome\Extension: [dfaldikcoaplhepekpbngkepfcoiihef] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-08-22]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [240736 2013-10-07] (WildTangent)
R2 Guard.Mail.ru; C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-03-30] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-27 22:39 - 2014-04-27 22:39 - 00001780 _____ () C:\Users\Collin\Desktop\JRT.txt
2014-04-27 22:18 - 2014-04-27 22:18 - 00000000 ____D () C:\Windows\ERUNT
2014-04-27 22:16 - 2014-04-27 22:16 - 01016261 _____ (Thisisu) C:\Users\Collin\Desktop\JRT.exe
2014-04-27 22:04 - 2014-04-27 22:04 - 00006375 _____ () C:\Users\Collin\Desktop\AdwCleaner[S0].txt
2014-04-27 21:53 - 2014-04-27 22:02 - 00000000 ____D () C:\AdwCleaner
2014-04-27 21:33 - 2014-04-27 21:33 - 01329501 _____ () C:\Users\Collin\Desktop\adwcleaner.exe
2014-04-27 21:32 - 2014-04-27 21:32 - 00031178 _____ () C:\Users\Collin\Desktop\mbam.txt
2014-04-27 19:21 - 2014-04-27 21:29 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-27 19:20 - 2014-04-27 19:20 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-27 19:20 - 2014-04-27 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-27 19:20 - 2014-04-27 19:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-27 19:20 - 2014-04-27 19:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-27 19:20 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-27 19:20 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-27 19:20 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-27 18:57 - 2014-04-27 18:57 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Collin\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-26 13:10 - 2014-04-26 13:10 - 00035821 _____ () C:\ComboFix.txt
2014-04-26 12:44 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-26 12:44 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-26 12:44 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-26 12:44 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-26 12:44 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-26 12:44 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-26 12:44 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-26 12:44 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-26 12:42 - 2014-04-26 13:10 - 00000000 ____D () C:\Qoobox
2014-04-26 12:42 - 2014-04-26 13:07 - 00000000 ____D () C:\Windows\erdnt
2014-04-26 12:42 - 2014-04-26 12:42 - 00000000 ___RD () C:\Users\Collin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-26 02:45 - 2014-04-26 02:45 - 05196870 ____R (Swearware) C:\Users\Collin\Desktop\ComboFix.exe
2014-04-24 17:33 - 2014-04-27 22:08 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCollin
2014-04-24 17:33 - 2014-04-27 22:08 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForCollin.job
2014-04-24 15:04 - 2014-04-24 15:04 - 00004925 _____ () C:\Users\Collin\Desktop\Gmer.txt
2014-04-24 14:44 - 2014-04-24 14:44 - 00380416 _____ () C:\Users\Collin\Desktop\Gmer-19357.exe
2014-04-24 14:39 - 2014-04-24 14:41 - 00021455 _____ () C:\Users\Collin\Desktop\Addition.txt
2014-04-24 14:37 - 2014-04-27 22:45 - 00017310 _____ () C:\Users\Collin\Desktop\FRST.txt
2014-04-24 14:37 - 2014-04-27 22:45 - 00000000 ____D () C:\FRST
2014-04-24 14:33 - 2014-04-24 14:33 - 02061824 _____ (Farbar) C:\Users\Collin\Desktop\FRST64.exe
2014-04-24 14:31 - 2014-04-24 14:31 - 00000474 _____ () C:\Users\Collin\Desktop\defogger_disable.log
2014-04-24 14:31 - 2014-04-24 14:31 - 00000000 _____ () C:\Users\Collin\defogger_reenable
2014-04-24 14:30 - 2014-04-24 14:30 - 00050477 _____ () C:\Users\Collin\Desktop\Defogger.exe
2014-04-22 16:03 - 2014-04-22 16:03 - 00000000 __SHD () C:\Users\Collin\AppData\Local\EmieUserList
2014-04-22 16:03 - 2014-04-22 16:03 - 00000000 __SHD () C:\Users\Collin\AppData\Local\EmieSiteList
2014-04-22 16:00 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-22 16:00 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-22 16:00 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-22 16:00 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-22 15:59 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-22 15:59 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-22 15:59 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-22 15:59 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-22 15:59 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-22 15:59 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-22 15:59 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-22 15:59 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-22 15:59 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-22 15:59 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-22 15:59 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-22 15:59 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-22 15:59 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-22 15:59 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-22 15:59 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-22 15:59 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-22 15:59 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-22 15:59 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-22 15:59 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-22 15:59 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-22 15:59 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-22 15:59 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-22 15:59 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-22 15:59 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-22 15:59 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-22 15:59 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-22 15:59 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-22 15:59 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-22 15:59 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-22 15:59 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-22 15:59 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-22 15:59 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-22 15:59 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-22 15:59 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-22 15:59 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-22 15:59 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-22 15:59 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-22 15:59 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-22 15:59 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-22 15:59 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-22 15:59 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-22 15:59 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-22 15:59 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-22 15:59 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-19 18:03 - 2014-04-19 19:06 - 00000000 ___RD () C:\Users\Collin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-19 18:02 - 2014-04-19 18:02 - 00003158 _____ () C:\Windows\System32\Tasks\{63413530-4970-4B09-9431-53CAB00FB246}
2014-04-19 17:59 - 2014-04-19 18:02 - 00000000 ____D () C:\ProgramData\WPM
2014-04-19 17:58 - 2014-04-19 17:58 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-17 11:18 - 2014-04-17 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-17 11:18 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-17 11:18 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-17 11:18 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-17 11:18 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-17 11:17 - 2014-04-17 11:18 - 00005449 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-15 13:04 - 2014-04-15 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio
2014-04-15 13:04 - 2014-04-15 13:04 - 00000000 ____D () C:\Program Files\RStudio
2014-04-13 16:12 - 2014-04-13 16:12 - 00003606 _____ () C:\Users\Collin\Desktop\DATEN.csv
2014-04-09 13:45 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 13:45 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 13:45 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 13:45 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 13:45 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 13:45 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 13:45 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 13:45 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 13:45 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 13:45 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 13:45 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 13:45 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 13:45 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 13:45 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 13:45 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 13:45 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 13:45 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-07 13:35 - 2014-04-07 13:36 - 00000000 ____D () C:\Users\Collin\Desktop\Bilder
2014-04-07 13:29 - 2014-04-07 13:29 - 00000000 ____D () C:\Users\Collin\AppData\Roaming\OpenOffice
2014-04-07 13:28 - 2014-04-07 13:28 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-04-07 13:28 - 2014-04-07 13:28 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
2014-04-07 13:27 - 2014-04-07 13:28 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-04-07 12:12 - 2014-04-15 02:30 - 00012618 _____ () C:\Users\Collin\Desktop\Stundenplan SS2014.ods
2014-03-31 14:48 - 2014-03-31 14:48 - 00000165 ____H () C:\Users\Collin\Desktop\~$Stundenplan WS 2013.xlsx
2014-03-28 16:54 - 2014-03-28 16:54 - 00002217 _____ () C:\Users\Collin\Desktop\HP Support Assistant.lnk
2014-03-28 16:49 - 2014-03-28 16:49 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}

