PUP.Optional.Delta.A

geomont · 01.09.2013, 10:22

wurde von Malwarebytes gefunden, konnte nicht entfernt werden. Siehe files im Anhang.
Bei Start von Firefox öffnet sich die Delta-Suchmaschine und Fenster öffnen sich unerwünscht.

Ich hoffe Ihr könnt helfen!
Danke im Voraus!
Geomont

schrauber · 01.09.2013, 10:23

hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

geomont · 01.09.2013, 11:26

Das hat gut geklappt!
Herzlichen dank!

Hier meine files:

Code:

ATTFilter

# AdwCleaner v3.001 - Report created 01/09/2013 at 12:02:19
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Ultimate  (64 bits)
# Username : johannes.gottlieb - TOSH1
# Running from : C:\Users\Johannes.Gottlieb\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : BrowserDefendert

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BrowserDefender
Folder Deleted : C:\Program Files (x86)\file scout
Folder Deleted : C:\Program Files (x86)\LyriXeeker
Folder Deleted : C:\Program Files (x86)\openit
Folder Deleted : C:\Users\Johannes.Gottlieb\AppData\LocalLow\delta
Folder Deleted : C:\Users\Johannes.Gottlieb\AppData\Roaming\DSite
Folder Deleted : C:\Users\Johannes.Gottlieb\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Johannes.Gottlieb\AppData\Roaming\SpecialSavings
Folder Deleted : C:\Users\Johannes.Gottlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Folder Deleted : C:\Users\Johannes.Gottlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Deleted : C:\Users\Johannes.Gottlieb\AppData\Roaming\Mozilla\Firefox\Profiles\jrujsnqu.default\Extensions\{5A95A9E0-59DD-4314-BD84-4D18CA83A0E2}
Folder Deleted : C:\Users\Johannes.Gottlieb\AppData\Roaming\Mozilla\Firefox\Profiles\jrujsnqu.default\Extensions\ffxtlbr@delta.com
Folder Deleted : C:\Users\Johannes.Gottlieb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
[!] Folder Deleted : C:\Users\Johannes.Gottlieb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
[!] Folder Deleted : C:\Users\Johannes.Gottlieb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
[!] Folder Deleted : C:\Users\Johannes.Gottlieb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
File Deleted : C:\Users\Johannes.Gottlieb\AppData\Roaming\Mozilla\Firefox\Profiles\jrujsnqu.default\Extensions\firefox@webconnect.co.xpi
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Johannes.Gottlieb\AppData\Roaming\Mozilla\Firefox\Profiles\jrujsnqu.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Johannes.Gottlieb\AppData\Roaming\Mozilla\Firefox\Profiles\jrujsnqu.default\searchplugins\askcomsearch.xml
File Deleted : C:\Users\Johannes.Gottlieb\AppData\Roaming\Mozilla\Firefox\Profiles\jrujsnqu.default\searchplugins\Babylon.xml
File Deleted : C:\Users\Johannes.Gottlieb\AppData\Roaming\Mozilla\Firefox\Profiles\jrujsnqu.default\searchplugins\delta.xml
File Deleted : C:\Users\Johannes.Gottlieb\AppData\Roaming\Mozilla\Firefox\Profiles\jrujsnqu.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Johannes.Gottlieb\AppData\Roaming\Mozilla\Firefox\Profiles\jrujsnqu.default\bprotector_prefs.js
File Deleted : C:\Users\Johannes.Gottlieb\AppData\Roaming\Mozilla\Firefox\Profiles\jrujsnqu.default\\invalidprefs.js
File Deleted : C:\Users\Johannes.Gottlieb\AppData\Roaming\Mozilla\Firefox\Profiles\jrujsnqu.default\user.js
File Deleted : C:\Users\Johannes.Gottlieb\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Johannes.Gottlieb\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Windows\System32\Tasks\EPUpdater
File Deleted : C:\Windows\System32\Tasks\QtraxPlayer

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5A95A9E0-59DD-4314-BD84-4D18CA83A0E2}]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKCU\Software\5b48cdee63fee43
Key Deleted : HKLM\SOFTWARE\5b48cdee63fee43
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKCU\Software\AppDataLow\Software\lyrixeeker
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.17267

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [bProtectTabs]

-\\ Mozilla Firefox v23.0.1 (de)

