jean-pauli | 12.06.2014 10:35 | Hi
NOchmal vielen Dank für die Hilfe - hier die gewünschten Logs:
mbam Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 12.06.2014
Suchlauf-Zeit: 10:47:13
Logdatei: 3.txt
Administrator: Ja
Version: 2.00.2.1012
Malware Datenbank: v2014.03.04.09
Rootkit Datenbank: v2014.02.20.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert
Betriebssystem: Windows 7
CPU: x64
Dateisystem: NTFS
Benutzer: switte
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 328426
Verstrichene Zeit: 14 Min, 14 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 104
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\APPID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}, In Quarantäne, [8dbc6f90c2b81c1a2d316311f210f50b],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc, In Quarantäne, [8dbc6f90c2b81c1a2d316311f210f50b],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc.1.0, In Quarantäne, [8dbc6f90c2b81c1a2d316311f210f50b],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc, In Quarantäne, [8dbc6f90c2b81c1a2d316311f210f50b],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc.1.0, In Quarantäne, [8dbc6f90c2b81c1a2d316311f210f50b],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}, In Quarantäne, [8dbc6f90c2b81c1a2d316311f210f50b],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}, In Quarantäne, [8dbc6f90c2b81c1a2d316311f210f50b],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [95b40af5b0ca072f15eef57fb34f7a86],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [95b40af5b0ca072f15eef57fb34f7a86],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\APPID\{F48FC5B2-094A-44C7-B48C-289738C9582D}, In Quarantäne, [054449b652281e1875ead0a4768ce51b],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3COMClassService, In Quarantäne, [054449b652281e1875ead0a4768ce51b],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3COMClassService.1.0, In Quarantäne, [054449b652281e1875ead0a4768ce51b],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3COMClassService, In Quarantäne, [054449b652281e1875ead0a4768ce51b],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3COMClassService.1.0, In Quarantäne, [054449b652281e1875ead0a4768ce51b],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{F48FC5B2-094A-44C7-B48C-289738C9582D}, In Quarantäne, [054449b652281e1875ead0a4768ce51b],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}, In Quarantäne, [054449b652281e1875ead0a4768ce51b],
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [66e3cc33b0cae551a5062d124db5d42c],
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [66e3cc33b0cae551a5062d124db5d42c],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}, In Quarantäne, [0e3bb44b7802d660253bc7ad1de58b75],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback.1.0, In Quarantäne, [0e3bb44b7802d660253bc7ad1de58b75],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback, In Quarantäne, [0e3bb44b7802d660253bc7ad1de58b75],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback, In Quarantäne, [0e3bb44b7802d660253bc7ad1de58b75],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback.1.0, In Quarantäne, [0e3bb44b7802d660253bc7ad1de58b75],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}, In Quarantäne, [cb7e758ad3a7ff378fd286eefc067b85],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine.1.0, In Quarantäne, [cb7e758ad3a7ff378fd286eefc067b85],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine, In Quarantäne, [cb7e758ad3a7ff378fd286eefc067b85],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine, In Quarantäne, [cb7e758ad3a7ff378fd286eefc067b85],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine.1.0, In Quarantäne, [cb7e758ad3a7ff378fd286eefc067b85],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}, In Quarantäne, [a4a58976adcd2b0b78eab5bfee146e92],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoCreateAsync.1.0, In Quarantäne, [a4a58976adcd2b0b78eab5bfee146e92],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoCreateAsync, In Quarantäne, [a4a58976adcd2b0b78eab5bfee146e92],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoCreateAsync, In Quarantäne, [a4a58976adcd2b0b78eab5bfee146e92],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoCreateAsync.1.0, In Quarantäne, [a4a58976adcd2b0b78eab5bfee146e92],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}, In Quarantäne, [2722708f6a103303c69d254f5ba751af],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback.1.0, In Quarantäne, [2722708f6a103303c69d254f5ba751af],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback, In Quarantäne, [2722708f6a103303c69d254f5ba751af],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback, In Quarantäne, [2722708f6a103303c69d254f5ba751af],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback.1.0, In Quarantäne, [2722708f6a103303c69d254f5ba751af],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}, In Quarantäne, [5dec23dc651536000a5a9cd82dd5e61a],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreMachineClass.1, In Quarantäne, [5dec23dc651536000a5a9cd82dd5e61a],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreMachineClass, In Quarantäne, [5dec23dc651536000a5a9cd82dd5e61a],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreMachineClass, In Quarantäne, [5dec23dc651536000a5a9cd82dd5e61a],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreMachineClass.1, In Quarantäne, [5dec23dc651536000a5a9cd82dd5e61a],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}, In Quarantäne, [4efbe6194d2d44f281e43341867cda26],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.ProcessLauncher.1.0, In Quarantäne, [4efbe6194d2d44f281e43341867cda26],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.ProcessLauncher, In Quarantäne, [4efbe6194d2d44f281e43341867cda26],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.ProcessLauncher, In Quarantäne, [4efbe6194d2d44f281e43341867cda26],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.ProcessLauncher.1.0, In Quarantäne, [4efbe6194d2d44f281e43341867cda26],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}, In Quarantäne, [b0995ea1c0ba1e18fb6b92e2ed1549b7],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0, In Quarantäne, [b0995ea1c0ba1e18fb6b92e2ed1549b7],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine, In Quarantäne, [b0995ea1c0ba1e18fb6b92e2ed1549b7],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine, In Quarantäne, [b0995ea1c0ba1e18fb6b92e2ed1549b7],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0, In Quarantäne, [b0995ea1c0ba1e18fb6b92e2ed1549b7],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}, In Quarantäne, [61e808f7bac02f07cf981064a85a29d7],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}, In Quarantäne, [61e808f7bac02f07cf981064a85a29d7],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}, In Quarantäne, [292057a8e19959ddbdab88ece61ca35d],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}, In Quarantäne, [292057a8e19959ddbdab88ece61ca35d],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLive.OneClickCtrl.9, In Quarantäne, [292057a8e19959ddbdab88ece61ca35d],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.OneClickCtrl.9, In Quarantäne, [292057a8e19959ddbdab88ece61ca35d],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}, In Quarantäne, [292057a8e19959ddbdab88ece61ca35d],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}, In Quarantäne, [292057a8e19959ddbdab88ece61ca35d],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLive.Update3WebControl.3, In Quarantäne, [292057a8e19959ddbdab88ece61ca35d],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.Update3WebControl.3, In Quarantäne, [292057a8e19959ddbdab88ece61ca35d],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}, In Quarantäne, [292057a8e19959ddbdab88ece61ca35d],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}, In Quarantäne, [292057a8e19959ddbdab88ece61ca35d],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}, In Quarantäne, [2e1be31c1b5f3ef8a6c30f652ad8d32d],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}, In Quarantäne, [07422ed180fab97d1f4b0173f2108a76],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine.1.0, In Quarantäne, [07422ed180fab97d1f4b0173f2108a76],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine, In Quarantäne, [07422ed180fab97d1f4b0173f2108a76],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine, In Quarantäne, [07422ed180fab97d1f4b0173f2108a76],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine.1.0, In Quarantäne, [07422ed180fab97d1f4b0173f2108a76],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C536F080-57B7-46D6-8894-C647553F2889}, In Quarantäne, [07422ed180fab97d1f4b0173f2108a76],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}, In Quarantäne, [ad9cbb448bef4aecf378b8bc13ef728e],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreClass.1, In Quarantäne, [ad9cbb448bef4aecf378b8bc13ef728e],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreClass, In Quarantäne, [ad9cbb448bef4aecf378b8bc13ef728e],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreClass, In Quarantäne, [ad9cbb448bef4aecf378b8bc13ef728e],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreClass.1, In Quarantäne, [ad9cbb448bef4aecf378b8bc13ef728e],
