Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Delta.search eingefangen und internetexplorer ist plötzlich portugiesisch statt deutsch

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.09.2013, 07:06   #1
suvannapum56
 
Delta.search eingefangen und internetexplorer ist plötzlich portugiesisch statt deutsch - Standard

Delta.search eingefangen und internetexplorer ist plötzlich portugiesisch statt deutsch



Plötzlich ist da dieser üble Deltasearch angekommen, als ich Mozillafirefox heruntergeladen und installiert habe. Ebenso plötzlich ist das deutsche Mozilla holländisch! Und plötzlich führt mich Internetexplorer auf eine portugiesische Version.
Ein siebenstündiger Microsoft essentials antivirus scan brachte 0 viren hervor! Habe Mozillafirefox desinstalliert.
Danke für die Hilfe und
Gruss
Anatol

Alt 15.09.2013, 07:10   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Delta.search eingefangen und internetexplorer ist plötzlich portugiesisch statt deutsch - Standard

Delta.search eingefangen und internetexplorer ist plötzlich portugiesisch statt deutsch



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 15.09.2013, 08:30   #3
suvannapum56
 
Delta.search eingefangen und internetexplorer ist plötzlich portugiesisch statt deutsch - Standard

Delta.search eingefangen und internetexplorer ist plötzlich portugiesisch statt deutsch



Guten Tag Schrauber. Herzlichen Dank für Deine superschnelle early bird Antwort..
mit FRST64 gescannt, aber ich sehe keinen "Addition" text!
Gruss
Anatol

PS: was meinst Du mit (#-Symbol im Eingabefenster der Webseite anklicken) ?

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-09-2013 04
Ran by Alfred (administrator) on DM12REP on 15-09-2013 08:21:15
Running from C:\Users\Alfred\Desktop\Trojaner board.de
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ArcSoft, Inc.) C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(Abelssoft) C:\Program Files (x86)\CheckDrive\CheckDriveBackgroundGuard.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\SteganosBrowserMonitor.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\SteganosHotKeyService.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\fredirstarter.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(VMLite, Inc.) C:\VXP\VMLiteService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(FreeDownloadManager.ORG) C:\Program Files (x86)\Free Download Manager\fdm.exe
() C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
() C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(diamondata) C:\Program Files (x86)\diamondata\updatediamondata.exe
(337 Technology Limited.) C:\Program Files (x86)\Desk 365\deskSvc.exe
(337 Technology Limited.) C:\Program Files (x86)\Desk 365\desk365.exe
(Wsys Co., Ltd.) C:\ProgramData\eSafe\eGdpSvc.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_174_ActiveX.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
(Farbar) C:\Users\Alfred\Desktop\Trojaner board.de\FRST64 (2).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1436224 2010-11-30] (Microsoft Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [462400 2011-02-12] (Acronis)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2000-01-01] (Realtek Semiconductor)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [SAFE14 Browser Monitor] - C:\Program Files (x86)\Steganos Safe 14\SteganosBrowserMonitor.exe [73216 2013-05-16] (Steganos Software GmbH)
HKCU\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093464 2013-07-22] (Garmin Ltd or its subsidiaries)
HKCU\...\Run: [Desk 365] - C:\Program Files (x86)\Desk 365\desk365.exe [1011792 2013-09-14] (337 Technology Limited.)
HKCU\...\Runonce: [adawarebp] - reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f
HKCU\...\Runonce: [adawarebp_XP] - reg.exe delete "HKCU\Software\adawarebp" /f
MountPoints2: {4f517e39-1c09-11e2-9a89-20cf308e5960} - I:\setup.exe /autorun
MountPoints2: {63be18cd-1c39-11e2-87aa-20cf308e5960} - L:\HPLauncher.exe
MountPoints2: {aa142560-a0e7-11e2-b173-20cf308e5960} - K:\HPLauncher.exe
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [adm_tray.exe] - C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe [470120 2011-02-24] ()
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Steganos HotKeys] - C:\Program Files (x86)\Steganos Safe 14\SteganosHotKeyService.exe [103424 2013-05-16] (Steganos Software GmbH)
HKLM-x32\...\Run: [SAFE14 File Redirection Starter] - C:\Program Files (x86)\Steganos Safe 14\fredirstarter.exe [17408 2013-05-16] (Steganos Software GmbH)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-07-01] (RealNetworks, Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554384 2013-07-15] (Lavasoft)
HKLM-x32\...\Run: [Search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe [x]
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKU\Default\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Default User\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
AppInit_DLLs-x32: c:\progra~3\bitguard\261673~1.238\{c16c1~1\bitguard.dll  [2700768 2013-09-10] ()
Startup: C:\Users\Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk
ShortcutTarget: HP SimpleSave Monitor.lnk -> C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\StartHelper.exe ()
BootExecute: autocheck autochk * SBBD.exe /d \Device\HarddiskVolume2\Program Files (x86)\Ad-Aware Antivirus\Definitionssdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=sfpsnew2&utm_campaign=eXQ&utm_content=hp&from=sfpsnew2&uid=SAMSUNGXHD502HJ_S20BJA0ZA50314&ts=1379192577
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2E20F8E641ADCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=54C60800270058AF&affID=121565&tsp=5005
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=sfpsnew2&utm_campaign=eXQ&utm_content=hp&from=sfpsnew2&uid=SAMSUNGXHD502HJ_S20BJA0ZA50314&ts=1379192577
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=sfpsnew2&utm_campaign=eXQ&utm_content=hp&from=sfpsnew2&uid=SAMSUNGXHD502HJ_S20BJA0ZA50314&ts=1379192577
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=sfpsnew2&utm_campaign=eXQ&utm_content=hp&from=sfpsnew2&uid=SAMSUNGXHD502HJ_S20BJA0ZA50314&ts=1379192577
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=sfpsnew2&utm_campaign=eXQ&utm_content=hp&from=sfpsnew2&uid=SAMSUNGXHD502HJ_S20BJA0ZA50314&ts=1379192577
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=sfpsnew2&utm_campaign=eXQ&utm_content=hp&from=sfpsnew2&uid=SAMSUNGXHD502HJ_S20BJA0ZA50314&ts=1379192577
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.portaldosites.com/?utm_source=b&utm_medium=sfpsnew2&utm_campaign=eXQ&utm_content=sc&from=sfpsnew2&uid=SAMSUNGXHD502HJ_S20BJA0ZA50314&ts=1379192577
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.portaldosites.com/web/?utm_source=b&utm_medium=sfpsnew2&utm_campaign=eXQ&utm_content=ds&from=sfpsnew2&uid=SAMSUNGXHD502HJ_S20BJA0ZA50314&ts=1379192577
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.portaldosites.com/web/?utm_source=b&utm_medium=sfpsnew2&utm_campaign=eXQ&utm_content=ds&from=sfpsnew2&uid=SAMSUNGXHD502HJ_S20BJA0ZA50314&ts=1379192577
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.portaldosites.com/web/?utm_source=b&utm_medium=sfpsnew2&utm_campaign=eXQ&utm_content=ds&from=sfpsnew2&uid=SAMSUNGXHD502HJ_S20BJA0ZA50314&ts=1379192577
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.portaldosites.com/web/?utm_source=b&utm_medium=sfpsnew2&utm_campaign=eXQ&utm_content=ds&from=sfpsnew2&uid=SAMSUNGXHD502HJ_S20BJA0ZA50314&ts=1379192577
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=54C60800270058AF&affID=121565&tsp=5005
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_4&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
BHO: No Name - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} -  No File
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: diamondata - {055af109-de93-4160-bcfc-7da70ecaa020} - C:\Program Files (x86)\diamondata\diamondatabho.dll (diamondata)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Freemake.YoutubeButton - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: PricePeep - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default
FF user.js: detected! => C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\user.js
FF NewTab: hxxp://www.portaldosites.com/?utm_source=b&utm_medium=sfpsnew2&utm_campaign=eXQ&utm_content=hp&from=sfpsnew2&uid=SAMSUNGXHD502HJ_S20BJA0ZA50314&ts=1379192577
FF DefaultSearchEngine: portaldosites
FF SearchEngineOrder.1: portaldosites
FF SelectedSearchEngine: portaldosites
FF Homepage: hxxp://www.portaldosites.com/?utm_source=b&utm_medium=sfpsnew2&utm_campaign=eXQ&utm_content=hp&from=sfpsnew2&uid=SAMSUNGXHD502HJ_S20BJA0ZA50314&ts=1379192577
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.4.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\searchplugins\webwebweb.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\portaldosites.xml
FF Extension: Ant Video Downloader - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\Extensions\anttoolbar@ant.com
FF Extension: DoNotTrackMe - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\Extensions\donottrackplus@abine.com
FF Extension: BrowserAdditions - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\Extensions\toolbarbutton@browseradditions.com
FF Extension: AtTask Notifier - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\Extensions\waters@attask.com
FF Extension: WOT - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: ReminderFox - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
FF Extension: DownloadHelper - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: adblockpopups - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: client - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\Extensions\client@anonymox.net.xpi
FF Extension: fdm_ffext - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\Extensions\fdm_ffext@freedownloadmanager.org
FF Extension: ffext_basicchromeext - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\Extensions\ffext_basicchromeext@startpage24.xpi
FF Extension: firefox - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\Extensions\firefox@diamondata.net.xpi
FF Extension: onlinehdtv - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\Extensions\onlinehdtv@onlinehd.tv.xpi
FF Extension: pricepeep - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\Extensions\pricepeep@getpricepeep.com.xpi
FF Extension: savedpasswordeditor - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\Extensions\savedpasswordeditor@daniel.dawson.xpi
FF Extension: waters - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\Extensions\waters@attask.com.xpi
FF Extension: No Name - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\Extensions\WTB_GLOBAL.sqlite
FF Extension: No Name - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_4&ent=hp&u=424CC20045927E4CBDC72C5234910BB4
CHR RestoreOnStartup: "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_4&ent=hp&u=424CC20045927E4CBDC72C5234910BB4",  "hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=54C60800270058AF&affID=121565&tsp=5005"
CHR DefaultSearchURL: (Claro Search) - hxxp://www.claro-search.com/?q={searchTerms}&affID=114508&tt=4412_5&babsrc=SP_clro&mntrId=54c653ba0000000000000800270058af
CHR DefaultSuggestURL: (Claro Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (WOT) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.13_0
CHR Extension: (YouTube) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Freemake Video Downloader) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_1
CHR Extension: (Google Search) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Online HD TV) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkinklhnkmkhkhofcnapakaoehijaoih\1.2_0
CHR Extension: (Freemake Youtube Download Button) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh\1.0.0_1
CHR Extension: (Delta Toolbar) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0
CHR Extension: (RealDownloader) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0
CHR Extension: (PricePeep) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.3_0
CHR Extension: (Skype Click to Call) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
CHR Extension: (Lavasoft NewTab) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.12
CHR Extension: (Gmail) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [dkinklhnkmkhkhofcnapakaoehijaoih] - C:\Program Files (x86)\OnlineHD.TV\onhd11.crx
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - \User Data\Default\Extensions\newtab.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx

==================== Services (Whitelisted) =================

R2 BackupService; C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-07-01] (ArcSoft, Inc.)
R2 desksvc; C:\Program Files (x86)\Desk 365\deskSvc.exe [424016 2013-09-14] (337 Technology Limited.)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-08-26] (Ellora Assets Corp.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [219480 2013-07-22] (Garmin Ltd or its subsidiaries)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2010-11-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [282616 2010-11-11] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 Update diamondata; C:\Program Files (x86)\diamondata\updatediamondata.exe [206624 2013-08-31] (diamondata)
R2 VMLiteService; C:\VXP\VMLiteService.exe [426600 2010-08-21] (VMLite, Inc.)
R2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [825920 2013-09-14] (Wsys Co., Ltd.)