==================== One Month Modified Files and Folders =======

2014-04-27 22:45 - 2014-04-24 14:37 - 00017310 _____ () C:\Users\Collin\Desktop\FRST.txt
2014-04-27 22:45 - 2014-04-24 14:37 - 00000000 ____D () C:\FRST
2014-04-27 22:39 - 2014-04-27 22:39 - 00001780 _____ () C:\Users\Collin\Desktop\JRT.txt
2014-04-27 22:21 - 2013-11-14 22:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-27 22:20 - 2013-11-14 22:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-27 22:18 - 2014-04-27 22:18 - 00000000 ____D () C:\Windows\ERUNT
2014-04-27 22:16 - 2014-04-27 22:16 - 01016261 _____ (Thisisu) C:\Users\Collin\Desktop\JRT.exe
2014-04-27 22:13 - 2011-11-16 10:28 - 01461411 _____ () C:\Windows\WindowsUpdate.log
2014-04-27 22:11 - 2009-07-14 06:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-27 22:11 - 2009-07-14 06:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-27 22:08 - 2014-04-24 17:33 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCollin
2014-04-27 22:08 - 2014-04-24 17:33 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForCollin.job
2014-04-27 22:04 - 2014-04-27 22:04 - 00006375 _____ () C:\Users\Collin\Desktop\AdwCleaner[S0].txt
2014-04-27 22:03 - 2013-11-14 22:51 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-27 22:03 - 2010-11-21 05:47 - 00568258 _____ () C:\Windows\PFRO.log
2014-04-27 22:03 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-27 22:03 - 2009-07-14 06:51 - 00149732 _____ () C:\Windows\setupact.log
2014-04-27 22:02 - 2014-04-27 21:53 - 00000000 ____D () C:\AdwCleaner
2014-04-27 22:02 - 2011-12-24 19:47 - 00000000 ____D () C:\Users\Collin
2014-04-27 21:33 - 2014-04-27 21:33 - 01329501 _____ () C:\Users\Collin\Desktop\adwcleaner.exe
2014-04-27 21:32 - 2014-04-27 21:32 - 00031178 _____ () C:\Users\Collin\Desktop\mbam.txt
2014-04-27 21:29 - 2014-04-27 19:21 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-27 19:20 - 2014-04-27 19:20 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-27 19:20 - 2014-04-27 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-27 19:20 - 2014-04-27 19:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-27 19:20 - 2014-04-27 19:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-27 18:57 - 2014-04-27 18:57 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Collin\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-27 17:45 - 2013-11-12 10:04 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8284362C-B5C4-4E7C-B824-25F2F57764D4}
2014-04-26 13:10 - 2014-04-26 13:10 - 00035821 _____ () C:\ComboFix.txt
2014-04-26 13:10 - 2014-04-26 12:42 - 00000000 ____D () C:\Qoobox
2014-04-26 13:07 - 2014-04-26 12:42 - 00000000 ____D () C:\Windows\erdnt
2014-04-26 13:06 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-26 12:42 - 2014-04-26 12:42 - 00000000 ___RD () C:\Users\Collin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-26 02:45 - 2014-04-26 02:45 - 05196870 ____R (Swearware) C:\Users\Collin\Desktop\ComboFix.exe
2014-04-25 18:34 - 2012-01-10 00:42 - 00000000 ____D () C:\Users\Collin\AppData\Local\CrashDumps
2014-04-24 18:19 - 2012-07-18 21:05 - 00000216 _____ () C:\Users\Collin\Desktop\FILME.txt
2014-04-24 17:32 - 2012-01-16 22:52 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-04-24 17:32 - 2011-12-30 01:26 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-04-24 15:04 - 2014-04-24 15:04 - 00004925 _____ () C:\Users\Collin\Desktop\Gmer.txt
2014-04-24 14:44 - 2014-04-24 14:44 - 00380416 _____ () C:\Users\Collin\Desktop\Gmer-19357.exe
2014-04-24 14:41 - 2014-04-24 14:39 - 00021455 _____ () C:\Users\Collin\Desktop\Addition.txt
2014-04-24 14:33 - 2014-04-24 14:33 - 02061824 _____ (Farbar) C:\Users\Collin\Desktop\FRST64.exe
2014-04-24 14:31 - 2014-04-24 14:31 - 00000474 _____ () C:\Users\Collin\Desktop\defogger_disable.log
2014-04-24 14:31 - 2014-04-24 14:31 - 00000000 _____ () C:\Users\Collin\defogger_reenable
2014-04-24 14:30 - 2014-04-24 14:30 - 00050477 _____ () C:\Users\Collin\Desktop\Defogger.exe
2014-04-22 16:03 - 2014-04-22 16:03 - 00000000 __SHD () C:\Users\Collin\AppData\Local\EmieUserList
2014-04-22 16:03 - 2014-04-22 16:03 - 00000000 __SHD () C:\Users\Collin\AppData\Local\EmieSiteList
2014-04-22 16:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-19 19:06 - 2014-04-19 18:03 - 00000000 ___RD () C:\Users\Collin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-19 19:06 - 2012-03-21 11:28 - 00000000 ___HD () C:\Users\Collin\Documents\Runes of Magic
2014-04-19 19:06 - 2012-03-21 11:05 - 00000000 ____D () C:\Program Files (x86)\Runes of Magic
2014-04-19 19:06 - 2012-03-12 14:45 - 00000000 ____D () C:\Users\Collin\AppData\Roaming\RStudio