PUP.Optional.SweetPacks, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}, In Quarantäne, [301906f93b3fdc5a5219152c2ad8c937],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}, In Quarantäne, [74d537c8047686b0105ccba9778bba46],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebSvc.1.0, In Quarantäne, [74d537c8047686b0105ccba9778bba46],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebSvc, In Quarantäne, [74d537c8047686b0105ccba9778bba46],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebSvc, In Quarantäne, [74d537c8047686b0105ccba9778bba46],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebSvc.1.0, In Quarantäne, [74d537c8047686b0105ccba9778bba46],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}, In Quarantäne, [9bae1ce3cfab4cea0469c3b18c7648b8],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachine.1.0, In Quarantäne, [9bae1ce3cfab4cea0469c3b18c7648b8],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachine, In Quarantäne, [9bae1ce3cfab4cea0469c3b18c7648b8],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachine, In Quarantäne, [9bae1ce3cfab4cea0469c3b18c7648b8],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachine.1.0, In Quarantäne, [9bae1ce3cfab4cea0469c3b18c7648b8],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\APPID\DealPlyLive.exe, In Quarantäne, [7ecbd32ca0dab58190a2208cc24155ab],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\DealPlyLive.exe, In Quarantäne, [9aaf3fc0c3b7cb6bc66c525ad2318c74],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@tools.dpliveupdate.com/DealPlyLive Update;version=3, In Quarantäne, [1435fa055624350187afcce057acc739],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@tools.dpliveupdate.com/DealPlyLive Update;version=9, In Quarantäne, [15343cc3186286b0ca6c4d5f8b7837c9],
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, In Quarantäne, [c584c53aadcda19569553f6c867dfc04],
PUP.Optional.DealPly.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\DealPlyLive, Löschen bei Neustart, [064355aa8ceedd590731783450b3bd43],
PUP.Optional.PlusHD.A, HKU\S-1-5-21-1090607797-461681864-3531138898-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-2.2, Löschen bei Neustart, [a8a14ab59edcd75f04b947487b8750b0],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110311301136}, In Quarantäne, [1d2c3ec12654ba7c02ff4ce6ed171ae6],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110311301136}, In Quarantäne, [1d2c3ec12654ba7c02ff4ce6ed171ae6],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440344304436}, In Quarantäne, [1d2c3ec12654ba7c02ff4ce6ed171ae6],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550355305536}, In Quarantäne, [1d2c3ec12654ba7c02ff4ce6ed171ae6],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660366306636}, In Quarantäne, [1d2c3ec12654ba7c02ff4ce6ed171ae6],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550355305536}, In Quarantäne, [1d2c3ec12654ba7c02ff4ce6ed171ae6],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660366306636}, In Quarantäne, [1d2c3ec12654ba7c02ff4ce6ed171ae6],
PUP.Optional.CrossRider.M, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440344304436}, In Quarantäne, [1d2c3ec12654ba7c02ff4ce6ed171ae6],
PUP.Optional.CrossRider.M, HKU\S-1-5-21-1090607797-461681864-3531138898-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110311301136}, Löschen bei Neustart, [1d2c3ec12654ba7c02ff4ce6ed171ae6],
Registrierungswerte: 2
PUP.Optional.BrowserProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|bProtectTabs, hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=8EDD00FFF93FFD17&affID=119776&tsp=4983, In Quarantäne, [e56415ea6b0f1422b1756f3f748f2cd4]
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, {D9471B7B-F0EF-11E1-B31B-005056C00008}, In Quarantäne, [c584c53aadcda19569553f6c867dfc04]
Registrierungsdaten: 0
(No malicious items detected)
Ordner: 14
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive, In Quarantäne, [d0791ce3b9c10036a4adee9841c12bd5],
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive\Update, In Quarantäne, [d0791ce3b9c10036a4adee9841c12bd5],
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive\Update\Log, In Quarantäne, [d0791ce3b9c10036a4adee9841c12bd5],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\CrashReports, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\Download, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\Install, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\Offline, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\Offline\{52B30197-65F0-4326-9CCA-27F2D8AAB8C1}, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Users\switte\AppData\Local\DealPlyLive, In Quarantäne, [c287f30c39413ff7d0d9add90ef4c53b],
PUP.Optional.DealPly.A, C:\Users\switte\AppData\Local\DealPlyLive\CrashReports, In Quarantäne, [c287f30c39413ff7d0d9add90ef4c53b],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-2.2, In Quarantäne, [c4855ca357232b0b62917e085ea4d12f],
Dateien: 81
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\psmachine.dll, In Quarantäne, [61e808f7bac02f07cf981064a85a29d7],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll, In Quarantäne, [292057a8e19959ddbdab88ece61ca35d],
PUP.Optional.OneClickDownloader.A, C:\Users\switte\Downloads\FTDownloader_setup(18_4)_ch (1).exe, In Quarantäne, [95b4aa557505a78ffdfa2132966b728e],
PUP.Optional.OneClickDownloader.A, C:\Users\switte\Downloads\FTDownloader_setup(18_4)_ch.exe, In Quarantäne, [56f3fd0202780b2bfef93122ba4708f8],
Hacktool.Agent, C:\Users\switte\Downloads\Loader (W-7).rar, In Quarantäne, [f851728d71091e18b71b7912867b39c7],
PUP.Optional.Bandoo, C:\Users\switte\Downloads\iLividSetup-r390-n-bc.exe, In Quarantäne, [56f316e93c3e57df4f54d378fe03ea16],
PUP.Optional.BundleInstaller.A, C:\Users\switte\Downloads\Java.exe, In Quarantäne, [de6b09f6e59511255724dbacc63b14ec],
PUP.Optional.OpenCandy, C:\Users\switte\Downloads\winamp5622_full_emusic-7plus_de-de.exe, In Quarantäne, [0d3cfc03c8b284b28660bb96e420a45c],