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-09-14] (GFI Software)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [188928 2010-10-24] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [72064 2010-10-24] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [108648 2012-07-24] (Softwareentwicklung Remus - ArchiCrypt - )
R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [108648 2012-07-24] (Softwareentwicklung Remus - ArchiCrypt - )
R1 VBoxDrv; C:\Windows\System32\drivers\VBoxDrv.sys [204328 2010-08-11] (VMLite, Inc.)
R3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp.sys [146216 2010-08-11] (VMLite, Inc.)
R3 VBoxNetFlt; C:\Windows\System32\DRIVERS\VBoxNetFlt.sys [165800 2010-08-11] (VMLite, Inc.)
R1 vmlitedrv; C:\Windows\System32\drivers\vmlitedrv.sys [14952 2010-08-03] (VMLite, Inc.)
R3 vmlitestor; C:\Windows\System32\DRIVERS\vmlitestor.sys [177768 2010-08-11] (VMLite, Inc.)
S3 VMLiteUSB; C:\Windows\System32\Drivers\VMLiteUSB.sys [150120 2010-08-11] (VMLite, Inc.)
R1 VMLiteUSBMon; C:\Windows\System32\drivers\vmliteusbmon.sys [135272 2010-08-18] (VMLite, Inc.)
S3 ALSysIO; \??\C:\Users\Alfred\AppData\Local\Temp\ALSysIO64.sys [x]
R3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-15 08:19 - 2013-09-15 08:19 - 00000000 ____D C:\Users\Alfred\Desktop\Trojaner board.de
2013-09-14 23:03 - 2013-09-14 23:03 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\Desk 365
2013-09-14 23:03 - 2013-09-14 23:03 - 00000000 ____D C:\ProgramData\eSafe
2013-09-14 23:03 - 2013-09-14 23:03 - 00000000 ____D C:\Program Files (x86)\Desk 365
2013-09-14 23:02 - 2013-09-14 23:02 - 00000000 ____D C:\User Data
2013-09-14 23:02 - 2013-09-14 23:02 - 00000000 ____D C:\Program Files (x86)\PricePeep
2013-09-14 23:02 - 2013-09-14 23:02 - 00000000 ____D C:\Program Files (x86)\diamondata
2013-09-14 23:01 - 2013-09-14 23:01 - 00456248 _____ (Company) C:\Users\Alfred\Downloads\setup.exe
2013-09-14 21:52 - 2013-09-14 21:52 - 00000000 _____ C:\autoexec.bat
2013-09-14 21:44 - 2013-09-14 22:33 - 00000000 ____D C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-09-14 21:44 - 2013-09-14 21:44 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-14 20:29 - 2013-09-14 20:27 - 00447822 ____R C:\Windows\system32\Drivers\etc\hosts.20130914-202925.backup
2013-09-14 20:27 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20130914-202757.backup
2013-09-14 20:20 - 2013-09-14 20:30 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-14 20:20 - 2013-09-14 20:20 - 00001385 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-09-14 20:20 - 2013-09-14 20:20 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-09-14 20:20 - 2013-09-14 20:20 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-09-14 20:20 - 2009-01-25 13:14 - 00017272 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2013-09-14 18:44 - 2013-09-14 18:44 - 00004322 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan
2013-09-14 18:44 - 2013-09-14 18:44 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\LavasoftStatistics
2013-09-14 18:44 - 2013-09-14 18:44 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-09-14 18:39 - 2013-09-14 20:18 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-09-14 18:39 - 2013-09-14 18:39 - 00000000 ____D C:\ProgramData\Lavasoft
2013-09-14 18:38 - 2013-09-14 20:57 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2013-09-14 18:38 - 2013-09-14 18:38 - 00000000 ____D C:\Users\Alfred\AppData\Local\adawarebp
2013-09-14 18:38 - 2013-09-14 18:38 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-09-14 18:38 - 2013-09-14 18:38 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-09-14 18:36 - 2013-09-14 20:14 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\Ad-Aware Antivirus
2013-09-14 18:36 - 2013-09-14 18:48 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2013-09-14 13:46 - 2013-09-14 13:46 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard
2013-09-14 13:46 - 2013-09-14 13:46 - 00001862 _____ C:\Users\Alfred\Desktop\Search.lnk
2013-09-14 13:46 - 2013-09-14 13:46 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-09-14 13:46 - 2013-09-14 13:46 - 00000000 ____D C:\Users\Alfred\AppData\Local\avgchrome
2013-09-14 13:46 - 2013-09-14 13:46 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-14 13:46 - 2013-09-14 13:46 - 00000000 ____D C:\ProgramData\BitGuard
2013-09-14 13:46 - 2013-09-14 13:46 - 00000000 ____D C:\Program Files\WinPcap
2013-09-14 13:45 - 2013-09-14 13:47 - 00000000 ____D C:\Users\Alfred\Documents\Freemake
2013-09-14 13:45 - 2013-09-14 13:46 - 00000000 ____D C:\ProgramData\Freemake
2013-09-14 13:45 - 2013-09-14 13:45 - 00001338 _____ C:\Users\Public\Desktop\Freemake Video Downloader.lnk
2013-09-14 13:45 - 2013-09-14 13:45 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\OpenCandy
2013-09-14 13:45 - 2013-09-14 13:45 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-09-14 13:45 - 2013-09-14 13:45 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\Babylon
2013-09-14 13:45 - 2013-09-14 13:45 - 00000000 ____D C:\ProgramData\Babylon
2013-09-14 13:45 - 2013-09-14 13:45 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-09-13 18:22 - 2013-09-13 18:22 - 00000000 ____D C:\Users\Alfred\Documents\OLIVER
2013-09-13 18:21 - 2013-09-13 18:21 - 00000000 ____D C:\Users\Alfred\Documents\AHV
2013-09-13 11:43 - 2013-09-13 11:44 - 01468848 _____ C:\Users\Alfred\Downloads\nsfa_faleolo_intl-4x.zip
2013-09-11 23:07 - 2013-07-31 16:17 - 17833472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 23:07 - 2013-07-31 15:42 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 23:07 - 2013-07-31 15:29 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 23:07 - 2013-07-31 15:20 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 23:07 - 2013-07-31 15:19 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 23:07 - 2013-07-31 15:18 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-11 23:07 - 2013-07-31 15:17 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-11 23:07 - 2013-07-31 15:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 23:07 - 2013-07-31 15:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-11 23:07 - 2013-07-31 15:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 23:07 - 2013-07-31 15:13 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-11 23:07 - 2013-07-31 15:11 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 23:07 - 2013-07-31 15:11 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 23:07 - 2013-07-31 15:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-11 23:07 - 2013-07-31 15:08 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 23:07 - 2013-07-31 15:05 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 23:07 - 2013-07-31 12:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-11 23:07 - 2013-07-31 12:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-11 23:07 - 2013-07-31 12:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-11 23:07 - 2013-07-31 11:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-11 23:07 - 2013-07-31 11:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-11 23:07 - 2013-07-31 11:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-11 23:07 - 2013-07-31 11:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-11 23:07 - 2013-07-31 11:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 23:07 - 2013-07-31 11:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-11 23:07 - 2013-07-31 11:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-11 23:07 - 2013-07-31 11:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-11 23:07 - 2013-07-31 11:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-11 23:07 - 2013-07-31 11:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-11 23:07 - 2013-07-31 11:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-11 23:07 - 2013-07-31 11:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-11 23:07 - 2013-07-31 11:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-11 17:44 - 2013-09-11 17:44 - 00286914 _____ C:\Users\Alfred\Downloads\Nicht bestätigt 302000.crdownload
2013-09-11 14:13 - 2013-09-11 14:13 - 00000000 ____D C:\Users\Alfred\Desktop\ACHTUNG-VIDEOS AUF C!!
2013-09-11 09:21 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 09:21 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 09:21 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-11 09:21 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-11 09:21 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-11 09:21 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-11 09:21 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-11 09:21 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 09:21 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-11 09:21 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 09:21 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 09:21 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 09:21 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-11 09:21 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 09:21 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 09:21 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 09:21 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-11 09:21 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-11 09:21 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 09:21 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-11 09:21 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-11 09:21 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 09:21 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 09:21 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 09:21 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 09:21 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-10 15:58 - 2013-09-11 13:00 - 00000000 ____D C:\Users\Alfred\Documents\E-BIKES
2013-09-10 11:22 - 2013-09-10 11:32 - 00000000 ____D C:\Users\Alfred\Desktop\FLIMS JPGS
2013-09-07 18:13 - 2013-09-14 08:12 - 00003362 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000
2013-09-07 18:13 - 2013-09-14 08:12 - 00003230 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-344976508-2612026722-1020238545-1000
2013-09-07 16:51 - 2013-09-07 16:54 - 00000000 ____D C:\Users\Alfred\Desktop\PC-DM log
2013-09-07 14:02 - 2013-09-07 14:02 - 00000000 ____D C:\Windows\System32\Tasks\Abelssoft
2013-09-04 14:24 - 2013-09-04 14:24 - 00002774 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-09-04 14:24 - 2013-09-04 14:24 - 00000828 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-09-04 14:24 - 2013-09-04 14:24 - 00000000 ____D C:\Program Files\CCleaner
2013-09-04 14:19 - 2013-09-04 14:20 - 03415256 _____ (Piriform Ltd) C:\Users\Alfred\Downloads\ccsetup405_slim_4.05.exe
2013-09-04 13:49 - 2013-09-15 07:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-04 08:00 - 2013-09-07 10:39 - 00000000 ____D C:\Users\Alfred\Documents\VISA re hamburger abendblatt
2013-09-02 11:47 - 2013-09-04 20:52 - 00000000 ____D C:\Users\Alfred\Documents\BIKETOUR 5.9.013
2013-09-02 09:43 - 2013-09-02 09:43 - 05474304 _____ C:\Users\Alfred\Desktop\Ingenio en las calles.pps
2013-09-01 09:57 - 2013-09-07 14:02 - 00001923 _____ C:\Users\Alfred\Desktop\CheckDrive.lnk
2013-08-31 09:21 - 2013-08-31 09:21 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\OpenOffice
2013-08-30 20:44 - 2013-08-30 20:45 - 82752240 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\Alfred\Downloads\FreeStudio.exe
2013-08-30 11:42 - 2013-08-30 11:42 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-08-30 11:42 - 2013-08-30 11:42 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-08-30 11:17 - 2013-08-30 11:17 - 00001012 _____ C:\Users\Alfred\Desktop\HCI - Verknüpfung.lnk
2013-08-28 15:55 - 2013-08-28 15:55 - 00003382 _____ C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000
2013-08-28 10:49 - 2013-08-28 10:49 - 00001234 _____ C:\Users\Alfred\Desktop\cm desktop - Verknüpfung.lnk
2013-08-28 10:45 - 2013-08-28 10:47 - 00000000 ___RD C:\Users\Alfred\Desktop\DOCS
2013-08-28 10:44 - 2013-08-28 10:45 - 00000000 ___RD C:\Users\Alfred\Desktop\PIX
2013-08-28 10:42 - 2013-08-28 16:00 - 00000000 ___RD C:\Users\Alfred\Desktop\CMI-LOG
2013-08-26 21:12 - 2013-09-14 13:14 - 00000000 ____D C:\Users\Alfred\Documents\HCI
2013-08-25 11:22 - 2013-08-25 11:25 - 00000000 ____D C:\Users\Alfred\AppData\Local\Administrator tools.{d20ea4e1-3957-11d2-a40b-0c5020524153}
2013-08-24 22:46 - 2013-08-24 22:47 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-24 22:46 - 2013-08-24 22:46 - 00000000 ____D C:\Program Files\iTunes
2013-08-24 22:46 - 2013-08-24 22:46 - 00000000 ____D C:\Program Files\iPod
2013-08-24 22:46 - 2013-08-24 22:46 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-24 20:20 - 2013-08-24 20:20 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\net1-sede
2013-08-24 20:20 - 2013-08-24 20:20 - 00000000 ____D C:\Program Files\net1-sede
2013-08-24 15:08 - 2013-09-07 16:51 - 00000000 ____D C:\Users\Alfred\Desktop\PIX LOG
2013-08-23 12:08 - 2013-08-23 12:08 - 00000916 _____ C:\Users\Alfred\Eigene Dokumente - Verknüpfung.lnk
2013-08-23 12:08 - 2013-08-23 12:08 - 00000916 _____ C:\Users\Alfred\Eigene Dokumente - Verknüpfung (2).lnk
2013-08-20 08:59 - 2013-08-20 08:59 - 00000660 _____ C:\Users\Alfred\Downloads\BestaetigungAufladungNATELeasy99090760.txt
2013-08-19 20:48 - 2013-09-13 09:50 - 00011776 _____ C:\Users\Alfred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-18 16:55 - 2013-08-18 16:55 - 08389616 _____ C:\Users\Alfred\Downloads\EBOOT (3).PBP
2013-08-18 16:24 - 2013-08-18 16:24 - 08389616 _____ C:\Users\Alfred\Downloads\EBOOT (2).PBP
2013-08-18 16:24 - 2013-08-18 16:24 - 08389616 _____ C:\Users\Alfred\Downloads\EBOOT (1).PBP
2013-08-18 16:22 - 2013-08-18 16:22 - 08389616 _____ C:\Users\Alfred\Downloads\EBOOT.PBP
2013-08-16 20:44 - 2013-08-16 20:44 - 00001067 _____ C:\Users\Alfred\Desktop\FINANZEN - Verknüpfung.lnk
2013-08-16 10:39 - 2013-08-16 10:39 - 00000000 ____D C:\Users\Alfred\Documents\PDF Architect Files
2013-08-16 10:39 - 2013-08-16 10:39 - 00000000 ____D C:\Program Files (x86)\PDF Architect
2013-08-16 10:38 - 2013-09-04 14:25 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-08-16 10:38 - 2013-08-16 10:38 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\pdfforge
2013-08-16 10:38 - 2012-05-05 11:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2013-08-16 10:38 - 2012-05-05 11:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2013-08-16 10:38 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2013-08-16 10:38 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2013-08-16 10:38 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2013-08-16 09:35 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-16 09:35 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-16 09:35 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-16 09:35 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-16 09:35 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-16 09:35 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-16 09:35 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-16 09:35 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-16 09:35 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-16 09:35 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-16 09:35 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-16 09:35 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-16 09:35 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-16 09:35 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-16 09:35 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-16 09:35 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-15 08:19 - 2013-09-15 08:19 - 00000000 ____D C:\Users\Alfred\Desktop\Trojaner board.de
2013-09-15 08:17 - 2013-06-29 12:08 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\Free Download Manager
2013-09-15 08:03 - 2012-10-25 14:53 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-15 07:53 - 2013-09-04 13:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-15 07:48 - 2013-04-10 04:17 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-15 07:03 - 2012-10-18 15:41 - 01236340 _____ C:\Windows\WindowsUpdate.log
2013-09-14 23:03 - 2013-09-14 23:03 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\Desk 365
2013-09-14 23:03 - 2013-09-14 23:03 - 00000000 ____D C:\ProgramData\eSafe
2013-09-14 23:03 - 2013-09-14 23:03 - 00000000 ____D C:\Program Files (x86)\Desk 365
2013-09-14 23:03 - 2012-10-18 16:08 - 00001761 _____ C:\Users\Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-14 23:03 - 2012-10-18 16:08 - 00001739 _____ C:\Users\Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-09-14 23:03 - 2011-06-11 02:58 - 00420944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2013-09-14 23:02 - 2013-09-14 23:02 - 00000000 ____D C:\User Data
2013-09-14 23:02 - 2013-09-14 23:02 - 00000000 ____D C:\Program Files (x86)\PricePeep
2013-09-14 23:02 - 2013-09-14 23:02 - 00000000 ____D C:\Program Files (x86)\diamondata
2013-09-14 23:01 - 2013-09-14 23:01 - 00456248 _____ (Company) C:\Users\Alfred\Downloads\setup.exe
2013-09-14 22:33 - 2013-09-14 21:44 - 00000000 ____D C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-09-14 21:52 - 2013-09-14 21:52 - 00000000 _____ C:\autoexec.bat
2013-09-14 21:44 - 2013-09-14 21:44 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-14 21:30 - 2012-10-25 14:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-14 20:57 - 2013-09-14 18:38 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2013-09-14 20:30 - 2013-09-14 20:20 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-14 20:27 - 2013-09-14 20:29 - 00447822 ____R C:\Windows\system32\Drivers\etc\hosts.20130914-202925.backup
2013-09-14 20:20 - 2013-09-14 20:20 - 00001385 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-09-14 20:20 - 2013-09-14 20:20 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-09-14 20:20 - 2013-09-14 20:20 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-09-14 20:18 - 2013-09-14 18:39 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-09-14 20:14 - 2013-09-14 18:36 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\Ad-Aware Antivirus
2013-09-14 18:48 - 2013-09-14 18:36 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2013-09-14 18:46 - 2012-12-03 12:09 - 00000000 ____D C:\Users\Alfred\Documents\FAMILIE
2013-09-14 18:45 - 2012-11-01 11:06 - 00753152 ___SH C:\Users\Alfred\Documents\Thumbs.db
2013-09-14 18:44 - 2013-09-14 18:44 - 00004322 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan
2013-09-14 18:44 - 2013-09-14 18:44 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\LavasoftStatistics
2013-09-14 18:44 - 2013-09-14 18:44 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-09-14 18:39 - 2013-09-14 18:39 - 00000000 ____D C:\ProgramData\Lavasoft
2013-09-14 18:38 - 2013-09-14 18:38 - 00000000 ____D C:\Users\Alfred\AppData\Local\adawarebp
2013-09-14 18:38 - 2013-09-14 18:38 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-09-14 18:38 - 2013-09-14 18:38 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-09-14 14:28 - 2012-10-18 18:16 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-14 14:26 - 2012-10-21 15:24 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\vlc
2013-09-14 13:50 - 2011-04-12 09:43 - 00698720 _____ C:\Windows\system32\perfh007.dat
2013-09-14 13:50 - 2011-04-12 09:43 - 00148916 _____ C:\Windows\system32\perfc007.dat
2013-09-14 13:50 - 2009-07-14 07:13 - 01619012 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-14 13:47 - 2013-09-14 13:45 - 00000000 ____D C:\Users\Alfred\Documents\Freemake
2013-09-14 13:46 - 2013-09-14 13:46 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard
2013-09-14 13:46 - 2013-09-14 13:46 - 00001862 _____ C:\Users\Alfred\Desktop\Search.lnk
2013-09-14 13:46 - 2013-09-14 13:46 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-09-14 13:46 - 2013-09-14 13:46 - 00000000 ____D C:\Users\Alfred\AppData\Local\avgchrome
2013-09-14 13:46 - 2013-09-14 13:46 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-14 13:46 - 2013-09-14 13:46 - 00000000 ____D C:\ProgramData\BitGuard
2013-09-14 13:46 - 2013-09-14 13:46 - 00000000 ____D C:\Program Files\WinPcap
2013-09-14 13:46 - 2013-09-14 13:45 - 00000000 ____D C:\ProgramData\Freemake
2013-09-14 13:45 - 2013-09-14 13:45 - 00001338 _____ C:\Users\Public\Desktop\Freemake Video Downloader.lnk
2013-09-14 13:45 - 2013-09-14 13:45 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\OpenCandy
2013-09-14 13:45 - 2013-09-14 13:45 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-09-14 13:45 - 2013-09-14 13:45 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\Babylon
2013-09-14 13:45 - 2013-09-14 13:45 - 00000000 ____D C:\ProgramData\Babylon
2013-09-14 13:45 - 2013-09-14 13:45 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-09-14 13:14 - 2013-08-26 21:12 - 00000000 ____D C:\Users\Alfred\Documents\HCI
2013-09-14 11:32 - 2013-04-14 09:40 - 00000000 ____D C:\Users\Alfred\Documents\MEDIA
2013-09-14 09:03 - 2012-10-25 14:53 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-14 08:19 - 2009-07-14 06:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-14 08:19 - 2009-07-14 06:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-14 08:12 - 2013-09-07 18:13 - 00003362 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000
2013-09-14 08:12 - 2013-09-07 18:13 - 00003230 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-344976508-2612026722-1020238545-1000
2013-09-14 08:12 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-13 18:25 - 2012-12-03 11:59 - 00000000 ____D C:\Users\Alfred\Documents\POLITIK-MEDIA
2013-09-13 18:22 - 2013-09-13 18:22 - 00000000 ____D C:\Users\Alfred\Documents\OLIVER
2013-09-13 18:21 - 2013-09-13 18:21 - 00000000 ____D C:\Users\Alfred\Documents\AHV
2013-09-13 17:52 - 2013-04-10 04:17 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-13 17:52 - 2012-10-22 08:20 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-13 17:52 - 2012-10-22 08:20 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-13 11:44 - 2013-09-13 11:43 - 01468848 _____ C:\Users\Alfred\Downloads\nsfa_faleolo_intl-4x.zip
2013-09-13 09:58 - 2012-11-16 13:56 - 00000000 ____D C:\Users\Alfred\Documents\HUMOR KURIOSES
2013-09-13 09:50 - 2013-08-19 20:48 - 00011776 _____ C:\Users\Alfred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-12 14:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-12 11:16 - 2012-10-25 22:13 - 00000000 ____D C:\Users\Alfred\dwhelper
2013-09-12 10:20 - 2012-10-18 16:07 - 00000000 ___RD C:\Users\Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-12 10:20 - 2012-10-18 16:07 - 00000000 ___RD C:\Users\Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 10:20 - 2009-07-14 06:45 - 02237408 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 23:09 - 2013-08-04 12:19 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 23:08 - 2012-10-18 17:36 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 17:44 - 2013-09-11 17:44 - 00286914 _____ C:\Users\Alfred\Downloads\Nicht bestätigt 302000.crdownload
2013-09-11 17:32 - 2012-11-08 13:31 - 00000181 _____ C:\ProgramData\LockFilePath.ini
2013-09-11 14:13 - 2013-09-11 14:13 - 00000000 ____D C:\Users\Alfred\Desktop\ACHTUNG-VIDEOS AUF C!!
2013-09-11 13:00 - 2013-09-10 15:58 - 00000000 ____D C:\Users\Alfred\Documents\E-BIKES
2013-09-11 10:46 - 2013-07-31 10:56 - 00000000 ____D C:\Users\Alfred\Desktop\an APPELT
2013-09-10 22:47 - 2012-11-16 13:57 - 00000000 ____D C:\Users\Alfred\Documents\0.AVIATION
2013-09-10 11:32 - 2013-09-10 11:22 - 00000000 ____D C:\Users\Alfred\Desktop\FLIMS JPGS
2013-09-10 11:01 - 2012-10-25 14:53 - 00000000 ____D C:\ProgramData\Real
2013-09-10 11:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-09-10 11:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-09-10 10:02 - 2012-10-18 16:07 - 00000000 ____D C:\Users\Alfred
2013-09-08 20:16 - 2013-04-17 17:33 - 00000000 ____D C:\Users\Alfred\Documents\PW
2013-09-07 16:54 - 2013-09-07 16:51 - 00000000 ____D C:\Users\Alfred\Desktop\PC-DM log
2013-09-07 16:51 - 2013-08-24 15:08 - 00000000 ____D C:\Users\Alfred\Desktop\PIX LOG
2013-09-07 14:02 - 2013-09-07 14:02 - 00000000 ____D C:\Windows\System32\Tasks\Abelssoft
2013-09-07 14:02 - 2013-09-01 09:57 - 00001923 _____ C:\Users\Alfred\Desktop\CheckDrive.lnk
2013-09-07 14:02 - 2013-07-04 10:18 - 00000000 ____D C:\Program Files (x86)\CheckDrive
2013-09-07 10:39 - 2013-09-04 08:00 - 00000000 ____D C:\Users\Alfred\Documents\VISA re hamburger abendblatt
2013-09-04 20:52 - 2013-09-02 11:47 - 00000000 ____D C:\Users\Alfred\Documents\BIKETOUR 5.9.013
2013-09-04 14:25 - 2013-08-16 10:38 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-09-04 14:25 - 2012-10-27 15:40 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\uTorrent
2013-09-04 14:24 - 2013-09-04 14:24 - 00002774 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-09-04 14:24 - 2013-09-04 14:24 - 00000828 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-09-04 14:24 - 2013-09-04 14:24 - 00000000 ____D C:\Program Files\CCleaner
2013-09-04 14:20 - 2013-09-04 14:19 - 03415256 _____ (Piriform Ltd) C:\Users\Alfred\Downloads\ccsetup405_slim_4.05.exe
2013-09-03 14:38 - 2012-11-01 12:26 - 00000000 ____D C:\Users\Alfred\Documents\PG
2013-09-02 20:50 - 2012-12-17 20:29 - 00003340 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000
2013-09-02 20:50 - 2012-12-17 20:29 - 00003208 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-344976508-2612026722-1020238545-1000
2013-09-02 11:48 - 2013-07-04 21:26 - 00000000 ____D C:\Users\Alfred\Documents\trojaner.board.de.4.7.013
2013-09-02 09:43 - 2013-09-02 09:43 - 05474304 _____ C:\Users\Alfred\Desktop\Ingenio en las calles.pps
2013-08-31 09:21 - 2013-08-31 09:21 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\OpenOffice
2013-08-30 20:45 - 2013-08-30 20:44 - 82752240 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\Alfred\Downloads\FreeStudio.exe
2013-08-30 13:30 - 2012-10-19 03:23 - 00068440 _____ C:\Users\Alfred\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-30 11:42 - 2013-08-30 11:42 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-08-30 11:42 - 2013-08-30 11:42 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-08-30 11:17 - 2013-08-30 11:17 - 00001012 _____ C:\Users\Alfred\Desktop\HCI - Verknüpfung.lnk
2013-08-28 16:00 - 2013-08-28 10:42 - 00000000 ___RD C:\Users\Alfred\Desktop\CMI-LOG
2013-08-28 16:00 - 2013-07-22 12:09 - 00001671 _____ C:\Users\Alfred\Desktop\CMI div. infos ab 2008 - Verknüpfung.lnk
2013-08-28 15:55 - 2013-08-28 15:55 - 00003382 _____ C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000
2013-08-28 14:21 - 2012-11-01 09:05 - 00000000 ____D C:\Users\Alfred\Documents\AUTO
2013-08-28 10:49 - 2013-08-28 10:49 - 00001234 _____ C:\Users\Alfred\Desktop\cm desktop - Verknüpfung.lnk
2013-08-28 10:49 - 2012-11-06 15:13 - 00000000 ____D C:\Users\Alfred\Documents\FINANZEN
2013-08-28 10:47 - 2013-08-28 10:45 - 00000000 ___RD C:\Users\Alfred\Desktop\DOCS
2013-08-28 10:45 - 2013-08-28 10:44 - 00000000 ___RD C:\Users\Alfred\Desktop\PIX
2013-08-27 22:27 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-27 08:43 - 2013-06-20 11:40 - 00000000 ____D C:\Users\Alfred\Documents\ID ISARAPORN
2013-08-25 12:23 - 2013-07-24 06:53 - 00000000 ____D C:\Users\Alfred\Documents\LILIAN VORERBE
2013-08-25 12:23 - 2013-05-21 13:40 - 00000000 ____D C:\Users\Alfred\Documents\PIM
2013-08-25 12:23 - 2013-05-19 12:30 - 00000000 ____D C:\Users\Alfred\Documents\PSORIASIS
2013-08-25 12:23 - 2013-05-01 14:37 - 00000000 ____D C:\Users\Alfred\Documents\Mobiliar Belp
2013-08-25 12:23 - 2013-04-14 09:49 - 00000000 ____D C:\Users\Alfred\Documents\DOCS.diverse.ex.kingston
2013-08-25 11:25 - 2013-08-25 11:22 - 00000000 ____D C:\Users\Alfred\AppData\Local\Administrator tools.{d20ea4e1-3957-11d2-a40b-0c5020524153}
2013-08-24 22:47 - 2013-08-24 22:46 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-24 22:46 - 2013-08-24 22:46 - 00000000 ____D C:\Program Files\iTunes
2013-08-24 22:46 - 2013-08-24 22:46 - 00000000 ____D C:\Program Files\iPod
2013-08-24 22:46 - 2013-08-24 22:46 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-24 20:20 - 2013-08-24 20:20 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\net1-sede
2013-08-24 20:20 - 2013-08-24 20:20 - 00000000 ____D C:\Program Files\net1-sede
2013-08-24 20:19 - 2012-10-18 16:07 - 00000000 ____D C:\Users\Alfred\AppData\Local\VirtualStore
2013-08-23 12:08 - 2013-08-23 12:08 - 00000916 _____ C:\Users\Alfred\Eigene Dokumente - Verknüpfung.lnk
2013-08-23 12:08 - 2013-08-23 12:08 - 00000916 _____ C:\Users\Alfred\Eigene Dokumente - Verknüpfung (2).lnk
2013-08-22 08:59 - 2013-05-23 10:08 - 00000000 ____D C:\Program Files (x86)\SlimComputer
2013-08-21 11:56 - 2011-02-17 23:56 - 00000000 ____D C:\Users\Alfred\Documents\2006 - 20007 docs
2013-08-20 08:59 - 2013-08-20 08:59 - 00000660 _____ C:\Users\Alfred\Downloads\BestaetigungAufladungNATELeasy99090760.txt
2013-08-19 17:43 - 2013-07-23 17:57 - 00000000 ____D C:\Users\Alfred\Documents\ID
2013-08-19 13:31 - 2013-04-14 10:06 - 00000000 ____D C:\Users\Alfred\Documents\AVIATION pdfs
2013-08-18 16:55 - 2013-08-18 16:55 - 08389616 _____ C:\Users\Alfred\Downloads\EBOOT (3).PBP
2013-08-18 16:24 - 2013-08-18 16:24 - 08389616 _____ C:\Users\Alfred\Downloads\EBOOT (2).PBP
2013-08-18 16:24 - 2013-08-18 16:24 - 08389616 _____ C:\Users\Alfred\Downloads\EBOOT (1).PBP
2013-08-18 16:22 - 2013-08-18 16:22 - 08389616 _____ C:\Users\Alfred\Downloads\EBOOT.PBP
2013-08-16 20:44 - 2013-08-16 20:44 - 00001067 _____ C:\Users\Alfred\Desktop\FINANZEN - Verknüpfung.lnk
2013-08-16 10:39 - 2013-08-16 10:39 - 00000000 ____D C:\Users\Alfred\Documents\PDF Architect Files
2013-08-16 10:39 - 2013-08-16 10:39 - 00000000 ____D C:\Program Files (x86)\PDF Architect
2013-08-16 10:38 - 2013-08-16 10:38 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\pdfforge