2014-04-19 19:06 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-19 19:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-04-19 18:02 - 2014-04-19 18:02 - 00003158 _____ () C:\Windows\System32\Tasks\{63413530-4970-4B09-9431-53CAB00FB246}
2014-04-19 18:02 - 2014-04-19 17:59 - 00000000 ____D () C:\ProgramData\WPM
2014-04-19 17:58 - 2014-04-19 17:58 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-19 17:58 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-04-17 12:08 - 2011-07-16 07:32 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2014-04-17 12:08 - 2011-07-16 07:32 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2014-04-17 12:08 - 2009-07-14 07:13 - 01622236 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-17 11:20 - 2013-11-06 11:15 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-17 11:18 - 2014-04-17 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-17 11:18 - 2014-04-17 11:17 - 00005449 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-17 11:18 - 2013-11-06 11:15 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-15 13:04 - 2014-04-15 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio
2014-04-15 13:04 - 2014-04-15 13:04 - 00000000 ____D () C:\Program Files\RStudio
2014-04-15 02:30 - 2014-04-07 12:12 - 00012618 _____ () C:\Users\Collin\Desktop\Stundenplan SS2014.ods
2014-04-14 20:13 - 2014-04-17 11:18 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-04-17 11:18 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-04-17 11:18 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-04-17 11:18 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-13 16:12 - 2014-04-13 16:12 - 00003606 _____ () C:\Users\Collin\Desktop\DATEN.csv
2014-04-13 14:49 - 2011-12-24 19:54 - 00000000 ____D () C:\Users\Collin\AppData\Roaming\Skype
2014-04-10 03:06 - 2012-09-04 09:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 03:05 - 2013-07-16 01:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 03:02 - 2012-09-27 18:44 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-08 13:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-08 12:52 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-08 09:40 - 2009-07-14 06:45 - 00370840 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-07 13:36 - 2014-04-07 13:35 - 00000000 ____D () C:\Users\Collin\Desktop\Bilder
2014-04-07 13:36 - 2012-03-13 01:36 - 00000000 ___RD () C:\Users\Collin\Desktop\Programme
2014-04-07 13:34 - 2012-03-13 01:41 - 00000000 ____D () C:\Users\Collin\Desktop\Uni
2014-04-07 13:29 - 2014-04-07 13:29 - 00000000 ____D () C:\Users\Collin\AppData\Roaming\OpenOffice
2014-04-07 13:29 - 2011-12-24 19:52 - 00092944 _____ () C:\Users\Collin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-07 13:28 - 2014-04-07 13:28 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-04-07 13:28 - 2014-04-07 13:28 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
2014-04-07 13:28 - 2014-04-07 13:27 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-04-07 12:13 - 2011-12-28 14:28 - 00000000 ____D () C:\Users\Collin\AppData\Roaming\SoftGrid Client
2014-04-07 02:00 - 2012-12-06 15:18 - 00003220 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCOLLIN-HP$
2014-04-07 02:00 - 2012-12-06 15:18 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForCOLLIN-HP$.job
2014-04-03 09:51 - 2014-04-27 19:20 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-27 19:20 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-27 19:20 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 14:48 - 2014-03-31 14:48 - 00000165 ____H () C:\Users\Collin\Desktop\~$Stundenplan WS 2013.xlsx
2014-03-31 09:35 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-28 16:54 - 2014-03-28 16:54 - 00002217 _____ () C:\Users\Collin\Desktop\HP Support Assistant.lnk
2014-03-28 16:54 - 2011-07-15 22:07 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-03-28 16:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-03-28 16:51 - 2011-07-15 22:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-28 16:51 - 2011-07-15 21:59 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-03-28 16:49 - 2014-03-28 16:49 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-03-28 16:46 - 2011-07-15 22:10 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-03-28 16:45 - 2011-02-10 21:23 - 00000000 ____D () C:\SWSetup
2014-03-28 01:15 - 2013-11-14 22:51 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-28 01:15 - 2013-11-14 22:51 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\Collin\AppData\Local\Temp\avgnt.exe
C:\Users\Collin\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-31 21:40

