| |
| |||||||
Log-Analyse und Auswertung: Windows 8 64bit HDD arbeitet ständigWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
16.01.2014, 20:12
| #1 |
| |  Windows 8 64bit HDD arbeitet ständig Die Festplatte meines Laptops ist ständig am Arbeiten, des weiteren bleibt der Laptop manchmal stehen, so dass man nicht mehr in der Lage ist auch nur irgendetwas zu unternehmen. Dann bleibt nur eines solange den Ausschalter drücken bis der Laptop ausgeht. Desweiteren befand sich eine Datei mit dem Namen Lollipop.exe auf meinem System. Die Anwendung ließ sich zwar löschen, aber ich bin nicht so ganz davon überzeugt, dass die Anwendung auch wirklich verschwunden ist von meinem Computer. Farbar Recovery Scan FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014 03
Ran by Michelle (administrator) on MICHELLE-PC on 16-01-2014 17:51:40
Running from C:\Users\Michelle\Downloads
Windows 8.1 Pro with Media Center (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Windows\System32\DlProtectSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [IminentMessenger] - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Download Protect] - C:\ProgramData\dlprotect.exe [12800 2014-01-16] ()
HKLM-x32\...\Runonce: [DelTr80777796] - cmd.exe /c rd /s /q "C:\Users\Michelle\AppData\Roaming\mysearchdial" [x]
HKLM-x32\...\Runonce: [SpUninstallCleanUp] - REG delete HKEY_CURRENT_USER\Software\SearchProtect /f [x]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKCU\...\Run: [NextLive] - C:\Users\Michelle\AppData\Roaming\newnext.me\nengine.dll [1283584 2013-11-14] (NewNextDotMe)
HKCU\...\Run: [BackgroundContainer] - C:\Users\Michelle\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll [319264 2013-11-06] (Conduit Ltd.) <===== ATTENTION
HKCU\...\Runonce: [DelTr80777796] - cmd.exe /c rd /s /q "C:\Users\Michelle\AppData\Roaming\mysearchdial"
HKCU\...\Runonce: [SpUninstallDeleteDir] - rmdir /s /q "C:\Users\Michelle\AppData\Roaming\SearchProtect"
HKU\UpdatusUser\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
Startup: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=B2C1081196E788C4&affID=120524&tsp=5037
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCtC0FyE0FtD0Dzy0A0ByDtN0D0Tzu0SyBtDyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=368271547&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCtC0FyE0FtD0Dzy0A0ByDtN0D0Tzu0SyBtDyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=368271547&ir=
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCtC0FyE0FtD0Dzy0A0ByDtN0D0Tzu0SyBtDyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=368271547&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCtC0FyE0FtD0Dzy0A0ByDtN0D0Tzu0SyBtDyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=368271547&ir=
SearchScopes: HKLM-x32 - DefaultScope {84289654-DC88-43D2-81F6-991904D010A0} URL =
SearchScopes: HKLM-x32 - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=3BE336EE-44B6-44FA-A282-53EBA4BA0005&ref=toolbox&q={searchTerms}
SearchScopes: HKCU - DefaultScope {84289654-DC88-43D2-81F6-991904D010A0} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3317893&CUI=UN36983348481055011&UM=2
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCtC0FyE0FtD0Dzy0A0ByDtN0D0Tzu0SyBtDyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=368271547&ir=
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B2C1081196E788C4&affID=120524&tsp=5037
SearchScopes: HKCU - {84289654-DC88-43D2-81F6-991904D010A0} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3317893&CUI=UN36983348481055011&UM=2
SearchScopes: HKCU - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=3BE336EE-44B6-44FA-A282-53EBA4BA0005&ref=toolbox&q={searchTerms}
BHO: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx64.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx86.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.179.1
Chrome:
=======
CHR HomePage: hxxp://www.google.de/
CHR RestoreOnStartup: "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCtC0FyE0FtD0Dzy0A0ByDtN0D0Tzu0SyBtDyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=368271547&ir=", "hxxp://start.iminent.com/?appId=3BE336EE-44B6-44FA-A282-53EBA4BA0005", "hxxp://search.conduit.com/?ctid=CT3317893&SearchSource=48&CUI=UN24716719002469316&UM=2"
CHR Extension: (Google Docs) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 [2013-11-02]
CHR Extension: (Google Drive) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 [2013-11-02]
CHR Extension: (YouTube) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 [2013-11-02]
CHR Extension: (Google Search) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 [2013-11-02]
CHR Extension: (Google Wallet) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2013-12-23]
CHR Extension: (Gmail) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 [2013-11-02]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Michelle\AppData\Local\mysearchdial-speeddial.crx [2013-12-07]
CHR HKCU\...\Chrome\Extension: [jbaaieplnliapedmcbfgfijinolepige] - C:\Users\Michelle\AppData\Local\CRE\jbaaieplnliapedmcbfgfijinolepige.crx [2014-01-12]
CHR HKCU\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Michelle\AppData\Local\mysearchdial-speeddial.crx [2013-12-07]
CHR HKLM-x32\...\Chrome\Extension: [jbaaieplnliapedmcbfgfijinolepige] - C:\Users\Michelle\AppData\Local\CRE\jbaaieplnliapedmcbfgfijinolepige.crx [2014-01-12]
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Michelle\AppData\Local\mysearchdial-speeddial.crx [2013-12-07]
==================== Services (Whitelisted) =================
U2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-31] (Broadcom Corp.)
U2 cacls64; C:\WINDOWS\system32\imapi3fs.exe [118784 2014-01-16] ()
U2 DlProtectSvc; C:\Windows\System32\DlProtectSvc.exe [125440 2014-01-16] ()
U2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
U2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
U2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
U2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe [2905408 2013-12-16] (Iminent)
U2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2013-10-18] (Enigma Software Group USA, LLC.)
U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
U2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
U0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
U3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
U3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
U2 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
U3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
U3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
U0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
U0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
U3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
U0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
U3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
U3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
U3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
U3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
U0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
U3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
U3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-16 17:51 - 2014-01-16 17:52 - 00012852 _____ C:\Users\Michelle\Downloads\FRST.txt
2014-01-16 17:51 - 2014-01-16 17:51 - 00000000 ____D C:\FRST
2014-01-16 17:50 - 2014-01-16 17:50 - 02076160 _____ (Farbar) C:\Users\Michelle\Downloads\FRST64.exe
2014-01-16 16:56 - 2014-01-16 16:56 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2014-01-16 14:58 - 2014-01-16 14:58 - 00002259 _____ C:\WINDOWS\epplauncher.mif
2014-01-16 14:57 - 2014-01-16 14:58 - 00000000 ____D C:\c54de47fdab6bb65d723cd9abcf8
2014-01-16 14:56 - 2014-01-16 14:57 - 13697720 _____ (Microsoft Corporation) C:\Users\Michelle\Downloads\mseinstall.exe
2014-01-16 14:56 - 2014-01-16 14:56 - 00000000 ____D C:\Users\Michelle\AppData\Local\SearchProtect
2014-01-16 10:03 - 2014-01-16 10:03 - 00384458 _____ C:\Users\Michelle\Downloads\Nicht bestätigt 461972.crdownload
2014-01-16 10:02 - 2014-01-16 10:02 - 00621288 _____ C:\Users\Michelle\Downloads\AdwCleaner_Setup_Download (2).exe
2014-01-16 10:02 - 2014-01-16 10:02 - 00125440 _____ C:\WINDOWS\system32\DlProtectSvc.exe
2014-01-16 10:02 - 2014-01-16 10:02 - 00118784 _____ C:\WINDOWS\system32\imapi3fs.exe
2014-01-16 10:02 - 2014-01-16 10:02 - 00012800 _____ C:\ProgramData\dlprotect.exe
2014-01-16 10:02 - 2014-01-16 10:02 - 00003388 _____ C:\WINDOWS\System32\Tasks\BackgroundContainer Startup Task
2014-01-16 10:02 - 2014-01-16 10:02 - 00000000 ____D C:\ProgramData\Conduit
2014-01-16 10:02 - 2014-01-16 10:02 - 00000000 ____D C:\Program Files (x86)\Conduit
2014-01-16 10:01 - 2014-01-16 15:19 - 00000000 ____D C:\Users\Michelle\AppData\Local\Conduit
2014-01-16 10:01 - 2014-01-16 10:03 - 43055452 _____ (Emsisoft GmbH ) C:\Users\Michelle\Downloads\Nicht bestätigt 964405.crdownload
2014-01-16 10:01 - 2014-01-16 10:01 - 00621288 _____ C:\Users\Michelle\Downloads\AdwCleaner_Setup_Download (1).exe
2014-01-16 10:01 - 2014-01-16 10:01 - 00000000 ____D C:\Users\Michelle\AppData\Local\NativeMessaging
2014-01-16 10:01 - 2014-01-16 10:01 - 00000000 ____D C:\Users\Michelle\AppData\Local\CRE
2014-01-16 10:00 - 2014-01-16 10:02 - 00000009 _____ C:\END
2014-01-16 09:59 - 2014-01-16 10:03 - 00000000 ____D C:\Users\Michelle\AppData\Local\DownloadGuide
2014-01-16 09:59 - 2014-01-16 09:59 - 00621288 _____ C:\Users\Michelle\Downloads\AdwCleaner_Setup_Download.exe
2014-01-16 09:54 - 2014-01-16 09:59 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-16 09:54 - 2014-01-16 09:54 - 00001395 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-01-16 09:54 - 2014-01-16 09:54 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2014-01-16 09:54 - 2014-01-16 09:54 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-16 09:54 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-01-16 09:52 - 2014-01-16 09:53 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Michelle\Downloads\spybot-2.2.25.exe
2014-01-16 09:25 - 2014-01-16 09:25 - 00000000 _____ C:\autoexec.bat
2014-01-16 09:24 - 2014-01-16 09:24 - 00003344 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2014-01-16 09:24 - 2014-01-16 09:24 - 00002280 _____ C:\Users\Michelle\Desktop\SpyHunter.lnk
2014-01-16 09:24 - 2014-01-16 09:24 - 00000000 ____D C:\WINDOWS\72AAF4551E54475BB0AB5413C78D0E63.TMP
2014-01-16 09:24 - 2014-01-16 09:24 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-01-16 09:24 - 2014-01-16 09:24 - 00000000 ____D C:\sh4ldr
2014-01-16 09:24 - 2014-01-16 09:24 - 00000000 ____D C:\Program Files\Enigma Software Group
2014-01-16 09:24 - 2012-06-22 11:01 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2014-01-16 09:22 - 2014-01-16 09:22 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Michelle\Downloads\SpyHunter-Installer.exe
2014-01-16 09:22 - 2014-01-16 09:22 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Michelle\Downloads\SpyHunter-Installer (1).exe
2014-01-10 12:02 - 2014-01-10 12:02 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-01-10 12:02 - 2014-01-10 12:02 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-01-10 12:02 - 2014-01-10 12:02 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-01-10 12:02 - 2014-01-10 12:02 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-01-10 12:02 - 2014-01-10 12:02 - 00000000 ____D C:\ProgramData\Oracle
2014-01-10 12:02 - 2014-01-10 12:02 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-06 11:15 - 2014-01-06 11:15 - 00000000 _____ C:\Users\Michelle\Desktop\SharePodSettings.xml
2014-01-06 11:12 - 2014-01-16 09:24 - 00000000 ____D C:\Users\Michelle\Desktop\music neu
2014-01-06 10:56 - 2014-01-06 10:56 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\SharePod
2014-01-06 10:31 - 2014-01-06 12:03 - 00000000 ____D C:\Users\Michelle\Desktop\Sharepod
2014-01-06 10:30 - 2014-01-12 20:19 - 00000000 ____D C:\Users\Michelle\Desktop\sonstiges
2014-01-06 10:29 - 2014-01-06 10:43 - 00030408 _____ C:\Users\Michelle\Desktop\SharePod.log
2014-01-06 10:28 - 2014-01-06 10:28 - 00000635 _____ C:\WINDOWS\SysWOW64\InstallUtil.InstallLog
2014-01-06 10:28 - 2014-01-06 10:28 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Windows Net Data
2014-01-06 10:26 - 2014-01-06 10:26 - 00401744 _____ (Softonic ) C:\Users\Michelle\Downloads\SoftonicDownloader_fuer_sharepod.exe
2014-01-05 21:48 - 2014-01-05 21:50 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Apple Computer
2014-01-05 21:48 - 2014-01-05 21:48 - 00000000 ____D C:\Users\Michelle\AppData\Local\Apple Computer