[ File : C:\Users\Johannes.Gottlieb\AppData\Roaming\Mozilla\Firefox\Profiles\jrujsnqu.default\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://www2.delta-search.com/?babsrc=NT_ss&mntrId=02B74CEDDE2C9948&affID=119357&tt=280813_ctrl1&tsp=4990");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com Search");
Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.bbDpng", "1");
Line Deleted : user_pref("extensions.delta.cntry", "DE");
Line Deleted : user_pref("extensions.delta.dfltLng", "de");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.hdrMd5", "5AC0143689A2D0DC378DEA751100BE7B");
Line Deleted : user_pref("extensions.delta.id", "02b7b3220000000000004cedde2c9948");
Line Deleted : user_pref("extensions.delta.instlDay", "15947");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.lastVrsnTs", "1.8.24.621:49:09");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.sg", "azb");
Line Deleted : user_pref("extensions.delta.smplGrp", "azb");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.24.6");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.24.621:49:09");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.24.6");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119357&tt=280813_ctrl1&tsp=4990");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Line Deleted : user_pref("extensions.enabledAddons", "%7B5a95a9e0-59dd-4314-bd84-4d18ca83a0e2%7D:1.26,ffxtlbr%40delta.com:1.5.0,firefox%40webconnect.co:1.0.0,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1");
Line Deleted : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Nuance\\\\NaturallySpeaki[...]
Line Deleted : user_pref("extensions.wajam.affiliate_id", "6447");
Line Deleted : user_pref("extensions.wajam.firstrun", "false");
Line Deleted : user_pref("extensions.wajam.log_send_info", "false");
Line Deleted : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21087\",\"update_interval\":1235,\"base_url\":\"hxxp:\\/\\/www.wajam.com\\/\",\"update_url\":\"hxxp:\\/\\/www.wajam.com\\/addon\\/[...]
Line Deleted : user_pref("extensions.wajam.no_trace", "false");
Line Deleted : user_pref("extensions.wajam.server_current_mapping_version", "0.21087");
Line Deleted : user_pref("extensions.wajam.supported_sites.encryptedgoogle.wajam_google_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'W[...]
Line Deleted : user_pref("extensions.wajam.supported_sites.google.wajam_google_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';[...]
Line Deleted : user_pref("extensions.wajam.supported_sites.myshopping.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';win[...]
Line Deleted : user_pref("extensions.wajam.supported_sites.wikipedia.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';wind[...]
Line Deleted : user_pref("extensions.wajam.trace_log", "1377939440761 - processInstallationUpgrade - versionActual: 1.26\n1377939440761 - processInstallationUpgrade - isFirstTimeInstallation: false\n1377939440762 - [...]
Line Deleted : user_pref("extensions.wajam.unique_id", "5A786F596ECD51D89E2F48B8BAEA377A");
Line Deleted : user_pref("extensions.wajam.user_current_mapping_version", "0");
Line Deleted : user_pref("extensions.wajam.version", "1.26");

[ File : C:\Users\JoGo\AppData\Roaming\Mozilla\Firefox\Profiles\1gopu0hl.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Johannes.Gottlieb\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Johannes.Gottlieb\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [14971 octets] - [01/09/2013 11:28:27]
AdwCleaner[S0].txt - [13831 octets] - [01/09/2013 12:02:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13892 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.6 (08.30.2013:1)
OS: Windows 7 Ultimate x64
Ran by johannes.gottlieb on 01.09.2013 at 12:08:38,09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\bProtectTabs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\delta ltd
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EA981843-89BD-4961-9F90-F9E6C948F964}