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-11 09:44

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Hallo Schrauber,
habe eben entdeckt, dass die box "addition" nicht angekreuzt war und sende Dir den text anbei.
Gruss AnatolFRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-09-2013 04
Ran by Alfred at 2013-09-15 09:22:43
Running from C:\Users\Alfred\Desktop\Trojaner board.de
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

µTorrent (x32 Version: 3.2.3.28705)
Acronis Drive Monitor (x32 Version: 1.0.566)
Ad-Aware Browsing Protection (x32 Version: 1.0.1.110)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.174)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Photoshop 7.0 (x32 Version: 7.0)
Adobe Reader XI (11.0.04) - Deutsch (x32 Version: 11.0.04)
aerofly Flug Simulator 2013 (x32 Version: 1.0.9.11)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328)
AMD APP SDK Runtime (Version: 10.0.898.1)
AMD Catalyst Install Manager (Version: 8.0.911.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.80328.2204)
AMD Wireless Display v3.0 (Version: 1.0.0.10)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
BitGuard (x32)
Bonjour (Version: 3.0.0.10)
BufferChm (x32 Version: 140.0.298.000)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2013.0328.2218.38225)
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225)
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225)
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225)
CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225)
CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225)
CCC Help Czech (x32 Version: 2013.0328.2217.38225)
CCC Help Danish (x32 Version: 2013.0328.2217.38225)
CCC Help Dutch (x32 Version: 2013.0328.2217.38225)
CCC Help English (x32 Version: 2013.0328.2217.38225)
CCC Help Finnish (x32 Version: 2013.0328.2217.38225)
CCC Help French (x32 Version: 2013.0328.2217.38225)
CCC Help German (x32 Version: 2013.0328.2217.38225)
CCC Help Greek (x32 Version: 2013.0328.2217.38225)
CCC Help Hungarian (x32 Version: 2013.0328.2217.38225)
CCC Help Italian (x32 Version: 2013.0328.2217.38225)
CCC Help Japanese (x32 Version: 2013.0328.2217.38225)
CCC Help Korean (x32 Version: 2013.0328.2217.38225)
CCC Help Norwegian (x32 Version: 2013.0328.2217.38225)
CCC Help Polish (x32 Version: 2013.0328.2217.38225)
CCC Help Portuguese (x32 Version: 2013.0328.2217.38225)
CCC Help Russian (x32 Version: 2013.0328.2217.38225)
CCC Help Spanish (x32 Version: 2013.0328.2217.38225)
CCC Help Swedish (x32 Version: 2013.0328.2217.38225)
CCC Help Thai (x32 Version: 2013.0328.2217.38225)
CCC Help Turkish (x32 Version: 2013.0328.2217.38225)
ccc-utility64 (Version: 2013.0328.2218.38225)
CCleaner (Version: 4.05)
CDBurnerXP (Version: 4.3.8.2568)
CheckDrive (x32 Version: 4.4)
D4300 (x32 Version: 130.0.365.000)
Desk 365 (x32 Version: 1.14.20)
Destinations (x32 Version: 140.0.0.0)
DeviceDiscovery (x32 Version: 130.0.465.000)
diamondata 3.0.0 (Version: 3.0.0)
DivX Setup (x32 Version: 2.6.1.44)
DJ_SF_03_D4300_Software_Min (x32 Version: 130.0.365.000)
DocProc (x32 Version: 140.0.185.000)
doPDF 7.3 printer
Elevated Installer (x32 Version: 2.2.17)
Free Download Manager 3.9.2 (x32)
Freemake Video Downloader (x32 Version: 3.5.4)
Garmin Express (x32 Version: 2.2.17)
Garmin Express Tray (x32 Version: 2.2.17)
Garmin Update Service (x32 Version: 2.2.17)
Garmin USB Drivers (x32 Version: 2.3.1.0)
Garmin WebUpdater (x32 Version: 2.5.6)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.153)
GPBaseService2 (x32 Version: 130.0.371.000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Deskjet D4300 Printer Driver Software 13.0 Rel. 3 (Version: 13.0)
HP Imaging Device Functions 14.5 (Version: 14.5)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Scanjet G4050 (Version: 14.5)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 13.0 (Version: 13.0)
HP Update (x32 Version: 5.005.000.001)
HPDiagnosticAlert (x32 Version: 1.00.0000)
hpg4050 (x32 Version: 140.000.000.000)
HPPhotoGadget (x32 Version: 130.0.282.000)
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000)
HPPhotosmartEssential (x32 Version: 2.04.0000)
HPProductAssistant (x32 Version: 130.0.371.000)
HPSSupply (x32 Version: 130.0.371.000)
iCloud (Version: 2.1.2.8)
Image Resizer Powertoy Clone for Windows (64 bit) (Version: 2.1.1)
iTunes (Version: 11.0.5.5)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
MarketResearch (x32 Version: 130.0.374.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8107.0)
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8107.0)
Microsoft Motocross Madness 2 (x32)
Microsoft Security Client (Version: 2.0.0657.0)
Microsoft Security Client DE-DE Language Pack (Version: 2.0.0657.0)
Microsoft Security Essentials (Version: 2.0.657.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Maintenance Service (x32 Version: 23.0.1)
Mozilla Thunderbird 17.0.8 (x86 de) (x32 Version: 17.0.8)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
OCR Software by I.R.I.S. 14.5 (Version: 14.5)
OpenOffice 4.0.0 (x32 Version: 4.00.9702)
PDF Architect (x32 Version: 1.1.83.9982)
PDF Editor 3 (x32)
PDFCreator (x32 Version: 1.7.1)
Picasa 3 (x32 Version: 3.9)
PricePeep (x32 Version: 2.2.0.3)
QuickTime (x32 Version: 7.74.80.86)
RealDownloader (x32 Version: 1.3.2)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0)
RealPlayer (x32 Version: 16.0.2)
Realtek Ethernet Controller Driver (x32 Version: 7.47.714.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6662)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Scan (x32 Version: 14.0.1.0)
Secret Disk (Version: 2.04)
Secret Disk 1.35 (x32)
Shop for HP Supplies (Version: 13.0)
Skype Click to Call (x32 Version: 6.3.11079)
Skype™ 6.3 (x32 Version: 6.3.105)
SmartWebPrinting (x32 Version: 130.0.457.000)
SolutionCenter (x32 Version: 130.0.373.000)
Spybot - Search & Destroy (x32 Version: 2.1.21)
Status (x32 Version: 130.0.469.000)
Steganos Safe 14 (x32 Version: 14.1)
TeamViewer 7 (x32 Version: 7.0.15723)
Toolbox (x32 Version: 130.0.648.000)
TrayApp (x32 Version: 130.0.422.000)
UnloadSupport (x32 Version: 11.0.0)
Unlocker 1.9.1-x64 (Version: 1.9.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
Video Converter (HKCU)
VLC media player 2.0.1 (x32 Version: 2.0.1)
VMLite Workstation (Version: 3.2.6)
WebReg (x32 Version: 140.0.297.017)
Win2PDF 7 (Version: 7.0.46)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
WinPcap 4.1.2 (x32 Version: 4.1.0.2001)
WinRAR 4.20 (32-bit) (x32 Version: 4.20.0)
Wsys Control 10.2.1.2634 (x32 Version: 10.2.1.2634)

==================== Restore Points  =========================

06-09-2013 15:48:04 Windows-Sicherung
08-09-2013 06:59:44 Windows Update
08-09-2013 18:12:17 Windows-Sicherung
11-09-2013 21:05:02 Windows Update
12-09-2013 16:01:22 Windows-Sicherung
14-09-2013 19:44:19 Installed SpyHunter
14-09-2013 20:32:55 Removed SpyHunter