2014-01-05 21:48 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2014-01-05 21:47 - 2014-01-05 21:48 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-05 21:47 - 2014-01-05 21:48 - 00000000 ____D C:\Program Files\iTunes
2014-01-05 21:47 - 2014-01-05 21:48 - 00000000 ____D C:\Program Files (x86)\iTunes
2014-01-05 21:47 - 2014-01-05 21:47 - 00000000 ____D C:\ProgramData\Apple Computer
2014-01-05 21:47 - 2014-01-05 21:47 - 00000000 ____D C:\Program Files\iPod
2014-01-05 21:46 - 2014-01-05 21:46 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2014-01-05 21:46 - 2014-01-05 21:46 - 00000000 ____D C:\Users\Michelle\AppData\Local\Apple
2014-01-05 21:46 - 2014-01-05 21:46 - 00000000 ____D C:\ProgramData\Apple
2014-01-05 21:46 - 2014-01-05 21:46 - 00000000 ____D C:\Program Files\Common Files\Apple
2014-01-05 21:46 - 2014-01-05 21:46 - 00000000 ____D C:\Program Files\Bonjour
2014-01-05 21:46 - 2014-01-05 21:46 - 00000000 ____D C:\Program Files (x86)\Bonjour
2014-01-05 21:46 - 2014-01-05 21:46 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2014-01-05 21:45 - 2014-01-05 21:46 - 100400976 _____ (Apple Inc.) C:\Users\Michelle\Downloads\iTunes64Setup.exe
2013-12-31 17:32 - 2013-12-31 17:32 - 00000000 ____D C:\ProgramData\Sun
2013-12-31 17:31 - 2013-12-31 17:31 - 00000000 ____D C:\Users\Michelle\.android
2013-12-31 17:30 - 2014-01-16 17:30 - 00000328 _____ C:\WINDOWS\Tasks\UpdaterEX.job
2013-12-31 17:30 - 2014-01-16 14:55 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\newnext.me
2013-12-31 17:30 - 2013-12-31 17:34 - 00000000 ____D C:\Users\Michelle\AppData\Local\Mobogenie
2013-12-31 17:30 - 2013-12-31 17:30 - 00002666 _____ C:\WINDOWS\System32\Tasks\UpdaterEX
2013-12-31 17:30 - 2013-12-31 17:30 - 00000000 ____D C:\Users\Michelle\Documents\Mobogenie
2013-12-31 17:30 - 2013-12-31 17:30 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\UpdaterEX
2013-12-31 17:30 - 2013-12-31 17:30 - 00000000 ____D C:\Users\Michelle\AppData\Local\genienext
2013-12-31 17:30 - 2013-12-31 17:30 - 00000000 ____D C:\Users\Michelle\AppData\Local\cache
2013-12-31 17:30 - 2013-12-31 17:30 - 00000000 _____ C:\Users\Michelle\daemonprocess.txt
2013-12-31 17:30 - 2013-12-31 17:29 - 31441840 _____ (Oracle Corporation) C:\Users\Michelle\Downloads\download-jre-7u25-windows-i586.exe
2013-12-31 17:28 - 2013-12-31 17:28 - 00755792 _____ C:\Users\Michelle\Downloads\java_setup.exe
2013-12-30 11:58 - 2013-12-30 11:59 - 00000000 ____D C:\Users\Public\Documents\Konz2014
2013-12-27 23:41 - 2013-12-29 01:19 - 00204117 _____ C:\Users\Michelle\Desktop\Backscheider, Dominik.V2013
2013-12-27 16:34 - 2013-12-28 09:33 - 00000437 _____ C:\WINDOWS\wiso.ini
2013-12-27 16:34 - 2013-12-27 16:34 - 00001937 _____ C:\Users\Public\Desktop\Steuer 2013.lnk
2013-12-27 16:34 - 2013-12-27 16:34 - 00000000 ____D C:\WINDOWS\SysWOW64\Visagesoft
2013-12-27 16:34 - 2013-12-27 16:34 - 00000000 ____D C:\WINDOWS\SysWOW64\AIM
2013-12-27 16:34 - 2013-12-27 16:34 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Buhl Data Service
2013-12-27 16:34 - 2013-12-27 16:34 - 00000000 ____D C:\Users\Michelle\AppData\Local\Buhl Data Service
2013-12-27 16:34 - 2013-12-27 16:34 - 00000000 ____D C:\Users\Michelle\AppData\Local\Buhl
2013-12-27 16:34 - 2003-12-04 15:58 - 00000696 _____ C:\WINDOWS\SysWOW64\jetodbc.rsp
2013-12-27 16:34 - 2002-12-11 19:12 - 00760968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSDMOD.DLL
2013-12-27 16:34 - 2002-12-11 19:12 - 00316040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DMOD.DLL
2013-12-27 16:34 - 2002-12-11 19:10 - 00816264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDMOD.DLL
2013-12-27 16:34 - 2002-12-11 17:34 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DMOD.DLL
2013-12-27 16:34 - 2002-12-11 15:16 - 00384512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDMOD.DLL
2013-12-27 16:34 - 2002-08-29 03:43 - 00278559 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMV8DS32.AX
2013-12-27 16:34 - 2002-08-29 03:43 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDS32.AX
2013-12-27 16:34 - 2002-08-29 03:43 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSADDS32.AX
2013-12-27 16:34 - 2002-04-29 19:47 - 00121160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscal.ocx
2013-12-27 16:34 - 2000-06-13 00:00 - 01046288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSJET35.DLL
2013-12-27 16:34 - 2000-06-13 00:00 - 00415504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSREPL35.DLL
2013-12-27 16:34 - 1999-03-05 22:15 - 00074000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrclr40.dll
2013-12-27 16:34 - 1999-03-05 22:15 - 00028944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrecr40.dll
2013-12-27 16:34 - 1998-04-24 00:00 - 00368912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBAR332.DLL
2013-12-27 16:34 - 1998-04-24 00:00 - 00148240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSJINT35.DLL
2013-12-27 16:34 - 1997-07-01 10:45 - 00250128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSEXCL35.DLL
2013-12-27 16:34 - 1997-06-23 09:06 - 00330000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSEXCH35.DLL
2013-12-27 16:34 - 1997-06-23 09:06 - 00287504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSXBSE35.DLL
2013-12-27 16:34 - 1997-06-23 09:06 - 00252176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSRD2X35.DLL
2013-12-27 16:34 - 1997-06-23 09:06 - 00250128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPDOX35.DLL
2013-12-27 16:34 - 1997-06-23 09:06 - 00166160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSLTUS35.DLL
2013-12-27 16:34 - 1997-06-23 09:06 - 00165648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSTEXT35.DLL
2013-12-27 16:34 - 1997-06-23 09:06 - 00024848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSJTER35.DLL
2013-12-27 16:33 - 2013-12-27 16:33 - 00000000 ____D C:\Program Files (x86)\USM
2013-12-27 16:30 - 2014-01-06 10:23 - 00000000 ____D C:\Program Files (x86)\Steuer 2013
2013-12-27 16:30 - 2013-12-27 16:35 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH
2013-12-27 16:30 - 2013-12-27 16:33 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-27 16:28 - 2013-12-27 16:28 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2013-12-27 16:28 - 2013-12-27 16:28 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-12-27 16:28 - 2013-12-27 16:28 - 00000000 ____D C:\Program Files\MSBuild
2013-12-27 16:28 - 2013-12-27 16:28 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2013-12-27 16:28 - 2013-12-27 16:28 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-12-27 16:27 - 2013-08-03 05:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2013-12-27 16:27 - 2013-08-03 05:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2013-12-27 16:27 - 2013-08-03 05:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2013-12-27 16:27 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2013-12-27 16:27 - 2013-08-03 05:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-12-27 16:27 - 2013-08-03 05:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2013-12-23 21:21 - 2014-01-15 22:22 - 00000110 _____ C:\Users\Michelle\AppData\Roaming\WB.CFG
==================== One Month Modified Files and Folders =======
2014-01-16 17:52 - 2014-01-16 17:51 - 00012852 _____ C:\Users\Michelle\Downloads\FRST.txt
2014-01-16 17:51 - 2014-01-16 17:51 - 00000000 ____D C:\FRST
2014-01-16 17:50 - 2014-01-16 17:50 - 02076160 _____ (Farbar) C:\Users\Michelle\Downloads\FRST64.exe
2014-01-16 17:31 - 2013-11-02 12:21 - 00001138 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-16 17:30 - 2013-12-31 17:30 - 00000328 _____ C:\WINDOWS\Tasks\UpdaterEX.job
2014-01-16 17:23 - 2013-05-03 22:40 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1825290939-2035482200-3538793863-1000
2014-01-16 17:21 - 2013-12-07 00:21 - 00000328 _____ C:\WINDOWS\Tasks\MySearchDial.job
2014-01-16 17:21 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-16 16:56 - 2014-01-16 16:56 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2014-01-16 16:41 - 2013-11-05 03:05 - 01417687 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-16 15:42 - 2013-11-13 10:00 - 00003954 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D3A081E2-6A7C-44AD-B398-1C24520C8691}
2014-01-16 15:19 - 2014-01-16 10:01 - 00000000 ____D C:\Users\Michelle\AppData\Local\Conduit
2014-01-16 14:58 - 2014-01-16 14:58 - 00002259 _____ C:\WINDOWS\epplauncher.mif
2014-01-16 14:58 - 2014-01-16 14:57 - 00000000 ____D C:\c54de47fdab6bb65d723cd9abcf8
2014-01-16 14:58 - 2012-11-23 14:01 - 00000000 ____D C:\Users\Michelle\Desktop\Naruto songs
2014-01-16 14:57 - 2014-01-16 14:56 - 13697720 _____ (Microsoft Corporation) C:\Users\Michelle\Downloads\mseinstall.exe
2014-01-16 14:56 - 2014-01-16 14:56 - 00000000 ____D C:\Users\Michelle\AppData\Local\SearchProtect
2014-01-16 14:55 - 2013-12-31 17:30 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\newnext.me
2014-01-16 14:55 - 2013-11-05 10:43 - 00000000 __RDO C:\Users\Michelle\SkyDrive
2014-01-16 14:55 - 2013-11-02 12:21 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-16 10:03 - 2014-01-16 10:03 - 00384458 _____ C:\Users\Michelle\Downloads\Nicht bestätigt 461972.crdownload
2014-01-16 10:03 - 2014-01-16 10:01 - 43055452 _____ (Emsisoft GmbH ) C:\Users\Michelle\Downloads\Nicht bestätigt 964405.crdownload
2014-01-16 10:03 - 2014-01-16 09:59 - 00000000 ____D C:\Users\Michelle\AppData\Local\DownloadGuide
2014-01-16 10:02 - 2014-01-16 10:02 - 00621288 _____ C:\Users\Michelle\Downloads\AdwCleaner_Setup_Download (2).exe
2014-01-16 10:02 - 2014-01-16 10:02 - 00125440 _____ C:\WINDOWS\system32\DlProtectSvc.exe
2014-01-16 10:02 - 2014-01-16 10:02 - 00118784 _____ C:\WINDOWS\system32\imapi3fs.exe
2014-01-16 10:02 - 2014-01-16 10:02 - 00012800 _____ C:\ProgramData\dlprotect.exe
2014-01-16 10:02 - 2014-01-16 10:02 - 00003388 _____ C:\WINDOWS\System32\Tasks\BackgroundContainer Startup Task
2014-01-16 10:02 - 2014-01-16 10:02 - 00000000 ____D C:\ProgramData\Conduit
2014-01-16 10:02 - 2014-01-16 10:02 - 00000000 ____D C:\Program Files (x86)\Conduit
2014-01-16 10:02 - 2014-01-16 10:00 - 00000009 _____ C:\END
2014-01-16 10:01 - 2014-01-16 10:01 - 00621288 _____ C:\Users\Michelle\Downloads\AdwCleaner_Setup_Download (1).exe
2014-01-16 10:01 - 2014-01-16 10:01 - 00000000 ____D C:\Users\Michelle\AppData\Local\NativeMessaging
2014-01-16 10:01 - 2014-01-16 10:01 - 00000000 ____D C:\Users\Michelle\AppData\Local\CRE
2014-01-16 09:59 - 2014-01-16 09:59 - 00621288 _____ C:\Users\Michelle\Downloads\AdwCleaner_Setup_Download.exe
2014-01-16 09:59 - 2014-01-16 09:54 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-16 09:54 - 2014-01-16 09:54 - 00001395 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-01-16 09:54 - 2014-01-16 09:54 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2014-01-16 09:54 - 2014-01-16 09:54 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-16 09:53 - 2014-01-16 09:52 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Michelle\Downloads\spybot-2.2.25.exe
2014-01-16 09:25 - 2014-01-16 09:25 - 00000000 _____ C:\autoexec.bat
2014-01-16 09:24 - 2014-01-16 09:24 - 00003344 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2014-01-16 09:24 - 2014-01-16 09:24 - 00002280 _____ C:\Users\Michelle\Desktop\SpyHunter.lnk
2014-01-16 09:24 - 2014-01-16 09:24 - 00000000 ____D C:\WINDOWS\72AAF4551E54475BB0AB5413C78D0E63.TMP
2014-01-16 09:24 - 2014-01-16 09:24 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-01-16 09:24 - 2014-01-16 09:24 - 00000000 ____D C:\sh4ldr
2014-01-16 09:24 - 2014-01-16 09:24 - 00000000 ____D C:\Program Files\Enigma Software Group
2014-01-16 09:24 - 2014-01-06 11:12 - 00000000 ____D C:\Users\Michelle\Desktop\music neu
2014-01-16 09:22 - 2014-01-16 09:22 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Michelle\Downloads\SpyHunter-Installer.exe
2014-01-16 09:22 - 2014-01-16 09:22 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Michelle\Downloads\SpyHunter-Installer (1).exe
2014-01-15 22:44 - 2013-08-19 23:40 - 00000000 ____D C:\Users\Michelle\AppData\Local\Battle.net
2014-01-15 22:22 - 2013-12-23 21:21 - 00000110 _____ C:\Users\Michelle\AppData\Roaming\WB.CFG
2014-01-15 18:05 - 2013-08-19 11:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-15 18:04 - 2013-05-05 21:54 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-15 17:01 - 2013-11-05 03:10 - 00000000 ____D C:\Users\Michelle