~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\Lyrics Seeker Update.job
Successfully deleted: [File] "C:\Users\Johannes.Gottlieb\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!"
Successfully deleted: [Folder] "C:\Users\Johannes.Gottlieb\music\qtrax media library"



~~~ FireFox

Emptied folder: C:\Users\Johannes.Gottlieb\AppData\Roaming\mozilla\firefox\profiles\jrujsnqu.default\minidumps [282 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.09.2013 at 12:14:49,80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-09-2013
Ran by johannes.gottlieb (administrator) on TOSH1 on 01-09-2013 12:22:48
Running from C:\Users\Johannes.Gottlieb\Desktop\Scannen von Schadsoftware
Windows 7 Ultimate (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Nero AG) c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\system32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\XSManager\WTGService.exe
(4G Systems GmbH & Co. KG) C:\Windows\service4g.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(4G Systems GmbH & Co. KG) C:\Windows\starter4g.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Tobit Software) C:\Program Files (x86)\Tobit InfoCenter\David\Apps\Replica\CODE\replica.exe
(Tobit Software) C:\Program Files (x86)\Tobit InfoCenter\David\Code\SL.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Toshiba Europe GmbH) C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Bartels Media GmbH) C:\Program Files (x86)\PhraseExpress\phraseexpress.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Tobit.Software) C:\Windows\SysWOW64\DV4TS.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe
() C:\Program Files (x86)\HP Wireless Printer Adapter\ConnectMgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosBtProc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-05-11] (Toshiba Europe GmbH)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2107176 2010-03-11] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505768 2010-05-25] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1504608 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] - C:\Windows\system32\thpsrv /logon [x]
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705432 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [136136 2010-04-19] (Toshiba Europe GmbH)
HKLM\...\Run: [HP Color LaserJet CM2320 MFP Series Fax] - C:\Program Files (x86)\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe [3700736 2009-09-22] (Hewlett-Packard Company)
HKCU\...\Run: [updateMgr] - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [313472 2006-03-30] (Adobe Systems Incorporated)
HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
MountPoints2: {2c5b5c17-2248-11e1-bdcc-002318949294} - F:\autorun.exe
MountPoints2: {fb37b720-f8bf-11e1-8193-002318949294} - F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083
HKLM-x32\...\Run: [NBAgent] - c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [1086760 2010-03-09] (Nero AG)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [TOSDCR] - C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-05-01] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ITSecMng] - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSleepSrv] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252728 2010-04-01] (TOSHIBA)
HKLM-x32\...\Run: [starter4g] - C:\Windows\starter4g.exe [160424 2010-04-30] (4G Systems GmbH & Co. KG)
HKLM-x32\...\Run: [DV4TS.EXE] - c:\windows\system32\DV4TS.EXE [x]
HKLM-x32\...\Run: [HPUsageTracking] - C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe [24576 2009-05-11] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] - C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2008-04-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM-x32\...\Run: [DNS7reminder] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKU\administrator\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
HKU\Default\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
HKU\JoGo\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
HKU\JoGo\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe [256280 2010-01-27] (Adobe Systems, Inc.)
HKU\User\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
Startup: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-BA7E-100000000002}\SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PhraseExpress.lnk
ShortcutTarget: PhraseExpress.lnk -> C:\Program Files (x86)\PhraseExpress\phraseexpress.exe (Bartels Media GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Verbindungsmanager.lnk
ShortcutTarget: Verbindungsmanager.lnk -> C:\Program Files (x86)\HP Wireless Printer Adapter\ConnectMgr.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Johannes.Gottlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {4118306C-A499-4736-B8ED-C7B1AEA899BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKCU - {043AF010-D3A0-4A79-BDD9-5EA978BE943D} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
SearchScopes: HKCU - {4118306C-A499-4736-B8ED-C7B1AEA899BB} URL = 
SearchScopes: HKCU - {7BB8434F-BF7C-4CF0-8685-81632CA75039} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKCU - {E8DEF850-8D47-475F-9A8A-EF430DD2F1A1} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 83.169.185.97 83.169.185.33
Tcpip\..\Interfaces\{89A696DF-2554-4373-B5B9-4CC709836F0D}: [NameServer]192.168.1.1,192.168.1.254
Tcpip\..\Interfaces\{FF0CBC07-64D7-4841-B6C9-E10BAB31C86D}: [NameServer]192.168.1.1,192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Johannes.Gottlieb\AppData\Roaming\Mozilla\Firefox\Profiles\jrujsnqu.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://montanes.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DragonRIAPlugin - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Lyrics Seeker - C:\Users\Johannes.Gottlieb\AppData\Roaming\Mozilla\Firefox\Profiles\jrujsnqu.default\Extensions\131
FF Extension: WebConnect - C:\Users\Johannes.Gottlieb\AppData\Roaming\Mozilla\Firefox\Profiles\jrujsnqu.default\Extensions\firefox@webconnect.co
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: No Name - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF HKCU\...\Firefox\Extensions: [{450ef4aa-3d18-4b12-8d9f-ecc17330b054}] C:\Program Files (x86)\LyricsSeeker\131.xpi
FF Extension: No Name - C:\Program Files (x86)\LyricsSeeker\131.xpi