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive\Update\Log\DealPlyLive.log, In Quarantäne, [d0791ce3b9c10036a4adee9841c12bd5],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLive.exe, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveBroker.exe, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveHandler.exe, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveHelper.msi, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveOnDemand.exe, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_bn.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ca.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_cs.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_da.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_de.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_el.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_en-GB.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_en.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_es-419.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_es.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_et.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fa.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fi.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fil.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fr.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_gu.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hr.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hu.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_id.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_is.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_it.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_iw.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ja.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_kn.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ko.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_lt.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_lv.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ml.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_mr.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ms.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_nl.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_no.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_am.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ar.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pt-BR.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pt-PT.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ro.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ru.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sk.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sl.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sr.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sv.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sw.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ta.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_te.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_th.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_tr.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_uk.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ur.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_vi.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_zh-CN.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_zh-TW.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\psuser.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_bg.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hi.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pl.dll, In Quarantäne, [a5a46d9289f12c0a86cd038304fe1ce4],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-codedownloader.exe, In Quarantäne, [c4855ca357232b0b62917e085ea4d12f],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-2.2\33036.crx, In Quarantäne, [c4855ca357232b0b62917e085ea4d12f],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-2.2\33036.xpi, In Quarantäne, [c4855ca357232b0b62917e085ea4d12f],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-2.2\Installer.log, In Quarantäne, [c4855ca357232b0b62917e085ea4d12f],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-bg.exe, In Quarantäne, [c4855ca357232b0b62917e085ea4d12f],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-buttonutil.exe, In Quarantäne, [c4855ca357232b0b62917e085ea4d12f],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-buttonutil64.dll, In Quarantäne, [c4855ca357232b0b62917e085ea4d12f],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-buttonutil64.exe, In Quarantäne, [c4855ca357232b0b62917e085ea4d12f],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-firefoxinstaller.exe, In Quarantäne, [c4855ca357232b0b62917e085ea4d12f],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-helper.exe, In Quarantäne, [c4855ca357232b0b62917e085ea4d12f],
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2.ico, In Quarantäne, [c4855ca357232b0b62917e085ea4d12f],
Physische Sektoren: 0
(No malicious items detected)
(end)
awdcleaner
AdwCleaner Logfile: Code:
# AdwCleaner v3.212 - Bericht erstellt am 12/06/2014 um 11:12:08
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Professional (64 bits)
# Benutzername : switte - SARDELLE
# Gestartet von : C:\tauschen\adwcleaner_3.212.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\blekko toolbars
Ordner Gelöscht : C:\ProgramData\Registry Helper
Ordner Gelöscht : C:\Users\switte\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\switte\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\switte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
Datei Gelöscht : C:\Users\switte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\switte\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\lgnbhdnimikkoodkogjlcllngimhlapp
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FTDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ftdownloader v4_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ftdownloader v4_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\plus-hd-2_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\plus-hd-2_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gimp_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gimp_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DynConIE
***** [ Browser ] *****
-\\ Internet Explorer v8.0.7600.17267
-\\ Mozilla Firefox v5.0 (de)
[ Datei : C:\Users\switte\AppData\Roaming\Mozilla\Firefox\Profiles\iknf3a13.default\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\switte\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Homepage] : hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=8EDD00FFF93FFD17&affID=119776&tsp=4983
Gelöscht [Extension] : eooncjejnppfjjklapaamhcdmjbilmde
Gelöscht [Extension] : oejkcgajlodefenbbjdnaiahmbnnoole
*************************
AdwCleaner[R0].txt - [7443 octets] - [12/06/2014 11:10:46]
AdwCleaner[S0].txt - [7179 octets] - [12/06/2014 11:12:08]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7239 octets] ########## --- --- ---
jrt Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by switte on 12.06.2014 at 11:19:49,57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1090607797-461681864-3531138898-1001\Software\sweetim
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\searchdonkey"
Successfully deleted: [Folder] "C:\Users\switte\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\switte\AppData\Roaming\software"
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.06.2014 at 11:26:30,63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST:
[CODE]

FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 01
Ran by switte (administrator) on SARDELLE on 12-06-2014 11:27:28
Running from C:\Users\switte\Desktop
Platform: Windows 7 Professional (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\stacsv64.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\app\Quest Software\Benchmark Factory for Databases\Repository\MySQL\bin\mysqld-max-nt.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\Ntrtscan.exe
() C:\app\switte\oracle\product\11.1.64\BIN\TNSLSNR.EXE
(Oracle Corporation) C:\app\switte\oracle\product\11.1.64\BIN\oracle.exe
() C:\app\switte\oracle\product\11.1.64\BIN\oravssw.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmListen.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\app\switte\OpenVPN_214\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Stoic Joker's Network) C:\Installs\T-Clock 2010 (build X - Release to DC)\x64\Clock.exe
() C:\Program Files (x86)\Assmann\USB Device Server\Control Center.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Intel Corporation) C:\Windows\System32\GfxUI.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmPfw.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1894696 2010-01-08] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-04-07] (IDT, Inc.)
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [16416360 2010-05-25] (NVIDIA Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-10-09] (Dell Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [DpAgent] => C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe [842816 2009-05-13] (DigitalPersona, Inc.)