2014-01-15 16:51 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-14 08:44 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2014-01-12 20:19 - 2014-01-06 10:30 - 00000000 ____D C:\Users\Michelle\Desktop\sonstiges
2014-01-11 20:44 - 2013-09-30 05:14 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-11 20:44 - 2013-09-30 04:58 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2014-01-11 20:44 - 2013-09-30 04:58 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2014-01-10 12:03 - 2013-05-03 22:42 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2014-01-10 12:02 - 2014-01-10 12:02 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-01-10 12:02 - 2014-01-10 12:02 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-01-10 12:02 - 2014-01-10 12:02 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-01-10 12:02 - 2014-01-10 12:02 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-01-10 12:02 - 2014-01-10 12:02 - 00000000 ____D C:\ProgramData\Oracle
2014-01-10 12:02 - 2014-01-10 12:02 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-08 20:18 - 2013-08-22 16:36 - 00000000 __RHD C:\Users\Public\Libraries
2014-01-08 20:15 - 2013-09-29 20:05 - 00029370 _____ C:\WINDOWS\PFRO.log
2014-01-06 23:31 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-06 23:31 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-06 12:03 - 2014-01-06 10:31 - 00000000 ____D C:\Users\Michelle\Desktop\Sharepod
2014-01-06 11:15 - 2014-01-06 11:15 - 00000000 _____ C:\Users\Michelle\Desktop\SharePodSettings.xml
2014-01-06 11:15 - 2013-05-03 22:26 - 00000000 ____D C:\Users\Michelle\AppData\Local\VirtualStore
2014-01-06 11:09 - 2013-08-22 15:46 - 00323112 _____ C:\WINDOWS\setupact.log
2014-01-06 10:56 - 2014-01-06 10:56 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\SharePod
2014-01-06 10:43 - 2014-01-06 10:29 - 00030408 _____ C:\Users\Michelle\Desktop\SharePod.log
2014-01-06 10:28 - 2014-01-06 10:28 - 00000635 _____ C:\WINDOWS\SysWOW64\InstallUtil.InstallLog
2014-01-06 10:28 - 2014-01-06 10:28 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Windows Net Data
2014-01-06 10:26 - 2014-01-06 10:26 - 00401744 _____ (Softonic ) C:\Users\Michelle\Downloads\SoftonicDownloader_fuer_sharepod.exe
2014-01-06 10:23 - 2013-12-27 16:30 - 00000000 ____D C:\Program Files (x86)\Steuer 2013
2014-01-05 23:27 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2014-01-05 21:50 - 2014-01-05 21:48 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Apple Computer
2014-01-05 21:48 - 2014-01-05 21:48 - 00000000 ____D C:\Users\Michelle\AppData\Local\Apple Computer
2014-01-05 21:48 - 2014-01-05 21:47 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-05 21:48 - 2014-01-05 21:47 - 00000000 ____D C:\Program Files\iTunes
2014-01-05 21:48 - 2014-01-05 21:47 - 00000000 ____D C:\Program Files (x86)\iTunes
2014-01-05 21:47 - 2014-01-05 21:47 - 00000000 ____D C:\ProgramData\Apple Computer
2014-01-05 21:47 - 2014-01-05 21:47 - 00000000 ____D C:\Program Files\iPod
2014-01-05 21:46 - 2014-01-05 21:46 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2014-01-05 21:46 - 2014-01-05 21:46 - 00000000 ____D C:\Users\Michelle\AppData\Local\Apple
2014-01-05 21:46 - 2014-01-05 21:46 - 00000000 ____D C:\ProgramData\Apple
2014-01-05 21:46 - 2014-01-05 21:46 - 00000000 ____D C:\Program Files\Common Files\Apple
2014-01-05 21:46 - 2014-01-05 21:46 - 00000000 ____D C:\Program Files\Bonjour
2014-01-05 21:46 - 2014-01-05 21:46 - 00000000 ____D C:\Program Files (x86)\Bonjour
2014-01-05 21:46 - 2014-01-05 21:46 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2014-01-05 21:46 - 2014-01-05 21:45 - 100400976 _____ (Apple Inc.) C:\Users\Michelle\Downloads\iTunes64Setup.exe
2014-01-04 14:04 - 2013-06-18 21:36 - 00000000 ____D C:\Program Files (x86)\Diablo III
2014-01-04 14:03 - 2013-08-19 23:40 - 00000000 ____D C:\Program Files (x86)\Battle.net
2013-12-31 17:34 - 2013-12-31 17:30 - 00000000 ____D C:\Users\Michelle\AppData\Local\Mobogenie
2013-12-31 17:32 - 2013-12-31 17:32 - 00000000 ____D C:\ProgramData\Sun
2013-12-31 17:31 - 2013-12-31 17:31 - 00000000 ____D C:\Users\Michelle\.android
2013-12-31 17:30 - 2013-12-31 17:30 - 00002666 _____ C:\WINDOWS\System32\Tasks\UpdaterEX
2013-12-31 17:30 - 2013-12-31 17:30 - 00000000 ____D C:\Users\Michelle\Documents\Mobogenie
2013-12-31 17:30 - 2013-12-31 17:30 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\UpdaterEX
2013-12-31 17:30 - 2013-12-31 17:30 - 00000000 ____D C:\Users\Michelle\AppData\Local\genienext
2013-12-31 17:30 - 2013-12-31 17:30 - 00000000 ____D C:\Users\Michelle\AppData\Local\cache
2013-12-31 17:30 - 2013-12-31 17:30 - 00000000 _____ C:\Users\Michelle\daemonprocess.txt
2013-12-31 17:29 - 2013-12-31 17:30 - 31441840 _____ (Oracle Corporation) C:\Users\Michelle\Downloads\download-jre-7u25-windows-i586.exe
2013-12-31 17:28 - 2013-12-31 17:28 - 00755792 _____ C:\Users\Michelle\Downloads\java_setup.exe
2013-12-30 12:26 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2013-12-30 11:59 - 2013-12-30 11:58 - 00000000 ____D C:\Users\Public\Documents\Konz2014
2013-12-29 01:19 - 2013-12-27 23:41 - 00204117 _____ C:\Users\Michelle\Desktop\Backscheider, Dominik.V2013
2013-12-28 09:33 - 2013-12-27 16:34 - 00000437 _____ C:\WINDOWS\wiso.ini
2013-12-27 16:35 - 2013-12-27 16:30 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH
2013-12-27 16:34 - 2013-12-27 16:34 - 00001937 _____ C:\Users\Public\Desktop\Steuer 2013.lnk
2013-12-27 16:34 - 2013-12-27 16:34 - 00000000 ____D C:\WINDOWS\SysWOW64\Visagesoft
2013-12-27 16:34 - 2013-12-27 16:34 - 00000000 ____D C:\WINDOWS\SysWOW64\AIM
2013-12-27 16:34 - 2013-12-27 16:34 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Buhl Data Service
2013-12-27 16:34 - 2013-12-27 16:34 - 00000000 ____D C:\Users\Michelle\AppData\Local\Buhl Data Service
2013-12-27 16:34 - 2013-12-27 16:34 - 00000000 ____D C:\Users\Michelle\AppData\Local\Buhl
2013-12-27 16:34 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2013-12-27 16:34 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-12-27 16:34 - 2012-02-28 22:50 - 00000000 ____D C:\Users\Michelle\Documents\Steuer
2013-12-27 16:33 - 2013-12-27 16:33 - 00000000 ____D C:\Program Files (x86)\USM
2013-12-27 16:33 - 2013-12-27 16:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-27 16:28 - 2013-12-27 16:28 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2013-12-27 16:28 - 2013-12-27 16:28 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-12-27 16:28 - 2013-12-27 16:28 - 00000000 ____D C:\Program Files\MSBuild
2013-12-27 16:28 - 2013-12-27 16:28 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2013-12-27 16:28 - 2013-12-27 16:28 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-12-25 22:19 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2013-12-25 22:19 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2013-12-25 22:19 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2013-12-25 22:19 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\FileManager
2013-12-25 22:19 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Camera
Files to move or delete:
====================
C:\Users\Michelle\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
C:\ProgramData\dlprotect.exe
Some content of TEMP:
====================
C:\Users\Michelle\AppData\Local\Temp\75571uninstall.exe
C:\Users\Michelle\AppData\Local\Temp\nsbAC15.exe
C:\Users\Michelle\AppData\Local\Temp\nsi644B.tmp.tbRadi.dll
C:\Users\Michelle\AppData\Local\Temp\nsmA125.exe
C:\Users\Michelle\AppData\Local\Temp\nso1A64.exe
C:\Users\Michelle\AppData\Local\Temp\nst6DEA.exe
C:\Users\Michelle\AppData\Local\Temp\nsyFF19.exe
C:\Users\Michelle\AppData\Local\Temp\Quarantine.exe
C:\Users\Michelle\AppData\Local\Temp\SPStub.exe
C:\Users\Michelle\AppData\Local\Temp\Sqlite3.dll
C:\Users\Michelle\AppData\Local\Temp\tbRadi.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-15 17:57
==================== End Of Log ============================
Farbar Recovery Scan Additional Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2014 03
Ran by Michelle at 2014-01-16 17:52:59
Running from C:\Users\Michelle\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Battle.net (x32 Version: - Blizzard Entertainment)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (Version: 15.4.8.1 - Broadcom Corporation)
Diablo III (x32 Version: - Blizzard Entertainment)
DMUninstaller (x32 Version: - )
Download Protect (HKCU Version: - Download Protect)
Extended Update (HKCU Version: - )
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Iminent (x32 Version: 6.46.1.0 - Iminent) Hidden <==== ATTENTION
Intel(R) Processor Graphics (x32 Version: 9.17.10.2932 - Intel Corporation)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
KONZ-Steuer-2014 (x32 Version: 1.00.0000 - USM)
KONZ-Steuer-2014 (x32 Version: 1.00.0000 - USM) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
NVIDIA Grafiktreiber 307.17 (Version: 307.17 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593 - Apache Software Foundation)
Spybot - Search & Destroy (x32 Version: 2.2.25 - Safer-Networking Ltd.)
SpyHunter (Version: 4.16.5.4290 - Enigma Software Group USA, LLC)
Steuer 2013 (x32 Version: 21.00.8480 - Buhl Data Service GmbH)
VIS (x32 Version: - )
World of Warcraft (x32 Version: - Blizzard Entertainment)
==================== Restore Points =========================
31-12-2013 16:31:08 Installed Java 7 Update 10
05-01-2014 20:46:58 Installed iTunes
10-01-2014 11:01:20 Installed Java 7 Update 45
15-01-2014 16:57:32 Windows Update
==================== Hosts content: ==========================
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0AF23CDC-79F8-4A12-93BE-212D08F0E014} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {25C03328-3BFA-4208-91D0-5418CC4581C7} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Michelle\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {45A67831-D9E9-4A67-A902-6FAD62E8EB7C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-02] (Google Inc.)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {5BBFDB41-76DE-43DE-8C43-C86268F13A11} - System32\Tasks\MySearchDial => C:\Users\Michelle\AppData\Roaming\mysearchdial\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {5ECDD7DB-0DC2-4414-B6F0-925EF3A92397} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {700C30CB-CA6B-4025-B426-48FB4D3AFF89} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FCA3DC8-F524-46A5-A7B7-C82AD2B6D872} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2013-10-18] (Enigma Software Group USA, LLC.)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {AECFE5CD-2731-48FA-98A4-241C31B3FE31} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B4B5F38B-A4BE-442D-99E7-443DF7E09897} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {CF6CD402-0C76-42E9-9384-FADF6C03CAFF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-02] (Google Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D6449968-7E0D-4691-80BF-9651AE5BE5D3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-01-15] (Microsoft Corporation)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DB2C6B59-64F2-43C4-82F2-ABBF5150A7FC} - System32\Tasks\UpdaterEX => C:\Users\Michelle\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MySearchDial.job => C:\Users\Michelle\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\UpdaterEX.job => C:\Users\Michelle\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2013-11-05 11:13 - 2013-11-05 11:13 - 00347136 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Gloaae92e31#\e0e7493cf161f0e0899caa7eb5e0e259\Windows.Globalization.ni.dll
2013-11-05 11:13 - 2013-11-05 11:13 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\432868bf54b081b16eaf68729020b30a\Windows.Foundation.ni.dll
2013-11-05 11:13 - 2013-11-05 11:13 - 00207872 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.System\e8f8737bea4f0df4b88bbc4bf24fa2a8\Windows.System.ni.dll
2013-11-05 11:13 - 2013-11-05 11:13 - 01278464 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Storage\4c323000d6c8d1d462abb0968333c937\Windows.Storage.ni.dll
2013-12-30 12:23 - 2013-12-30 12:23 - 00028160 _____ () C:\Users\Michelle\AppData\Local\Packages\Microsoft.BingHealthAndFitness_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\Microsoft.PerfTrack\5bf99992f103eeb416af8751401af835\Microsoft.PerfTrack.ni.dll
2013-11-05 11:13 - 2013-11-05 11:13 - 01782272 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\600862031eb4d4cfdc6f4d2025a7990e\Windows.ApplicationModel.ni.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Michelle\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Could not start eventlog service, could not read events.