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 28.04.2014 09:11

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

fixiboy 29.04.2014 12:52
Huhu,

leider hatte ich ziemliche Probleme mit dem Online Scan. Der erste Scan wurde nach 4h bei 12% abgebrochen. Danach habe ich den Laptop abends den Scan beginnen lassen und wollte am nächsten morgen nachschauen, ob es geklappt hat. Leider keine Spur mehr vom Scan, daher war heute der letzte Versuch. Nach wieder knapp 4h kam er diesmal zum Ergebnis:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ee394191f9de1045a551fb25acdf8c2a
# engine=18060
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-28 07:41:30
# local_time=2014-04-28 09:41:30 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 287325 150343940 0 0
# scanned=171810
# found=0
# cleaned=0
# scan_time=14361
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ee394191f9de1045a551fb25acdf8c2a
# engine=18063
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-28 11:57:30
# local_time=2014-04-29 01:57:30 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 302685 150359300 0 0
# scanned=356681
# found=1
# cleaned=0
# scan_time=15246
sh=F5E37097F9726F1E8F8062AF05734C9F77159116 ft=0 fh=0000000000000000 vn="Win32/Exploit.CVE-2013-0074.X Trojaner" ac=I fn="C:\Users\Collin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SLL1OL6K\bc03ddd95c272819f7eb7388eeb7de6e[1].zip"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ee394191f9de1045a551fb25acdf8c2a
# engine=18069
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-29 11:35:22
# local_time=2014-04-29 01:35:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 31370 150401172 0 0
# scanned=323116
# found=1
# cleaned=0
# scan_time=12355
sh=F5E37097F9726F1E8F8062AF05734C9F77159116 ft=0 fh=0000000000000000 vn="Win32/Exploit.CVE-2013-0074.X Trojaner" ac=I fn="C:\Users\Collin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SLL1OL6K\bc03ddd95c272819f7eb7388eeb7de6e[1].zip"

Code:
Results of screen317's Security Check version 0.99.82 
 Windows 7 Service Pack 1 x64 (UAC is disabled!) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Google Chrome 34.0.1847.116 
 Google Chrome 34.0.1847.131 
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2014
Ran by Collin (administrator) on COLLIN-HP on 29-04-2014 13:44:35
Running from C:\Users\Collin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
() C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-10] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-08] (IDT, Inc.)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [168504 2011-06-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-05-17] (EasyBits Software AS)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Guard.Mail.ru.gui] => C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-03-30] ()
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1258504 2013-12-29] (Easybits)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-22] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-669750612-4099681080-2224479282-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe [841096 2014-03-12] (Adobe Systems Incorporated)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {42218EA0-A1A3-4FAE-BBF7-7482498E8022} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: ICQ Sparberater - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-07-15] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 129.217.129.42