HKLM-x32\...\Run: [RemoteControl9] => c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-14] (CyberLink Corp.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [147456 2005-05-27] (shbox.de)
HKLM-x32\...\Run: [openvpn-gui] => C:\app\switte\openVPN_214\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe [265216 2010-05-07] ()
HKLM-x32\...\Run: [vmware-tray] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [103536 2011-11-14] (VMware, Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [KCodes UDS Control Center] => C:\Program Files (x86)\Assmann\USB Device Server\Control Center.exe [4910592 2011-05-30] ()
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [OfficeScanNT Monitor] => c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe [1705296 2010-06-25] (Trend Micro Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-21] (Avira Operations GmbH & Co. KG)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Lavasoft <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
AppInit_DLLs: C:\Windows\System32\acaptuser64.dll => C:\Windows\System32\acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\switte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\switte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stoic Joker's T-Clock 2010 x64.lnk
ShortcutTarget: Stoic Joker's T-Clock 2010 x64.lnk -> C:\Installs\T-Clock 2010 (build X - Release to DC)\x64\Clock.exe (Stoic Joker's Network)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {434883DB-E43C-4C66-BF09-FDAD12DB7BDD} URL =
SearchScopes: HKCU - {9355D0D8-4BF8-4806-9920-403C40F0731F} URL =
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
BHO: DigitalPersona Fingerprint Software Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: DigitalPersona Fingerprint Software Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - C:\app\Quest Software\Toad for Oracle\RNetPin.dll ()
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (Trend Micro Inc.)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.4.36.104 10.4.36.100
Tcpip\..\Interfaces\{6F492E79-597B-42E2-BB2C-979E0743CB83}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{DC0F0ABD-B6BC-49A6-9F0E-549159AD00A8}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FireFox:
========
FF ProfilePath: C:\Users\switte\AppData\Roaming\Mozilla\Firefox\Profiles\iknf3a13.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\app\switte\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\app\switte\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @MagellanGPS.com/CommunicationPlugin - C:\Program Files (x86)\Magellan\Magellan Communicator\npMgnPlg.dll (Magellan Navigation, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\switte\AppData\Roaming\mozilla\plugins\npMeetingJoinPluginAOCUser.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ []
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF Extension: Trend Micro NSC Firefox Extension - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2010-10-09]
FF HKLM-x32\...\Firefox\Extensions: [fe_9.0@nokia.com] - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0
FF Extension: Firefox Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012-05-24]
FF HKLM-x32\...\Thunderbird\Extensions: [te_9.0@nokia.com] - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012-05-24]
FF HKCU\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext [2010-10-09]
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\switte\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\switte\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\switte\AppData\Local\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Picasa) - C:\app\switte\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll No File
CHR Extension: (Instant Retro) - C:\Users\switte\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlahmeejnbkdnjnckboeglpfmjbfmopp [2011-09-16]
CHR Extension: (Google Wallet) - C:\Users\switte\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
==================== Services (Whitelisted) =================
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 BMFMySQL; C:\app\Quest Software\Benchmark Factory for Databases\Repository\MySQL\bin\mysqld-max-nt.exe [4431872 2005-10-23] () [File not signed]
R2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed]
S3 CTUPnPSv; C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed]
R2 DpHost; C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe [322624 2009-05-13] (DigitalPersona, Inc.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2012-10-12] (Macrovision Europe Ltd.) [File not signed]
R2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 ntrtscan; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe [1835912 2010-06-22] (Trend Micro Inc.)
S3 OpenVPNService; C:\app\switte\openVPN_214\Astaro\Astaro SSL VPN Client\bin\openvpnserv.exe [39936 2010-05-07] () [File not signed]
S2 OracleDBConsoleIDGMBH; c:\app\switte\oracle\product\11.1.64\bin\nmesrvc.exe [25600 2007-09-13] (Oracle Corporation) [File not signed]
S3 OracleDEFAULT_HOMEClientCache; C:\oracle\ora81\BIN\ONRSD.EXE [411244 2000-10-19] () [File not signed]
S4 OracleJobSchedulerIDGMBH; c:\app\switte\oracle\product\11.1.64\Bin\extjob.exe [102400 2007-10-03] () [File not signed]
R2 OracleOraDb11g_home2TNSListener; c:\app\switte\oracle\product\11.1.64\ [0 ] () [File not signed]
R2 OracleServiceIDGMBH; c:\app\switte\oracle\product\11.1.64\bin\ORACLE.EXE [89702400 2007-10-03] (Oracle Corporation) [File not signed]
R2 OracleVssWriterIDGMBH; c:\app\switte\oracle\product\11.1.64\bin\OraVSSW.exe [163840 2007-10-03] () [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2013-06-27] (Enigma Software Group USA, LLC.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\STacSV64.exe [247808 2010-04-07] (IDT, Inc.)
R2 svcGenericHost; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [45056 2010-07-05] (Trend Micro Inc.) [File not signed]
R2 tmlisten; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe [2057096 2010-06-22] (Trend Micro Inc.)
R3 TmPfw; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [595960 2009-07-16] (Trend Micro Inc.)
R3 TmProxy; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [917768 2009-07-16] (Trend Micro Inc.)
R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [79872 2011-11-13] (VMware, Inc.) [File not signed]
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [11839488 2011-11-13] () [File not signed]
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5088256 2010-10-09] (Dell Inc.) [File not signed]
S2 OpenVPNAccessClient; C:\app\switte\OpenVPN\core\capiws.exe [X]
S3 Oracle8iClientCache; c:\app\switte\oracle\product\BIN\ONRSD.EXE [X]
S2 OracleMTSRecoveryService; c:\app\switte\oracle\product\11.1.0\bin\omtsreco.exe "OracleMTSRecoveryService" [X]
==================== Drivers (Whitelisted) ====================
R3 AssmannUDSMBus; C:\Windows\SysWow64\Drivers\AssmannUDSMBus.sys [100448 2011-05-06] (Windows (R) Codename Longhorn DDK provider)
S3 AssmannUDSTcpBus; C:\Windows\SysWow64\Drivers\AssmannUDSTcpBus.sys [165472 2011-05-06] (Windows (R) Codename Longhorn DDK provider)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20552 2010-09-06] (Devguru Co., Ltd)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2014-06-05] (GFI Software)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [9856 2010-12-02] (Padus, Inc.) [File not signed]
S3 PORTMON; C:\Installs\Sysinternals\PORTMSYS.SYS [28656 2014-06-11] (Systems Internals) [File not signed]
S3 tap0801; C:\Windows\System32\DRIVERS\tap0801.sys [30720 2005-04-13] (The OpenVPN Project) [File not signed]
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2010-08-03] (The OpenVPN Project)
R2 TmFilter; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [265744 2010-05-11] (Trend Micro Inc.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [200720 2009-07-16] (Trend Micro Inc.)