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-09-14 20:29 - 00447822 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {000040EA-D13A-480E-815A-A08C46AE3B6E} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16] (RealNetworks, Inc.)
Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {1F321B00-B617-46E8-8513-9088F6554D5A} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe [2013-09-14] (337 Technology Limited.)
Task: {1F4C70B3-EBFE-4423-95DC-579F15A4862F} - System32\Tasks\Open URL by RoboForm => C:\Windows\System32\url.dll [2013-07-31] (Microsoft Corporation)
Task: {23099809-819F-469F-8DB5-3EFD2534E9B4} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {34CDE739-E6A3-4229-A0AC-404334174774} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {3B13C808-C74B-4F0B-87E6-D3E0CCF938B9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {44656418-5D1E-492A-992A-B224072B7A81} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-13] (Adobe Systems Incorporated)
Task: {48562D0D-07B1-4FE1-A261-F814A5ECA03F} - System32\Tasks\BitGuard => Sc.exe start BitGuard
Task: {54EE0722-7D4B-4843-A32C-A4FE3059E7EB} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11] (Microsoft Corporation)
Task: {5A591FB1-F812-4478-8026-1B7DA49291F5} - System32\Tasks\Run RoboForm Process => C:\Users\Alfred\AppData\Local\Temp\RoboForm\RoboTaskBarIcon.exe
Task: {7F4E81D4-BBAC-4CF0-9A76-3A70E8589CE4} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {8AB563ED-7B3B-4DF2-B7A4-EB263403ECE6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {95EB926D-69B0-44F2-9D5B-AFF786B57F10} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-04-05] (Apple Inc.)
Task: {9870915F-1D29-408E-880D-01C1443384FB} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-21] (Microsoft Corporation)
Task: {9A0888A1-B3C1-4B42-9AE2-CA35BA2B894F} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {ACC62E5C-BB16-4FAD-B742-A93781370835} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {C31010AC-5310-4E13-AF62-AD4309F3D4AC} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2010-11-21] (Microsoft Corporation)
Task: {CE999383-AEDF-4DEA-A2AF-988A1730AA8F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25] (Google Inc.)
Task: {D126D102-4CB1-4374-A5AE-FEE4D8DA3E78} - System32\Tasks\Abelssoft\CheckDriveBackgroundGuard => C:\Program Files (x86)\CheckDrive\CheckDriveBackgroundGuard.exe [2013-09-04] (Abelssoft)
Task: {D46CDB76-A42B-44E2-A84E-33F578AF9EEE} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {D7CCB75D-1289-4754-9151-A5D5ECA0BB65} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D9F4CB9B-2350-4982-9683-4050DC5D0BD0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25] (Google Inc.)
Task: {E6BE1A89-7142-4A29-B4F9-1D52A11FB7CF} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: {EF77BB6C-96A2-4BBC-BCB6-9ED5DD5A8C42} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {F3E7C898-EF74-4435-9C01-1F3DCD1286D5} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {FFC5DB78-D476-4DD5-AD76-459991BBBD4A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-04-09 14:39 - 2012-11-23 05:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2009-07-14 01:37 - 2009-07-14 03:39 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\Dwm.exe
2012-10-18 17:13 - 2011-02-25 08:19 - 02871808 _____ (Microsoft Corporation) C:\Windows\Explorer.EXE
2013-04-05 12:58 - 2013-04-05 12:58 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2010-07-15 06:44 - 2010-07-15 06:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2010-11-17 15:00 - 2010-11-17 15:00 - 00220672 _____ () C:\Program Files (x86)\Steganos Safe 14\ShellExtension.dll
2012-10-29 22:04 - 2012-06-09 20:20 - 00196096 _____ (Alexander Roshal) C:\Program Files (x86)\WinRAR\rarext64.dll
2013-04-05 12:58 - 2013-04-05 12:58 - 00021320 _____ () C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreamsPS64.dll
2010-09-25 00:50 - 2010-09-25 00:50 - 00166400 _____ (Brice Lambson) C:\Program Files (x86)\Image Resizer\ImageResizer64.dll
2013-09-14 23:03 - 2013-09-14 23:03 - 00185936 _____ (337 Technology Limited.) C:\Program Files (x86)\Desk 365\edis64.dll
2010-11-21 05:24 - 2010-11-21 05:24 - 00464384 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2013-07-04 10:18 - 2013-09-04 14:52 - 00525328 _____ (Abelssoft) C:\Program Files (x86)\CheckDrive\CheckDriveBackgroundGuard.exe
2013-07-04 10:18 - 2013-09-04 14:52 - 00025616 _____ (Ascora) C:\Program Files (x86)\CheckDrive\AbSettingsKeeper.dll
2013-07-04 10:18 - 2013-09-04 14:52 - 00039952 _____ (Ascora) C:\Program Files (x86)\CheckDrive\AbFlexTrans.dll
2013-07-04 10:18 - 2013-09-04 14:52 - 00203792 _____ (Abelssoft / Ascora GmbH) C:\Program Files (x86)\CheckDrive\AbBugReporter.dll
2013-07-04 10:18 - 2013-09-04 14:52 - 00060432 _____ (Ascora) C:\Program Files (x86)\CheckDrive\AbCommons.dll
2013-07-04 10:18 - 2013-09-04 14:52 - 00040976 _____ (Ascora GmbH) C:\Program Files (x86)\CheckDrive\Controller.dll
2013-09-07 14:02 - 2013-09-04 14:52 - 00017936 _____ () C:\Program Files (x86)\CheckDrive\AbStartManager.dll
2013-07-04 10:18 - 2013-09-04 14:52 - 00016912 _____ () C:\Program Files (x86)\CheckDrive\AbMessages.dll
2013-07-04 10:18 - 2013-09-04 14:52 - 01856528 _____ (Developer Express Inc.) C:\Program Files (x86)\CheckDrive\DevExpress.XtraEditors.v11.1.dll
2013-07-04 10:18 - 2013-09-04 14:52 - 03505680 _____ (Developer Express Inc.) C:\Program Files (x86)\CheckDrive\DevExpress.Utils.v11.1.dll
2013-07-04 10:18 - 2013-09-04 14:52 - 02114064 _____ (Developer Express Inc.) C:\Program Files (x86)\CheckDrive\DevExpress.Data.v11.1.dll
2011-02-12 07:40 - 2011-02-12 07:40 - 00462400 _____ (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
2013-05-23 12:34 - 2000-01-01 02:00 - 06548112 _____ (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
2013-05-23 12:34 - 2000-01-01 02:00 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2013-05-23 12:34 - 2000-01-01 02:00 - 03615888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2013-05-16 15:19 - 2013-05-16 15:19 - 00073216 _____ (Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\SteganosBrowserMonitor.exe
2013-07-22 10:22 - 2013-07-22 10:22 - 01093464 _____ (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
2013-07-22 10:22 - 2013-07-22 10:22 - 00216064 _____ (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\Garmin.Cartography.MapUpdate.CoreLibrary.dll
2013-07-22 10:22 - 2013-07-22 10:22 - 00005120 _____ (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\de\ExpressTray.resources.dll
2013-07-22 10:22 - 2013-07-22 10:22 - 00009728 _____ () C:\Program Files (x86)\Garmin\Express Tray\Garmin.Cartography.MapUpdate.Device.DataTypes.dll
2011-02-24 19:07 - 2011-02-24 19:07 - 00470120 _____ () C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
2013-05-16 15:19 - 2013-05-16 15:19 - 00103424 _____ (Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\SteganosHotKeyService.exe
2013-05-16 15:16 - 2013-05-16 15:16 - 00017408 _____ (Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\fredirstarter.exe
2013-02-13 04:37 - 2013-02-13 04:37 - 01263952 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2013-03-28 22:14 - 2013-03-28 22:14 - 00217088 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll
2013-03-28 22:14 - 2013-03-28 22:14 - 00335872 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll
2013-03-28 22:17 - 2013-03-28 22:17 - 00028672 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.Dashboard.dll
2013-06-29 12:08 - 2013-03-27 10:11 - 06875136 _____ (FreeDownloadManager.ORG) C:\Program Files (x86)\Free Download Manager\fdm.exe
2013-09-14 13:46 - 2013-09-10 16:35 - 02845152 ____N () C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
2012-10-18 17:13 - 2011-02-25 08:19 - 02871808 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2013-07-15 23:09 - 2013-07-15 23:09 - 00554384 _____ (Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
2013-09-14 23:03 - 2013-09-14 23:03 - 01011792 _____ (337 Technology Limited.) C:\Program Files (x86)\Desk 365\desk365.exe
2013-09-13 17:52 - 2013-09-13 17:52 - 00815496 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_174_ActiveX.exe
2013-09-15 08:17 - 2013-09-15 08:17 - 01951102 _____ (Farbar) C:\Users\Alfred\Desktop\Trojaner board.de\FRST64 (2).exe
2009-07-14 01:56 - 2009-07-14 03:39 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2011-02-24 19:06 - 2011-02-24 19:06 - 00292192 _____ (Acronis) C:\Program Files (x86)\Common Files\Acronis\DriveMonitor\Common\resource.dll
2011-02-24 19:05 - 2011-02-24 19:05 - 00111232 _____ (Acronis) C:\Program Files (x86)\Common Files\Acronis\DriveMonitor\Common\gc.dll
2011-02-24 18:39 - 2011-02-24 18:39 - 00012128 _____ () C:\Program Files (x86)\Common Files\Acronis\DriveMonitor\Common\icudt38.dll
2011-02-24 18:48 - 2011-02-24 18:48 - 00022368 _____ (Acronis) C:\Program Files (x86)\Common Files\Acronis\DriveMonitor\Common\thread_pool.dll
2013-07-15 23:09 - 2013-07-15 23:09 - 00318864 _____ (Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll
2013-02-13 04:38 - 2013-02-13 04:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 00053608 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-30 23:05 - 2011-08-30 23:05 - 00085864 _____ (Apple Inc.) C:\Windows\system32\dnssd.dll
2013-06-29 12:08 - 2013-01-11 03:22 - 03547136 _____ () C:\Program Files (x86)\Free Download Manager\fdmbtsupp.dll
2013-09-14 13:46 - 2013-09-10 16:34 - 02700768 ____N () C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll
2013-09-14 20:20 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-09-14 20:20 - 2013-05-16 10:55 - 03643800 _____ (Project JEDI) C:\Program Files (x86)\Spybot - Search & Destroy 2\Jcl150.bpl
2013-09-14 20:20 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-09-14 23:03 - 2013-09-14 23:03 - 00671824 _____ (337 Technology Limited.) C:\Program Files (x86)\Desk 365\ebase.dll
2013-09-14 23:03 - 2013-09-14 23:03 - 00038480 _____ (337 Technology Limited.) C:\Program Files (x86)\Desk 365\ElexDbg.dll
2013-09-14 23:03 - 2013-09-14 23:03 - 00232016 _____ () C:\Program Files (x86)\Desk 365\edeskcmn.dll
2013-09-14 23:03 - 2013-09-14 23:03 - 01445456 _____ (337 Technology Limited.) C:\Program Files (x86)\Desk 365\ouilibnl.dll
2013-09-14 23:03 - 2013-09-14 23:03 - 00181840 _____ () C:\Program Files (x86)\Desk 365\libpng.dll
2013-09-14 23:03 - 2013-09-14 23:03 - 00073296 _____ () C:\Program Files (x86)\Desk 365\libpopdlg.dll
2013-09-14 23:03 - 2013-09-14 23:03 - 00099408 _____ () C:\Program Files (x86)\Desk 365\mbdet.dll
2013-09-14 23:03 - 2013-09-14 23:03 - 00146512 _____ () C:\Program Files (x86)\Desk 365\enotify.dll
2013-09-13 17:52 - 2013-09-13 17:52 - 00479112 _____ (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_174_ActiveX.dll
2013-06-29 12:08 - 2013-03-11 12:35 - 00611328 _____ ( ) C:\Program Files (x86)\Free Download Manager\flvsniff.dll
2013-06-29 12:08 - 2013-01-11 03:17 - 00105984 _____ () C:\Program Files (x86)\Free Download Manager\fdmumsp.dll
2013-08-31 09:49 - 2013-08-31 09:49 - 00149280 _____ (diamondata) C:\Program Files (x86)\diamondata\diamondatabho.dll
2013-08-30 22:09 - 2013-08-30 22:09 - 00490496 _____ (PricePeep) C:\Program Files (x86)\PricePeep\pricepeep.dll
2013-09-13 17:52 - 2013-09-13 17:52 - 16244616 ____R (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_8_800_174.ocx
2013-06-29 12:08 - 2013-03-11 12:35 - 00397312 _____ () C:\Program Files (x86)\Free Download Manager\iefdmdm.dll

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\Users\Alfred\Documents\Diesen Hai können Sie vom Büro aus jagen.eml:OECustomProperty
AlternateDataStreams: C:\Users\Alfred\Documents\Mani Juerg mail 24.5.05. Re_ Swissair - Option 96_2000.eml:OECustomProperty
AlternateDataStreams: C:\Users\Alfred\Documents\nico.eml:OECustomProperty
AlternateDataStreams: C:\Users\Alfred\Documents\Rat vom Experten gegen Schnarchen.eml:OECustomProperty


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/15/2013 08:51:11 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/15/2013 08:15:57 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (09/14/2013 10:32:56 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service BitGuard since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (09/14/2013 09:44:22 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service BitGuard since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (09/14/2013 06:08:39 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HPSSBackupMonitor.exe, Version: 1.0.2.38, Zeitstempel: 0x4da7f7f6
Name des fehlerhaften Moduls: HPSSBackupMonitor.exe, Version: 1.0.2.38, Zeitstempel: 0x4da7f7f6
Ausnahmecode: 0xc0000094
Fehleroffset: 0x0002fa1b
ID des fehlerhaften Prozesses: 0xb58
Startzeit der fehlerhaften Anwendung: 0xHPSSBackupMonitor.exe0
Pfad der fehlerhaften Anwendung: HPSSBackupMonitor.exe1
Pfad des fehlerhaften Moduls: HPSSBackupMonitor.exe2
Berichtskennung: HPSSBackupMonitor.exe3

Error: (09/14/2013 09:29:47 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/14/2013 08:13:54 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2013 09:00:35 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/13/2013 08:29:00 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2013 08:32:47 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung war nicht erfolgreich. Fehler: "Am Sicherungsspeicherort ist nicht genügend freier Speicherplatz verfügbar, um die Daten zu sichern. (0x80780048)"


System errors:
=============
Error: (09/15/2013 01:31:04 AM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.

Error: (09/14/2013 09:44:48 PM) (Source: Service Control Manager) (User: )
Description: Dienst "hpqcxs08" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.

Error: (09/14/2013 09:43:31 PM) (Source: Service Control Manager) (User: )
Description: Dienst "HP CUE DeviceDiscovery Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/14/2013 09:43:31 PM) (Source: Service Control Manager) (User: )
Description: Dienst "hpqcxs08" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/11/2013 10:01:19 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.

Error: (09/11/2013 10:01:14 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.

Error: (09/11/2013 10:01:07 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.

Error: (09/11/2013 10:01:02 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.

Error: (09/11/2013 10:00:57 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.

Error: (09/11/2013 10:00:53 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.