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-06-07]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Google Docs) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-15]
CHR Extension: (Google Drive) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-15]
CHR Extension: (YouTube) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-15]
CHR Extension: (Google Search) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-15]
CHR Extension: (Website Logon) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfaldikcoaplhepekpbngkepfcoiihef [2013-11-15]
CHR Extension: (Google Wallet) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-15]
CHR Extension: (Gmail) - C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-15]
CHR HKLM-x32\...\Chrome\Extension: [dfaldikcoaplhepekpbngkepfcoiihef] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-08-22]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [240736 2013-10-07] (WildTangent)
R2 Guard.Mail.ru; C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-03-30] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-29 13:44 - 2014-04-29 13:44 - 00000749 _____ () C:\Users\Collin\Desktop\checkup.txt
2014-04-29 10:07 - 2014-04-29 10:07 - 00855379 _____ () C:\Users\Collin\Desktop\SecurityCheck.exe
2014-04-28 17:35 - 2014-04-28 17:35 - 02347384 _____ (ESET) C:\Users\Collin\Desktop\esetsmartinstaller_deu.exe
2014-04-28 17:29 - 2014-04-28 17:29 - 00000000 ____D () C:\Users\Collin\AppData\Local\Apps\2.0
2014-04-28 10:21 - 2014-04-28 10:21 - 00085316 _____ () C:\Users\Collin\Downloads\Infoblatt
2014-04-27 22:39 - 2014-04-27 22:39 - 00001780 _____ () C:\Users\Collin\Desktop\JRT.txt
2014-04-27 22:18 - 2014-04-27 22:18 - 00000000 ____D () C:\Windows\ERUNT
2014-04-27 22:16 - 2014-04-27 22:16 - 01016261 _____ (Thisisu) C:\Users\Collin\Desktop\JRT.exe
2014-04-27 22:04 - 2014-04-27 22:04 - 00006375 _____ () C:\Users\Collin\Desktop\AdwCleaner[S0].txt
2014-04-27 21:53 - 2014-04-27 22:02 - 00000000 ____D () C:\AdwCleaner
2014-04-27 21:33 - 2014-04-27 21:33 - 01329501 _____ () C:\Users\Collin\Desktop\adwcleaner.exe
2014-04-27 21:32 - 2014-04-27 21:32 - 00031178 _____ () C:\Users\Collin\Desktop\mbam.txt
2014-04-27 19:21 - 2014-04-27 21:29 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-27 19:20 - 2014-04-27 19:20 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-27 19:20 - 2014-04-27 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-27 19:20 - 2014-04-27 19:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-27 19:20 - 2014-04-27 19:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-27 19:20 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-27 19:20 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-27 19:20 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-27 18:57 - 2014-04-27 18:57 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Collin\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-26 13:10 - 2014-04-26 13:10 - 00035821 _____ () C:\ComboFix.txt
2014-04-26 12:44 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-26 12:44 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-26 12:44 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-26 12:44 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-26 12:44 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-26 12:44 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-26 12:44 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-26 12:44 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-26 12:42 - 2014-04-26 13:10 - 00000000 ____D () C:\Qoobox
2014-04-26 12:42 - 2014-04-26 13:07 - 00000000 ____D () C:\Windows\erdnt
2014-04-26 12:42 - 2014-04-26 12:42 - 00000000 ___RD () C:\Users\Collin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-26 02:45 - 2014-04-26 02:45 - 05196870 ____R (Swearware) C:\Users\Collin\Desktop\ComboFix.exe
2014-04-24 17:33 - 2014-04-29 10:08 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCollin
2014-04-24 17:33 - 2014-04-29 10:08 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForCollin.job
2014-04-24 15:04 - 2014-04-24 15:04 - 00004925 _____ () C:\Users\Collin\Desktop\Gmer.txt
2014-04-24 14:44 - 2014-04-24 14:44 - 00380416 _____ () C:\Users\Collin\Desktop\Gmer-19357.exe
2014-04-24 14:39 - 2014-04-24 14:41 - 00021455 _____ () C:\Users\Collin\Desktop\Addition.txt
2014-04-24 14:37 - 2014-04-29 13:44 - 00017564 _____ () C:\Users\Collin\Desktop\FRST.txt
2014-04-24 14:37 - 2014-04-29 13:44 - 00000000 ____D () C:\FRST
2014-04-24 14:33 - 2014-04-24 14:33 - 02061824 _____ (Farbar) C:\Users\Collin\Desktop\FRST64.exe
2014-04-24 14:31 - 2014-04-24 14:31 - 00000474 _____ () C:\Users\Collin\Desktop\defogger_disable.log
2014-04-24 14:31 - 2014-04-24 14:31 - 00000000 _____ () C:\Users\Collin\defogger_reenable
2014-04-24 14:30 - 2014-04-24 14:30 - 00050477 _____ () C:\Users\Collin\Desktop\Defogger.exe
2014-04-22 16:03 - 2014-04-22 16:03 - 00000000 __SHD () C:\Users\Collin\AppData\Local\EmieUserList
2014-04-22 16:03 - 2014-04-22 16:03 - 00000000 __SHD () C:\Users\Collin\AppData\Local\EmieSiteList
2014-04-22 16:00 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-22 16:00 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-22 16:00 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-22 16:00 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-22 15:59 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-22 15:59 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-22 15:59 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-22 15:59 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-22 15:59 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-22 15:59 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-22 15:59 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-22 15:59 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-22 15:59 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-22 15:59 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-22 15:59 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-22 15:59 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-22 15:59 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-22 15:59 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-22 15:59 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-22 15:59 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-22 15:59 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-22 15:59 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-22 15:59 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-22 15:59 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-22 15:59 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-22 15:59 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-22 15:59 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-22 15:59 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-22 15:59 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-22 15:59 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-22 15:59 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-22 15:59 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-22 15:59 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-22 15:59 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-22 15:59 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-22 15:59 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-22 15:59 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-22 15:59 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-22 15:59 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-22 15:59 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-22 15:59 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-22 15:59 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-22 15:59 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-22 15:59 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-22 15:59 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-22 15:59 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-22 15:59 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-22 15:59 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-19 18:03 - 2014-04-19 19:06 - 00000000 ___RD () C:\Users\Collin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-19 18:02 - 2014-04-19 18:02 - 00003158 _____ () C:\Windows\System32\Tasks\{63413530-4970-4B09-9431-53CAB00FB246}
2014-04-19 17:59 - 2014-04-19 18:02 - 00000000 ____D () C:\ProgramData\WPM
2014-04-19 17:58 - 2014-04-19 17:58 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-17 11:18 - 2014-04-17 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-17 11:18 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-17 11:18 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-17 11:18 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-17 11:18 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-17 11:17 - 2014-04-17 11:18 - 00005449 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-15 13:04 - 2014-04-15 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio
2014-04-15 13:04 - 2014-04-15 13:04 - 00000000 ____D () C:\Program Files\RStudio
2014-04-13 16:12 - 2014-04-13 16:12 - 00003606 _____ () C:\Users\Collin\Desktop\DATEN.csv
2014-04-09 13:45 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 13:45 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 13:45 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 13:45 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 13:45 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 13:45 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 13:45 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 13:45 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 13:45 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 13:45 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 13:45 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 13:45 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 13:45 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 13:45 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 13:45 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 13:45 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 13:45 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-07 13:35 - 2014-04-07 13:36 - 00000000 ____D () C:\Users\Collin\Desktop\Bilder
2014-04-07 13:29 - 2014-04-07 13:29 - 00000000 ____D () C:\Users\Collin\AppData\Roaming\OpenOffice
2014-04-07 13:28 - 2014-04-07 13:28 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-04-07 13:28 - 2014-04-07 13:28 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
2014-04-07 13:27 - 2014-04-07 13:28 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-04-07 12:12 - 2014-04-15 02:30 - 00012618 _____ () C:\Users\Collin\Desktop\Stundenplan SS2014.ods
2014-03-31 14:48 - 2014-03-31 14:48 - 00000165 ____H () C:\Users\Collin\Desktop\~$Stundenplan WS 2013.xlsx