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Google Drive) - C:\Users\JOHANN~1.GOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: () - C:\Users\JOHANN~1.GOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfcpnihmbfoaeoakalclfalkdepgiaje\2.0.0.1
CHR Extension: (YouTube) - C:\Users\JOHANN~1.GOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\JOHANN~1.GOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (\x4cy\x72i\x63\x73\x20Se\x65\x6ber) - C:\Users\JOHANN~1.GOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgoiojnjnacbjngolldkokokgpcjbgjj\1.131
CHR Extension: (Gmail) - C:\Users\JOHANN~1.GOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [bfcpnihmbfoaeoakalclfalkdepgiaje] - C:\Users\Johannes.Gottlieb\AppData\Roaming\SpecialSavings\SpecialSavings.crx
CHR HKLM-x32\...\Chrome\Extension: [lgoiojnjnacbjngolldkokokgpcjbgjj] - C:\Program Files (x86)\LyricsSeeker\131.crx
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 DavidReplica; C:\Program Files (x86)\Tobit InfoCenter\David\Apps\Replica\CODE\replica.exe [1665536 2010-06-06] (Tobit Software)
R2 DavidServiceLayer; C:\Program Files (x86)\Tobit InfoCenter\David\Code\SL.EXE [2493272 2012-03-05] (Tobit Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-05-11] (Toshiba Europe GmbH)
R2 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [329168 2010-04-12] ()
R2 XS Stick Service; C:\Windows\service4g.exe [145064 2010-04-30] (4G Systems GmbH & Co. KG)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-31] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-31] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-31] (Avira Operations GmbH & Co. KG)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2011-12-13] (Mobile Connector)
R3 hpnuhst; C:\Windows\System32\DRIVERS\hpnuhst.sys [16384 2007-03-27] (Hewlett-Packard Development Company)
R3 HPNUHUB; C:\Windows\System32\DRIVERS\hpnuhub.sys [40448 2007-10-30] (Hewlett-Packard Development Company)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-01 12:08 - 2013-09-01 12:08 - 00000000 ____D C:\Windows\ERUNT
2013-09-01 11:28 - 2013-09-01 12:02 - 00000000 ____D C:\AdwCleaner
2013-09-01 10:48 - 2013-09-01 10:48 - 00000000 _____ C:\Users\Johannes.Gottlieb\defogger_reenable
2013-09-01 08:55 - 2013-09-01 08:55 - 00000000 ____D C:\FRST
2013-08-31 15:47 - 2013-08-31 15:47 - 00000000 ____D C:\Users\Johannes.Gottlieb\Desktop\Vorträge 2013
2013-08-30 21:58 - 2013-08-30 21:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-30 21:58 - 2013-08-30 21:58 - 00000000 ____D C:\Users\Johannes.Gottlieb\AppData\Roaming\Malwarebytes
2013-08-30 21:58 - 2013-08-30 21:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-30 21:58 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-29 13:53 - 2013-09-01 12:05 - 00000412 _____ C:\Windows\Tasks\Lyrics Seeker Update.job
2013-08-29 13:53 - 2013-08-31 00:35 - 00000000 ____D C:\Program Files (x86)\LyricsSeeker
2013-08-29 13:53 - 2013-08-29 13:53 - 00003084 _____ C:\Windows\System32\Tasks\Lyrics Seeker Update
2013-08-29 13:53 - 2013-08-29 13:53 - 00000000 ____D C:\Users\Johannes.Gottlieb\AppData\Local\avgchrome
2013-08-27 08:12 - 2013-08-27 08:12 - 00924672 _____ C:\Users\Johannes.Gottlieb\Desktop\VWDA Gesprächsvorlage Managementkonzept 26 08 2013_ErgaenzungDD.ppt
2013-08-26 16:10 - 2013-08-26 16:10 - 00065732 _____ C:\Users\Johannes.Gottlieb\Desktop\Kopie von Musterportfolio.xlsm
2013-08-25 22:05 - 2013-08-31 15:01 - 00000000 ____D C:\Users\Johannes.Gottlieb\Desktop\Word-Docs
2013-08-25 20:45 - 2013-08-25 20:45 - 00050688 _____ C:\Users\Johannes.Gottlieb\Desktop\BBbank.xls
2013-08-25 11:11 - 2013-08-25 20:42 - 00806400 _____ C:\Users\Johannes.Gottlieb\Desktop\VWDA Gesprächsvorlage Managementkonzept 25.08.2013.ppt
2013-08-24 12:45 - 2013-08-24 12:45 - 00000057 _____ C:\ProgramData\Ament.ini
2013-08-24 11:04 - 2013-08-24 11:04 - 00003668 _____ C:\Windows\System32\Tasks\HPCustParticipation HP Officejet Pro 8500 A910
2013-08-24 11:04 - 2013-08-24 11:04 - 00000000 ____D C:\Users\Johannes.Gottlieb\AppData\Roaming\HpUpdate
2013-08-24 11:04 - 2010-11-16 21:24 - 00750440 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5312.dll
2013-08-24 11:02 - 2013-08-24 11:02 - 00000000 ____D C:\Program Files\HP
2013-08-24 11:01 - 2013-08-24 11:01 - 00000000 ____D C:\Users\Johannes.Gottlieb\AppData\Local\HP
2013-08-23 11:41 - 2013-08-23 11:41 - 08824320 _____ C:\Users\Johannes.Gottlieb\Desktop\MS_ZED Geothermal Power Fund I - Basisinformation 23 07 2013 - ENGLISH.ppt
2013-08-21 21:40 - 2013-08-21 21:40 - 17737608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-08-21 08:04 - 2013-08-21 08:07 - 08824320 _____ C:\Users\Johannes.Gottlieb\Desktop\MS_ZED Geothermal Power Fund I - Basisinformation 20 07 2013 - ENGLISH.ppt
2013-08-21 08:00 - 2013-08-21 08:00 - 02140160 _____ C:\Users\Johannes.Gottlieb\Desktop\ZED Renewable Energies Fund I - Basisinformation 15.07.2013.ppt
2013-08-15 19:52 - 2013-08-15 19:52 - 00037888 _____ C:\Users\Johannes.Gottlieb\Desktop\Kopie von 130812_Schwarzenberg_Eco2heat.xls
2013-08-15 19:51 - 2013-08-15 19:51 - 00096256 _____ C:\Users\Johannes.Gottlieb\Desktop\Kopie von 2013_E2H_Projektabwicklung.xls
2013-08-15 19:51 - 2013-08-15 19:51 - 00058880 _____ C:\Users\Johannes.Gottlieb\Desktop\Kopie von 130726_Schwarzenberg_Flächen.xls
2013-08-13 21:33 - 2013-08-13 21:34 - 00000000 ____D C:\Users\Johannes.Gottlieb\Desktop\Bilder Madeira
2013-08-12 14:44 - 2013-08-12 14:45 - 00000000 ____D C:\Users\Johannes.Gottlieb\Desktop\201 TSW Terra-Sol
2013-08-11 08:14 - 2013-08-11 08:14 - 00000000 ____D C:\Program Files (x86)\QuickTime

==================== One Month Modified Files and Folders =======

2013-09-01 12:22 - 2013-09-01 12:17 - 00000000 ____D C:\Users\Johannes.Gottlieb\Desktop\Scannen von Schadsoftware
2013-09-01 12:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2013-09-01 12:12 - 2009-07-14 06:45 - 00021440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-01 12:12 - 2009-07-14 06:45 - 00021440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-01 12:08 - 2013-09-01 12:08 - 00000000 ____D C:\Windows\ERUNT
2013-09-01 12:06 - 2012-09-17 09:39 - 00000000 ____D C:\Users\Johannes.Gottlieb\AppData\Roaming\Skype
2013-09-01 12:05 - 2013-08-29 13:53 - 00000412 _____ C:\Windows\Tasks\Lyrics Seeker Update.job