Microsoft Office Sessions:
=========================
Error: (09/15/2013 08:51:11 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

Error: (09/15/2013 08:15:57 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Alfred\Downloads\SoftonicDownloader_fuer_to-do-desklist.exe

Error: (09/14/2013 10:32:56 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service BitGuard since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (09/14/2013 09:44:22 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service BitGuard since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (09/14/2013 06:08:39 PM) (Source: Application Error)(User: )
Description: HPSSBackupMonitor.exe1.0.2.384da7f7f6HPSSBackupMonitor.exe1.0.2.384da7f7f6c00000940002fa1bb5801ceb111672daf30C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\HPSSBackupMonitor.exeC:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\HPSSBackupMonitor.exeeabe4102-1d57-11e3-a1cc-20cf308e5960

Error: (09/14/2013 09:29:47 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

Error: (09/14/2013 08:13:54 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2013 09:00:35 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

Error: (09/13/2013 08:29:00 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2013 08:32:47 PM) (Source: Windows Backup)(User: )
Description: Am Sicherungsspeicherort ist nicht genügend freier Speicherplatz verfügbar, um die Daten zu sichern. (0x80780048)


==================== Memory info =========================== 

Percentage of memory in use: 30%
Total physical RAM: 8119.05 MB
Available physical RAM: 5618.86 MB
Total Pagefile: 16236.29 MB
Available Pagefile: 13077.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:465.66 GB) (Free:123.08 GB) NTFS
Drive d: (Daten2) (Fixed) (Total:232.88 GB) (Free:19.6 GB) NTFS
Drive i: (MCM2) (CDROM) (Total:0.6 GB) (Free:0 GB) CDFS
Drive m: (HP SimpleSave) (Fixed) (Total:930.86 GB) (Free:188.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C4CD6244)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 233 GB) (Disk ID: D20CD20C)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 931 GB) (Disk ID: 0002E5E5)
Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 15.09.2013, 15:38   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Delta.search eingefangen und internetexplorer ist plötzlich portugiesisch statt deutsch - Standard

Delta.search eingefangen und internetexplorer ist plötzlich portugiesisch statt deutsch



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.09.2013, 17:45   #5
suvannapum56
 
Delta.search eingefangen und internetexplorer ist plötzlich portugiesisch statt deutsch - Standard

Delta.search eingefangen und internetexplorer ist plötzlich portugiesisch statt deutsch



Hallo Schrauber,
Zwischenanfrage:
habe nun den PC gem.Deinen instruktionen mit antimalwarebytes gescannt. Finde nun unter Ergebnisse einige hundert, wenn nicht tausend Auflistungen. Ein Teil ist bereits angekreuzt (adware) , der allergrösste Teil nicht, alle beginnen mit dem Namen : PUP.Optional. Unmöglich, alle von Hand anzukreuzen. Ich sehe in der Dialogbox keinen Hinweis, zb "alle ankreuzen" o.ähnliches. Was schlägst Du mir vor?
Gruss

Anatol


Alt 15.09.2013, 22:32   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Delta.search eingefangen und internetexplorer ist plötzlich portugiesisch statt deutsch - Standard

Delta.search eingefangen und internetexplorer ist plötzlich portugiesisch statt deutsch



Echt, ist da kein Alles ankreuzen? Dann lass das ander mal entfernen, mach dann ADWCleaner und JRT, dann nochmal MBAM.
__________________
--> Delta.search eingefangen und internetexplorer ist plötzlich portugiesisch statt deutsch

Alt 16.09.2013, 09:44   #7
suvannapum56
 
Delta.search eingefangen und internetexplorer ist plötzlich portugiesisch statt deutsch - Standard

Delta.search eingefangen und internetexplorer ist plötzlich portugiesisch statt deutsch



Hallo Schrauber,
Habe nun nach Deiner obigen Instruktion alle 3 Programme nochmals laufen lassen. Es wurden bei allen 0 Funde registriert. Dennoch habe ich ein Problem mit dem Internetexplorer.
Obschon ich unter Internetoption www.google.ch eingebe für den Start des browers, erscheint immer wieder die portugiesische IExplorer site. Was ist da zu tun?
(übrigens die lätigen popups sibnd verschwunden)
Hier noch was: Wenn ich auf Mozilla Thunderbird (meine mailbox) Deinen Trojanerboard-link mit der Antwort anklicke, werde ich nicht weitergeleitet. ich muss zuerst den link kopieren und dann im Explorer eingeben...

Gruss und Dank
Anatol

Alt 16.09.2013, 10:37   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Delta.search eingefangen und internetexplorer ist plötzlich portugiesisch statt deutsch - Standard

Delta.search eingefangen und internetexplorer ist plötzlich portugiesisch statt deutsch



Poste mal ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.09.2013, 11:45   #9
suvannapum56
 
Delta.search eingefangen und internetexplorer ist plötzlich portugiesisch statt deutsch - Standard

Delta.search eingefangen und internetexplorer ist plötzlich portugiesisch statt deutsch



hier sind die neusten FRST64 logs:
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 01
Ran by Alfred (administrator) on DM12REP on 16-09-2013 11:48:59
Running from C:\Users\Alfred\Desktop\FRST64 text.16.9.013
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ArcSoft, Inc.) C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Abelssoft) C:\Program Files (x86)\CheckDrive\CheckDriveBackgroundGuard.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(VMLite, Inc.) C:\VXP\VMLiteService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\SteganosBrowserMonitor.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\SteganosHotKeyService.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\fredirstarter.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\HPSSBackupMonitor.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(VMLite, Inc.) C:\VXP\VBoxSVC.exe
(VMLite, Inc.) C:\VXP\VMLite.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Users\Alfred\Desktop\FRST64 text.16.9.013\FRST64 (2).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1436224 2010-11-30] (Microsoft Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [462400 2011-02-12] (Acronis)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2000-01-01] (Realtek Semiconductor)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [SAFE14 Browser Monitor] - C:\Program Files (x86)\Steganos Safe 14\SteganosBrowserMonitor.exe [73216 2013-05-16] (Steganos Software GmbH)
HKCU\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093464 2013-07-22] (Garmin Ltd or its subsidiaries)
MountPoints2: {4f517e39-1c09-11e2-9a89-20cf308e5960} - I:\setup.exe /autorun
MountPoints2: {63be18cd-1c39-11e2-87aa-20cf308e5960} - L:\HPLauncher.exe
MountPoints2: {aa142560-a0e7-11e2-b173-20cf308e5960} - K:\HPLauncher.exe
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [adm_tray.exe] - C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe [470120 2011-02-24] ()
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Steganos HotKeys] - C:\Program Files (x86)\Steganos Safe 14\SteganosHotKeyService.exe [103424 2013-05-16] (Steganos Software GmbH)
HKLM-x32\...\Run: [SAFE14 File Redirection Starter] - C:\Program Files (x86)\Steganos Safe 14\fredirstarter.exe [17408 2013-05-16] (Steganos Software GmbH)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-07-01] (RealNetworks, Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554384 2013-07-15] (Lavasoft)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKU\Default\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Default User\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
Startup: C:\Users\Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk
ShortcutTarget: HP SimpleSave Monitor.lnk -> C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\StartHelper.exe ()
BootExecute: autocheck autochk * SBBD.exe /d \Device\HarddiskVolume2\Program Files (x86)\Ad-Aware Antivirus\Definitionssdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Schweiz : Hotmail, Outlook, Skype download, Unterhaltung, Nachrichten, Sport, Lifestyle, Auto und mehr bei MSN CH
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2E20F8E641ADCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = PortalDoSites
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = PortalDoSites
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = PortalDoSites
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = PortalDoSites
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = PortalDoSites
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe PortalDoSites
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = PortalDoSites
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = PortalDoSites
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = PortalDoSites
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Bing
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = PortalDoSites
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Bing
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Bing
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
BHO: No Name - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} -  No File
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Freemake.YoutubeButton - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default
FF user.js: detected! => C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\user.js
FF NewTab: hxxp://www.portaldosites.com/?utm_source=b&utm_medium=sfpsnew2&utm_campaign=eXQ&utm_content=hp&from=sfpsnew2&uid=SAMSUNGXHD502HJ_S20BJA0ZA50314&ts=1379192577
FF DefaultSearchEngine: portaldosites
FF SearchEngineOrder.1: portaldosites
FF SelectedSearchEngine: portaldosites
FF Homepage: hxxp://www.portaldosites.com/?utm_source=b&utm_medium=sfpsnew2&utm_campaign=eXQ&utm_content=hp&from=sfpsnew2&uid=SAMSUNGXHD502HJ_S20BJA0ZA50314&ts=1379192577
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.4.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\searchplugins\webwebweb.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\portaldosites.xml
FF Extension: Ant Video Downloader - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\Extensions\anttoolbar@ant.com
FF Extension: DoNotTrackMe - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\Extensions\donottrackplus@abine.com
FF Extension: BrowserAdditions - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\Extensions\toolbarbutton@browseradditions.com
FF Extension: AtTask Notifier - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\Extensions\waters@attask.com
FF Extension: WOT - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: ReminderFox - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
FF Extension: DownloadHelper - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: adblockpopups - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: client - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\Extensions\client@anonymox.net.xpi
FF Extension: fdm_ffext - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\Extensions\fdm_ffext@freedownloadmanager.org
FF Extension: ffext_basicchromeext - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\Extensions\ffext_basicchromeext@startpage24.xpi
FF Extension: firefox - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\Extensions\firefox@diamondata.net.xpi
FF Extension: onlinehdtv - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\Extensions\onlinehdtv@onlinehd.tv.xpi
FF Extension: pricepeep - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\Extensions\pricepeep@getpricepeep.com.xpi
FF Extension: savedpasswordeditor - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\Extensions\savedpasswordeditor@daniel.dawson.xpi
FF Extension: waters - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\Extensions\waters@attask.com.xpi
FF Extension: No Name - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\Extensions\WTB_GLOBAL.sqlite
FF Extension: No Name - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\qnr0hiir.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_4&ent=hp&u=424CC20045927E4CBDC72C5234910BB4
CHR RestoreOnStartup: "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_4&ent=hp&u=424CC20045927E4CBDC72C5234910BB4",  "hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=54C60800270058AF&affID=121565&tsp=5005"
CHR DefaultSearchURL: (Claro Search) - hxxp://www.claro-search.com/?q={searchTerms}&affID=114508&tt=4412_5&babsrc=SP_clro&mntrId=54c653ba0000000000000800270058af
CHR DefaultSuggestURL: (Claro Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (WOT) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.13_0
CHR Extension: (YouTube) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Freemake Video Downloader) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_1
CHR Extension: (Google Search) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Online HD TV) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkinklhnkmkhkhofcnapakaoehijaoih\1.2_0
CHR Extension: (Freemake Youtube Download Button) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh\1.0.0_1
CHR Extension: (Delta Toolbar) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0
CHR Extension: (RealDownloader) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0
CHR Extension: (PricePeep) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.3_0
CHR Extension: (Skype Click to Call) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
CHR Extension: (Lavasoft NewTab) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.12
CHR Extension: (Gmail) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [dkinklhnkmkhkhofcnapakaoehijaoih] - C:\Program Files (x86)\OnlineHD.TV\onhd11.crx
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx

==================== Services (Whitelisted) =================

R2 BackupService; C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-07-01] (ArcSoft, Inc.)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-08-26] (Ellora Assets Corp.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [219480 2013-07-22] (Garmin Ltd or its subsidiaries)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2010-11-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [282616 2010-11-11] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 VMLiteService; C:\VXP\VMLiteService.exe [426600 2010-08-21] (VMLite, Inc.)

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-09-14] (GFI Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [188928 2010-10-24] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [72064 2010-10-24] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [108648 2012-07-24] (Softwareentwicklung Remus - ArchiCrypt - )
R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [108648 2012-07-24] (Softwareentwicklung Remus - ArchiCrypt - )
R1 VBoxDrv; C:\Windows\System32\drivers\VBoxDrv.sys [204328 2010-08-11] (VMLite, Inc.)
R3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp.sys [146216 2010-08-11] (VMLite, Inc.)
R3 VBoxNetFlt; C:\Windows\System32\DRIVERS\VBoxNetFlt.sys [165800 2010-08-11] (VMLite, Inc.)
R1 vmlitedrv; C:\Windows\System32\drivers\vmlitedrv.sys [14952 2010-08-03] (VMLite, Inc.)
R3 vmlitestor; C:\Windows\System32\DRIVERS\vmlitestor.sys [177768 2010-08-11] (VMLite, Inc.)
S3 VMLiteUSB; C:\Windows\System32\Drivers\VMLiteUSB.sys [150120 2010-08-11] (VMLite, Inc.)
R1 VMLiteUSBMon; C:\Windows\System32\drivers\vmliteusbmon.sys [135272 2010-08-18] (VMLite, Inc.)
S3 ALSysIO; \??\C:\Users\Alfred\AppData\Local\Temp\ALSysIO64.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-16 11:46 - 2013-09-16 11:48 - 00000000 ____D C:\Users\Alfred\Desktop\FRST64 text.16.9.013
2013-09-16 09:33 - 2013-09-16 09:33 - 00000000 ____D C:\AdwCleaner
2013-09-16 09:24 - 2013-09-16 09:24 - 00060032 _____ C:\Windows\PFRO.log
2013-09-16 09:24 - 2013-09-16 09:24 - 00000056 _____ C:\Windows\setupact.log
2013-09-16 09:24 - 2013-09-16 09:24 - 00000000 _____ C:\Windows\setuperr.log
2013-09-15 18:17 - 2013-09-16 10:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-15 18:17 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-15 11:19 - 2013-09-15 11:25 - 00000386 _____ C:\Users\Alfred\Desktop\nzz leserbrief.txt
2013-09-15 08:19 - 2013-09-16 10:35 - 00000000 ____D C:\Users\Alfred\Desktop\Trojaner board.de
2013-09-14 23:02 - 2013-09-14 23:02 - 00000000 ____D C:\User Data
2013-09-14 21:52 - 2013-09-14 21:52 - 00000000 _____ C:\autoexec.bat
2013-09-14 21:44 - 2013-09-14 22:33 - 00000000 ____D C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-09-14 21:44 - 2013-09-14 21:44 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-14 20:29 - 2013-09-14 20:27 - 00447822 ____R C:\Windows\system32\Drivers\etc\hosts.20130914-202925.backup
2013-09-14 20:27 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20130914-202757.backup
2013-09-14 20:20 - 2013-09-14 20:30 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-14 20:20 - 2013-09-14 20:20 - 00001385 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-09-14 20:20 - 2013-09-14 20:20 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-09-14 20:20 - 2013-09-14 20:20 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-09-14 20:20 - 2009-01-25 13:14 - 00017272 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2013-09-14 18:44 - 2013-09-14 18:44 - 00004322 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan
2013-09-14 18:44 - 2013-09-14 18:44 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\LavasoftStatistics
2013-09-14 18:44 - 2013-09-14 18:44 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-09-14 18:39 - 2013-09-14 20:18 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-09-14 18:39 - 2013-09-14 18:39 - 00000000 ____D C:\ProgramData\Lavasoft
2013-09-14 18:38 - 2013-09-14 20:57 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2013-09-14 18:38 - 2013-09-14 18:38 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-09-14 18:38 - 2013-09-14 18:38 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-09-14 18:36 - 2013-09-14 20:14 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\Ad-Aware Antivirus
2013-09-14 18:36 - 2013-09-14 18:48 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2013-09-14 13:46 - 2013-09-16 09:24 - 00000000 ____D C:\ProgramData\BitGuard
2013-09-14 13:46 - 2013-09-16 09:23 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard
2013-09-14 13:46 - 2013-09-16 09:22 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-14 13:46 - 2013-09-14 13:46 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-09-14 13:46 - 2013-09-14 13:46 - 00000000 ____D C:\Users\Alfred\AppData\Local\avgchrome
2013-09-14 13:46 - 2013-09-14 13:46 - 00000000 ____D C:\Program Files\WinPcap
2013-09-14 13:45 - 2013-09-14 13:47 - 00000000 ____D C:\Users\Alfred\Documents\Freemake
2013-09-14 13:45 - 2013-09-14 13:46 - 00000000 ____D C:\ProgramData\Freemake
2013-09-14 13:45 - 2013-09-14 13:45 - 00001338 _____ C:\Users\Public\Desktop\Freemake Video Downloader.lnk
2013-09-14 13:45 - 2013-09-14 13:45 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-09-14 13:45 - 2013-09-14 13:45 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-09-13 18:22 - 2013-09-13 18:22 - 00000000 ____D C:\Users\Alfred\Documents\OLIVER
2013-09-13 18:21 - 2013-09-13 18:21 - 00000000 ____D C:\Users\Alfred\Documents\AHV
2013-09-13 11:43 - 2013-09-13 11:44 - 01468848 _____ C:\Users\Alfred\Downloads\nsfa_faleolo_intl-4x.zip
2013-09-11 23:07 - 2013-07-31 16:17 - 17833472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 23:07 - 2013-07-31 15:42 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 23:07 - 2013-07-31 15:29 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 23:07 - 2013-07-31 15:20 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 23:07 - 2013-07-31 15:19 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 23:07 - 2013-07-31 15:18 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-11 23:07 - 2013-07-31 15:17 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-11 23:07 - 2013-07-31 15:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 23:07 - 2013-07-31 15:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-11 23:07 - 2013-07-31 15:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 23:07 - 2013-07-31 15:13 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-11 23:07 - 2013-07-31 15:11 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 23:07 - 2013-07-31 15:11 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 23:07 - 2013-07-31 15:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-11 23:07 - 2013-07-31 15:08 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 23:07 - 2013-07-31 15:05 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 23:07 - 2013-07-31 12:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-11 23:07 - 2013-07-31 12:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-11 23:07 - 2013-07-31 12:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-11 23:07 - 2013-07-31 11:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-11 23:07 - 2013-07-31 11:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-11 23:07 - 2013-07-31 11:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-11 23:07 - 2013-07-31 11:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-11 23:07 - 2013-07-31 11:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 23:07 - 2013-07-31 11:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-11 23:07 - 2013-07-31 11:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-11 23:07 - 2013-07-31 11:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-11 23:07 - 2013-07-31 11:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-11 23:07 - 2013-07-31 11:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-11 23:07 - 2013-07-31 11:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-11 23:07 - 2013-07-31 11:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-11 23:07 - 2013-07-31 11:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-11 17:44 - 2013-09-11 17:44 - 00286914 _____ C:\Users\Alfred\Downloads\Nicht bestätigt 302000.crdownload
2013-09-11 14:13 - 2013-09-11 14:13 - 00000000 ____D C:\Users\Alfred\Desktop\ACHTUNG-VIDEOS AUF C!!
2013-09-11 09:21 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 09:21 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 09:21 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-11 09:21 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-11 09:21 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-11 09:21 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-11 09:21 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-11 09:21 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 09:21 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-11 09:21 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 09:21 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 09:21 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 09:21 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-11 09:21 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 09:21 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 09:21 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 09:21 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-11 09:21 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-11 09:21 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 09:21 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-11 09:21 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-11 09:21 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 09:21 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 09:21 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 09:21 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 09:21 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 09:21 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-10 15:58 - 2013-09-11 13:00 - 00000000 ____D C:\Users\Alfred\Documents\E-BIKES
2013-09-10 11:22 - 2013-09-10 11:32 - 00000000 ____D C:\Users\Alfred\Desktop\FLIMS JPGS
2013-09-07 18:13 - 2013-09-16 09:24 - 00003362 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000
2013-09-07 18:13 - 2013-09-16 09:24 - 00003230 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-344976508-2612026722-1020238545-1000
2013-09-07 16:51 - 2013-09-07 16:54 - 00000000 ____D C:\Users\Alfred\Desktop\PC-DM log
2013-09-07 14:02 - 2013-09-07 14:02 - 00000000 ____D C:\Windows\System32\Tasks\Abelssoft
2013-09-04 14:24 - 2013-09-04 14:24 - 00002774 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-09-04 14:24 - 2013-09-04 14:24 - 00000828 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-09-04 14:24 - 2013-09-04 14:24 - 00000000 ____D C:\Program Files\CCleaner
2013-09-04 14:19 - 2013-09-04 14:20 - 03415256 _____ (Piriform Ltd) C:\Users\Alfred\Downloads\ccsetup405_slim_4.05.exe
2013-09-04 13:49 - 2013-09-15 07:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-04 08:00 - 2013-09-07 10:39 - 00000000 ____D C:\Users\Alfred\Documents\VISA re hamburger abendblatt
2013-09-02 11:47 - 2013-09-04 20:52 - 00000000 ____D C:\Users\Alfred\Documents\BIKETOUR 5.9.013
2013-09-02 09:43 - 2013-09-02 09:43 - 05474304 _____ C:\Users\Alfred\Desktop\Ingenio en las calles.pps
2013-09-01 09:57 - 2013-09-07 14:02 - 00001923 _____ C:\Users\Alfred\Desktop\CheckDrive.lnk
2013-08-31 09:21 - 2013-08-31 09:21 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\OpenOffice
2013-08-30 20:44 - 2013-08-30 20:45 - 82752240 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\Alfred\Downloads\FreeStudio.exe
2013-08-30 11:42 - 2013-08-30 11:42 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-08-30 11:42 - 2013-08-30 11:42 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-08-30 11:17 - 2013-08-30 11:17 - 00001012 _____ C:\Users\Alfred\Desktop\HCI - Verknüpfung.lnk
2013-08-28 15:55 - 2013-08-28 15:55 - 00003382 _____ C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000
2013-08-28 10:49 - 2013-08-28 10:49 - 00001234 _____ C:\Users\Alfred\Desktop\cm desktop - Verknüpfung.lnk
2013-08-28 10:45 - 2013-08-28 10:47 - 00000000 ___RD C:\Users\Alfred\Desktop\DOCS
2013-08-28 10:44 - 2013-08-28 10:45 - 00000000 ___RD C:\Users\Alfred\Desktop\PIX
2013-08-28 10:42 - 2013-08-28 16:00 - 00000000 ___RD C:\Users\Alfred\Desktop\CMI-LOG
2013-08-26 21:12 - 2013-09-14 13:14 - 00000000 ____D C:\Users\Alfred\Documents\HCI
2013-08-25 11:22 - 2013-08-25 11:25 - 00000000 ____D C:\Users\Alfred\AppData\Local\Administrator tools.{d20ea4e1-3957-11d2-a40b-0c5020524153}
2013-08-24 22:46 - 2013-08-24 22:47 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-24 22:46 - 2013-08-24 22:46 - 00000000 ____D C:\Program Files\iTunes
2013-08-24 22:46 - 2013-08-24 22:46 - 00000000 ____D C:\Program Files\iPod
2013-08-24 22:46 - 2013-08-24 22:46 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-24 20:20 - 2013-08-24 20:20 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\net1-sede
2013-08-24 20:20 - 2013-08-24 20:20 - 00000000 ____D C:\Program Files\net1-sede
2013-08-24 15:08 - 2013-09-07 16:51 - 00000000 ____D C:\Users\Alfred\Desktop\PIX LOG
2013-08-23 12:08 - 2013-08-23 12:08 - 00000916 _____ C:\Users\Alfred\Eigene Dokumente - Verknüpfung.lnk
2013-08-23 12:08 - 2013-08-23 12:08 - 00000916 _____ C:\Users\Alfred\Eigene Dokumente - Verknüpfung (2).lnk
2013-08-20 08:59 - 2013-08-20 08:59 - 00000660 _____ C:\Users\Alfred\Downloads\BestaetigungAufladungNATELeasy99090760.txt
2013-08-19 20:48 - 2013-09-13 09:50 - 00011776 _____ C:\Users\Alfred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-18 16:55 - 2013-08-18 16:55 - 08389616 _____ C:\Users\Alfred\Downloads\EBOOT (3).PBP
2013-08-18 16:24 - 2013-08-18 16:24 - 08389616 _____ C:\Users\Alfred\Downloads\EBOOT (2).PBP
2013-08-18 16:24 - 2013-08-18 16:24 - 08389616 _____ C:\Users\Alfred\Downloads\EBOOT (1).PBP
2013-08-18 16:22 - 2013-08-18 16:22 - 08389616 _____ C:\Users\Alfred\Downloads\EBOOT.PBP