==================== One Month Modified Files and Folders =======

2014-04-29 13:45 - 2014-04-24 14:37 - 00017564 _____ () C:\Users\Collin\Desktop\FRST.txt
2014-04-29 13:44 - 2014-04-29 13:44 - 00000749 _____ () C:\Users\Collin\Desktop\checkup.txt
2014-04-29 13:44 - 2014-04-24 14:37 - 00000000 ____D () C:\FRST
2014-04-29 13:21 - 2013-11-14 22:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-29 13:20 - 2013-11-14 22:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-29 12:12 - 2011-11-16 10:28 - 01565250 _____ () C:\Windows\WindowsUpdate.log
2014-04-29 10:11 - 2009-07-14 06:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-29 10:11 - 2009-07-14 06:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-29 10:08 - 2014-04-24 17:33 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCollin
2014-04-29 10:08 - 2014-04-24 17:33 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForCollin.job
2014-04-29 10:07 - 2014-04-29 10:07 - 00855379 _____ () C:\Users\Collin\Desktop\SecurityCheck.exe
2014-04-29 10:03 - 2013-11-14 22:51 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-29 10:03 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-29 10:03 - 2009-07-14 06:51 - 00149900 _____ () C:\Windows\setupact.log
2014-04-29 05:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-29 04:39 - 2011-12-24 19:47 - 00000000 ____D () C:\Users\Collin
2014-04-28 18:51 - 2013-11-12 10:04 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8284362C-B5C4-4E7C-B824-25F2F57764D4}
2014-04-28 17:35 - 2014-04-28 17:35 - 02347384 _____ (ESET) C:\Users\Collin\Desktop\esetsmartinstaller_deu.exe
2014-04-28 17:30 - 2011-07-16 07:32 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2014-04-28 17:30 - 2011-07-16 07:32 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2014-04-28 17:30 - 2009-07-14 07:13 - 01622236 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-28 17:29 - 2014-04-28 17:29 - 00000000 ____D () C:\Users\Collin\AppData\Local\Apps\2.0
2014-04-28 10:21 - 2014-04-28 10:21 - 00085316 _____ () C:\Users\Collin\Downloads\Infoblatt
2014-04-27 22:39 - 2014-04-27 22:39 - 00001780 _____ () C:\Users\Collin\Desktop\JRT.txt
2014-04-27 22:18 - 2014-04-27 22:18 - 00000000 ____D () C:\Windows\ERUNT
2014-04-27 22:16 - 2014-04-27 22:16 - 01016261 _____ (Thisisu) C:\Users\Collin\Desktop\JRT.exe
2014-04-27 22:04 - 2014-04-27 22:04 - 00006375 _____ () C:\Users\Collin\Desktop\AdwCleaner[S0].txt
2014-04-27 22:03 - 2010-11-21 05:47 - 00568258 _____ () C:\Windows\PFRO.log
2014-04-27 22:02 - 2014-04-27 21:53 - 00000000 ____D () C:\AdwCleaner
2014-04-27 21:33 - 2014-04-27 21:33 - 01329501 _____ () C:\Users\Collin\Desktop\adwcleaner.exe
2014-04-27 21:32 - 2014-04-27 21:32 - 00031178 _____ () C:\Users\Collin\Desktop\mbam.txt
2014-04-27 21:29 - 2014-04-27 19:21 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-27 19:20 - 2014-04-27 19:20 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-27 19:20 - 2014-04-27 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-27 19:20 - 2014-04-27 19:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-27 19:20 - 2014-04-27 19:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-27 18:57 - 2014-04-27 18:57 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Collin\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-26 13:10 - 2014-04-26 13:10 - 00035821 _____ () C:\ComboFix.txt
2014-04-26 13:10 - 2014-04-26 12:42 - 00000000 ____D () C:\Qoobox
2014-04-26 13:07 - 2014-04-26 12:42 - 00000000 ____D () C:\Windows\erdnt
2014-04-26 13:06 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-26 12:42 - 2014-04-26 12:42 - 00000000 ___RD () C:\Users\Collin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-26 02:45 - 2014-04-26 02:45 - 05196870 ____R (Swearware) C:\Users\Collin\Desktop\ComboFix.exe
2014-04-25 18:34 - 2012-01-10 00:42 - 00000000 ____D () C:\Users\Collin\AppData\Local\CrashDumps
2014-04-24 18:19 - 2012-07-18 21:05 - 00000216 _____ () C:\Users\Collin\Desktop\FILME.txt
2014-04-24 17:32 - 2012-01-16 22:52 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-04-24 17:32 - 2011-12-30 01:26 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-04-24 15:04 - 2014-04-24 15:04 - 00004925 _____ () C:\Users\Collin\Desktop\Gmer.txt
2014-04-24 14:44 - 2014-04-24 14:44 - 00380416 _____ () C:\Users\Collin\Desktop\Gmer-19357.exe
2014-04-24 14:41 - 2014-04-24 14:39 - 00021455 _____ () C:\Users\Collin\Desktop\Addition.txt
2014-04-24 14:33 - 2014-04-24 14:33 - 02061824 _____ (Farbar) C:\Users\Collin\Desktop\FRST64.exe