==================== Memory info ===========================
Percentage of memory in use: 30%
Total physical RAM: 8043.86 MB
Available physical RAM: 5577.69 MB
Total Pagefile: 9323.86 MB
Available Pagefile: 6713.8 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:596.07 GB) (Free:514.28 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 6B018443)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=596 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
17.01.2014, 08:02
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 8 64bit HDD arbeitet ständig hi,
__________________Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
17.01.2014, 11:02
| #3 |
| | Windows 8 64bit HDD arbeitet ständig Hier die Logdatei von Maleware:
__________________Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.16.04 Windows 8 x64 NTFS Internet Explorer 11.0.9600.16476 Michelle :: MICHELLE-PC [Administrator] Schutz: Aktiviert 16.01.2014 18:19:14 MBAM-log-2014-01-16 (18-59-41).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 399922 Laufzeit: 36 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 1 C:\Users\Michelle\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt. Infizierte Registrierungsschlüssel: 76 HKLM\SYSTEM\CurrentControlSet\Services\SProtection (PUP.Optional.Iminent) -> Keine Aktion durchgeführt. HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7} (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\IminentWebBooster.BrowserHelperObject.1 (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\IminentWebBooster.BrowserHelperObject (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Keine Aktion durchgeführt. HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CBAB673A-A480-4050-BD2B-5DE24A7A0282} (PUP.Optional.ResultsAlpha.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0af350d9-3916-454b-ac53-0b0b65f41301} (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -> Keine Aktion durchgeführt. HKCR\iminent (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Business.Tinyfying.DownloadArgs (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Business.Tinyfying.LinkToPromoteArgs (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Business.Tinyfying.RawDataArgs (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Business.Tinyfying.TinyUrlArgs (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Business.Tinyfying.ViralLinkArgs (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.ClientCallback (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.ContractBase (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.GameOverCallback (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.GetCreditCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.GetVariableCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.GetVariableResult (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.InstallationContextResult (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.LoadContentCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.LoginCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.LogoutCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.MyAccountCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.PlayContentCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.PostContentCallback (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.SetVariableCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.TestContentCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.WarmUpCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.DataContracts.WelcomeCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.ServerCommand (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.Communication.ServerResult (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.LightContent (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.LightUri (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\Iminent.Mediator.MediatorServiceProxy (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\IminentWebBooster.ScriptExtender (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\IminentWebBooster.ScriptExtender.1 (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCR\AppID\Iminent.WebBooster.InternetExplorer.DLL (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Keine Aktion durchgeführt. HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Keine Aktion durchgeführt. HKCU\Software\Iminent (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. HKCU\Software\AppDataLow\Software\Crossrider (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt. HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff (PUP.Optional.MySearchDial.A) -> Keine Aktion durchgeführt. HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt. HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\SEARCHPROTECT (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff (PUP.Optional.MySearchDial.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\UMBRELLA (PUP.Optional.Umbrella.A) -> Keine Aktion durchgeführt. HKLM\Software\Iminent (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 11 HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} (PUP.Optional.Iminent.A) -> Daten: -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{84FF7BD6-B47F-46F8-9130-01B2696B36CB} (PUP.Optional.Iminent.A) -> Daten: -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Daten: hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=B2C1081196E788C4&affID=120524&tsp=5037 -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Daten: {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Daten: C:\WINDOWS\SysWOW64\rundll32.exe "C:\Users\Michelle\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BackgroundContainer (PUP.Optional.Conduit) -> Daten: "C:\WINDOWS\SysWOW64\Rundll32.exe" "C:\Users\Michelle\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun -> Keine Aktion durchgeführt. HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0H1L1J1L1S1R1N -> Keine Aktion durchgeführt. HKCU\Software\SearchProtect|IELastInstalledTBHomepage (PUP.Optional.SearchProtect.A) -> Daten: hxxp://search.conduit.com?SearchSource=10&CUI=UN36983348481055011&UM=2&ctid=CT3317893 -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Umbrella|MUpdBlock (PUP.Optional.Umbrella.A) -> Daten: { "MASSUPDATE" : { "CHROME_MBAR" : { "Checked" : 1, "RetryIdx" : 0, "Version" : 1 }, "FIREFOX_MBAR" : { "Checked" : 1, "RetryIdx" : 0, "Version" : 1 }, "IEXPLORE_BHO" : { "Checked" : 1, "RetryIdx" : 0, "Version" : 1 } } } -> Keine Aktion durchgeführt. HKLM\SYSTEM\CurrentControlSet\Services\SProtection|ImagePath (PUP.Optional.Iminent.A) -> Daten: C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe -> Keine Aktion durchgeführt. HKLM\Software\Microsoft\Windows\CurrentVersion\Run|IminentMessenger (PUP.Optional.Iminent.A) -> Daten: C:\Program Files (x86)\Iminent\Iminent.Messengers.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 1 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Bösartig: (hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCtC0FyE0FtD0Dzy0A0ByDtN0D0Tzu0SyBtDyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=368271547&ir=) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 11 C:\Users\Michelle\AppData\Roaming\mysearchdial (PUP.Optional.MySearchDial.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Roaming\mysearchdial\icons_2.2.14.1379 (PUP.Optional.MySearchDial.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Roaming\mysearchdial\UpdateProc (PUP.Optional.MySearchDial.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Common Files\337\libcef (PUP.Optional.337Technologies.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123 (PUP.Optional.337Technologies.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123\locales (PUP.Optional.337Technologies.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Local\Temp\ct3317893 (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\ProgramData\Conduit\IE (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\ProgramData\Conduit\IE\CT3317893 (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt. Infizierte Dateien: 52 C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe (PUP.Optional.Iminent) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Local\DownloadGuide\Offers\mconduitinstaller.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Local\Microsoft\Windows\INetCache\IE\3PGE1IP9\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Local\Microsoft\Windows\INetCache\IE\3PGE1IP9\conduitinstaller[1].exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Local\Microsoft\Windows\INetCache\IE\3PGE1IP9\RadioTotal4[1].exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Local\Microsoft\Windows\INetCache\IE\3PGE1IP9\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Local\Microsoft\Windows\INetCache\IE\6K3LTPGN\RadioTotal4[1].exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Local\Microsoft\Windows\INetCache\IE\6P711DX0\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Local\Temp\nsbAC15.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Local\Temp\nsi644B.tmp.tbRadi.dll (PUP.Optional.Conduit) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Local\Temp\nsmA125.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Local\Temp\nso1A64.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Local\Temp\nst6DEA.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Local\Temp\nsyFF19.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Local\Temp\tbRadi.dll (PUP.Optional.Conduit) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Local\Temp\AU\SPSetup.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Local\Temp\AU\SPUpdater.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Local\Temp\ct3317893\chLogic.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Local\Temp\ct3317893\ctbe.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Local\Temp\ct3317893\ieLogic.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Local\Temp\ct3317893\spch.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Local\Temp\ct3317893\statisticsStub.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Local\Temp\ct3317893\stub.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Local\Temp\~nsu.tmp\Au_.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\LocalLow\RadioTotal4\tbRadi.dll (PUP.Optional.Conduit) -> Keine Aktion durchgeführt. C:\Users\Michelle\Desktop\Adobe_Photoshop_CS3_Extended_v10.0_Deutsch_Portable\Files\asneu.dll (Trojan.Agent.ED) -> Keine Aktion durchgeführt. C:\Users\Michelle\Downloads\CR_Downloader_fuer_pop'n-twinbee.exe (PUP.Optional.Freemium.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\Downloads\CR_Downloader_fuer_zsnes.exe (PUP.Optional.Freemium.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\Downloads\java_setup.exe (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\Downloads\SoftonicDownloader_fuer_sharepod.exe (PUP.Optional.Softonic.A) -> Keine Aktion durchgeführt. C:\Windows\Installer\47ee4.msi (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Local\mysearchdial-speeddial.crx (PUP.Optional.MySearchDial.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Roaming\mysearchdial\icons_2.2.14.1379\62.ico (PUP.Optional.MySearchDial.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Roaming\mysearchdial\icons_2.2.14.1379\80.ico (PUP.Optional.MySearchDial.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Roaming\mysearchdial\UpdateProc\config.dat (PUP.Optional.MySearchDial.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Roaming\mysearchdial\UpdateProc\STTL.DAT (PUP.Optional.MySearchDial.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Roaming\mysearchdial\UpdateProc\TTL.DAT (PUP.Optional.MySearchDial.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Roaming\mysearchdial\UpdateProc\UpdateTask.exe (PUP.Optional.MySearchDial.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123\icudt.dll (PUP.Optional.337Technologies.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123\libcef.dll (PUP.Optional.337Technologies.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123\locales\en-US.pak (PUP.Optional.337Technologies.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Local\Temp\ct3317893\chromeid.txt (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Local\Temp\ct3317893\CT3317893.txt (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Local\Temp\ct3317893\initdata.json (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Local\Temp\ct3317893\manifest.json (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Local\Temp\ct3317893\setup.ini.txt (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\ProgramData\Conduit\IE\CT3317893\UninstallerUI.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt. C:\Users\Michelle\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter # AdwCleaner v3.017 - Bericht erstellt am 17/01/2014 um 10:38:48
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 8.1 Pro with Media Center (64 bits)
# Benutzername : Michelle - MICHELLE-PC
# Gestartet von : C:\Users\Michelle\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Conduit
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\Common Files\337
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Umbrella
Ordner Gelöscht : C:\Users\Michelle\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Michelle\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\Michelle\AppData\Local\genienext
Ordner Gelöscht : C:\Users\Michelle\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Michelle\AppData\Local\NativeMessaging
Ordner Gelöscht : C:\Users\Michelle\AppData\Local\Searchprotect
Ordner Gelöscht : C:\Users\Michelle\AppData\Local\Temp\NativeMessaging
Ordner Gelöscht : C:\Users\Michelle\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Michelle\AppData\Roaming\UpdaterEX
Ordner Gelöscht : C:\Users\Michelle\AppData\Roaming\Windows Net Data
Ordner Gelöscht : C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Ordner Gelöscht : C:\Users\Michelle\Documents\Mobogenie
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
Datei Gelöscht : C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Michelle\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage
Datei Gelöscht : C:\Users\Michelle\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
Datei Gelöscht : C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage
Datei Gelöscht : C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal
Datei Gelöscht : C:\WINDOWS\System32\Tasks\BackgroundContainer Startup Task
Datei Gelöscht : C:\WINDOWS\System32\Tasks\Desk 365 RunAsStdUser
Datei Gelöscht : C:\WINDOWS\Tasks\MySearchDial.job
Datei Gelöscht : C:\WINDOWS\System32\Tasks\MySearchDial
Datei Gelöscht : C:\WINDOWS\Tasks\UpdaterEX.job
Datei Gelöscht : C:\WINDOWS\System32\Tasks\UpdaterEX
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Schlüssel Gelöscht : HKCU\Software\Classes\Applications\lollipop.exe
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainer]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gelöscht : HKCU\Software\948dd8bd6dbe44
Schlüssel Gelöscht : HKLM\SOFTWARE\948dd8bd6dbe44
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3317893
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\InstalledThirdPartyPrograms
Schlüssel Gelöscht : HKCU\Software\lollipop
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\UpdaterEX
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\BackgroundContainer
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\Desksvc
Schlüssel Gelöscht : HKLM\Software\eSafeSecControl
Schlüssel Gelöscht : HKLM\Software\hdcode
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\V9
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DomaIQ
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Iminent
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16384
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Google Chrome v31.0.1650.63
[ Datei : C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [20714 octets] - [17/01/2014 10:34:54]
AdwCleaner[S0].txt - [19383 octets] - [17/01/2014 10:38:48]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19444 octets] ##########
Code:
ATTFilter # AdwCleaner v3.017 - Bericht erstellt am 17/01/2014 um 10:43:35
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 8.1 Pro with Media Center (64 bits)
# Benutzername : Michelle - MICHELLE-PC
# Gestartet von : C:\Users\Michelle\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16384
-\\ Google Chrome v31.0.1650.63
[ Datei : C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [20714 octets] - [17/01/2014 10:34:54]
AdwCleaner[R1].txt - [928 octets] - [17/01/2014 10:42:25]
AdwCleaner[S0].txt - [19741 octets] - [17/01/2014 10:38:48]
AdwCleaner[S1].txt - [850 octets] - [17/01/2014 10:43:35]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [909 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 8.1 Pro with Media Center x64
Ran by Michelle on 17.01.2014 at 10:49:57,21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1825290939-2035482200-3538793863-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{84289654-DC88-43D2-81F6-991904D010A0}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Michelle\appdata\local\cre"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.01.2014 at 10:53:14,29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014 03
Ran by Michelle (administrator) on MICHELLE-PC on 17-01-2014 10:54:56
Running from C:\Users\Michelle\Downloads
Windows 8.1 Pro with Media Center (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
() C:\Windows\System32\imapi3fs.exe
() C:\Windows\System32\DlProtectSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\livecomm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Download Protect] - C:\ProgramData\dlprotect.exe [12800 2014-01-16] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\UpdatusUser\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
Startup: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCtC0FyE0FtD0Dzy0A0ByDtN0D0Tzu0SyBtDyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=368271547&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCtC0FyE0FtD0Dzy0A0ByDtN0D0Tzu0SyBtDyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=368271547&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.179.1
Chrome:
=======
CHR HomePage: hxxp://www.google.de/
CHR RestoreOnStartup: "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCtC0FyE0FtD0Dzy0A0ByDtN0D0Tzu0SyBtDyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=368271547&ir=", "hxxp://start.iminent.com/?appId=3BE336EE-44B6-44FA-A282-53EBA4BA0005", "hxxp://search.conduit.com/?ctid=CT3317893&SearchSource=48&CUI=UN24716719002469316&UM=2", "hxxp://www.google.com"
CHR Extension: (Google Docs) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 [2013-11-02]
CHR Extension: (Google Drive) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 [2013-11-02]
CHR Extension: (YouTube) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 [2013-11-02]
CHR Extension: (Google Search) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 [2013-11-02]
CHR Extension: (Google Wallet) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2013-12-23]
CHR Extension: (Gmail) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 [2013-11-02]
CHR HKCU\...\Chrome\Extension: [jbaaieplnliapedmcbfgfijinolepige] - C:\Users\Michelle\AppData\Local\CRE\jbaaieplnliapedmcbfgfijinolepige.crx [2013-11-02]
CHR HKLM-x32\...\Chrome\Extension: [jbaaieplnliapedmcbfgfijinolepige] - C:\Users\Michelle\AppData\Local\CRE\jbaaieplnliapedmcbfgfijinolepige.crx [2013-11-02]
==================== Services (Whitelisted) =================
U2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-31] (Broadcom Corp.)