R2 TmPreFilter; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [42000 2010-05-11] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [107536 2009-07-16] (Trend Micro Inc.)
R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [339984 2009-07-16] (Trend Micro Inc.)
R2 VSApiNt; c:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys [2007056 2010-05-11] (Trend Micro Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-12 11:27 - 2014-06-12 11:27 - 00032870 _____ () C:\Users\switte\Desktop\FRST.txt
2014-06-12 11:27 - 2014-06-12 11:27 - 00000000 ____D () C:\Users\switte\Desktop\FRST-OlderVersion
2014-06-12 11:26 - 2014-06-12 11:26 - 00001103 _____ () C:\Users\switte\Desktop\JRT.txt
2014-06-12 11:17 - 2014-06-12 11:17 - 00000000 ____D () C:\Windows\ERUNT
2014-06-12 11:16 - 2014-06-12 11:16 - 00007399 _____ () C:\Users\switte\Desktop\AdwCleaner[S0].txt
2014-06-12 11:15 - 2014-06-12 11:16 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2014-06-12 11:14 - 2014-06-12 11:15 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_12_11_14_59.dmp
2014-06-12 11:10 - 2014-06-12 11:12 - 00000000 ____D () C:\AdwCleaner
2014-06-12 11:09 - 2014-06-12 11:09 - 00030874 _____ () C:\Users\switte\Desktop\3.txt
2014-06-12 11:05 - 2014-06-12 11:05 - 00020474 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_12_11_5_41.dmp
2014-06-12 10:15 - 2014-06-12 11:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-12 10:15 - 2014-06-12 10:15 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-12 10:15 - 2014-06-12 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-12 10:15 - 2014-06-12 10:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-12 10:15 - 2014-06-12 10:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-12 10:15 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-12 10:15 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-12 10:15 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-12 10:13 - 2014-06-12 10:11 - 01016261 _____ (Thisisu) C:\Users\switte\Desktop\JRT.exe
2014-06-11 17:27 - 2014-06-11 17:27 - 00000000 ___SD () C:\ComboFix
2014-06-11 16:15 - 2014-06-11 16:15 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_16_15_20.dmp
2014-06-11 16:10 - 2014-06-11 16:10 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macrovision
2014-06-11 16:09 - 2014-06-11 16:13 - 00000000 ____D () C:\Users\Administrator\AppData\Local\TSVNCache
2014-06-11 16:09 - 2014-06-11 16:09 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ICAClient
2014-06-11 16:09 - 2014-06-11 16:09 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\DigitalPersona
2014-06-11 16:09 - 2014-06-11 16:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\DigitalPersona
2014-06-11 16:09 - 2014-06-11 16:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Citrix
2014-06-11 16:08 - 2014-06-11 16:08 - 00001441 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-11 16:08 - 2014-06-11 16:08 - 00001407 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-06-11 16:08 - 2014-06-11 16:08 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-11 16:08 - 2014-06-11 16:08 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-06-11 16:07 - 2014-06-11 16:07 - 00020474 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_16_7_31.dmp
2014-06-11 16:06 - 2014-06-11 16:13 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp
2014-06-11 16:06 - 2014-06-11 16:08 - 00000000 ____D () C:\Users\Administrator
2014-06-11 16:06 - 2014-06-11 16:06 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2014-06-11 16:06 - 2013-04-12 16:49 - 00000000 ____D () C:\Users\Administrator\Documents\Visual Studio 2010
2014-06-11 16:06 - 2013-04-12 16:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Help
2014-06-11 16:06 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-11 16:06 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-11 14:49 - 2014-06-11 14:49 - 00001148 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-11 14:49 - 2014-06-11 14:49 - 00001136 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-11 14:49 - 2014-06-11 14:49 - 00000000 ____D () C:\Users\switte\AppData\Local\Mozilla
2014-06-11 11:32 - 2014-06-11 11:32 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_11_32_38.dmp
2014-06-11 10:52 - 2014-06-11 10:52 - 00032313 _____ () C:\ComboFix.txt
2014-06-11 10:52 - 2014-06-11 10:52 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-11 10:52 - 2014-06-11 10:52 - 00000000 ____D () C:\Users\Installs\AppData\Local\temp
2014-06-11 10:52 - 2014-06-11 10:52 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-11 10:52 - 2014-06-11 10:52 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-11 10:16 - 2014-06-11 10:16 - 00021517 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_10_16_44.dmp
2014-06-11 10:07 - 2014-06-11 10:07 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_10_7_1.dmp
2014-06-11 09:55 - 2014-06-11 09:55 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_9_55_13.dmp
2014-06-11 09:18 - 2014-06-11 09:18 - 00021476 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_9_18_0.dmp
2014-06-11 09:00 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-11 09:00 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-11 09:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-11 09:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-11 09:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-11 09:00 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-11 09:00 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-11 09:00 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-11 08:49 - 2014-06-11 17:27 - 00000000 ____D () C:\Qoobox
2014-06-11 08:48 - 2014-06-11 09:34 - 00000000 ____D () C:\Windows\erdnt
2014-06-11 08:45 - 2014-06-11 08:45 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_8_45_44.dmp
2014-06-10 17:14 - 2014-06-11 08:52 - 00001266 _____ () C:\Users\switte\Desktop\Revo Uninstaller.lnk
2014-06-10 17:14 - 2014-06-11 08:52 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-10 17:13 - 2014-06-10 17:13 - 05205915 ____R (Swearware) C:\Users\switte\Desktop\ComboFix.exe
2014-06-10 16:00 - 2014-06-12 11:27 - 00000000 ____D () C:\FRST