2013-09-01 12:04 - 2012-12-24 12:52 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-01 12:03 - 2012-07-05 09:40 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-09-01 12:03 - 2010-11-20 07:21 - 00144112 _____ C:\Windows\PFRO.log
2013-09-01 12:03 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-01 12:03 - 2009-07-14 06:51 - 00058239 _____ C:\Windows\setupact.log
2013-09-01 12:02 - 2013-09-01 11:28 - 00000000 ____D C:\AdwCleaner
2013-09-01 12:02 - 2010-11-20 07:25 - 01125327 _____ C:\Windows\WindowsUpdate.log
2013-09-01 11:54 - 2012-08-09 22:00 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-01 11:25 - 2012-12-24 12:52 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-01 11:00 - 2009-07-14 06:45 - 00511528 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-01 10:48 - 2013-09-01 10:48 - 00000000 _____ C:\Users\Johannes.Gottlieb\defogger_reenable
2013-09-01 10:48 - 2012-08-27 12:46 - 00000000 ____D C:\Users\Johannes.Gottlieb
2013-09-01 09:19 - 2013-06-04 10:40 - 00000000 ____D C:\Users\Johannes.Gottlieb\Desktop\Desk Programme
2013-09-01 08:55 - 2013-09-01 08:55 - 00000000 ____D C:\FRST
2013-09-01 08:51 - 2012-08-27 12:49 - 00132800 _____ C:\Users\Johannes.Gottlieb\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-01 08:26 - 2012-01-26 15:57 - 00000128 _____ C:\Windows\system32\config\netlogon.ftl
2013-08-31 15:47 - 2013-08-31 15:47 - 00000000 ____D C:\Users\Johannes.Gottlieb\Desktop\Vorträge 2013
2013-08-31 15:20 - 2009-07-14 19:58 - 00697542 _____ C:\Windows\system32\perfh007.dat
2013-08-31 15:20 - 2009-07-14 19:58 - 00148548 _____ C:\Windows\system32\perfc007.dat
2013-08-31 15:20 - 2009-07-14 07:13 - 01614924 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-31 15:01 - 2013-08-25 22:05 - 00000000 ____D C:\Users\Johannes.Gottlieb\Desktop\Word-Docs
2013-08-31 11:23 - 2012-03-28 12:39 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-31 09:24 - 2012-08-27 12:46 - 00000000 ___RD C:\Users\Johannes.Gottlieb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-31 09:23 - 2012-11-22 19:29 - 00000000 ____D C:\Program Files\Bonjour
2013-08-31 09:23 - 2012-11-22 19:29 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-08-31 09:15 - 2012-02-17 02:12 - 00000000 ____D C:\Program Files (x86)\HP
2013-08-31 09:09 - 2012-12-23 21:24 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-31 09:09 - 2012-12-23 21:24 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-31 09:08 - 2012-12-23 21:24 - 00000000 ____D C:\Program Files\iTunes
2013-08-31 09:08 - 2012-12-23 21:24 - 00000000 ____D C:\Program Files\iPod
2013-08-31 08:21 - 2013-07-28 12:25 - 00000072 _____ C:\Users\Johannes.Gottlieb\AppData\Roaming\WB.CFG
2013-08-31 08:21 - 2013-06-22 12:01 - 00000005 _____ C:\Users\Johannes.Gottlieb\AppData\Roaming\WBPU-TTL.DAT
2013-08-31 00:35 - 2013-08-29 13:53 - 00000000 ____D C:\Program Files (x86)\LyricsSeeker
2013-08-31 00:35 - 2013-02-18 15:51 - 00000000 ___RD C:\Users\Johannes.Gottlieb\Desktop\Dokumente 2013
2013-08-30 21:59 - 2013-08-30 21:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-30 21:58 - 2013-08-30 21:58 - 00000000 ____D C:\Users\Johannes.Gottlieb\AppData\Roaming\Malwarebytes
2013-08-30 21:58 - 2013-08-30 21:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-29 17:05 - 2012-09-15 20:27 - 00000000 ____D C:\Users\Johannes.Gottlieb\AppData\Roaming\Tobit
2013-08-29 13:53 - 2013-08-29 13:53 - 00003084 _____ C:\Windows\System32\Tasks\Lyrics Seeker Update
2013-08-29 13:53 - 2013-08-29 13:53 - 00000000 ____D C:\Users\Johannes.Gottlieb\AppData\Local\avgchrome
2013-08-29 08:04 - 2012-11-11 00:11 - 00000000 ____D C:\Users\Johannes.Gottlieb\Documents\Solar und Fotovoltaik Software 2011
2013-08-28 14:21 - 2013-07-22 21:15 - 00000000 ____D C:\Users\Johannes.Gottlieb\Documents\PhraseExpress
2013-08-28 14:21 - 2013-07-22 21:00 - 00000000 ____D C:\Users\Public\Documents\PhraseExpress
2013-08-28 14:03 - 2013-05-18 11:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-27 08:12 - 2013-08-27 08:12 - 00924672 _____ C:\Users\Johannes.Gottlieb\Desktop\VWDA Gesprächsvorlage Managementkonzept 26 08 2013_ErgaenzungDD.ppt
2013-08-26 16:10 - 2013-08-26 16:10 - 00065732 _____ C:\Users\Johannes.Gottlieb\Desktop\Kopie von Musterportfolio.xlsm
2013-08-25 20:56 - 2013-07-09 11:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-25 20:45 - 2013-08-25 20:45 - 00050688 _____ C:\Users\Johannes.Gottlieb\Desktop\BBbank.xls
2013-08-25 20:42 - 2013-08-25 11:11 - 00806400 _____ C:\Users\Johannes.Gottlieb\Desktop\VWDA Gesprächsvorlage Managementkonzept 25.08.2013.ppt
2013-08-24 12:52 - 2012-02-17 01:00 - 00000000 ____D C:\ProgramData\HP
2013-08-24 12:45 - 2013-08-24 12:45 - 00000057 _____ C:\ProgramData\Ament.ini
2013-08-24 11:04 - 2013-08-24 11:04 - 00003668 _____ C:\Windows\System32\Tasks\HPCustParticipation HP Officejet Pro 8500 A910
2013-08-24 11:04 - 2013-08-24 11:04 - 00000000 ____D C:\Users\Johannes.Gottlieb\AppData\Roaming\HpUpdate
2013-08-24 11:02 - 2013-08-24 11:02 - 00000000 ____D C:\Program Files\HP
2013-08-24 11:01 - 2013-08-24 11:01 - 00000000 ____D C:\Users\Johannes.Gottlieb\AppData\Local\HP
2013-08-23 11:41 - 2013-08-23 11:41 - 08824320 _____ C:\Users\Johannes.Gottlieb\Desktop\MS_ZED Geothermal Power Fund I - Basisinformation 23 07 2013 - ENGLISH.ppt
2013-08-21 21:41 - 2012-08-09 22:00 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-21 21:40 - 2013-08-21 21:40 - 17737608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-08-21 21:40 - 2012-08-09 22:00 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-21 21:40 - 2012-02-27 22:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-21 08:07 - 2013-08-21 08:04 - 08824320 _____ C:\Users\Johannes.Gottlieb\Desktop\MS_ZED Geothermal Power Fund I - Basisinformation 20 07 2013 - ENGLISH.ppt
2013-08-21 08:00 - 2013-08-21 08:00 - 02140160 _____ C:\Users\Johannes.Gottlieb\Desktop\ZED Renewable Energies Fund I - Basisinformation 15.07.2013.ppt
2013-08-19 16:57 - 2013-07-24 18:07 - 00002154 _____ C:\Users\Johannes.Gottlieb\AppData\Roaming\SAS7_000.DAT
2013-08-18 07:26 - 2013-07-21 18:19 - 00000000 ____D C:\Windows\system32\MRT
2013-08-18 07:23 - 2012-11-11 13:37 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-16 14:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-15 19:52 - 2013-08-15 19:52 - 00037888 _____ C:\Users\Johannes.Gottlieb\Desktop\Kopie von 130812_Schwarzenberg_Eco2heat.xls