U2 cacls64; C:\WINDOWS\system32\imapi3fs.exe [118784 2014-01-16] ()
U2 DlProtectSvc; C:\Windows\System32\DlProtectSvc.exe [125440 2014-01-16] ()
U2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
U2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
U2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
U2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
U2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
U2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
U0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
U3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
U3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
U3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
U0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
U0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
U3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
U0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
U3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
U3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
U3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
U3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
U3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
U0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
U3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
U3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
U3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-17 10:53 - 2014-01-17 10:53 - 00001362 _____ C:\Users\Michelle\Desktop\JRT.txt
2014-01-17 10:49 - 2014-01-17 10:49 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-17 10:46 - 2014-01-17 10:46 - 01037068 _____ (Thisisu) C:\Users\Michelle\Downloads\JRT.exe
2014-01-17 10:45 - 2014-01-17 10:46 - 00000988 _____ C:\Users\Michelle\Desktop\AdwCleaner[S1].txt
2014-01-17 10:41 - 2014-01-17 10:41 - 00019741 _____ C:\Users\Michelle\Desktop\AdwCleaner[S0].txt
2014-01-17 10:34 - 2014-01-17 10:45 - 00000000 ____D C:\AdwCleaner
2014-01-17 10:33 - 2014-01-17 10:33 - 01236282 _____ C:\Users\Michelle\Downloads\adwcleaner.exe
2014-01-16 22:10 - 2014-01-16 22:10 - 00296176 _____ C:\WINDOWS\Minidump\011614-16062-01.dmp
2014-01-16 19:07 - 2014-01-16 22:10 - 447131957 _____ C:\WINDOWS\MEMORY.DMP
2014-01-16 19:07 - 2014-01-16 22:10 - 00000000 ____D C:\WINDOWS\Minidump
2014-01-16 19:07 - 2014-01-16 19:07 - 00382248 _____ C:\WINDOWS\Minidump\011614-31078-01.dmp
2014-01-16 18:18 - 2014-01-16 18:18 - 00001125 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-16 18:18 - 2014-01-16 18:18 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Malwarebytes
2014-01-16 18:18 - 2014-01-16 18:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-16 18:18 - 2014-01-16 18:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-16 18:18 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-01-16 18:16 - 2014-01-16 18:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Michelle\Desktop\mbam-setup-1.75.0.1300.exe
2014-01-16 17:55 - 2014-01-16 17:55 - 00379904 _____ C:\Users\Michelle\Desktop\3v7qu7kh.exe
2014-01-16 17:54 - 2014-01-16 17:54 - 00041067 _____ C:\Users\Michelle\Desktop\FRST.txt
2014-01-16 17:53 - 2014-01-16 17:55 - 00011362 _____ C:\Users\Michelle\Desktop\Addition.txt
2014-01-16 17:52 - 2014-01-16 17:53 - 00011362 _____ C:\Users\Michelle\Downloads\Addition.txt
2014-01-16 17:51 - 2014-01-17 10:54 - 00010105 _____ C:\Users\Michelle\Downloads\FRST.txt
2014-01-16 17:51 - 2014-01-16 17:51 - 00000000 ____D C:\FRST
2014-01-16 17:50 - 2014-01-16 17:50 - 02076160 _____ (Farbar) C:\Users\Michelle\Downloads\FRST64.exe
2014-01-16 16:56 - 2014-01-16 16:56 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2014-01-16 14:58 - 2014-01-16 14:58 - 00002259 _____ C:\WINDOWS\epplauncher.mif
2014-01-16 14:56 - 2014-01-16 14:57 - 13697720 _____ (Microsoft Corporation) C:\Users\Michelle\Downloads\mseinstall.exe
2014-01-16 10:03 - 2014-01-16 10:03 - 00384458 _____ C:\Users\Michelle\Downloads\Nicht bestätigt 461972.crdownload
2014-01-16 10:02 - 2014-01-16 10:02 - 00621288 _____ C:\Users\Michelle\Downloads\AdwCleaner_Setup_Download (2).exe
2014-01-16 10:02 - 2014-01-16 10:02 - 00125440 _____ C:\WINDOWS\system32\DlProtectSvc.exe
2014-01-16 10:02 - 2014-01-16 10:02 - 00118784 _____ C:\WINDOWS\system32\imapi3fs.exe
2014-01-16 10:02 - 2014-01-16 10:02 - 00012800 _____ C:\ProgramData\dlprotect.exe
2014-01-16 10:01 - 2014-01-16 10:03 - 43055452 _____ (Emsisoft GmbH ) C:\Users\Michelle\Downloads\Nicht bestätigt 964405.crdownload
2014-01-16 10:01 - 2014-01-16 10:01 - 00621288 _____ C:\Users\Michelle\Downloads\AdwCleaner_Setup_Download (1).exe
2014-01-16 09:59 - 2014-01-16 09:59 - 00621288 _____ C:\Users\Michelle\Downloads\AdwCleaner_Setup_Download.exe
2014-01-16 09:54 - 2014-01-16 09:59 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-16 09:54 - 2014-01-16 09:54 - 00001395 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-01-16 09:54 - 2014-01-16 09:54 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2014-01-16 09:54 - 2014-01-16 09:54 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-16 09:54 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-01-16 09:52 - 2014-01-16 09:53 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Michelle\Downloads\spybot-2.2.25.exe
2014-01-16 09:25 - 2014-01-16 09:25 - 00000000 _____ C:\autoexec.bat
2014-01-16 09:24 - 2014-01-16 19:11 - 00000000 ____D C:\WINDOWS\72AAF4551E54475BB0AB5413C78D0E63.TMP
2014-01-16 09:24 - 2014-01-16 09:24 - 00000000 ____D C:\Program Files\Enigma Software Group
2014-01-16 09:22 - 2014-01-16 09:22 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Michelle\Downloads\SpyHunter-Installer.exe
2014-01-16 09:22 - 2014-01-16 09:22 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Michelle\Downloads\SpyHunter-Installer (1).exe
2014-01-15 08:51 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-15 08:51 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-15 08:51 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-15 08:51 - 2013-11-27 11:34 - 00138240 _____ C:\WINDOWS\system32\OEMLicense.dll
2014-01-15 08:51 - 2013-11-27 10:54 - 00103936 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-15 08:51 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 08:51 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-15 08:51 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 08:51 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-15 08:51 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-15 08:51 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-10 12:02 - 2014-01-10 12:02 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-01-10 12:02 - 2014-01-10 12:02 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-01-10 12:02 - 2014-01-10 12:02 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-01-10 12:02 - 2014-01-10 12:02 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-01-10 12:02 - 2014-01-10 12:02 - 00000000 ____D C:\ProgramData\Oracle
2014-01-10 12:02 - 2014-01-10 12:02 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-06 11:15 - 2014-01-06 11:15 - 00000000 _____ C:\Users\Michelle\Desktop\SharePodSettings.xml
2014-01-06 11:12 - 2014-01-16 09:24 - 00000000 ____D C:\Users\Michelle\Desktop\music neu
2014-01-06 10:56 - 2014-01-06 10:56 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\SharePod
2014-01-06 10:31 - 2014-01-06 12:03 - 00000000 ____D C:\Users\Michelle\Desktop\Sharepod
2014-01-06 10:30 - 2014-01-12 20:19 - 00000000 ____D C:\Users\Michelle\Desktop\sonstiges
2014-01-06 10:29 - 2014-01-06 10:43 - 00030408 _____ C:\Users\Michelle\Desktop\SharePod.log
2014-01-06 10:28 - 2014-01-06 10:28 - 00000635 _____ C:\WINDOWS\SysWOW64\InstallUtil.InstallLog
2014-01-05 21:48 - 2014-01-05 21:50 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Apple Computer
2014-01-05 21:48 - 2014-01-05 21:48 - 00000000 ____D C:\Users\Michelle\AppData\Local\Apple Computer
2014-01-05 21:48 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2014-01-05 21:47 - 2014-01-05 21:48 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-05 21:47 - 2014-01-05 21:48 - 00000000 ____D C:\Program Files\iTunes
2014-01-05 21:47 - 2014-01-05 21:48 - 00000000 ____D C:\Program Files (x86)\iTunes
2014-01-05 21:47 - 2014-01-05 21:47 - 00000000 ____D C:\ProgramData\Apple Computer
2014-01-05 21:47 - 2014-01-05 21:47 - 00000000 ____D C:\Program Files\iPod
2014-01-05 21:46 - 2014-01-05 21:46 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2014-01-05 21:46 - 2014-01-05 21:46 - 00000000 ____D C:\Users\Michelle\AppData\Local\Apple
2014-01-05 21:46 - 2014-01-05 21:46 - 00000000 ____D C:\ProgramData\Apple
2014-01-05 21:46 - 2014-01-05 21:46 - 00000000 ____D C:\Program Files\Common Files\Apple
2014-01-05 21:46 - 2014-01-05 21:46 - 00000000 ____D C:\Program Files\Bonjour
2014-01-05 21:46 - 2014-01-05 21:46 - 00000000 ____D C:\Program Files (x86)\Bonjour
2014-01-05 21:45 - 2014-01-05 21:46 - 100400976 _____ (Apple Inc.) C:\Users\Michelle\Downloads\iTunes64Setup.exe
2013-12-31 17:32 - 2013-12-31 17:32 - 00000000 ____D C:\ProgramData\Sun
2013-12-31 17:31 - 2013-12-31 17:31 - 00000000 ____D C:\Users\Michelle\.android
2013-12-31 17:30 - 2013-12-31 17:30 - 00000000 ____D C:\Users\Michelle\AppData\Local\cache
2013-12-31 17:30 - 2013-12-31 17:30 - 00000000 _____ C:\Users\Michelle\daemonprocess.txt
2013-12-31 17:30 - 2013-12-31 17:29 - 31441840 _____ (Oracle Corporation) C:\Users\Michelle\Downloads\download-jre-7u25-windows-i586.exe
2013-12-30 11:58 - 2013-12-30 11:59 - 00000000 ____D C:\Users\Public\Documents\Konz2014
2013-12-27 23:41 - 2013-12-29 01:19 - 00204117 _____ C:\Users\Michelle\Desktop\Backscheider, Dominik.V2013
2013-12-27 16:34 - 2013-12-28 09:33 - 00000437 _____ C:\WINDOWS\wiso.ini
2013-12-27 16:34 - 2013-12-27 16:34 - 00001937 _____ C:\Users\Public\Desktop\Steuer 2013.lnk
2013-12-27 16:34 - 2013-12-27 16:34 - 00000000 ____D C:\WINDOWS\SysWOW64\Visagesoft
2013-12-27 16:34 - 2013-12-27 16:34 - 00000000 ____D C:\WINDOWS\SysWOW64\AIM
2013-12-27 16:34 - 2013-12-27 16:34 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Buhl Data Service
2013-12-27 16:34 - 2013-12-27 16:34 - 00000000 ____D C:\Users\Michelle\AppData\Local\Buhl Data Service
2013-12-27 16:34 - 2013-12-27 16:34 - 00000000 ____D C:\Users\Michelle\AppData\Local\Buhl
2013-12-27 16:34 - 2003-12-04 15:58 - 00000696 _____ C:\WINDOWS\SysWOW64\jetodbc.rsp
2013-12-27 16:34 - 2002-12-11 19:12 - 00760968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSDMOD.DLL
2013-12-27 16:34 - 2002-12-11 19:12 - 00316040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DMOD.DLL
2013-12-27 16:34 - 2002-12-11 19:10 - 00816264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDMOD.DLL
2013-12-27 16:34 - 2002-12-11 17:34 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DMOD.DLL
2013-12-27 16:34 - 2002-12-11 15:16 - 00384512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDMOD.DLL
2013-12-27 16:34 - 2002-08-29 03:43 - 00278559 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMV8DS32.AX
2013-12-27 16:34 - 2002-08-29 03:43 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDS32.AX
2013-12-27 16:34 - 2002-08-29 03:43 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSADDS32.AX
2013-12-27 16:34 - 2002-04-29 19:47 - 00121160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscal.ocx
2013-12-27 16:34 - 2000-06-13 00:00 - 01046288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSJET35.DLL
2013-12-27 16:34 - 2000-06-13 00:00 - 00415504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSREPL35.DLL
2013-12-27 16:34 - 1999-03-05 22:15 - 00074000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrclr40.dll
2013-12-27 16:34 - 1999-03-05 22:15 - 00028944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrecr40.dll
2013-12-27 16:34 - 1998-04-24 00:00 - 00368912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBAR332.DLL
2013-12-27 16:34 - 1998-04-24 00:00 - 00148240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSJINT35.DLL
2013-12-27 16:34 - 1997-07-01 10:45 - 00250128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSEXCL35.DLL
2013-12-27 16:34 - 1997-06-23 09:06 - 00330000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSEXCH35.DLL
2013-12-27 16:34 - 1997-06-23 09:06 - 00287504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSXBSE35.DLL
2013-12-27 16:34 - 1997-06-23 09:06 - 00252176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSRD2X35.DLL
2013-12-27 16:34 - 1997-06-23 09:06 - 00250128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPDOX35.DLL
2013-12-27 16:34 - 1997-06-23 09:06 - 00166160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSLTUS35.DLL
2013-12-27 16:34 - 1997-06-23 09:06 - 00165648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSTEXT35.DLL
2013-12-27 16:34 - 1997-06-23 09:06 - 00024848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSJTER35.DLL
2013-12-27 16:33 - 2013-12-27 16:33 - 00000000 ____D C:\Program Files (x86)\USM
2013-12-27 16:30 - 2014-01-06 10:23 - 00000000 ____D C:\Program Files (x86)\Steuer 2013
2013-12-27 16:30 - 2013-12-27 16:35 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH
2013-12-27 16:30 - 2013-12-27 16:33 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-27 16:28 - 2013-12-27 16:28 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2013-12-27 16:28 - 2013-12-27 16:28 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-12-27 16:28 - 2013-12-27 16:28 - 00000000 ____D C:\Program Files\MSBuild
2013-12-27 16:28 - 2013-12-27 16:28 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2013-12-27 16:28 - 2013-12-27 16:28 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-12-27 16:27 - 2013-08-03 05:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2013-12-27 16:27 - 2013-08-03 05:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2013-12-27 16:27 - 2013-08-03 05:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2013-12-27 16:27 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2013-12-27 16:27 - 2013-08-03 05:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-12-27 16:27 - 2013-08-03 05:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2013-12-23 21:21 - 2014-01-15 22:22 - 00000110 _____ C:\Users\Michelle\AppData\Roaming\WB.CFG
==================== One Month Modified Files and Folders =======
2014-01-17 10:56 - 2014-01-16 17:51 - 00010105 _____ C:\Users\Michelle\Downloads\FRST.txt
2014-01-17 10:55 - 2013-05-03 22:40 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1825290939-2035482200-3538793863-1000
2014-01-17 10:53 - 2014-01-17 10:53 - 00001362 _____ C:\Users\Michelle\Desktop\JRT.txt
2014-01-17 10:50 - 2013-11-05 10:43 - 00000000 __RDO C:\Users\Michelle\SkyDrive