2014-06-10 15:59 - 2014-06-12 11:27 - 02081792 _____ (Farbar) C:\Users\switte\Desktop\FRST64.exe
2014-06-10 15:50 - 2014-06-10 15:50 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_10_15_50_47.dmp
2014-06-05 09:20 - 2014-06-11 08:55 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-06-05 09:05 - 2014-06-05 09:06 - 00020572 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_5_9_5_59.dmp
2014-06-05 09:01 - 2014-06-05 09:01 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_5_9_1_32.dmp
2014-06-05 09:00 - 2014-06-05 09:02 - 00000000 ____D () C:\Users\Installs
2014-06-05 09:00 - 2014-06-05 09:00 - 00000020 ___SH () C:\Users\Installs\ntuser.ini
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Vorlagen
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Startmenü
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Netzwerkumgebung
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Lokale Einstellungen
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Eigene Dateien
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Druckumgebung
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Documents\Eigene Musik
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Documents\Eigene Bilder
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\AppData\Local\Verlauf
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\AppData\Local\Anwendungsdaten
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Anwendungsdaten
2014-06-05 09:00 - 2013-04-12 16:49 - 00000000 ____D () C:\Users\Installs\Documents\Visual Studio 2010
2014-06-05 09:00 - 2013-04-12 16:46 - 00000000 ____D () C:\Users\Installs\AppData\Local\Microsoft Help
2014-06-05 09:00 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Installs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-05 09:00 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Installs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-04 19:37 - 2014-06-04 19:37 - 00000000 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_19_37_8.dmp
2014-06-04 10:24 - 2014-06-04 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-06-04 09:38 - 2014-06-04 09:38 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_9_38_5.dmp
2014-06-04 08:50 - 2014-06-04 08:50 - 00020572 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_8_50_29.dmp
2014-06-04 08:40 - 2014-06-04 08:40 - 00020474 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_8_40_3.dmp
2014-06-04 08:21 - 2014-06-04 08:21 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_8_21_31.dmp
2014-06-03 16:45 - 2014-06-05 09:13 - 00047496 _____ (GFI Software) C:\Windows\system32\sbbd.exe
2014-06-03 16:45 - 2014-06-03 16:45 - 00000000 ____D () C:\Users\switte\AppData\Roaming\Ad-Aware Antivirus
2014-06-03 16:36 - 2014-06-03 16:36 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_3_16_36_54.dmp
2014-06-03 12:50 - 2014-06-03 12:51 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_3_12_50_59.dmp
2014-06-03 10:03 - 2014-06-03 10:03 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_3_10_3_19.dmp
2014-05-27 14:28 - 2014-05-27 14:48 - 00000000 ____D () C:\Users\switte\AppData\Roaming\ICAClient
2014-05-27 14:28 - 2014-05-27 14:28 - 01356664 _____ () C:\Windows\system32\SearchDonkey.E3E38E2B3C8C.2.6.80.dll
2014-05-27 14:28 - 2014-05-27 14:28 - 00000000 ____D () C:\Users\switte\AppData\Local\Citrix
2014-05-27 14:28 - 2014-05-27 14:28 - 00000000 ____D () C:\ProgramData\Citrix
2014-05-27 14:28 - 2014-05-27 14:28 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-05-27 14:23 - 2014-05-27 14:23 - 01161080 _____ () C:\Windows\SysWOW64\SearchDonkey.E3E38E2B3C8C.2.6.80.dll
2014-05-27 14:19 - 2010-03-15 12:31 - 00165376 _____ () C:\Windows\SysWOW64\unrar.dll
2014-05-26 08:58 - 2014-05-26 08:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent
2014-05-26 08:55 - 2014-05-26 08:55 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_5_26_8_55_51.dmp
2014-05-22 08:56 - 2014-05-22 08:56 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_5_22_8_56_14.dmp
2014-05-20 12:50 - 2014-05-20 12:50 - 00000000 ____D () C:\Program Files\7-Zip
2014-05-20 10:49 - 2014-05-20 10:49 - 00000018 _____ () C:\Users\switte\Desktop\testtest.wzip.txt
2014-05-20 09:38 - 2014-05-20 09:38 - 00001674 _____ () C:\Users\Public\Desktop\ProLeiS3_TEST.lnk
2014-05-20 09:36 - 2014-05-21 12:31 - 00000000 ____D () C:\ProLeiS3
2014-05-20 09:36 - 2014-05-20 09:37 - 00000000 ____D () C:\ProLeiS3_TEST
2014-05-20 09:15 - 2014-05-20 09:15 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_5_20_9_15_36.dmp
2014-05-15 15:15 - 2014-05-15 15:15 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_5_15_15_15_4.dmp
2014-05-13 09:38 - 2014-05-13 09:38 - 00020572 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_5_13_9_38_35.dmp
==================== One Month Modified Files and Folders =======
2014-06-12 11:28 - 2014-06-12 11:27 - 00032870 _____ () C:\Users\switte\Desktop\FRST.txt
2014-06-12 11:28 - 2010-10-14 13:50 - 00000000 ____D () C:\Users\switte\AppData\Local\Temp
2014-06-12 11:27 - 2014-06-12 11:27 - 00000000 ____D () C:\Users\switte\Desktop\FRST-OlderVersion
2014-06-12 11:27 - 2014-06-10 16:00 - 00000000 ____D () C:\FRST
2014-06-12 11:27 - 2014-06-10 15:59 - 02081792 _____ (Farbar) C:\Users\switte\Desktop\FRST64.exe
2014-06-12 11:26 - 2014-06-12 11:26 - 00001103 _____ () C:\Users\switte\Desktop\JRT.txt
2014-06-12 11:25 - 2010-10-14 14:15 - 00000000 ____D () C:\Installs
2014-06-12 11:23 - 2009-07-14 06:45 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-12 11:23 - 2009-07-14 06:45 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-12 11:18 - 2014-06-12 10:15 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-12 11:17 - 2014-06-12 11:17 - 00000000 ____D () C:\Windows\ERUNT
2014-06-12 11:17 - 2010-10-14 20:57 - 00000000 ____D () C:\tauschen
2014-06-12 11:17 - 2010-10-09 02:04 - 00000031 _____ () C:\tmuninst.ini
2014-06-12 11:16 - 2014-06-12 11:16 - 00007399 _____ () C:\Users\switte\Desktop\AdwCleaner[S0].txt
2014-06-12 11:16 - 2014-06-12 11:15 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2014-06-12 11:16 - 2010-10-25 13:00 - 00000000 ____D () C:\Users\switte\AppData\Local\TSVNCache
2014-06-12 11:15 - 2014-06-12 11:14 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_12_11_14_59.dmp