2013-08-15 19:51 - 2013-08-15 19:51 - 00096256 _____ C:\Users\Johannes.Gottlieb\Desktop\Kopie von 2013_E2H_Projektabwicklung.xls
2013-08-15 19:51 - 2013-08-15 19:51 - 00058880 _____ C:\Users\Johannes.Gottlieb\Desktop\Kopie von 130726_Schwarzenberg_Flächen.xls
2013-08-13 21:34 - 2013-08-13 21:33 - 00000000 ____D C:\Users\Johannes.Gottlieb\Desktop\Bilder Madeira
2013-08-12 14:45 - 2013-08-12 14:44 - 00000000 ____D C:\Users\Johannes.Gottlieb\Desktop\201 TSW Terra-Sol
2013-08-11 08:14 - 2013-08-11 08:14 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-08-07 17:13 - 2010-06-08 15:10 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-07 17:13 - 2010-06-08 15:10 - 00000000 ____D C:\ProgramData\Skype
2013-08-05 16:25 - 2013-06-29 08:42 - 00000000 ____D C:\Users\Johannes.Gottlieb\Desktop\Dokumente 2013 Juli

Files to move or delete:
====================
C:\Users\JoGo\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\JoGo\AppData\Local\Temp\TeamViewer\Version7\TeamViewer_.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\APNStub.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\AskSLib.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\de_ww_Package.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\Quarantine.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\setup.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TuneUpUtilities2013_de-DE.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\uninst1.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\{AC76BA86-1033-F400-BA7E-100000000002}\asneu.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\{2CBCEC3C-FD52-4FE0-8EDE-48726B3095D1}\ISBEW64.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\UpdateWizard_62743\SilentUpdater.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\upd15D8\BabScheduler2000201.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\awt.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\cmm.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\dcpr.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\deploy.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\deploytk.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\dt_shmem.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\dt_socket.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\eula.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\fontmanager.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\hpi.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\hprof.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\instrument.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\ioser12.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\j2pcsc.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\jaas_nt.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\java-rmi.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\java.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\java_crw_demo.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\jawt.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\jbroker.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\JdbcOdbc.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\jdwp.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\jli.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\jp2iexp.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\jp2launcher.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\jp2native.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\jp2ssv.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\jpeg.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\jsound.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\jureg.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\management.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\mlib_image.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\msvcrt.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\net.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\nio.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\npdeploytk.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\npt.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\pack200.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\regutils.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\rmi.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\splashscreen.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\ssv.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\ssvagent.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\unpack.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\unpack200.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\verify.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\w2k_lsa_auth.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\wsdetect.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\zip.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\server\jvm.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\new_plugin\msvcrt.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\java\jre\win64\jre\bin\new_plugin\npjp2.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\bin\win64\dotnetinst.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\bin\win64\instutil.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\bin\win64\java_launcher.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\bin\win64\mwinstall.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\bin\win64\setup.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\bin\win64\vcredist_x64.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\TMW1D90.tmp\bin\win64\VCRT_check.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\SDIAG_a7855e6b-455c-4ecf-8895-78cad746d533\DiagPackage.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\SDIAG_9fe09922-66d0-44a7-a478-02c278c0d08b\DiagPackage.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\Package2\Setup\TOBITCLT.DLL