2014-01-17 10:49 - 2014-01-17 10:49 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-17 10:49 - 2013-11-13 10:00 - 00003954 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D3A081E2-6A7C-44AD-B398-1C24520C8691}
2014-01-17 10:46 - 2014-01-17 10:46 - 01037068 _____ (Thisisu) C:\Users\Michelle\Downloads\JRT.exe
2014-01-17 10:46 - 2014-01-17 10:45 - 00000988 _____ C:\Users\Michelle\Desktop\AdwCleaner[S1].txt
2014-01-17 10:46 - 2014-01-17 10:34 - 00000000 ____D C:\AdwCleaner
2014-01-17 10:45 - 2013-11-02 12:21 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-17 10:44 - 2013-11-05 03:05 - 01561152 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-17 10:44 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-17 10:44 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2014-01-17 10:41 - 2014-01-17 10:41 - 00019741 _____ C:\Users\Michelle\Desktop\AdwCleaner[S0].txt
2014-01-17 10:33 - 2014-01-17 10:33 - 01236282 _____ C:\Users\Michelle\Downloads\adwcleaner.exe
2014-01-17 10:31 - 2013-11-02 12:21 - 00001138 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-16 22:10 - 2014-01-16 22:10 - 00296176 _____ C:\WINDOWS\Minidump\011614-16062-01.dmp
2014-01-16 22:10 - 2014-01-16 19:07 - 447131957 _____ C:\WINDOWS\MEMORY.DMP
2014-01-16 22:10 - 2014-01-16 19:07 - 00000000 ____D C:\WINDOWS\Minidump
2014-01-16 22:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-16 20:30 - 2013-11-05 03:10 - 00000000 ____D C:\Users\Michelle
2014-01-16 19:11 - 2014-01-16 16:56 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2014-01-16 19:11 - 2014-01-16 09:24 - 00000000 ____D C:\WINDOWS\72AAF4551E54475BB0AB5413C78D0E63.TMP
2014-01-16 19:07 - 2014-01-16 19:07 - 00382248 _____ C:\WINDOWS\Minidump\011614-31078-01.dmp
2014-01-16 19:07 - 2013-09-29 20:05 - 00048480 _____ C:\WINDOWS\PFRO.log
2014-01-16 19:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2014-01-16 18:18 - 2014-01-16 18:18 - 00001125 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-16 18:18 - 2014-01-16 18:18 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Malwarebytes
2014-01-16 18:18 - 2014-01-16 18:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-16 18:18 - 2014-01-16 18:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-16 18:17 - 2014-01-16 18:16 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Michelle\Desktop\mbam-setup-1.75.0.1300.exe
2014-01-16 17:55 - 2014-01-16 17:55 - 00379904 _____ C:\Users\Michelle\Desktop\3v7qu7kh.exe
2014-01-16 17:55 - 2014-01-16 17:53 - 00011362 _____ C:\Users\Michelle\Desktop\Addition.txt
2014-01-16 17:54 - 2014-01-16 17:54 - 00041067 _____ C:\Users\Michelle\Desktop\FRST.txt
2014-01-16 17:53 - 2014-01-16 17:52 - 00011362 _____ C:\Users\Michelle\Downloads\Addition.txt
2014-01-16 17:51 - 2014-01-16 17:51 - 00000000 ____D C:\FRST
2014-01-16 17:50 - 2014-01-16 17:50 - 02076160 _____ (Farbar) C:\Users\Michelle\Downloads\FRST64.exe
2014-01-16 14:58 - 2014-01-16 14:58 - 00002259 _____ C:\WINDOWS\epplauncher.mif
2014-01-16 14:58 - 2012-11-23 14:01 - 00000000 ____D C:\Users\Michelle\Desktop\Naruto songs
2014-01-16 14:57 - 2014-01-16 14:56 - 13697720 _____ (Microsoft Corporation) C:\Users\Michelle\Downloads\mseinstall.exe
2014-01-16 10:03 - 2014-01-16 10:03 - 00384458 _____ C:\Users\Michelle\Downloads\Nicht bestätigt 461972.crdownload
2014-01-16 10:03 - 2014-01-16 10:01 - 43055452 _____ (Emsisoft GmbH ) C:\Users\Michelle\Downloads\Nicht bestätigt 964405.crdownload
2014-01-16 10:02 - 2014-01-16 10:02 - 00621288 _____ C:\Users\Michelle\Downloads\AdwCleaner_Setup_Download (2).exe
2014-01-16 10:02 - 2014-01-16 10:02 - 00125440 _____ C:\WINDOWS\system32\DlProtectSvc.exe
2014-01-16 10:02 - 2014-01-16 10:02 - 00118784 _____ C:\WINDOWS\system32\imapi3fs.exe
2014-01-16 10:02 - 2014-01-16 10:02 - 00012800 _____ C:\ProgramData\dlprotect.exe
2014-01-16 10:01 - 2014-01-16 10:01 - 00621288 _____ C:\Users\Michelle\Downloads\AdwCleaner_Setup_Download (1).exe
2014-01-16 09:59 - 2014-01-16 09:59 - 00621288 _____ C:\Users\Michelle\Downloads\AdwCleaner_Setup_Download.exe
2014-01-16 09:59 - 2014-01-16 09:54 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-16 09:54 - 2014-01-16 09:54 - 00001395 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-01-16 09:54 - 2014-01-16 09:54 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2014-01-16 09:54 - 2014-01-16 09:54 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-16 09:53 - 2014-01-16 09:52 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Michelle\Downloads\spybot-2.2.25.exe
2014-01-16 09:25 - 2014-01-16 09:25 - 00000000 _____ C:\autoexec.bat
2014-01-16 09:24 - 2014-01-16 09:24 - 00000000 ____D C:\Program Files\Enigma Software Group
2014-01-16 09:24 - 2014-01-06 11:12 - 00000000 ____D C:\Users\Michelle\Desktop\music neu
2014-01-16 09:22 - 2014-01-16 09:22 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Michelle\Downloads\SpyHunter-Installer.exe
2014-01-16 09:22 - 2014-01-16 09:22 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Michelle\Downloads\SpyHunter-Installer (1).exe
2014-01-15 22:44 - 2013-08-19 23:40 - 00000000 ____D C:\Users\Michelle\AppData\Local\Battle.net
2014-01-15 22:22 - 2013-12-23 21:21 - 00000110 _____ C:\Users\Michelle\AppData\Roaming\WB.CFG
2014-01-15 18:05 - 2013-08-19 11:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-15 18:04 - 2013-05-05 21:54 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-14 08:44 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2014-01-12 20:19 - 2014-01-06 10:30 - 00000000 ____D C:\Users\Michelle\Desktop\sonstiges
2014-01-11 20:44 - 2013-09-30 05:14 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-11 20:44 - 2013-09-30 04:58 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2014-01-11 20:44 - 2013-09-30 04:58 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2014-01-10 12:03 - 2013-05-03 22:42 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2014-01-10 12:02 - 2014-01-10 12:02 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-01-10 12:02 - 2014-01-10 12:02 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-01-10 12:02 - 2014-01-10 12:02 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-01-10 12:02 - 2014-01-10 12:02 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-01-10 12:02 - 2014-01-10 12:02 - 00000000 ____D C:\ProgramData\Oracle
2014-01-10 12:02 - 2014-01-10 12:02 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-08 20:18 - 2013-08-22 16:36 - 00000000 __RHD C:\Users\Public\Libraries
2014-01-06 23:31 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-06 23:31 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-06 12:03 - 2014-01-06 10:31 - 00000000 ____D C:\Users\Michelle\Desktop\Sharepod
2014-01-06 11:15 - 2014-01-06 11:15 - 00000000 _____ C:\Users\Michelle\Desktop\SharePodSettings.xml
2014-01-06 11:15 - 2013-05-03 22:26 - 00000000 ____D C:\Users\Michelle\AppData\Local\VirtualStore
2014-01-06 11:09 - 2013-08-22 15:46 - 00323112 _____ C:\WINDOWS\setupact.log
2014-01-06 10:56 - 2014-01-06 10:56 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\SharePod
2014-01-06 10:43 - 2014-01-06 10:29 - 00030408 _____ C:\Users\Michelle\Desktop\SharePod.log
2014-01-06 10:28 - 2014-01-06 10:28 - 00000635 _____ C:\WINDOWS\SysWOW64\InstallUtil.InstallLog
2014-01-06 10:23 - 2013-12-27 16:30 - 00000000 ____D C:\Program Files (x86)\Steuer 2013
2014-01-05 21:50 - 2014-01-05 21:48 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Apple Computer
2014-01-05 21:48 - 2014-01-05 21:48 - 00000000 ____D C:\Users\Michelle\AppData\Local\Apple Computer
2014-01-05 21:48 - 2014-01-05 21:47 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-05 21:48 - 2014-01-05 21:47 - 00000000 ____D C:\Program Files\iTunes
2014-01-05 21:48 - 2014-01-05 21:47 - 00000000 ____D C:\Program Files (x86)\iTunes
2014-01-05 21:47 - 2014-01-05 21:47 - 00000000 ____D C:\ProgramData\Apple Computer
2014-01-05 21:47 - 2014-01-05 21:47 - 00000000 ____D C:\Program Files\iPod
2014-01-05 21:46 - 2014-01-05 21:46 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2014-01-05 21:46 - 2014-01-05 21:46 - 00000000 ____D C:\Users\Michelle\AppData\Local\Apple
2014-01-05 21:46 - 2014-01-05 21:46 - 00000000 ____D C:\ProgramData\Apple
2014-01-05 21:46 - 2014-01-05 21:46 - 00000000 ____D C:\Program Files\Common Files\Apple
2014-01-05 21:46 - 2014-01-05 21:46 - 00000000 ____D C:\Program Files\Bonjour
2014-01-05 21:46 - 2014-01-05 21:46 - 00000000 ____D C:\Program Files (x86)\Bonjour
2014-01-05 21:46 - 2014-01-05 21:45 - 100400976 _____ (Apple Inc.) C:\Users\Michelle\Downloads\iTunes64Setup.exe
2014-01-04 14:04 - 2013-06-18 21:36 - 00000000 ____D C:\Program Files (x86)\Diablo III
2014-01-04 14:03 - 2013-08-19 23:40 - 00000000 ____D C:\Program Files (x86)\Battle.net
2013-12-31 17:32 - 2013-12-31 17:32 - 00000000 ____D C:\ProgramData\Sun
2013-12-31 17:31 - 2013-12-31 17:31 - 00000000 ____D C:\Users\Michelle\.android
2013-12-31 17:30 - 2013-12-31 17:30 - 00000000 ____D C:\Users\Michelle\AppData\Local\cache
2013-12-31 17:30 - 2013-12-31 17:30 - 00000000 _____ C:\Users\Michelle\daemonprocess.txt
2013-12-31 17:29 - 2013-12-31 17:30 - 31441840 _____ (Oracle Corporation) C:\Users\Michelle\Downloads\download-jre-7u25-windows-i586.exe
2013-12-30 12:26 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2013-12-30 11:59 - 2013-12-30 11:58 - 00000000 ____D C:\Users\Public\Documents\Konz2014
2013-12-29 01:19 - 2013-12-27 23:41 - 00204117 _____ C:\Users\Michelle\Desktop\Backscheider, Dominik.V2013
2013-12-28 09:33 - 2013-12-27 16:34 - 00000437 _____ C:\WINDOWS\wiso.ini
2013-12-27 16:35 - 2013-12-27 16:30 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH
2013-12-27 16:34 - 2013-12-27 16:34 - 00001937 _____ C:\Users\Public\Desktop\Steuer 2013.lnk
2013-12-27 16:34 - 2013-12-27 16:34 - 00000000 ____D C:\WINDOWS\SysWOW64\Visagesoft
2013-12-27 16:34 - 2013-12-27 16:34 - 00000000 ____D C:\WINDOWS\SysWOW64\AIM
2013-12-27 16:34 - 2013-12-27 16:34 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Buhl Data Service
2013-12-27 16:34 - 2013-12-27 16:34 - 00000000 ____D C:\Users\Michelle\AppData\Local\Buhl Data Service
2013-12-27 16:34 - 2013-12-27 16:34 - 00000000 ____D C:\Users\Michelle\AppData\Local\Buhl
2013-12-27 16:34 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2013-12-27 16:34 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-12-27 16:34 - 2012-02-28 22:50 - 00000000 ____D C:\Users\Michelle\Documents\Steuer
2013-12-27 16:33 - 2013-12-27 16:33 - 00000000 ____D C:\Program Files (x86)\USM
2013-12-27 16:33 - 2013-12-27 16:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-27 16:28 - 2013-12-27 16:28 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2013-12-27 16:28 - 2013-12-27 16:28 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-12-27 16:28 - 2013-12-27 16:28 - 00000000 ____D C:\Program Files\MSBuild
2013-12-27 16:28 - 2013-12-27 16:28 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2013-12-27 16:28 - 2013-12-27 16:28 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-12-25 22:19 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2013-12-25 22:19 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2013-12-25 22:19 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\FileManager
2013-12-25 22:19 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Camera
Files to move or delete:
====================
C:\ProgramData\dlprotect.exe
Some content of TEMP:
====================
C:\Users\Michelle\AppData\Local\Temp\75571uninstall.exe
C:\Users\Michelle\AppData\Local\Temp\Quarantine.exe
C:\Users\Michelle\AppData\Local\Temp\Sqlite3.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-16 19:51
==================== End Of Log ============================
--- --- --- |
|
18.01.2014, 07:02
| #4 |
| /// the machine /// TB-Ausbilder | Windows 8 64bit HDD arbeitet ständigESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.01.2014, 10:33
| #5 |
| | Windows 8 64bit HDD arbeitet ständig So hier ist der Esset Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=35bd42049154fd418161038753dc9cb6
# engine=16700
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-18 09:17:54
# local_time=2014-01-18 10:17:54 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode=5893 16776573 100 94 3239 12870376 0 0
# scanned=146128
# found=0
# cleaned=0
# scan_time=2837
Code:
ATTFilter Results of screen317's Security Check version 0.99.79 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 45 Java version out of Date! Google Chrome 31.0.1650.63 Google Chrome 32.0.1700.76 ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Spybot Teatimer.exe is disabled! Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014 03
Ran by Michelle (administrator) on MICHELLE-PC on 18-01-2014 10:27:58
Running from C:\Users\Michelle\Downloads
Windows 8.1 Pro with Media Center (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
() C:\Windows\System32\imapi3fs.exe
() C:\Windows\System32\DlProtectSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Download Protect] - C:\ProgramData\dlprotect.exe [12800 2014-01-16] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\UpdatusUser\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
Startup: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCtC0FyE0FtD0Dzy0A0ByDtN0D0Tzu0SyBtDyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=368271547&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCtC0FyE0FtD0Dzy0A0ByDtN0D0Tzu0SyBtDyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=368271547&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.179.1
Chrome:
=======
CHR HomePage: hxxp://www.google.de/
CHR Extension: (Google Docs) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 [2013-11-02]
CHR Extension: (Google Drive) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 [2013-11-02]
CHR Extension: (YouTube) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 [2013-11-02]
CHR Extension: (Google Search) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 [2013-11-02]
CHR Extension: (Google Wallet) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1 [2014-01-17]
CHR Extension: (Gmail) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 [2013-11-02]
CHR HKCU\...\Chrome\Extension: [jbaaieplnliapedmcbfgfijinolepige] - C:\Users\Michelle\AppData\Local\CRE\jbaaieplnliapedmcbfgfijinolepige.crx [2013-11-02]
CHR HKLM-x32\...\Chrome\Extension: [jbaaieplnliapedmcbfgfijinolepige] - C:\Users\Michelle\AppData\Local\CRE\jbaaieplnliapedmcbfgfijinolepige.crx [2013-11-02]
==================== Services (Whitelisted) =================
U2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-31] (Broadcom Corp.)