2014-04-24 14:31 - 2014-04-24 14:31 - 00000474 _____ () C:\Users\Collin\Desktop\defogger_disable.log
2014-04-24 14:31 - 2014-04-24 14:31 - 00000000 _____ () C:\Users\Collin\defogger_reenable
2014-04-24 14:30 - 2014-04-24 14:30 - 00050477 _____ () C:\Users\Collin\Desktop\Defogger.exe
2014-04-22 16:03 - 2014-04-22 16:03 - 00000000 __SHD () C:\Users\Collin\AppData\Local\EmieUserList
2014-04-22 16:03 - 2014-04-22 16:03 - 00000000 __SHD () C:\Users\Collin\AppData\Local\EmieSiteList
2014-04-22 16:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-19 19:06 - 2014-04-19 18:03 - 00000000 ___RD () C:\Users\Collin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-19 19:06 - 2012-03-21 11:28 - 00000000 ___HD () C:\Users\Collin\Documents\Runes of Magic
2014-04-19 19:06 - 2012-03-21 11:05 - 00000000 ____D () C:\Program Files (x86)\Runes of Magic
2014-04-19 19:06 - 2012-03-12 14:45 - 00000000 ____D () C:\Users\Collin\AppData\Roaming\RStudio
2014-04-19 19:06 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-19 19:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-04-19 18:02 - 2014-04-19 18:02 - 00003158 _____ () C:\Windows\System32\Tasks\{63413530-4970-4B09-9431-53CAB00FB246}
2014-04-19 18:02 - 2014-04-19 17:59 - 00000000 ____D () C:\ProgramData\WPM
2014-04-19 17:58 - 2014-04-19 17:58 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-19 17:58 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-04-17 11:20 - 2013-11-06 11:15 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-17 11:18 - 2014-04-17 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-17 11:18 - 2014-04-17 11:17 - 00005449 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-17 11:18 - 2013-11-06 11:15 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-15 13:04 - 2014-04-15 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio
2014-04-15 13:04 - 2014-04-15 13:04 - 00000000 ____D () C:\Program Files\RStudio
2014-04-15 02:30 - 2014-04-07 12:12 - 00012618 _____ () C:\Users\Collin\Desktop\Stundenplan SS2014.ods
2014-04-14 20:13 - 2014-04-17 11:18 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-04-17 11:18 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-04-17 11:18 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-04-17 11:18 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-13 16:12 - 2014-04-13 16:12 - 00003606 _____ () C:\Users\Collin\Desktop\DATEN.csv
2014-04-13 14:49 - 2011-12-24 19:54 - 00000000 ____D () C:\Users\Collin\AppData\Roaming\Skype
2014-04-10 03:06 - 2012-09-04 09:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 03:05 - 2013-07-16 01:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 03:02 - 2012-09-27 18:44 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-08 13:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-08 12:52 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-08 09:40 - 2009-07-14 06:45 - 00370840 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-07 13:36 - 2014-04-07 13:35 - 00000000 ____D () C:\Users\Collin\Desktop\Bilder
2014-04-07 13:36 - 2012-03-13 01:36 - 00000000 ___RD () C:\Users\Collin\Desktop\Programme
2014-04-07 13:34 - 2012-03-13 01:41 - 00000000 ____D () C:\Users\Collin\Desktop\Uni
2014-04-07 13:29 - 2014-04-07 13:29 - 00000000 ____D () C:\Users\Collin\AppData\Roaming\OpenOffice
2014-04-07 13:29 - 2011-12-24 19:52 - 00092944 _____ () C:\Users\Collin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-07 13:28 - 2014-04-07 13:28 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-04-07 13:28 - 2014-04-07 13:28 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
2014-04-07 13:28 - 2014-04-07 13:27 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-04-07 12:13 - 2011-12-28 14:28 - 00000000 ____D () C:\Users\Collin\AppData\Roaming\SoftGrid Client
2014-04-07 02:00 - 2012-12-06 15:18 - 00003220 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCOLLIN-HP$
2014-04-07 02:00 - 2012-12-06 15:18 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForCOLLIN-HP$.job
2014-04-03 09:51 - 2014-04-27 19:20 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-27 19:20 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-27 19:20 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 14:48 - 2014-03-31 14:48 - 00000165 ____H () C:\Users\Collin\Desktop\~$Stundenplan WS 2013.xlsx
2014-03-31 09:35 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Collin\AppData\Local\Temp\avgnt.exe
C:\Users\Collin\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-29 04:52