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\nsqBD6D.tmp\System.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\nsqBD6D.tmp\UAC.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\NaturallySpeaking\dragon_support_packager.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\NaturallySpeaking\instmsiw.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\NaturallySpeaking\setup.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\NaturallySpeaking\WindowsInstaller-KB893803-x86.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\NaturallySpeaking\ISSetupPrerequisites\dotNetFramework\dotNetFx40_Full_x86_x64.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\NaturallySpeaking\Documentation\NuancePDFReader_EFGDIS.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\is357113909\chrome_logic.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\is357113909\dp.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\is357113909\OpenItSetup.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\is357113909\QtraxInstaller.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\is357113909\wajam_validate.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\is1590112554\OpenItSetup.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\is1590112554\wajam_validate.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\busA37F\ff21v.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\B0AB4348-BAB0-7891-BFCB-56F52B786494\Latest\BExternal.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\B0AB4348-BAB0-7891-BFCB-56F52B786494\Latest\BUSolForMontiera.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\B0AB4348-BAB0-7891-BFCB-56F52B786494\Latest\ccp.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\B0AB4348-BAB0-7891-BFCB-56F52B786494\Latest\ChromeToolbarSetup.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\B0AB4348-BAB0-7891-BFCB-56F52B786494\Latest\CrxInstaller.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\B0AB4348-BAB0-7891-BFCB-56F52B786494\Latest\enhancedNT.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\B0AB4348-BAB0-7891-BFCB-56F52B786494\Latest\GUninstaller.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\B0AB4348-BAB0-7891-BFCB-56F52B786494\Latest\IEHelper.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\B0AB4348-BAB0-7891-BFCB-56F52B786494\Latest\MntrDLLInstall.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\B0AB4348-BAB0-7891-BFCB-56F52B786494\Latest\sqlite3.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\A0EE81B6-BAB0-7891-87EE-BD6E6F6A5910\Latest\BExternal.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\A0EE81B6-BAB0-7891-87EE-BD6E6F6A5910\Latest\BUSolForMontiera.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\A0EE81B6-BAB0-7891-87EE-BD6E6F6A5910\Latest\ccp.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\A0EE81B6-BAB0-7891-87EE-BD6E6F6A5910\Latest\ChromeToolbarSetup.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\A0EE81B6-BAB0-7891-87EE-BD6E6F6A5910\Latest\CrxInstaller.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\A0EE81B6-BAB0-7891-87EE-BD6E6F6A5910\Latest\enhancedNT.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\A0EE81B6-BAB0-7891-87EE-BD6E6F6A5910\Latest\GUninstaller.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\A0EE81B6-BAB0-7891-87EE-BD6E6F6A5910\Latest\IEHelper.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\A0EE81B6-BAB0-7891-87EE-BD6E6F6A5910\Latest\MntrDLLInstall.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\A0EE81B6-BAB0-7891-87EE-BD6E6F6A5910\Latest\sqlite3.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\9F7FA5C5-BAB0-7891-8045-296DEB990CB3\Latest\BExternal.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\9F7FA5C5-BAB0-7891-8045-296DEB990CB3\Latest\BUSolForMontiera.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\9F7FA5C5-BAB0-7891-8045-296DEB990CB3\Latest\BUSolution.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\9F7FA5C5-BAB0-7891-8045-296DEB990CB3\Latest\ChromeToolbarSetup.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\9F7FA5C5-BAB0-7891-8045-296DEB990CB3\Latest\CrxInstaller.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\9F7FA5C5-BAB0-7891-8045-296DEB990CB3\Latest\GUninstaller.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\9F7FA5C5-BAB0-7891-8045-296DEB990CB3\Latest\IEHelper.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\9F7FA5C5-BAB0-7891-8045-296DEB990CB3\Latest\MntrDLLInstall.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\9F7FA5C5-BAB0-7891-8045-296DEB990CB3\Latest\sqlite3.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\setup.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\AccessibleMarshal.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\breakpadinjector.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\crashreporter.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\D3DCompiler_43.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\firefox.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\freebl3.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\gkmedias.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\libEGL.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\libGLESv2.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\maintenanceservice.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\maintenanceservice_installer.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\mozalloc.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\mozglue.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\mozjs.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\msvcp100.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\msvcr100.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\nss3.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\nssckbi.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\nssdbm3.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\plugin-container.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\plugin-hang-ui.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\softokn3.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\updater.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\webapp-uninstaller.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\webapprt-stub.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\xul.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\uninstall\helper.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\7zS7314.tmp\core\browser\components\browsercomps.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\38FDFC2D-BAB0-7891-8FC7-DEF964242C7E\Latest\BExternal.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\38FDFC2D-BAB0-7891-8FC7-DEF964242C7E\Latest\BUSolForMontiera.