U2 cacls64; C:\WINDOWS\system32\imapi3fs.exe [118784 2014-01-16] ()
U2 DlProtectSvc; C:\Windows\System32\DlProtectSvc.exe [125440 2014-01-16] ()
U2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
U2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
U2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
U2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
U2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
U2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
U0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
U3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
U3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
U3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
U0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
U0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
U3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
U0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
U3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
U3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
U3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
U3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
U3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
U0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
U3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
U3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
U3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-18 10:26 - 2014-01-18 10:26 - 00001054 _____ C:\Users\Michelle\Desktop\checkup.txt
2014-01-18 10:25 - 2014-01-18 10:25 - 00987425 _____ C:\Users\Michelle\Downloads\SecurityCheck.exe
2014-01-18 09:26 - 2014-01-18 09:26 - 02347384 _____ (ESET) C:\Users\Michelle\Downloads\esetsmartinstaller_deu.exe
2014-01-17 10:56 - 2014-01-17 10:56 - 00037950 _____ C:\Users\Michelle\Desktop\FRST1.txt
2014-01-17 10:53 - 2014-01-17 10:53 - 00001362 _____ C:\Users\Michelle\Desktop\JRT.txt
2014-01-17 10:49 - 2014-01-17 10:49 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-17 10:46 - 2014-01-17 10:46 - 01037068 _____ (Thisisu) C:\Users\Michelle\Downloads\JRT.exe
2014-01-17 10:45 - 2014-01-17 10:46 - 00000988 _____ C:\Users\Michelle\Desktop\AdwCleaner[S1].txt
2014-01-17 10:41 - 2014-01-17 10:41 - 00019741 _____ C:\Users\Michelle\Desktop\AdwCleaner[S0].txt
2014-01-17 10:34 - 2014-01-17 10:46 - 00000000 ____D C:\AdwCleaner
2014-01-17 10:33 - 2014-01-17 10:33 - 01236282 _____ C:\Users\Michelle\Downloads\adwcleaner.exe
2014-01-16 22:10 - 2014-01-16 22:10 - 00296176 _____ C:\WINDOWS\Minidump\011614-16062-01.dmp
2014-01-16 19:07 - 2014-01-16 22:10 - 447131957 _____ C:\WINDOWS\MEMORY.DMP
2014-01-16 19:07 - 2014-01-16 22:10 - 00000000 ____D C:\WINDOWS\Minidump
2014-01-16 19:07 - 2014-01-16 19:07 - 00382248 _____ C:\WINDOWS\Minidump\011614-31078-01.dmp
2014-01-16 18:18 - 2014-01-16 18:18 - 00001125 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-16 18:18 - 2014-01-16 18:18 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Malwarebytes
2014-01-16 18:18 - 2014-01-16 18:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-16 18:18 - 2014-01-16 18:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-16 18:18 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-01-16 18:16 - 2014-01-16 18:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Michelle\Desktop\mbam-setup-1.75.0.1300.exe
2014-01-16 17:55 - 2014-01-16 17:55 - 00379904 _____ C:\Users\Michelle\Desktop\3v7qu7kh.exe
2014-01-16 17:54 - 2014-01-16 17:54 - 00041067 _____ C:\Users\Michelle\Desktop\FRST.txt
2014-01-16 17:53 - 2014-01-16 17:55 - 00011362 _____ C:\Users\Michelle\Desktop\Addition.txt
2014-01-16 17:52 - 2014-01-16 17:53 - 00011362 _____ C:\Users\Michelle\Downloads\Addition.txt
2014-01-16 17:51 - 2014-01-18 10:27 - 00009438 _____ C:\Users\Michelle\Downloads\FRST.txt
2014-01-16 17:51 - 2014-01-16 17:51 - 00000000 ____D C:\FRST
2014-01-16 17:50 - 2014-01-16 17:50 - 02076160 _____ (Farbar) C:\Users\Michelle\Downloads\FRST64.exe
2014-01-16 16:56 - 2014-01-16 19:11 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2014-01-16 14:58 - 2014-01-16 14:58 - 00002259 _____ C:\WINDOWS\epplauncher.mif
2014-01-16 14:56 - 2014-01-16 14:57 - 13697720 _____ (Microsoft Corporation) C:\Users\Michelle\Downloads\mseinstall.exe
2014-01-16 10:03 - 2014-01-16 10:03 - 00384458 _____ C:\Users\Michelle\Downloads\Nicht bestätigt 461972.crdownload
2014-01-16 10:02 - 2014-01-16 10:02 - 00621288 _____ C:\Users\Michelle\Downloads\AdwCleaner_Setup_Download (2).exe
2014-01-16 10:02 - 2014-01-16 10:02 - 00125440 _____ C:\WINDOWS\system32\DlProtectSvc.exe
2014-01-16 10:02 - 2014-01-16 10:02 - 00118784 _____ C:\WINDOWS\system32\imapi3fs.exe
2014-01-16 10:02 - 2014-01-16 10:02 - 00012800 _____ C:\ProgramData\dlprotect.exe
2014-01-16 10:01 - 2014-01-16 10:03 - 43055452 _____ (Emsisoft GmbH ) C:\Users\Michelle\Downloads\Nicht bestätigt 964405.crdownload
2014-01-16 10:01 - 2014-01-16 10:01 - 00621288 _____ C:\Users\Michelle\Downloads\AdwCleaner_Setup_Download (1).exe
2014-01-16 09:59 - 2014-01-16 09:59 - 00621288 _____ C:\Users\Michelle\Downloads\AdwCleaner_Setup_Download.exe
2014-01-16 09:54 - 2014-01-16 09:59 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-16 09:54 - 2014-01-16 09:54 - 00001395 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-01-16 09:54 - 2014-01-16 09:54 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2014-01-16 09:54 - 2014-01-16 09:54 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-16 09:54 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-01-16 09:52 - 2014-01-16 09:53 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Michelle\Downloads\spybot-2.2.25.exe
2014-01-16 09:25 - 2014-01-16 09:25 - 00000000 _____ C:\autoexec.bat
2014-01-16 09:24 - 2014-01-16 19:11 - 00000000 ____D C:\WINDOWS\72AAF4551E54475BB0AB5413C78D0E63.TMP
2014-01-16 09:24 - 2014-01-16 09:24 - 00000000 ____D C:\Program Files\Enigma Software Group
2014-01-16 09:22 - 2014-01-16 09:22 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Michelle\Downloads\SpyHunter-Installer.exe
2014-01-16 09:22 - 2014-01-16 09:22 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Michelle\Downloads\SpyHunter-Installer (1).exe
2014-01-15 08:51 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-15 08:51 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-15 08:51 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-15 08:51 - 2013-11-27 11:34 - 00138240 _____ C:\WINDOWS\system32\OEMLicense.dll
2014-01-15 08:51 - 2013-11-27 10:54 - 00103936 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-15 08:51 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 08:51 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-15 08:51 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 08:51 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-15 08:51 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-15 08:51 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-10 12:02 - 2014-01-10 12:02 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-01-10 12:02 - 2014-01-10 12:02 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-01-10 12:02 - 2014-01-10 12:02 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-01-10 12:02 - 2014-01-10 12:02 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-01-10 12:02 - 2014-01-10 12:02 - 00000000 ____D C:\ProgramData\Oracle
2014-01-10 12:02 - 2014-01-10 12:02 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-06 11:15 - 2014-01-06 11:15 - 00000000 _____ C:\Users\Michelle\Desktop\SharePodSettings.xml
2014-01-06 11:12 - 2014-01-16 09:24 - 00000000 ____D C:\Users\Michelle\Desktop\music neu
2014-01-06 10:56 - 2014-01-06 10:56 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\SharePod
2014-01-06 10:31 - 2014-01-06 12:03 - 00000000 ____D C:\Users\Michelle\Desktop\Sharepod
2014-01-06 10:30 - 2014-01-12 20:19 - 00000000 ____D C:\Users\Michelle\Desktop\sonstiges
2014-01-06 10:29 - 2014-01-06 10:43 - 00030408 _____ C:\Users\Michelle\Desktop\SharePod.log
2014-01-06 10:28 - 2014-01-06 10:28 - 00000635 _____ C:\WINDOWS\SysWOW64\InstallUtil.InstallLog
2014-01-05 21:48 - 2014-01-05 21:50 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Apple Computer
2014-01-05 21:48 - 2014-01-05 21:48 - 00000000 ____D C:\Users\Michelle\AppData\Local\Apple Computer
2014-01-05 21:48 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2014-01-05 21:47 - 2014-01-05 21:48 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-05 21:47 - 2014-01-05 21:48 - 00000000 ____D C:\Program Files\iTunes
2014-01-05 21:47 - 2014-01-05 21:48 - 00000000 ____D C:\Program Files (x86)\iTunes
2014-01-05 21:47 - 2014-01-05 21:47 - 00000000 ____D C:\ProgramData\Apple Computer
2014-01-05 21:47 - 2014-01-05 21:47 - 00000000 ____D C:\Program Files\iPod
2014-01-05 21:46 - 2014-01-05 21:46 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2014-01-05 21:46 - 2014-01-05 21:46 - 00000000 ____D C:\Users\Michelle\AppData\Local\Apple
2014-01-05 21:46 - 2014-01-05 21:46 - 00000000 ____D C:\ProgramData\Apple
2014-01-05 21:46 - 2014-01-05 21:46 - 00000000 ____D C:\Program Files\Bonjour
2014-01-05 21:46 - 2014-01-05 21:46 - 00000000 ____D C:\Program Files (x86)\Bonjour
2014-01-05 21:45 - 2014-01-05 21:46 - 100400976 _____ (Apple Inc.) C:\Users\Michelle\Downloads\iTunes64Setup.exe
2013-12-31 17:32 - 2013-12-31 17:32 - 00000000 ____D C:\ProgramData\Sun
2013-12-31 17:31 - 2013-12-31 17:31 - 00000000 ____D C:\Users\Michelle\.android
2013-12-31 17:30 - 2013-12-31 17:30 - 00000000 ____D C:\Users\Michelle\AppData\Local\cache
2013-12-31 17:30 - 2013-12-31 17:30 - 00000000 _____ C:\Users\Michelle\daemonprocess.txt
2013-12-31 17:30 - 2013-12-31 17:29 - 31441840 _____ (Oracle Corporation) C:\Users\Michelle\Downloads\download-jre-7u25-windows-i586.exe
2013-12-30 11:58 - 2013-12-30 11:59 - 00000000 ____D C:\Users\Public\Documents\Konz2014
2013-12-27 23:41 - 2013-12-29 01:19 - 00204117 _____ C:\Users\Michelle\Desktop\Backscheider, Dominik.V2013
2013-12-27 16:34 - 2013-12-28 09:33 - 00000437 _____ C:\WINDOWS\wiso.ini
2013-12-27 16:34 - 2013-12-27 16:34 - 00001937 _____ C:\Users\Public\Desktop\Steuer 2013.lnk
2013-12-27 16:34 - 2013-12-27 16:34 - 00000000 ____D C:\WINDOWS\SysWOW64\Visagesoft
2013-12-27 16:34 - 2013-12-27 16:34 - 00000000 ____D C:\WINDOWS\SysWOW64\AIM
2013-12-27 16:34 - 2013-12-27 16:34 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Buhl Data Service
2013-12-27 16:34 - 2013-12-27 16:34 - 00000000 ____D C:\Users\Michelle\AppData\Local\Buhl Data Service
2013-12-27 16:34 - 2013-12-27 16:34 - 00000000 ____D C:\Users\Michelle\AppData\Local\Buhl
2013-12-27 16:34 - 2003-12-04 15:58 - 00000696 _____ C:\WINDOWS\SysWOW64\jetodbc.rsp
2013-12-27 16:34 - 2002-12-11 19:12 - 00760968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSDMOD.DLL
2013-12-27 16:34 - 2002-12-11 19:12 - 00316040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DMOD.DLL
2013-12-27 16:34 - 2002-12-11 19:10 - 00816264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDMOD.DLL
2013-12-27 16:34 - 2002-12-11 17:34 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DMOD.DLL
2013-12-27 16:34 - 2002-12-11 15:16 - 00384512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDMOD.DLL
2013-12-27 16:34 - 2002-08-29 03:43 - 00278559 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMV8DS32.AX
2013-12-27 16:34 - 2002-08-29 03:43 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDS32.AX
2013-12-27 16:34 - 2002-08-29 03:43 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSADDS32.AX
2013-12-27 16:34 - 2002-04-29 19:47 - 00121160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscal.ocx
2013-12-27 16:34 - 2000-06-13 00:00 - 01046288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSJET35.DLL
2013-12-27 16:34 - 2000-06-13 00:00 - 00415504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSREPL35.DLL
2013-12-27 16:34 - 1999-03-05 22:15 - 00074000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrclr40.dll
2013-12-27 16:34 - 1999-03-05 22:15 - 00028944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrecr40.dll
2013-12-27 16:34 - 1998-04-24 00:00 - 00368912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBAR332.DLL
2013-12-27 16:34 - 1998-04-24 00:00 - 00148240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSJINT35.DLL
2013-12-27 16:34 - 1997-07-01 10:45 - 00250128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSEXCL35.DLL
2013-12-27 16:34 - 1997-06-23 09:06 - 00330000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSEXCH35.DLL
2013-12-27 16:34 - 1997-06-23 09:06 - 00287504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSXBSE35.DLL
2013-12-27 16:34 - 1997-06-23 09:06 - 00252176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSRD2X35.DLL
2013-12-27 16:34 - 1997-06-23 09:06 - 00250128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPDOX35.DLL
2013-12-27 16:34 - 1997-06-23 09:06 - 00166160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSLTUS35.DLL
2013-12-27 16:34 - 1997-06-23 09:06 - 00165648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSTEXT35.DLL
2013-12-27 16:34 - 1997-06-23 09:06 - 00024848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSJTER35.DLL
2013-12-27 16:33 - 2013-12-27 16:33 - 00000000 ____D C:\Program Files (x86)\USM
2013-12-27 16:30 - 2014-01-06 10:23 - 00000000 ____D C:\Program Files (x86)\Steuer 2013
2013-12-27 16:30 - 2013-12-27 16:35 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH
2013-12-27 16:30 - 2013-12-27 16:33 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-27 16:28 - 2013-12-27 16:28 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2013-12-27 16:28 - 2013-12-27 16:28 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-12-27 16:28 - 2013-12-27 16:28 - 00000000 ____D C:\Program Files\MSBuild
2013-12-27 16:28 - 2013-12-27 16:28 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2013-12-27 16:28 - 2013-12-27 16:28 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-12-27 16:27 - 2013-08-03 05:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2013-12-27 16:27 - 2013-08-03 05:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2013-12-27 16:27 - 2013-08-03 05:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2013-12-27 16:27 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2013-12-27 16:27 - 2013-08-03 05:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-12-27 16:27 - 2013-08-03 05:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2013-12-23 21:21 - 2014-01-15 22:22 - 00000110 _____ C:\Users\Michelle\AppData\Roaming\WB.CFG