==================== End Of Log ============================
--- --- ---




Als ich dann die Online Scanner runterschmeißen wollte, ist mir aufgefallen, dass ganz viele Programme in der Systemsteuerung fehlen. Also sie sind nur nicht aufgelistet, installiert ist noch alles. Ich weiß nicht, ob das ein Problem ist, was schon länger besteht oder erst mit dem Trojaner aufgetreten ist. Kann man sich die wieder anzeigen lassen?

Ich glaube das Werbungsproblem ist behoben, da ich in letzter Zeit keine Probleme mehr hatte.
Ich danke dir vielmals !!!!!

schrauber 30.04.2014 23:07
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Eine der Adware Dinger hat die Uninstall Liste zerschossen, ist bekannt aber zur Zeit nicht reparierbar. Ccleaner sollte noch alle anzeigen.



Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.



Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

fixiboy 01.05.2014 13:18
Ich glaub ich hab einen kleinen Fehler gemacht. Habe bereits alles durchgeführt was in deiner Antwort stand. Somit ist auch die Fixlog.txt Datei gelöscht worden :/

Ich kann dir nur sagen, dass alles reibungslos ablief. Wenn du die Datei nochmal unbedingt sehen möchtest, musst du mir nochmal sagen, was ich zu tun habe.

Aber ich glaube, dass alles wieder in Ordnung ist.
Vielen lieben Dank, ich werde mich auf jeden Fall nochmal in dem Lob, Kritik und Wünsche Forum melden ;-)

schrauber 02.05.2014 07:36
Passt schon.

Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:31 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131