==================== One Month Modified Files and Folders =======

2013-09-16 11:48 - 2013-09-16 11:46 - 00000000 ____D C:\Users\Alfred\Desktop\FRST64 text.16.9.013
2013-09-16 11:48 - 2013-04-10 04:17 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-16 11:21 - 2012-10-18 15:41 - 01315765 _____ C:\Windows\WindowsUpdate.log
2013-09-16 11:03 - 2012-10-25 14:53 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-16 10:49 - 2012-10-23 16:51 - 00000000 ____D C:\Users\Alfred\VMLites
2013-09-16 10:35 - 2013-09-15 08:19 - 00000000 ____D C:\Users\Alfred\Desktop\Trojaner board.de
2013-09-16 10:27 - 2013-09-15 18:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-16 09:33 - 2013-09-16 09:33 - 00000000 ____D C:\AdwCleaner
2013-09-16 09:33 - 2013-06-29 12:08 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\Free Download Manager
2013-09-16 09:31 - 2009-07-14 06:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-16 09:31 - 2009-07-14 06:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-16 09:24 - 2013-09-16 09:24 - 00060032 _____ C:\Windows\PFRO.log
2013-09-16 09:24 - 2013-09-16 09:24 - 00000056 _____ C:\Windows\setupact.log
2013-09-16 09:24 - 2013-09-16 09:24 - 00000000 _____ C:\Windows\setuperr.log
2013-09-16 09:24 - 2013-09-14 13:46 - 00000000 ____D C:\ProgramData\BitGuard
2013-09-16 09:24 - 2013-09-07 18:13 - 00003362 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000
2013-09-16 09:24 - 2013-09-07 18:13 - 00003230 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-344976508-2612026722-1020238545-1000
2013-09-16 09:24 - 2012-10-25 14:53 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-16 09:24 - 2012-10-25 14:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-16 09:24 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-16 09:23 - 2013-09-14 13:46 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard
2013-09-16 09:22 - 2013-09-14 13:46 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-15 11:25 - 2013-09-15 11:19 - 00000386 _____ C:\Users\Alfred\Desktop\nzz leserbrief.txt
2013-09-15 07:53 - 2013-09-04 13:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-14 23:03 - 2012-10-18 16:08 - 00001761 _____ C:\Users\Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-14 23:03 - 2012-10-18 16:08 - 00001739 _____ C:\Users\Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-09-14 23:03 - 2011-06-11 02:58 - 00420944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2013-09-14 23:02 - 2013-09-14 23:02 - 00000000 ____D C:\User Data
2013-09-14 22:33 - 2013-09-14 21:44 - 00000000 ____D C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-09-14 21:52 - 2013-09-14 21:52 - 00000000 _____ C:\autoexec.bat
2013-09-14 21:44 - 2013-09-14 21:44 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-14 20:57 - 2013-09-14 18:38 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2013-09-14 20:30 - 2013-09-14 20:20 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-14 20:27 - 2013-09-14 20:29 - 00447822 ____R C:\Windows\system32\Drivers\etc\hosts.20130914-202925.backup
2013-09-14 20:20 - 2013-09-14 20:20 - 00001385 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-09-14 20:20 - 2013-09-14 20:20 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-09-14 20:20 - 2013-09-14 20:20 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-09-14 20:18 - 2013-09-14 18:39 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-09-14 20:14 - 2013-09-14 18:36 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\Ad-Aware Antivirus
2013-09-14 18:48 - 2013-09-14 18:36 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2013-09-14 18:46 - 2012-12-03 12:09 - 00000000 ____D C:\Users\Alfred\Documents\FAMILIE
2013-09-14 18:45 - 2012-11-01 11:06 - 00753152 ___SH C:\Users\Alfred\Documents\Thumbs.db
2013-09-14 18:44 - 2013-09-14 18:44 - 00004322 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan
2013-09-14 18:44 - 2013-09-14 18:44 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\LavasoftStatistics
2013-09-14 18:44 - 2013-09-14 18:44 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-09-14 18:39 - 2013-09-14 18:39 - 00000000 ____D C:\ProgramData\Lavasoft
2013-09-14 18:38 - 2013-09-14 18:38 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-09-14 18:38 - 2013-09-14 18:38 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-09-14 14:28 - 2012-10-18 18:16 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-14 14:26 - 2012-10-21 15:24 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\vlc
2013-09-14 13:50 - 2011-04-12 09:43 - 00698720 _____ C:\Windows\system32\perfh007.dat
2013-09-14 13:50 - 2011-04-12 09:43 - 00148916 _____ C:\Windows\system32\perfc007.dat
2013-09-14 13:50 - 2009-07-14 07:13 - 01619012 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-14 13:47 - 2013-09-14 13:45 - 00000000 ____D C:\Users\Alfred\Documents\Freemake
2013-09-14 13:46 - 2013-09-14 13:46 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-09-14 13:46 - 2013-09-14 13:46 - 00000000 ____D C:\Users\Alfred\AppData\Local\avgchrome
2013-09-14 13:46 - 2013-09-14 13:46 - 00000000 ____D C:\Program Files\WinPcap
2013-09-14 13:46 - 2013-09-14 13:45 - 00000000 ____D C:\ProgramData\Freemake
2013-09-14 13:45 - 2013-09-14 13:45 - 00001338 _____ C:\Users\Public\Desktop\Freemake Video Downloader.lnk
2013-09-14 13:45 - 2013-09-14 13:45 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-09-14 13:45 - 2013-09-14 13:45 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-09-14 13:14 - 2013-08-26 21:12 - 00000000 ____D C:\Users\Alfred\Documents\HCI
2013-09-14 11:32 - 2013-04-14 09:40 - 00000000 ____D C:\Users\Alfred\Documents\MEDIA
2013-09-13 18:25 - 2012-12-03 11:59 - 00000000 ____D C:\Users\Alfred\Documents\POLITIK-MEDIA
2013-09-13 18:22 - 2013-09-13 18:22 - 00000000 ____D C:\Users\Alfred\Documents\OLIVER
2013-09-13 18:21 - 2013-09-13 18:21 - 00000000 ____D C:\Users\Alfred\Documents\AHV
2013-09-13 17:52 - 2013-04-10 04:17 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-13 17:52 - 2012-10-22 08:20 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-13 17:52 - 2012-10-22 08:20 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-13 11:44 - 2013-09-13 11:43 - 01468848 _____ C:\Users\Alfred\Downloads\nsfa_faleolo_intl-4x.zip
2013-09-13 09:58 - 2012-11-16 13:56 - 00000000 ____D C:\Users\Alfred\Documents\HUMOR KURIOSES
2013-09-13 09:50 - 2013-08-19 20:48 - 00011776 _____ C:\Users\Alfred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-12 14:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-12 11:16 - 2012-10-25 22:13 - 00000000 ____D C:\Users\Alfred\dwhelper
2013-09-12 10:20 - 2012-10-18 16:07 - 00000000 ___RD C:\Users\Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-12 10:20 - 2012-10-18 16:07 - 00000000 ___RD C:\Users\Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 10:20 - 2009-07-14 06:45 - 02237408 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 23:09 - 2013-08-04 12:19 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 23:08 - 2012-10-18 17:36 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 17:44 - 2013-09-11 17:44 - 00286914 _____ C:\Users\Alfred\Downloads\Nicht bestätigt 302000.crdownload
2013-09-11 17:32 - 2012-11-08 13:31 - 00000181 _____ C:\ProgramData\LockFilePath.ini
2013-09-11 14:13 - 2013-09-11 14:13 - 00000000 ____D C:\Users\Alfred\Desktop\ACHTUNG-VIDEOS AUF C!!
2013-09-11 13:00 - 2013-09-10 15:58 - 00000000 ____D C:\Users\Alfred\Documents\E-BIKES
2013-09-11 10:46 - 2013-07-31 10:56 - 00000000 ____D C:\Users\Alfred\Desktop\an APPELT
2013-09-10 22:47 - 2012-11-16 13:57 - 00000000 ____D C:\Users\Alfred\Documents\0.AVIATION
2013-09-10 11:32 - 2013-09-10 11:22 - 00000000 ____D C:\Users\Alfred\Desktop\FLIMS JPGS
2013-09-10 11:01 - 2012-10-25 14:53 - 00000000 ____D C:\ProgramData\Real
2013-09-10 11:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-09-10 11:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-09-10 10:02 - 2012-10-18 16:07 - 00000000 ____D C:\Users\Alfred
2013-09-08 20:16 - 2013-04-17 17:33 - 00000000 ____D C:\Users\Alfred\Documents\PW
2013-09-07 16:54 - 2013-09-07 16:51 - 00000000 ____D C:\Users\Alfred\Desktop\PC-DM log
2013-09-07 16:51 - 2013-08-24 15:08 - 00000000 ____D C:\Users\Alfred\Desktop\PIX LOG
2013-09-07 14:02 - 2013-09-07 14:02 - 00000000 ____D C:\Windows\System32\Tasks\Abelssoft
2013-09-07 14:02 - 2013-09-01 09:57 - 00001923 _____ C:\Users\Alfred\Desktop\CheckDrive.lnk
2013-09-07 14:02 - 2013-07-04 10:18 - 00000000 ____D C:\Program Files (x86)\CheckDrive
2013-09-07 10:39 - 2013-09-04 08:00 - 00000000 ____D C:\Users\Alfred\Documents\VISA re hamburger abendblatt
2013-09-04 20:52 - 2013-09-02 11:47 - 00000000 ____D C:\Users\Alfred\Documents\BIKETOUR 5.9.013
2013-09-04 14:25 - 2013-08-16 10:38 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-09-04 14:25 - 2012-10-27 15:40 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\uTorrent
2013-09-04 14:24 - 2013-09-04 14:24 - 00002774 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-09-04 14:24 - 2013-09-04 14:24 - 00000828 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-09-04 14:24 - 2013-09-04 14:24 - 00000000 ____D C:\Program Files\CCleaner
2013-09-04 14:20 - 2013-09-04 14:19 - 03415256 _____ (Piriform Ltd) C:\Users\Alfred\Downloads\ccsetup405_slim_4.05.exe
2013-09-03 14:38 - 2012-11-01 12:26 - 00000000 ____D C:\Users\Alfred\Documents\PG
2013-09-02 20:50 - 2012-12-17 20:29 - 00003340 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000
2013-09-02 20:50 - 2012-12-17 20:29 - 00003208 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-344976508-2612026722-1020238545-1000
2013-09-02 11:48 - 2013-07-04 21:26 - 00000000 ____D C:\Users\Alfred\Documents\trojaner.board.de.4.7.013
2013-09-02 09:43 - 2013-09-02 09:43 - 05474304 _____ C:\Users\Alfred\Desktop\Ingenio en las calles.pps
2013-08-31 09:21 - 2013-08-31 09:21 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\OpenOffice
2013-08-30 20:45 - 2013-08-30 20:44 - 82752240 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\Alfred\Downloads\FreeStudio.exe
2013-08-30 13:30 - 2012-10-19 03:23 - 00068440 _____ C:\Users\Alfred\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-30 11:42 - 2013-08-30 11:42 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-08-30 11:42 - 2013-08-30 11:42 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-08-30 11:17 - 2013-08-30 11:17 - 00001012 _____ C:\Users\Alfred\Desktop\HCI - Verknüpfung.lnk
2013-08-28 16:00 - 2013-08-28 10:42 - 00000000 ___RD C:\Users\Alfred\Desktop\CMI-LOG
2013-08-28 16:00 - 2013-07-22 12:09 - 00001671 _____ C:\Users\Alfred\Desktop\CMI div. infos ab 2008 - Verknüpfung.lnk
2013-08-28 15:55 - 2013-08-28 15:55 - 00003382 _____ C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000
2013-08-28 14:21 - 2012-11-01 09:05 - 00000000 ____D C:\Users\Alfred\Documents\AUTO
2013-08-28 10:49 - 2013-08-28 10:49 - 00001234 _____ C:\Users\Alfred\Desktop\cm desktop - Verknüpfung.lnk
2013-08-28 10:49 - 2012-11-06 15:13 - 00000000 ____D C:\Users\Alfred\Documents\FINANZEN
2013-08-28 10:47 - 2013-08-28 10:45 - 00000000 ___RD C:\Users\Alfred\Desktop\DOCS
2013-08-28 10:45 - 2013-08-28 10:44 - 00000000 ___RD C:\Users\Alfred\Desktop\PIX
2013-08-27 22:27 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-27 08:43 - 2013-06-20 11:40 - 00000000 ____D C:\Users\Alfred\Documents\ID ISARAPORN
2013-08-25 12:23 - 2013-07-24 06:53 - 00000000 ____D C:\Users\Alfred\Documents\LILIAN VORERBE
2013-08-25 12:23 - 2013-05-21 13:40 - 00000000 ____D C:\Users\Alfred\Documents\PIM
2013-08-25 12:23 - 2013-05-19 12:30 - 00000000 ____D C:\Users\Alfred\Documents\PSORIASIS
2013-08-25 12:23 - 2013-05-01 14:37 - 00000000 ____D C:\Users\Alfred\Documents\Mobiliar Belp
2013-08-25 12:23 - 2013-04-14 09:49 - 00000000 ____D C:\Users\Alfred\Documents\DOCS.diverse.ex.kingston
2013-08-25 11:25 - 2013-08-25 11:22 - 00000000 ____D C:\Users\Alfred\AppData\Local\Administrator tools.{d20ea4e1-3957-11d2-a40b-0c5020524153}
2013-08-24 22:47 - 2013-08-24 22:46 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-24 22:46 - 2013-08-24 22:46 - 00000000 ____D C:\Program Files\iTunes
2013-08-24 22:46 - 2013-08-24 22:46 - 00000000 ____D C:\Program Files\iPod
2013-08-24 22:46 - 2013-08-24 22:46 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-24 20:20 - 2013-08-24 20:20 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\net1-sede
2013-08-24 20:20 - 2013-08-24 20:20 - 00000000 ____D C:\Program Files\net1-sede
2013-08-24 20:19 - 2012-10-18 16:07 - 00000000 ____D C:\Users\Alfred\AppData\Local\VirtualStore
2013-08-23 12:08 - 2013-08-23 12:08 - 00000916 _____ C:\Users\Alfred\Eigene Dokumente - Verknüpfung.lnk
2013-08-23 12:08 - 2013-08-23 12:08 - 00000916 _____ C:\Users\Alfred\Eigene Dokumente - Verknüpfung (2).lnk
2013-08-22 08:59 - 2013-05-23 10:08 - 00000000 ____D C:\Program Files (x86)\SlimComputer
2013-08-21 11:56 - 2011-02-17 23:56 - 00000000 ____D C:\Users\Alfred\Documents\2006 - 20007 docs
2013-08-20 08:59 - 2013-08-20 08:59 - 00000660 _____ C:\Users\Alfred\Downloads\BestaetigungAufladungNATELeasy99090760.txt
2013-08-19 17:43 - 2013-07-23 17:57 - 00000000 ____D C:\Users\Alfred\Documents\ID
2013-08-19 13:31 - 2013-04-14 10:06 - 00000000 ____D C:\Users\Alfred\Documents\AVIATION pdfs
2013-08-18 16:55 - 2013-08-18 16:55 - 08389616 _____ C:\Users\Alfred\Downloads\EBOOT (3).PBP
2013-08-18 16:24 - 2013-08-18 16:24 - 08389616 _____ C:\Users\Alfred\Downloads\EBOOT (2).PBP
2013-08-18 16:24 - 2013-08-18 16:24 - 08389616 _____ C:\Users\Alfred\Downloads\EBOOT (1).PBP
2013-08-18 16:22 - 2013-08-18 16:22 - 08389616 _____ C:\Users\Alfred\Downloads\EBOOT.PBP