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\38FDFC2D-BAB0-7891-8FC7-DEF964242C7E\Latest\ccp.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\38FDFC2D-BAB0-7891-8FC7-DEF964242C7E\Latest\ChromeToolbarSetup.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\38FDFC2D-BAB0-7891-8FC7-DEF964242C7E\Latest\CrxInstaller.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\38FDFC2D-BAB0-7891-8FC7-DEF964242C7E\Latest\enhancedNT.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\38FDFC2D-BAB0-7891-8FC7-DEF964242C7E\Latest\GUninstaller.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\38FDFC2D-BAB0-7891-8FC7-DEF964242C7E\Latest\IEHelper.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\38FDFC2D-BAB0-7891-8FC7-DEF964242C7E\Latest\MntrDLLInstall.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\38FDFC2D-BAB0-7891-8FC7-DEF964242C7E\Latest\sqlite3.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\GoogleEarth.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemyext.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\earthps.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\geplugin.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\ge_expat.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\googleearth_free.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\icudt.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGAttrs.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGCore.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGExportCommon.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGGfx.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGMath.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGOpt.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGSg.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\IGUtils.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\msvcp100.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\msvcr100.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\npgeplugin.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\plugin_ax.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtCore4.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtGui4.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtNetwork4.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\QtWebKit4.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\imageformats\qgif4.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\imageformats\qjpeg4.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\optimizations\IGOptExtension.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\D3DCompiler_43.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\d3dx9_43.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGAttrs.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGGfx.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGSg.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\libEGL.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\libGLESv2.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGAttrs.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGGfx.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGSg.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemyext.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\earthflashsol.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\earthps.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\ge_expat.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\googleearth.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\googleearth_free.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\gpsbabel.exe
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\icudt.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGAttrs.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGCore.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGExportCommon.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGGfx.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGMath.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGOpt.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGSg.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\IGUtils.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\msvcp100.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\msvcr100.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtCore4.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtGui4.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtNetwork4.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\QtWebKit4.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\Plugins\npgeinprocessplugin.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\imageformats\qgif4.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\imageformats\qjpeg4.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\optimizations\IGOptExtension.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\D3DCompiler_43.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\d3dx9_43.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGAttrs.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGGfx.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGSg.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\libEGL.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\libGLESv2.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGAttrs.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGGfx.dll
C:\Users\Johannes.Gottlieb\AppData\Local\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGSg.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-22 10:05

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 01.09.2013, 13:39

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

geomont · 01.09.2013, 20:06

Die Ergebnisse:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b9666333f1aaaa4fa48a188007d50a6b
# engine=14974
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-01 05:18:24
# local_time=2013-09-01 07:18:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1799 16775165 100 96 24456 14543966 10394 0
# compatibility_mode=5893 16776574 100 94 14723375 130461575 0 0
# scanned=325063
# found=0
# cleaned=0
# scan_time=9237

Code:

ATTFilter

 UNSUPPORTED OPERATING SYSTEM! ABORTED!

schrauber · 02.09.2013, 07:47

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

PUP.Optional.Delta.A

Log-Analyse und Auswertung: PUP.Optional.Delta.A