==================== One Month Modified Files and Folders =======
2014-01-18 10:29 - 2014-01-16 17:51 - 00009438 _____ C:\Users\Michelle\Downloads\FRST.txt
2014-01-18 10:26 - 2014-01-18 10:26 - 00001054 _____ C:\Users\Michelle\Desktop\checkup.txt
2014-01-18 10:26 - 2013-11-13 10:00 - 00003954 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D3A081E2-6A7C-44AD-B398-1C24520C8691}
2014-01-18 10:25 - 2014-01-18 10:25 - 00987425 _____ C:\Users\Michelle\Downloads\SecurityCheck.exe
2014-01-18 10:02 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-18 09:42 - 2013-11-05 03:05 - 01698948 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-18 09:31 - 2013-11-02 12:21 - 00001138 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-18 09:27 - 2013-05-03 22:40 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1825290939-2035482200-3538793863-1000
2014-01-18 09:26 - 2014-01-18 09:26 - 02347384 _____ (ESET) C:\Users\Michelle\Downloads\esetsmartinstaller_deu.exe
2014-01-18 09:22 - 2013-11-05 10:43 - 00000000 __RDO C:\Users\Michelle\SkyDrive
2014-01-18 09:22 - 2013-11-02 12:21 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-18 00:30 - 2013-08-19 23:40 - 00000000 ____D C:\Users\Michelle\AppData\Local\Battle.net
2014-01-17 15:07 - 2013-05-03 22:42 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2014-01-17 12:54 - 2013-08-19 23:40 - 00000000 ____D C:\Program Files (x86)\Battle.net
2014-01-17 10:56 - 2014-01-17 10:56 - 00037950 _____ C:\Users\Michelle\Desktop\FRST1.txt
2014-01-17 10:53 - 2014-01-17 10:53 - 00001362 _____ C:\Users\Michelle\Desktop\JRT.txt
2014-01-17 10:49 - 2014-01-17 10:49 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-17 10:46 - 2014-01-17 10:46 - 01037068 _____ (Thisisu) C:\Users\Michelle\Downloads\JRT.exe
2014-01-17 10:46 - 2014-01-17 10:45 - 00000988 _____ C:\Users\Michelle\Desktop\AdwCleaner[S1].txt
2014-01-17 10:46 - 2014-01-17 10:34 - 00000000 ____D C:\AdwCleaner
2014-01-17 10:44 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-17 10:44 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2014-01-17 10:41 - 2014-01-17 10:41 - 00019741 _____ C:\Users\Michelle\Desktop\AdwCleaner[S0].txt
2014-01-17 10:33 - 2014-01-17 10:33 - 01236282 _____ C:\Users\Michelle\Downloads\adwcleaner.exe
2014-01-16 22:10 - 2014-01-16 22:10 - 00296176 _____ C:\WINDOWS\Minidump\011614-16062-01.dmp
2014-01-16 22:10 - 2014-01-16 19:07 - 447131957 _____ C:\WINDOWS\MEMORY.DMP
2014-01-16 22:10 - 2014-01-16 19:07 - 00000000 ____D C:\WINDOWS\Minidump
2014-01-16 20:30 - 2013-11-05 03:10 - 00000000 ____D C:\Users\Michelle
2014-01-16 19:11 - 2014-01-16 16:56 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2014-01-16 19:11 - 2014-01-16 09:24 - 00000000 ____D C:\WINDOWS\72AAF4551E54475BB0AB5413C78D0E63.TMP
2014-01-16 19:07 - 2014-01-16 19:07 - 00382248 _____ C:\WINDOWS\Minidump\011614-31078-01.dmp
2014-01-16 19:07 - 2013-09-29 20:05 - 00048480 _____ C:\WINDOWS\PFRO.log
2014-01-16 19:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2014-01-16 18:18 - 2014-01-16 18:18 - 00001125 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-16 18:18 - 2014-01-16 18:18 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Malwarebytes
2014-01-16 18:18 - 2014-01-16 18:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-16 18:18 - 2014-01-16 18:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-16 18:17 - 2014-01-16 18:16 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Michelle\Desktop\mbam-setup-1.75.0.1300.exe
2014-01-16 17:55 - 2014-01-16 17:55 - 00379904 _____ C:\Users\Michelle\Desktop\3v7qu7kh.exe
2014-01-16 17:55 - 2014-01-16 17:53 - 00011362 _____ C:\Users\Michelle\Desktop\Addition.txt
2014-01-16 17:54 - 2014-01-16 17:54 - 00041067 _____ C:\Users\Michelle\Desktop\FRST.txt
2014-01-16 17:53 - 2014-01-16 17:52 - 00011362 _____ C:\Users\Michelle\Downloads\Addition.txt
2014-01-16 17:51 - 2014-01-16 17:51 - 00000000 ____D C:\FRST
2014-01-16 17:50 - 2014-01-16 17:50 - 02076160 _____ (Farbar) C:\Users\Michelle\Downloads\FRST64.exe
2014-01-16 14:58 - 2014-01-16 14:58 - 00002259 _____ C:\WINDOWS\epplauncher.mif
2014-01-16 14:58 - 2012-11-23 14:01 - 00000000 ____D C:\Users\Michelle\Desktop\Naruto songs
2014-01-16 14:57 - 2014-01-16 14:56 - 13697720 _____ (Microsoft Corporation) C:\Users\Michelle\Downloads\mseinstall.exe
2014-01-16 10:03 - 2014-01-16 10:03 - 00384458 _____ C:\Users\Michelle\Downloads\Nicht bestätigt 461972.crdownload
2014-01-16 10:03 - 2014-01-16 10:01 - 43055452 _____ (Emsisoft GmbH ) C:\Users\Michelle\Downloads\Nicht bestätigt 964405.crdownload
2014-01-16 10:02 - 2014-01-16 10:02 - 00621288 _____ C:\Users\Michelle\Downloads\AdwCleaner_Setup_Download (2).exe
2014-01-16 10:02 - 2014-01-16 10:02 - 00125440 _____ C:\WINDOWS\system32\DlProtectSvc.exe
2014-01-16 10:02 - 2014-01-16 10:02 - 00118784 _____ C:\WINDOWS\system32\imapi3fs.exe
2014-01-16 10:02 - 2014-01-16 10:02 - 00012800 _____ C:\ProgramData\dlprotect.exe
2014-01-16 10:01 - 2014-01-16 10:01 - 00621288 _____ C:\Users\Michelle\Downloads\AdwCleaner_Setup_Download (1).exe
2014-01-16 09:59 - 2014-01-16 09:59 - 00621288 _____ C:\Users\Michelle\Downloads\AdwCleaner_Setup_Download.exe
2014-01-16 09:59 - 2014-01-16 09:54 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-16 09:54 - 2014-01-16 09:54 - 00001395 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-01-16 09:54 - 2014-01-16 09:54 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2014-01-16 09:54 - 2014-01-16 09:54 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-16 09:53 - 2014-01-16 09:52 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Michelle\Downloads\spybot-2.2.25.exe
2014-01-16 09:25 - 2014-01-16 09:25 - 00000000 _____ C:\autoexec.bat
2014-01-16 09:24 - 2014-01-16 09:24 - 00000000 ____D C:\Program Files\Enigma Software Group
2014-01-16 09:24 - 2014-01-06 11:12 - 00000000 ____D C:\Users\Michelle\Desktop\music neu
2014-01-16 09:22 - 2014-01-16 09:22 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Michelle\Downloads\SpyHunter-Installer.exe
2014-01-16 09:22 - 2014-01-16 09:22 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Michelle\Downloads\SpyHunter-Installer (1).exe
2014-01-15 22:22 - 2013-12-23 21:21 - 00000110 _____ C:\Users\Michelle\AppData\Roaming\WB.CFG
2014-01-15 18:05 - 2013-08-19 11:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-15 18:04 - 2013-05-05 21:54 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-14 08:44 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2014-01-12 20:19 - 2014-01-06 10:30 - 00000000 ____D C:\Users\Michelle\Desktop\sonstiges
2014-01-11 20:44 - 2013-09-30 05:14 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-11 20:44 - 2013-09-30 04:58 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2014-01-11 20:44 - 2013-09-30 04:58 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2014-01-10 12:02 - 2014-01-10 12:02 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-01-10 12:02 - 2014-01-10 12:02 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-01-10 12:02 - 2014-01-10 12:02 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-01-10 12:02 - 2014-01-10 12:02 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-01-10 12:02 - 2014-01-10 12:02 - 00000000 ____D C:\ProgramData\Oracle
2014-01-10 12:02 - 2014-01-10 12:02 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-08 20:18 - 2013-08-22 16:36 - 00000000 __RHD C:\Users\Public\Libraries
2014-01-06 23:31 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-06 23:31 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-06 12:03 - 2014-01-06 10:31 - 00000000 ____D C:\Users\Michelle\Desktop\Sharepod
2014-01-06 11:15 - 2014-01-06 11:15 - 00000000 _____ C:\Users\Michelle\Desktop\SharePodSettings.xml
2014-01-06 11:15 - 2013-05-03 22:26 - 00000000 ____D C:\Users\Michelle\AppData\Local\VirtualStore
2014-01-06 11:09 - 2013-08-22 15:46 - 00323112 _____ C:\WINDOWS\setupact.log
2014-01-06 10:56 - 2014-01-06 10:56 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\SharePod
2014-01-06 10:43 - 2014-01-06 10:29 - 00030408 _____ C:\Users\Michelle\Desktop\SharePod.log
2014-01-06 10:28 - 2014-01-06 10:28 - 00000635 _____ C:\WINDOWS\SysWOW64\InstallUtil.InstallLog
2014-01-06 10:23 - 2013-12-27 16:30 - 00000000 ____D C:\Program Files (x86)\Steuer 2013
2014-01-05 21:50 - 2014-01-05 21:48 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Apple Computer
2014-01-05 21:48 - 2014-01-05 21:48 - 00000000 ____D C:\Users\Michelle\AppData\Local\Apple Computer
2014-01-05 21:48 - 2014-01-05 21:47 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-05 21:48 - 2014-01-05 21:47 - 00000000 ____D C:\Program Files\iTunes
2014-01-05 21:48 - 2014-01-05 21:47 - 00000000 ____D C:\Program Files (x86)\iTunes
2014-01-05 21:47 - 2014-01-05 21:47 - 00000000 ____D C:\ProgramData\Apple Computer
2014-01-05 21:47 - 2014-01-05 21:47 - 00000000 ____D C:\Program Files\iPod
2014-01-05 21:46 - 2014-01-05 21:46 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2014-01-05 21:46 - 2014-01-05 21:46 - 00000000 ____D C:\Users\Michelle\AppData\Local\Apple
2014-01-05 21:46 - 2014-01-05 21:46 - 00000000 ____D C:\ProgramData\Apple
2014-01-05 21:46 - 2014-01-05 21:46 - 00000000 ____D C:\Program Files\Bonjour
2014-01-05 21:46 - 2014-01-05 21:46 - 00000000 ____D C:\Program Files (x86)\Bonjour
2014-01-05 21:46 - 2014-01-05 21:45 - 100400976 _____ (Apple Inc.) C:\Users\Michelle\Downloads\iTunes64Setup.exe
2014-01-04 14:04 - 2013-06-18 21:36 - 00000000 ____D C:\Program Files (x86)\Diablo III
2013-12-31 17:32 - 2013-12-31 17:32 - 00000000 ____D C:\ProgramData\Sun
2013-12-31 17:31 - 2013-12-31 17:31 - 00000000 ____D C:\Users\Michelle\.android
2013-12-31 17:30 - 2013-12-31 17:30 - 00000000 ____D C:\Users\Michelle\AppData\Local\cache
2013-12-31 17:30 - 2013-12-31 17:30 - 00000000 _____ C:\Users\Michelle\daemonprocess.txt
2013-12-31 17:29 - 2013-12-31 17:30 - 31441840 _____ (Oracle Corporation) C:\Users\Michelle\Downloads\download-jre-7u25-windows-i586.exe
2013-12-30 12:26 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2013-12-30 11:59 - 2013-12-30 11:58 - 00000000 ____D C:\Users\Public\Documents\Konz2014
2013-12-29 01:19 - 2013-12-27 23:41 - 00204117 _____ C:\Users\Michelle\Desktop\Backscheider, Dominik.V2013
2013-12-28 09:33 - 2013-12-27 16:34 - 00000437 _____ C:\WINDOWS\wiso.ini
2013-12-27 16:35 - 2013-12-27 16:30 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH
2013-12-27 16:34 - 2013-12-27 16:34 - 00001937 _____ C:\Users\Public\Desktop\Steuer 2013.lnk
2013-12-27 16:34 - 2013-12-27 16:34 - 00000000 ____D C:\WINDOWS\SysWOW64\Visagesoft
2013-12-27 16:34 - 2013-12-27 16:34 - 00000000 ____D C:\WINDOWS\SysWOW64\AIM
2013-12-27 16:34 - 2013-12-27 16:34 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Buhl Data Service
2013-12-27 16:34 - 2013-12-27 16:34 - 00000000 ____D C:\Users\Michelle\AppData\Local\Buhl Data Service
2013-12-27 16:34 - 2013-12-27 16:34 - 00000000 ____D C:\Users\Michelle\AppData\Local\Buhl
2013-12-27 16:34 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2013-12-27 16:34 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-12-27 16:34 - 2012-02-28 22:50 - 00000000 ____D C:\Users\Michelle\Documents\Steuer
2013-12-27 16:33 - 2013-12-27 16:33 - 00000000 ____D C:\Program Files (x86)\USM
2013-12-27 16:33 - 2013-12-27 16:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-27 16:28 - 2013-12-27 16:28 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2013-12-27 16:28 - 2013-12-27 16:28 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-12-27 16:28 - 2013-12-27 16:28 - 00000000 ____D C:\Program Files\MSBuild
2013-12-27 16:28 - 2013-12-27 16:28 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2013-12-27 16:28 - 2013-12-27 16:28 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-12-25 22:19 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2013-12-25 22:19 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2013-12-25 22:19 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\FileManager
2013-12-25 22:19 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Camera
Files to move or delete:
====================
C:\ProgramData\dlprotect.exe
Some content of TEMP:
====================
C:\Users\Michelle\AppData\Local\Temp\75571uninstall.exe
C:\Users\Michelle\AppData\Local\Temp\Quarantine.exe
C:\Users\Michelle\AppData\Local\Temp\Sqlite3.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-17 11:08
==================== End Of Log ============================
Danke für die Hilfe!!!!! |
|
19.01.2014, 08:54
| #6 |
| /// the machine /// TB-Ausbilder | Windows 8 64bit HDD arbeitet ständig Java updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\ProgramData\dlprotect.exe
HKLM-x32\...\Run: [Download Protect] - C:\ProgramData\dlprotect.exe [12800 2014-01-16] ()
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Falls Du Lob oder Kritik loswerden möchtest kannst Du das hier tun Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ --> Windows 8 64bit HDD arbeitet ständig |
|
19.01.2014, 10:16
| #7 |
| | Windows 8 64bit HDD arbeitet ständig Hier das Ergebnis: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-01-2014 03
Ran by Michelle at 2014-01-19 10:15:22 Run:1
Running from C:\Users\Michelle\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\ProgramData\dlprotect.exe
HKLM-x32\...\Run: [Download Protect] - C:\ProgramData\dlprotect.exe [12800 2014-01-16] ()
*****************
C:\ProgramData\dlprotect.exe => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Download Protect => Value deleted successfully.
==== End of Fixlog ====
|
|
19.01.2014, 11:21
| #8 |
| /// the machine /// TB-Ausbilder | Windows 8 64bit HDD arbeitet ständig fertig
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.01.2014, 11:28
| #9 |
| | Windows 8 64bit HDD arbeitet ständig Vielen Dank |
|
19.01.2014, 11:31
| #10 |
| /// the machine /// TB-Ausbilder | Windows 8 64bit HDD arbeitet ständig Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
Linear-Darstellung