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-11 09:44

==================== End Of Log ============================
         
--- --- ---

--- --- ---
FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2013 01
Ran by Alfred at 2013-09-16 11:49:35
Running from C:\Users\Alfred\Desktop\FRST64 text.16.9.013
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

µTorrent (x32 Version: 3.2.3.28705)
Acronis Drive Monitor (x32 Version: 1.0.566)
Ad-Aware Browsing Protection (x32 Version: 1.0.1.110)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.174)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Photoshop 7.0 (x32 Version: 7.0)
Adobe Reader XI (11.0.04) - Deutsch (x32 Version: 11.0.04)
aerofly Flug Simulator 2013 (x32 Version: 1.0.9.11)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328)
AMD APP SDK Runtime (Version: 10.0.898.1)
AMD Catalyst Install Manager (Version: 8.0.911.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.80328.2204)
AMD Wireless Display v3.0 (Version: 1.0.0.10)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
BufferChm (x32 Version: 140.0.298.000)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2013.0328.2218.38225)
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225)
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225)
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225)
CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225)
CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225)
CCC Help Czech (x32 Version: 2013.0328.2217.38225)
CCC Help Danish (x32 Version: 2013.0328.2217.38225)
CCC Help Dutch (x32 Version: 2013.0328.2217.38225)
CCC Help English (x32 Version: 2013.0328.2217.38225)
CCC Help Finnish (x32 Version: 2013.0328.2217.38225)
CCC Help French (x32 Version: 2013.0328.2217.38225)
CCC Help German (x32 Version: 2013.0328.2217.38225)
CCC Help Greek (x32 Version: 2013.0328.2217.38225)
CCC Help Hungarian (x32 Version: 2013.0328.2217.38225)
CCC Help Italian (x32 Version: 2013.0328.2217.38225)
CCC Help Japanese (x32 Version: 2013.0328.2217.38225)
CCC Help Korean (x32 Version: 2013.0328.2217.38225)
CCC Help Norwegian (x32 Version: 2013.0328.2217.38225)
CCC Help Polish (x32 Version: 2013.0328.2217.38225)
CCC Help Portuguese (x32 Version: 2013.0328.2217.38225)
CCC Help Russian (x32 Version: 2013.0328.2217.38225)
CCC Help Spanish (x32 Version: 2013.0328.2217.38225)
CCC Help Swedish (x32 Version: 2013.0328.2217.38225)
CCC Help Thai (x32 Version: 2013.0328.2217.38225)
CCC Help Turkish (x32 Version: 2013.0328.2217.38225)
ccc-utility64 (Version: 2013.0328.2218.38225)
CCleaner (Version: 4.05)
CDBurnerXP (Version: 4.3.8.2568)
CheckDrive (x32 Version: 4.4)
D4300 (x32 Version: 130.0.365.000)
Destinations (x32 Version: 140.0.0.0)
DeviceDiscovery (x32 Version: 130.0.465.000)
diamondata 3.0.0 (Version: 3.0.0)
DivX Setup (x32 Version: 2.6.1.44)
DJ_SF_03_D4300_Software_Min (x32 Version: 130.0.365.000)
DocProc (x32 Version: 140.0.185.000)
doPDF 7.3 printer
Elevated Installer (x32 Version: 2.2.17)
Free Download Manager 3.9.2 (x32)
Freemake Video Downloader (x32 Version: 3.5.4)
Garmin Express (x32 Version: 2.2.17)
Garmin Express Tray (x32 Version: 2.2.17)
Garmin Update Service (x32 Version: 2.2.17)
Garmin USB Drivers (x32 Version: 2.3.1.0)
Garmin WebUpdater (x32 Version: 2.5.6)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.153)
GPBaseService2 (x32 Version: 130.0.371.000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Deskjet D4300 Printer Driver Software 13.0 Rel. 3 (Version: 13.0)
HP Imaging Device Functions 14.5 (Version: 14.5)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Scanjet G4050 (Version: 14.5)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 13.0 (Version: 13.0)
HP Update (x32 Version: 5.005.000.001)
HPDiagnosticAlert (x32 Version: 1.00.0000)
hpg4050 (x32 Version: 140.000.000.000)
HPPhotoGadget (x32 Version: 130.0.282.000)
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000)
HPPhotosmartEssential (x32 Version: 2.04.0000)
HPProductAssistant (x32 Version: 130.0.371.000)
HPSSupply (x32 Version: 130.0.371.000)
iCloud (Version: 2.1.2.8)
Image Resizer Powertoy Clone for Windows (64 bit) (Version: 2.1.1)
iTunes (Version: 11.0.5.5)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MarketResearch (x32 Version: 130.0.374.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8107.0)
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8107.0)
Microsoft Motocross Madness 2 (x32)
Microsoft Security Client (Version: 2.0.0657.0)
Microsoft Security Client DE-DE Language Pack (Version: 2.0.0657.0)
Microsoft Security Essentials (Version: 2.0.657.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Maintenance Service (x32 Version: 23.0.1)
Mozilla Thunderbird 17.0.8 (x86 de) (x32 Version: 17.0.8)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
OCR Software by I.R.I.S. 14.5 (Version: 14.5)
OpenOffice 4.0.0 (x32 Version: 4.00.9702)
PDF Architect (x32 Version: 1.1.83.9982)
PDF Editor 3 (x32)
PDFCreator (x32 Version: 1.7.1)
Picasa 3 (x32 Version: 3.9)
QuickTime (x32 Version: 7.74.80.86)
RealDownloader (x32 Version: 1.3.2)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0)
RealPlayer (x32 Version: 16.0.2)
Realtek Ethernet Controller Driver (x32 Version: 7.47.714.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6662)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Scan (x32 Version: 14.0.1.0)
Secret Disk (Version: 2.04)
Secret Disk 1.35 (x32)
Shop for HP Supplies (Version: 13.0)
Skype Click to Call (x32 Version: 6.3.11079)
Skype™ 6.3 (x32 Version: 6.3.105)
SmartWebPrinting (x32 Version: 130.0.457.000)
SolutionCenter (x32 Version: 130.0.373.000)
Spybot - Search & Destroy (x32 Version: 2.1.21)
Status (x32 Version: 130.0.469.000)
Steganos Safe 14 (x32 Version: 14.1)
TeamViewer 7 (x32 Version: 7.0.15723)
Toolbox (x32 Version: 130.0.648.000)
TrayApp (x32 Version: 130.0.422.000)
UnloadSupport (x32 Version: 11.0.0)
Unlocker 1.9.1-x64 (Version: 1.9.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
Video Converter (HKCU)
VLC media player 2.0.1 (x32 Version: 2.0.1)
VMLite Workstation (Version: 3.2.6)
WebReg (x32 Version: 140.0.297.017)
Win2PDF 7 (Version: 7.0.46)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
WinPcap 4.1.2 (x32 Version: 4.1.0.2001)
WinRAR 4.20 (32-bit) (x32 Version: 4.20.0)

==================== Restore Points  =========================

11-09-2013 21:05:02 Windows Update
12-09-2013 16:01:22 Windows-Sicherung
14-09-2013 19:44:19 Installed SpyHunter
14-09-2013 20:32:55 Removed SpyHunter
15-09-2013 07:52:27 Windows Update
15-09-2013 17:00:10 Windows-Sicherung