2014-06-12 11:14 - 2010-11-22 12:53 - 00000000 ____D () C:\ProgramData\VMware
2014-06-12 11:14 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-12 11:14 - 2009-07-14 06:51 - 00126973 _____ () C:\Windows\setupact.log
2014-06-12 11:13 - 2010-10-08 18:34 - 00851824 _____ () C:\Windows\PFRO.log
2014-06-12 11:12 - 2014-06-12 11:10 - 00000000 ____D () C:\AdwCleaner
2014-06-12 11:12 - 2009-07-14 07:10 - 01434912 _____ () C:\Windows\WindowsUpdate.log
2014-06-12 11:09 - 2014-06-12 11:09 - 00030874 _____ () C:\Users\switte\Desktop\3.txt
2014-06-12 11:05 - 2014-06-12 11:05 - 00020474 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_12_11_5_41.dmp
2014-06-12 10:37 - 2010-11-11 10:18 - 00002064 ____H () C:\Users\switte\Documents\Default.rdp
2014-06-12 10:28 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-06-12 10:15 - 2014-06-12 10:15 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-12 10:15 - 2014-06-12 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-12 10:15 - 2014-06-12 10:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-12 10:15 - 2014-06-12 10:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-12 10:11 - 2014-06-12 10:13 - 01016261 _____ (Thisisu) C:\Users\switte\Desktop\JRT.exe
2014-06-11 17:27 - 2014-06-11 17:27 - 00000000 ___SD () C:\ComboFix
2014-06-11 17:27 - 2014-06-11 08:49 - 00000000 ____D () C:\Qoobox
2014-06-11 16:15 - 2014-06-11 16:15 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_16_15_20.dmp
2014-06-11 16:13 - 2014-06-11 16:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\TSVNCache
2014-06-11 16:13 - 2014-06-11 16:06 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp
2014-06-11 16:10 - 2014-06-11 16:10 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macrovision
2014-06-11 16:09 - 2014-06-11 16:09 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ICAClient
2014-06-11 16:09 - 2014-06-11 16:09 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\DigitalPersona
2014-06-11 16:09 - 2014-06-11 16:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\DigitalPersona
2014-06-11 16:09 - 2014-06-11 16:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Citrix
2014-06-11 16:08 - 2014-06-11 16:08 - 00001441 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-11 16:08 - 2014-06-11 16:08 - 00001407 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-06-11 16:08 - 2014-06-11 16:08 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-11 16:08 - 2014-06-11 16:08 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-06-11 16:08 - 2014-06-11 16:06 - 00000000 ____D () C:\Users\Administrator
2014-06-11 16:08 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-06-11 16:07 - 2014-06-11 16:07 - 00020474 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_16_7_31.dmp
2014-06-11 16:06 - 2014-06-11 16:06 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten
2014-06-11 16:06 - 2014-06-11 16:06 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2014-06-11 14:49 - 2014-06-11 14:49 - 00001148 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-11 14:49 - 2014-06-11 14:49 - 00001136 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-11 14:49 - 2014-06-11 14:49 - 00000000 ____D () C:\Users\switte\AppData\Local\Mozilla
2014-06-11 14:49 - 2013-08-23 11:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-11 14:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-11 14:22 - 2010-10-14 21:05 - 00000000 ____D () C:\Users\switte\AppData\Local\Google
2014-06-11 11:32 - 2014-06-11 11:32 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_11_32_38.dmp
2014-06-11 11:28 - 2010-10-09 01:45 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-11 11:25 - 2010-12-09 12:09 - 00000000 ____D () C:\Program Files (x86)\Raize
2014-06-11 10:52 - 2014-06-11 10:52 - 00032313 _____ () C:\ComboFix.txt
2014-06-11 10:52 - 2014-06-11 10:52 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-11 10:52 - 2014-06-11 10:52 - 00000000 ____D () C:\Users\Installs\AppData\Local\temp
2014-06-11 10:52 - 2014-06-11 10:52 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-11 10:52 - 2014-06-11 10:52 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-11 10:36 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-11 10:16 - 2014-06-11 10:16 - 00021517 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_10_16_44.dmp
2014-06-11 10:07 - 2014-06-11 10:07 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_10_7_1.dmp
2014-06-11 09:55 - 2014-06-11 09:55 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_9_55_13.dmp
2014-06-11 09:34 - 2014-06-11 08:48 - 00000000 ____D () C:\Windows\erdnt
2014-06-11 09:18 - 2014-06-11 09:18 - 00021476 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_9_18_0.dmp
2014-06-11 09:16 - 2009-07-14 04:34 - 29097984 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-06-11 09:16 - 2009-07-14 04:34 - 100925440 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-06-11 09:16 - 2009-07-14 04:34 - 02359296 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-06-11 09:16 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-06-11 09:16 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-06-11 08:55 - 2014-06-05 09:20 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-06-11 08:52 - 2014-06-10 17:14 - 00001266 _____ () C:\Users\switte\Desktop\Revo Uninstaller.lnk
2014-06-11 08:52 - 2014-06-10 17:14 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-11 08:45 - 2014-06-11 08:45 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_11_8_45_44.dmp
2014-06-10 17:13 - 2014-06-10 17:13 - 05205915 ____R (Swearware) C:\Users\switte\Desktop\ComboFix.exe
2014-06-10 16:04 - 2012-01-11 10:41 - 00000064 _____ () C:\Windows\SysWOW64\rp_stats.dat
2014-06-10 16:04 - 2012-01-11 10:41 - 00000044 _____ () C:\Windows\SysWOW64\rp_rules.dat
2014-06-10 15:50 - 2014-06-10 15:50 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_10_15_50_47.dmp
2014-06-05 09:13 - 2014-06-03 16:45 - 00047496 _____ (GFI Software) C:\Windows\system32\sbbd.exe
2014-06-05 09:13 - 2013-08-23 12:27 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2014-06-05 09:06 - 2014-06-05 09:05 - 00020572 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_5_9_5_59.dmp