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-09-14 20:29 - 00447822 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {000040EA-D13A-480E-815A-A08C46AE3B6E} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16] (RealNetworks, Inc.)
Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {1F321B00-B617-46E8-8513-9088F6554D5A} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe
Task: {1F4C70B3-EBFE-4423-95DC-579F15A4862F} - System32\Tasks\Open URL by RoboForm => C:\Windows\System32\url.dll [2013-07-31] (Microsoft Corporation)
Task: {23099809-819F-469F-8DB5-3EFD2534E9B4} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {34CDE739-E6A3-4229-A0AC-404334174774} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {3B13C808-C74B-4F0B-87E6-D3E0CCF938B9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {44656418-5D1E-492A-992A-B224072B7A81} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-13] (Adobe Systems Incorporated)
Task: {5A591FB1-F812-4478-8026-1B7DA49291F5} - System32\Tasks\Run RoboForm Process => C:\Users\Alfred\AppData\Local\Temp\RoboForm\RoboTaskBarIcon.exe
Task: {61A2334A-6B1F-4E22-90A1-AA4AD9A5EEFB} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {658B8F9E-D655-45C2-815C-C5E2B9A0047A} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {72F1B8EC-A588-497D-BC8F-757BD6464D70} - System32\Tasks\BitGuard => Sc.exe start BitGuard
Task: {8AB563ED-7B3B-4DF2-B7A4-EB263403ECE6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {8D0DFA64-875D-49C3-81CA-D189FACFA8B2} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11] (Microsoft Corporation)
Task: {95EB926D-69B0-44F2-9D5B-AFF786B57F10} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-04-05] (Apple Inc.)
Task: {9870915F-1D29-408E-880D-01C1443384FB} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-21] (Microsoft Corporation)
Task: {ACC62E5C-BB16-4FAD-B742-A93781370835} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {C31010AC-5310-4E13-AF62-AD4309F3D4AC} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2010-11-21] (Microsoft Corporation)
Task: {CE999383-AEDF-4DEA-A2AF-988A1730AA8F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25] (Google Inc.)
Task: {D126D102-4CB1-4374-A5AE-FEE4D8DA3E78} - System32\Tasks\Abelssoft\CheckDriveBackgroundGuard => C:\Program Files (x86)\CheckDrive\CheckDriveBackgroundGuard.exe [2013-09-04] (Abelssoft)
Task: {D46CDB76-A42B-44E2-A84E-33F578AF9EEE} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {D7CCB75D-1289-4754-9151-A5D5ECA0BB65} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D9F4CB9B-2350-4982-9683-4050DC5D0BD0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25] (Google Inc.)
Task: {E6BE1A89-7142-4A29-B4F9-1D52A11FB7CF} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: {EF77BB6C-96A2-4BBC-BCB6-9ED5DD5A8C42} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {F3E7C898-EF74-4435-9C01-1F3DCD1286D5} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {FFC5DB78-D476-4DD5-AD76-459991BBBD4A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-07-04 10:18 - 2013-09-04 14:52 - 00025616 _____ (Ascora) C:\Program Files (x86)\CheckDrive\AbSettingsKeeper.dll
2013-07-04 10:18 - 2013-09-04 14:52 - 00039952 _____ (Ascora) C:\Program Files (x86)\CheckDrive\AbFlexTrans.dll
2013-07-04 10:18 - 2013-09-04 14:52 - 00203792 _____ (Abelssoft / Ascora GmbH) C:\Program Files (x86)\CheckDrive\AbBugReporter.dll
2013-07-04 10:18 - 2013-09-04 14:52 - 00060432 _____ (Ascora) C:\Program Files (x86)\CheckDrive\AbCommons.dll
2013-07-04 10:18 - 2013-09-04 14:52 - 00040976 _____ (Ascora GmbH) C:\Program Files (x86)\CheckDrive\Controller.dll
2013-09-07 14:02 - 2013-09-04 14:52 - 00017936 _____ () C:\Program Files (x86)\CheckDrive\AbStartManager.dll
2013-07-04 10:18 - 2013-09-04 14:52 - 00016912 _____ () C:\Program Files (x86)\CheckDrive\AbMessages.dll
2013-07-04 10:18 - 2013-09-04 14:52 - 01856528 _____ (Developer Express Inc.) C:\Program Files (x86)\CheckDrive\DevExpress.XtraEditors.v11.1.dll
2013-07-04 10:18 - 2013-09-04 14:52 - 03505680 _____ (Developer Express Inc.) C:\Program Files (x86)\CheckDrive\DevExpress.Utils.v11.1.dll
2013-07-04 10:18 - 2013-09-04 14:52 - 02114064 _____ (Developer Express Inc.) C:\Program Files (x86)\CheckDrive\DevExpress.Data.v11.1.dll
2013-05-23 12:34 - 2000-01-01 02:00 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2013-05-23 12:34 - 2000-01-01 02:00 - 03615888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2013-07-22 10:22 - 2013-07-22 10:22 - 00216064 _____ (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\Garmin.Cartography.MapUpdate.CoreLibrary.dll
2013-07-22 10:22 - 2013-07-22 10:22 - 00005120 _____ (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\de\ExpressTray.resources.dll
2013-07-22 10:22 - 2013-07-22 10:22 - 00009728 _____ () C:\Program Files (x86)\Garmin\Express Tray\Garmin.Cartography.MapUpdate.Device.DataTypes.dll
2013-03-28 22:14 - 2013-03-28 22:14 - 00217088 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll
2013-03-28 22:14 - 2013-03-28 22:14 - 00335872 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll
2013-03-28 22:17 - 2013-03-28 22:17 - 00028672 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.Dashboard.dll
2013-04-05 12:58 - 2013-04-05 12:58 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2012-10-29 22:04 - 2012-06-09 20:20 - 00196096 _____ (Alexander Roshal) C:\Program Files (x86)\WinRAR\rarext64.dll
2010-07-15 06:44 - 2010-07-15 06:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2010-11-17 15:00 - 2010-11-17 15:00 - 00220672 _____ () C:\Program Files (x86)\Steganos Safe 14\ShellExtension.dll
2010-08-11 14:18 - 2010-08-11 14:18 - 00202344 _____ () C:\VXP\VBoxDDU.dll
2010-08-11 14:18 - 2010-08-11 14:18 - 02725480 _____ () C:\VXP\VBoxRT.dll
2009-03-26 22:03 - 2009-03-26 22:03 - 01289728 _____ () C:\VXP\LIBEAY32.dll
2009-06-30 07:41 - 2009-06-30 07:41 - 00213504 _____ (The cURL library, curl and libcurl) C:\VXP\libcurl.dll
2010-08-11 14:18 - 2010-08-11 14:18 - 01359976 _____ () C:\VXP\VBoxVMM.dll
2010-08-11 14:18 - 2010-08-11 14:18 - 00048744 _____ () C:\VXP\VBoxREM.dll
2009-11-29 17:55 - 2009-11-29 17:55 - 03116032 _____ () C:\VXP\QtCore4.dll
2009-11-29 18:13 - 2009-11-29 18:13 - 11164160 _____ () C:\VXP\QtGui4.dll
2009-11-29 17:56 - 2009-11-29 17:56 - 01030656 _____ () C:\VXP\QtNetwork4.dll
2009-11-29 18:25 - 2009-11-29 18:25 - 00543232 _____ () C:\VXP\QtOpenGL4.dll
2010-08-21 01:15 - 2010-08-21 01:15 - 00874600 _____ (VMLite, Inc.) C:\VXP\vmlitert.dll
2013-09-13 17:52 - 2013-09-13 17:52 - 22658440 ____R (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\Flash64_11_8_800_174.ocx
2011-02-24 18:39 - 2011-02-24 18:39 - 00012128 _____ () C:\Program Files (x86)\Common Files\Acronis\DriveMonitor\Common\icudt38.dll
2013-02-13 04:38 - 2013-02-13 04:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 00053608 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-30 23:05 - 2011-08-30 23:05 - 00085864 _____ (Apple Inc.) C:\Windows\system32\dnssd.dll
2013-09-14 20:20 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-09-14 20:20 - 2013-05-16 10:55 - 03643800 _____ (Project JEDI) C:\Program Files (x86)\Spybot - Search & Destroy 2\Jcl150.bpl
2013-09-14 20:20 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2012-11-06 10:23 - 2004-08-17 13:00 - 00413696 _____ (Microsoft Corporation) C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\MSVCP60.dll
2012-11-06 10:23 - 2010-04-26 15:28 - 00090112 _____ (ArcSoft, Inc.) C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\uArcEasyCopy.dll
2012-11-06 10:23 - 2008-08-12 17:49 - 00024576 _____ (ArcSoft, Inc.) C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\uTMEMUIMgrEngine.dll
2012-11-06 10:23 - 2010-04-26 15:30 - 00090112 _____ () C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\FileMapInfoDB.dll
2012-11-06 10:23 - 2010-10-08 17:54 - 00028672 _____ (ArcSoft, Inc.) C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\Language\DE\uEasyBackupMonitorRes.dll
2012-11-06 10:23 - 2009-03-06 17:58 - 00270336 _____ (ArcSoft) C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\RctSQbase.dll
2012-11-06 10:23 - 2008-09-04 11:11 - 00059904 _____ (ArcSoft Inc.) C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\MagPCMac.dll
2013-09-13 17:52 - 2013-09-13 17:52 - 16244616 ____R (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_8_800_174.ocx

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\Users\Alfred\Documents\Diesen Hai können Sie vom Büro aus jagen.eml:OECustomProperty
AlternateDataStreams: C:\Users\Alfred\Documents\Mani Juerg mail 24.5.05. Re_ Swissair - Option 96_2000.eml:OECustomProperty
AlternateDataStreams: C:\Users\Alfred\Documents\nico.eml:OECustomProperty
AlternateDataStreams: C:\Users\Alfred\Documents\Rat vom Experten gegen Schnarchen.eml:OECustomProperty


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/16/2013 11:44:52 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (09/16/2013 11:41:17 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: VMLite.exe, Version: 3.2.6.0, Zeitstempel: 0x4c69ef3a
Name des fehlerhaften Moduls: VBoxSharedFolders.dll, Version: 3.2.6.0, Zeitstempel: 0x4c6fe259
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000026310
ID des fehlerhaften Prozesses: 0x15bc
Startzeit der fehlerhaften Anwendung: 0xVMLite.exe0
Pfad der fehlerhaften Anwendung: VMLite.exe1
Pfad des fehlerhaften Moduls: VMLite.exe2
Berichtskennung: VMLite.exe3

Error: (09/16/2013 10:49:47 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: VMLite.exe, Version: 3.2.6.0, Zeitstempel: 0x4c69ef3a
Name des fehlerhaften Moduls: QtGui4.dll, Version: 4.5.3.0, Zeitstempel: 0x4b131c48
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000007fb26
ID des fehlerhaften Prozesses: 0x15bc
Startzeit der fehlerhaften Anwendung: 0xVMLite.exe0
Pfad der fehlerhaften Anwendung: VMLite.exe1
Pfad des fehlerhaften Moduls: VMLite.exe2
Berichtskennung: VMLite.exe3


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (09/16/2013 11:44:52 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Alfred\Downloads\SoftonicDownloader_fuer_to-do-desklist.exe

Error: (09/16/2013 11:41:17 AM) (Source: Application Error)(User: )
Description: VMLite.exe3.2.6.04c69ef3aVBoxSharedFolders.dll3.2.6.04c6fe259c0000005000000000002631015bc01ceb2b9b0cdafd1C:\VXP\VMLite.exeC:\VXP\VBoxSharedFolders.dll2221e4b4-1eb4-11e3-8ae8-20cf308e5960

Error: (09/16/2013 10:49:47 AM) (Source: Application Error)(User: )
Description: VMLite.exe3.2.6.04c69ef3aQtGui4.dll4.5.3.04b131c48c0000005000000000007fb2615bc01ceb2b9b0cdafd1C:\VXP\VMLite.exeC:\VXP\QtGui4.dllf06958ea-1eac-11e3-8ae8-20cf308e5960


==================== Memory info =========================== 

Percentage of memory in use: 27%
Total physical RAM: 8119.05 MB
Available physical RAM: 5875.86 MB
Total Pagefile: 16236.29 MB
Available Pagefile: 13564.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:465.66 GB) (Free:125.74 GB) NTFS
Drive d: (Daten2) (Fixed) (Total:232.88 GB) (Free:19.6 GB) NTFS
Drive i: (MCM2) (CDROM) (Total:0.6 GB) (Free:0 GB) CDFS
Drive m: (HP SimpleSave) (Fixed) (Total:930.86 GB) (Free:185.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C4CD6244)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 233 GB) (Disk ID: D20CD20C)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 931 GB) (Disk ID: 0002E5E5)
Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
--- --- ---


Hallo Schrauber,
Zwischenbericht:
1. Delta.search. ist verschwunden
2. jetzt steckt immer noch der wurm mit der site:
hxxp://www.portaldosites.com/?utm_source=b&utm_medium=sfpsnew2&utm_campaign=eXQ&utm_content=sc&from=sfpsnew2&uid=SAMSUNGXHD502HJ_S20BJA0ZA50314&ts=1379192577

trotz mehrmaligem adw jrt scannen erscheint dieser virus nicht, obschon er drin steckt.
Habe nun Mozillfirefox installiert, worauf sofort wieder dieser virus übernahm. Dann habe ich mit relevantem googlen die site annulliert und anstelle google.ch als Startseite installiert. das hat jetzt geklappt, bis jetzt. aber beim IE funktioniert es nicht, obschon ich auch die startseite geändert habeund obschon jetzt unter den Startoptionen in "Internoptions" google.ch drinsteht, öffnet sich der IE immer wieder mit dieser portaldosites.com

Gruss Anatol

Alt 16.09.2013, 19:01   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Delta.search eingefangen und internetexplorer ist plötzlich portugiesisch statt deutsch - Standard

Delta.search eingefangen und internetexplorer ist plötzlich portugiesisch statt deutsch



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = PortalDoSites
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = PortalDoSites
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = PortalDoSites
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = PortalDoSites
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = PortalDoSites
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe PortalDoSites
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = PortalDoSites
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = PortalDoSites
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = PortalDoSites
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Bing
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = PortalDoSites
FF NewTab: hxxp://www.portaldosites.com/?utm_source=b&utm_medium=sfpsnew2&utm_campaign=eXQ&utm_content=hp&from=sfpsnew2&uid=SAMSUNGXHD502HJ_S20BJA0ZA50314&ts=1379192577
FF DefaultSearchEngine: portaldosites
FF SearchEngineOrder.1: portaldosites
FF SelectedSearchEngine: portaldosites
FF Homepage: hxxp://www.portaldosites.com/?utm_source=b&utm_medium=sfpsnew2&utm_campaign=eXQ&utm_content=hp&from=sfpsnew2&uid=SAMSUNGXHD502HJ_S20BJA0ZA50314&ts=1379192577
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.09.2013, 19:52   #11
suvannapum56
 
Delta.search eingefangen und internetexplorer ist plötzlich portugiesisch statt deutsch - Standard

Delta.search eingefangen und internetexplorer ist plötzlich portugiesisch statt deutsch



Hallo Schrauber, vielen Dank für fantastische Hilfeleistung. Bin abwesend bis Donnerstag
Und ich melde mich dann wieder. Bis dann und viele Grüsse
Anatol

Alt 17.09.2013, 07:58   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Delta.search eingefangen und internetexplorer ist plötzlich portugiesisch statt deutsch - Standard

Delta.search eingefangen und internetexplorer ist plötzlich portugiesisch statt deutsch



ok
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.09.2013, 16:47   #13
suvannapum56
 
Delta.search eingefangen und internetexplorer ist plötzlich portugiesisch statt deutsch - Standard

Delta.search eingefangen und internetexplorer ist plötzlich portugiesisch statt deutsch



Hallo Schrauber,
wie angekündigt, bin wieder zurück. Habe gem. Deinen Instruktionen FRST64 mit der fixlist ausgeführt. Hier das log
Gruss
Anatol

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-09-2013
Ran by Alfred at 2013-09-19 17:44:33 Run:1
Running from C:\Users\Alfred\Desktop\FRST64 text.16.9.013
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = PortalDoSites
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = PortalDoSites
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = PortalDoSites
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = PortalDoSites
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = PortalDoSites
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe PortalDoSites
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = PortalDoSites
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = PortalDoSites
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = PortalDoSites
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Bing
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = PortalDoSites
FF NewTab: hxxp://www.portaldosites.com/?utm_source=b&utm_medium=sfpsnew2&utm_campaign=eXQ&utm_content=hp&from=sfpsnew2&uid=SAMSUNGXHD502HJ_S20BJA0ZA50314&ts=1379192577
FF DefaultSearchEngine: portaldosites
FF SearchEngineOrder.1: portaldosites
FF SelectedSearchEngine: portaldosites
FF Homepage: hxxp://www.portaldosites.com/?utm_source=b&utm_medium=sfpsnew2&utm_campaign=eXQ&utm_content=hp&from=sfpsnew2&uid=SAMSUNGXHD502HJ_S20BJA0ZA50314&ts=1379192577
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

*****************

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
Firefox newtab deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer => Key deleted successfully.
C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll => Moved successfully.
esgiguard => Service deleted successfully.

==== End of Fixlog ====

Alt 19.09.2013, 21:28   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Delta.search eingefangen und internetexplorer ist plötzlich portugiesisch statt deutsch - Standard

Delta.search eingefangen und internetexplorer ist plötzlich portugiesisch statt deutsch



Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.09.2013, 21:57   #15
suvannapum56
 
Delta.search eingefangen und internetexplorer ist plötzlich portugiesisch statt deutsch - Standard

Delta.search eingefangen und internetexplorer ist plötzlich portugiesisch statt deutsch



Hallo Schrauber,
nein, alles böse auf meinem Rechner scheint vernichtet zu sein. Die Portugiesen sind weg und auch die popups zeigen sich nicht mehr. Herzlichen Dank und

Gruss
Anatol

Antwort

Themen zu Delta.search eingefangen und internetexplorer ist plötzlich portugiesisch statt deutsch
angekommen, antivirus, antivirus scan, deltasearch, deutsch, deutsche, eingefangen, essen, essentials, explorer, führt, gefangen, gen, hilfe, installier, installiert, inter, interne, internetexplorer, microsoft, microsoft essentials, mozillafirefox, plötzlich, scan, viren




Ähnliche Themen: Delta.search eingefangen und internetexplorer ist plötzlich portugiesisch statt deutsch


  1. 1.delta-search.com mit eingefangen
    Mülltonne - 09.01.2017 (3)
  2. Hohe, schwankende GPU Auslastung im Desktopbetrieb. WIN 8.1. Plötzlich nur noch 30 statt 60 FPS in Games
    Log-Analyse und Auswertung - 30.08.2015 (9)
  3. babylon search und delta search als startseite im browser
    Plagegeister aller Art und deren Bekämpfung - 06.06.2014 (9)
  4. delta search "eingefangen"
    Plagegeister aller Art und deren Bekämpfung - 20.03.2014 (4)
  5. Search d.p Engine. Ist das Delta-Search? Wenn nein, egal ich werde es nicht mehr los
    Log-Analyse und Auswertung - 27.01.2014 (11)
  6. Plötzlich erschien DELTA SEARCH
    Log-Analyse und Auswertung - 17.11.2013 (22)
  7. Hallo auch ich hab mir delta search eingefangen.
    Log-Analyse und Auswertung - 30.09.2013 (5)
  8. Delta Search mit PicPick eingefangen
    Plagegeister aller Art und deren Bekämpfung - 01.08.2013 (3)
  9. Delta Search und Babylon search - Malware durch Freeware, Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 16.07.2013 (37)
  10. Auch Delta Search eingefangen
    Log-Analyse und Auswertung - 19.06.2013 (5)
  11. delta search eingefangen
    Log-Analyse und Auswertung - 19.06.2013 (25)
  12. Delta-Search durch J-Downloader eingefangen
    Log-Analyse und Auswertung - 20.05.2013 (8)
  13. Firefox "Neuer Tab": mixidj.delta-search.com statt leerer Adresszeile
    Plagegeister aller Art und deren Bekämpfung - 11.05.2013 (8)
  14. Delta search eingefangen
    Plagegeister aller Art und deren Bekämpfung - 25.04.2013 (9)
  15. Delta Search Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 17.04.2013 (6)
  16. Delta Search mit Spybot entfernt; Delta Search taucht jedoch in neuen Tab trotzdem auf
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (10)
  17. Delta Search und Babylon Search entfernt - Ist nun alles weg?
    Log-Analyse und Auswertung - 16.03.2013 (18)

Zum Thema Delta.search eingefangen und internetexplorer ist plötzlich portugiesisch statt deutsch - Plötzlich ist da dieser üble Deltasearch angekommen, als ich Mozillafirefox heruntergeladen und installiert habe. Ebenso plötzlich ist das deutsche Mozilla holländisch! Und plötzlich führt mich Internetexplorer auf eine portugiesische Version. - Delta.search eingefangen und internetexplorer ist plötzlich portugiesisch statt deutsch...
Archiv
Du betrachtest: Delta.search eingefangen und internetexplorer ist plötzlich portugiesisch statt deutsch auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.