2014-06-05 09:02 - 2014-06-05 09:00 - 00000000 ____D () C:\Users\Installs
2014-06-05 09:01 - 2014-06-05 09:01 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_5_9_1_32.dmp
2014-06-05 09:00 - 2014-06-05 09:00 - 00000020 ___SH () C:\Users\Installs\ntuser.ini
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Vorlagen
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Startmenü
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Netzwerkumgebung
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Lokale Einstellungen
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Eigene Dateien
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Druckumgebung
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Documents\Eigene Musik
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Documents\Eigene Bilder
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\AppData\Local\Verlauf
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\AppData\Local\Anwendungsdaten
2014-06-05 09:00 - 2014-06-05 09:00 - 00000000 _SHDL () C:\Users\Installs\Anwendungsdaten
2014-06-04 19:37 - 2014-06-04 19:37 - 00000000 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_19_37_8.dmp
2014-06-04 13:51 - 2010-10-20 12:08 - 00000000 ____D () C:\TEMP
2014-06-04 11:18 - 2010-11-02 15:22 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-04 11:18 - 2010-10-20 09:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-06-04 11:04 - 2013-08-23 12:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft Ad-Aware SE Personal
2014-06-04 10:31 - 2010-10-14 13:51 - 00000000 ____D () C:\Users\switte\AppData\Local\VirtualStore
2014-06-04 10:24 - 2014-06-04 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-06-04 10:24 - 2013-08-23 13:47 - 00002068 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-06-04 09:38 - 2014-06-04 09:38 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_9_38_5.dmp
2014-06-04 09:07 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-04 08:50 - 2014-06-04 08:50 - 00020572 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_8_50_29.dmp
2014-06-04 08:40 - 2014-06-04 08:40 - 00020474 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_8_40_3.dmp
2014-06-04 08:21 - 2014-06-04 08:21 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_4_8_21_31.dmp
2014-06-03 16:45 - 2014-06-03 16:45 - 00000000 ____D () C:\Users\switte\AppData\Roaming\Ad-Aware Antivirus
2014-06-03 16:45 - 2013-08-23 12:30 - 00000000 ____D () C:\Users\switte\AppData\Roaming\LavasoftStatistics
2014-06-03 16:41 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-03 16:40 - 2011-05-10 16:37 - 00000179 _____ () C:\Windows\fileinfo.ini
2014-06-03 16:36 - 2014-06-03 16:36 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_3_16_36_54.dmp
2014-06-03 12:58 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-06-03 12:51 - 2014-06-03 12:50 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_3_12_50_59.dmp
2014-06-03 12:46 - 2010-11-22 12:57 - 00000000 ____D () C:\Users\switte\AppData\Roaming\VMware
2014-06-03 12:46 - 2010-11-22 12:57 - 00000000 ____D () C:\Users\switte\AppData\Local\VMware
2014-06-03 11:18 - 2011-01-14 16:09 - 00000033 _____ () C:\Windows\unicon.ini
2014-06-03 10:03 - 2014-06-03 10:03 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_6_3_10_3_19.dmp
2014-06-02 17:54 - 2010-10-09 02:06 - 00003438 _____ () C:\Windows\TMFilter.log
2014-05-27 14:48 - 2014-05-27 14:28 - 00000000 ____D () C:\Users\switte\AppData\Roaming\ICAClient
2014-05-27 14:28 - 2014-05-27 14:28 - 01356664 _____ () C:\Windows\system32\SearchDonkey.E3E38E2B3C8C.2.6.80.dll
2014-05-27 14:28 - 2014-05-27 14:28 - 00000000 ____D () C:\Users\switte\AppData\Local\Citrix
2014-05-27 14:28 - 2014-05-27 14:28 - 00000000 ____D () C:\ProgramData\Citrix
2014-05-27 14:28 - 2014-05-27 14:28 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-05-27 14:23 - 2014-05-27 14:23 - 01161080 _____ () C:\Windows\SysWOW64\SearchDonkey.E3E38E2B3C8C.2.6.80.dll
2014-05-26 08:58 - 2014-05-26 08:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent
2014-05-26 08:55 - 2014-05-26 08:55 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_5_26_8_55_51.dmp
2014-05-22 16:56 - 2010-10-09 02:04 - 00000000 ____D () C:\ProgramData\Temp
2014-05-22 14:42 - 2010-10-20 09:17 - 00000000 ____D () C:\KUNDEN
2014-05-22 08:56 - 2014-05-22 08:56 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_5_22_8_56_14.dmp
2014-05-21 12:31 - 2014-05-20 09:36 - 00000000 ____D () C:\ProLeiS3
2014-05-21 08:11 - 2013-03-20 15:46 - 00001639 _____ () C:\Users\Public\Desktop\ProLeiS3.lnk
2014-05-20 17:52 - 2011-01-12 16:28 - 00014837 _____ () C:\Windows\SysWOW64\sqlnet.log
2014-05-20 12:50 - 2014-05-20 12:50 - 00000000 ____D () C:\Program Files\7-Zip
2014-05-20 12:13 - 2009-07-14 19:58 - 00714260 _____ () C:\Windows\system32\perfh007.dat
2014-05-20 12:13 - 2009-07-14 19:58 - 00154056 _____ () C:\Windows\system32\perfc007.dat
2014-05-20 12:13 - 2009-07-14 07:13 - 01659812 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-20 10:49 - 2014-05-20 10:49 - 00000018 _____ () C:\Users\switte\Desktop\testtest.wzip.txt
2014-05-20 09:38 - 2014-05-20 09:38 - 00001674 _____ () C:\Users\Public\Desktop\ProLeiS3_TEST.lnk
2014-05-20 09:37 - 2014-05-20 09:36 - 00000000 ____D () C:\ProLeiS3_TEST
2014-05-20 09:15 - 2014-05-20 09:15 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_5_20_9_15_36.dmp
2014-05-19 12:29 - 2011-03-22 15:57 - 00000000 ____D () C:\Users\switte\EurekaLog
2014-05-15 15:15 - 2014-05-15 15:15 - 00021878 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_5_15_15_15_4.dmp
2014-05-15 15:09 - 2013-07-23 03:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 15:04 - 2010-10-20 10:36 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 10:18 - 2011-04-06 13:53 - 00000000 ____D () C:\IDGmbH
2014-05-13 09:38 - 2014-05-13 09:38 - 00020572 _____ () C:\Windows\SysWOW64\nmesrvc_core_2014_5_13_9_38_35.dmp
Some content of TEMP:
====================
C:\Users\switte\AppData\Local\Temp\AHOI.exe
C:\Users\switte\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-10 17:55
==================== End Of Log ============================ --- --- ---
schönen Gruß |